Abstract: Collecting the topology and asset information of the virtual generated computer network, converting the topology and asset information into a training data set for training the neural network model, training the neural network model based on the training data set, and training A method and apparatus for predicting an attack vulnerability of a computer network through the step of inferring an attack vulnerability of a target computer network using a neural network model are provided.

Abstract: Disclosed herein are an artificial Intelligence (AI)-based cyber training method. The AI-based cyber training method may include generating a unit attack by training an attack agent based on environment and state information of a cyber range (CR) and a set of attack tools executable on a system, executing the unit attack in the CR, and then determining whether the unit attack has succeeded, and determining whether to perform an attack or a defense based on whether the unit attack has succeeded.

Abstract: A semiconductor package according to an embodiment includes a first insulating layer; and a first through electrode part passing through the first insulating layer and having a shape elongated in a first direction; wherein the first through electrode part includes a plurality of first through electrodes spaced apart from each other in a second direction perpendicular to the first direction and a thickness direction; wherein at least one of the plurality of first through electrodes includes a first sub through electrode and a second sub through electrode spaced apart from each other in the first direction; and wherein at least one of the first sub through electrode and the second sub through electrode has a width in the first direction greater than a width in the second direction.

Abstract: Disclosed herein are an apparatus and method for updating an Internet-based malware detection engine using virtual machine scaling. The method may include creating a scaling group and an update group set based on a first virtual machine image, creating a second virtual machine image for a running virtual machine in response to occurrence of a snapshot event in the virtual update group run based on the first virtual machine image, modifying the scale-out image of the scaling group to the second virtual machine image, updating the scaling group by triggering a scale-out event and a scale-in event in the scaling group in response to occurrence of an update event, and modifying the scale-in image of the scaling group to the second virtual machine image.

Abstract: Disclosed herein are an apparatus for detecting unknown malware using a variable-length operation code (opcode) and a method using the apparatus. The method includes collecting opcode information from a detection target, generating a multi-pixel image having a variable length by performing feature engineering on the opcode information; and detecting unknown malware by inputting the multi-pixel image to a deep-learning model based on AI.

Abstract: Disclosed herein are an apparatus and method for inferring a cyberattack path based on attention. The apparatus includes memory in which at least one program is recorded and a processor for executing the program. The program generates test data required for generating an intelligent attack graph and generates an attack graph based on an intelligent attack path prediction model.

Abstract: Disclosed herein are a network environment synchronization apparatus and method. The network environment synchronization apparatus includes one or more processors, and execution memory for storing at least one program that is executed by the one or more processors, wherein the at least one program is configured to collect data from a network environment and generate a management structure in which collected data is distributed into preset respective group units, generate data discriminators for respective group units using a preset hash function, determine whether data of the management structure has changed with reference to data newly collected from the network environment based on the data discriminators, and when it is determined whether data of the management structure has changed, update the data of the management structure with the newly collected data.

Abstract: Disclosed herein are an apparatus for detecting unknown malware using a variable-length operation code (opcode) and a method using the apparatus. The method includes collecting opcode information from a detection target, generating a multi-pixel image having a variable length by performing feature engineering on the opcode information; and detecting unknown malware by inputting the multi-pixel image to a deep-learning model based on AI.

Abstract: Collecting the topology and asset information of the virtual generated computer network, converting the topology and asset information into a training data set for training the neural network model, training the neural network model based on the training data set, and training A method and apparatus for predicting an attack vulnerability of a computer network through the step of inferring an attack vulnerability of a target computer network using a neural network model are provided.

Abstract: Disclosed herein are a server apparatus, a client apparatus, and a method for communication based on network address mutation. The method for communication based on network address mutation, performed by the server apparatus and the client apparatus, includes setting the external address of a network interface for receiving a packet from the client apparatus; setting the internal address of a hidden interface in order to forward the packet received through the network interface to the hidden interface; modifying the external address based on a preset network address mutation rule; and communicating with the client apparatus by forwarding the packet, received from the client apparatus based on the modified external address, to the hidden interface.

Abstract: Disclosed herein is a method of operating a data management apparatus. The method may include segmenting, by a client device, data into multiple data blocks, generating, by the client device, tags corresponding to the multiple data blocks, generating, by the client device, a representative value by accumulating the tags, generating, by the client device, a client signature value by signing the representative value and a counter value corresponding to the last updated data block, among the multiple data blocks, and transmitting, by the client device, the data and the client signature value to a server.

Abstract: In the present invention, by providing an apparatus for securing data comprising a memory for storing information for data processing, a processor configured to partition original data into a plurality of partial data and generate a plurality of divided data by randomly determining positions of each of the plurality of partial data within the original data, and a communication interface configured to transmit each of the plurality of divided data to each of a plurality of servers, respectively, if an attacker obtains a portion of the divided data, it prevents the entire original data from being restored, and the legitimate user can restore the original data accurately even if some divided data is corrupted, and provides an efficient data polymorphic dividing technique that can minimize the amount of calculation required to secure data.

Abstract: A method for secure distributed data management for dynamic data includes segmenting original data into multiple pieces, generating state information pertaining to row-based data configured with data blocks, and generating additional information for recovering the state information and the row-based data. The data blocks, corresponding to the segmented data, are stored in data servers, and each of the data servers stores data blocks selected at an interval corresponding to the number of data servers in order to store the segmented data.

Abstract: Disclosed herein is an apparatus for enhancing network security, which includes an information collection unit for collecting information about states of hosts that form a network and information about connectivity in the network; an attack surface analysis unit for analyzing attack surfaces by creating an attack graph using the information about the states and the information about connectivity; a security-enhancing strategy establishment unit for establishing a security-enhancing strategy based on the attack graph; and a security-enhancing strategy implementation unit for delivering a measure based on the security-enhancing strategy to a corresponding host, thereby taking a security-enhancing measure.

Abstract: Disclosed herein are a decoy apparatus and a method for expanding a fake attack surface using a deception network. The method includes determining, by a protected server, whether a packet is a target to be processed when the packet is received; converting, by the protected server, the packet and transmitting, by the protected server, the converted packet to the decoy apparatus of the deception network when the packet is determined not to be such a target; receiving, by the protected server, a response packet from a decoy virtual machine included in the decoy apparatus as a reply to the converted packet; and modifying, by the protected server, the response packet and transmitting, by the protected server, the modified response packet to the source from which the packet was transmitted, in order to expand the fake attack surface.

Abstract: Disclosed are a method and apparatus for searching for an attack path. The apparatus generates an attack graph, generates an attack graph ontology, generates a semantic attack graph by imparting semantics to the attack graph on the basis of the attack graph ontology, and searches for the attack path on the basis of the semantic attack graph.

Abstract: Disclosed herein are a server apparatus, a client apparatus, and a method for communication based on network address mutation. The method for communication based on network address mutation, performed by the server apparatus and the client apparatus, includes setting the external address of a network interface for receiving a packet from the client apparatus; setting the internal address of a hidden interface in order to forward the packet received through the network interface to the hidden interface; modifying the external address based on a preset network address mutation rule; and communicating with the client apparatus by forwarding the packet, received from the client apparatus based on the modified external address, to the hidden interface.

Abstract: Disclosed are an apparatus and method for reconstructing a transmitted file with high performance in real time, which select analysis target packets for reconstruction by first checking using hardware whether data file-related information is present in packets transmitted via large-capacity traffic over a broadband network, and which reconstruct a file in real time only from the selected analysis target packets. The file reconstruction apparatus for reconstructing a data file from packets on a network includes a packet monitoring unit for extracting packets on the network, a collected packet selection unit for determining whether, for the extracted packets, each packet is a reconstruction target based on flow information, and selecting a reconstruction target packet, and a file reconstruction unit for performing file reconstruction by extracting data from the reconstruction target packet and by storing the extracted data as data of a reconstructed file in a relevant flow.

Abstract: In the present invention, by providing an apparatus for securing data comprising a memory for storing information for data processing, a processor configured to partition original data into a plurality of partial data and generate a plurality of divided data by randomly determining positions of each of the plurality of partial data within the original data, and a communication interface configured to transmit each of the plurality of divided data to each of a plurality of servers, respectively, if an attacker obtains a portion of the divided data, it prevents the entire original data from being restored, and the legitimate user can restore the original data accurately even if some divided data is corrupted, and provides an efficient data polymorphic dividing technique that can minimize the amount of calculation required to secure data.

Abstract: Disclosed herein is an apparatus for enhancing network security, which includes an information collection unit for collecting information about states of hosts that form a network and information about connectivity in the network; an attack surface analysis unit for analyzing attack surfaces by creating an attack graph using the information about the states and the information about connectivity; a security-enhancing strategy establishment unit for establishing a security-enhancing strategy based on the attack graph; and a security-enhancing strategy implementation unit for delivering a measure based on the security-enhancing strategy to a corresponding host, thereby taking a security-enhancing measure.