Abstract: An anti-jamming apparatus and method for a compact array antenna are provided. The anti-jamming apparatus for a compact array antenna includes a Global Navigation Satellite System (GNSS) array antenna unit including a plurality of GNSS antennas for receiving GNSS signals transmitted from a satellite. A first beam-forming unit includes a plurality of combination units for receiving respective signals received by the plurality of GNSS antennas as a first reference signal and first auxiliary signals and combining the first reference signal with the first auxiliary signals, thus forming different beams. A second beam-forming unit receives signals of the different beams, and combining the signals of the different beams, thus forming an anti-jamming beam in which an invisible area is minimized.

Abstract: The present invention presents a network apparatus and a selective information monitoring method using the network apparatus, which allow a user to monitor only required information (the field information of packets) from all received packets. The network apparatus one or more physical interfaces connected to a monitoring target host and configured to receive network packets from the monitoring target host, and a switch fabric module including a configurable monitoring module configured to perform filtering so that selective information is extracted from the network packets collected through the one or more physical interfaces.

Abstract: The present invention presents a network apparatus and a selective information monitoring method using the network apparatus, which allow a user to monitor only required information (the field information of packets) from all received packets. The network apparatus one or more physical interfaces connected to a monitoring target host and configured to receive network packets from the monitoring target host, and a switch fabric module including a configurable monitoring module configured to perform filtering so that selective information is extracted from the network packets collected through the one or more physical interfaces.

Abstract: An anti-jamming apparatus and method for a compact array antenna are provided. The anti-jamming apparatus for a compact array antenna includes a Global Navigation Satellite System (GNSS) array antenna unit including a plurality of GNSS antennas for receiving GNSS signals transmitted from a satellite. A first beam-forming unit includes a plurality of combination units for receiving respective signals received by the plurality of GNSS antennas as a first reference signal and first auxiliary signals and combining the first reference signal with the first auxiliary signals, thus forming different beams. A second beam-forming unit receives signals of the different beams, and combining the signals of the different beams, thus forming an anti-jamming beam in which an invisible area is minimized.

Abstract: A system and method for managing a network by value-based estimation is provided. A network device requesting communication is defined as an active point and a network device receiving a request for communication is defined as a passive point. A value of a network device is determined according to the number of active points connected to the corresponding network device, and a value of a network device that is in a path of communication between network devices is determined based on a value of a network device passing through the corresponding network device. When a policy for changing a network environment is transferred in a state where the values of the network devices have been estimated, a policy conflict test is performed on the basis of the estimated values of the network devices, thereby determining application of the policy in due consideration of the values and significance of the network devices.

Abstract: Provided are N grouping of traffic and pattern-free Internet worm response system and method. According to the method, traffic factors generated by respective worms are grouped into N groups so that a great quantity of Information may be effectively understood and a worm generated afterward is involved with characteristics of a relevant group. Damages of a network or a system predictable through already classified N traffic characteristics are defined so that corresponding step-by-step measures are taken. Characteristics of the grouped worms are quantitatively analyzed so that a danger degree of a new worm is predicted when the new worm appears afterward and forecasting and alarming through the prediction are performed. Easiness with which a controlling operator instantly understands an accident using a visualization method having an approximate real-time characteristic is increased, so that detection efficiency for most worms not detected using a conventional rule is increased.

Abstract: A system and method for managing a network by value-based estimation is provided. A network device requesting communication is defined as an active point and a network device receiving a request for communication is defined as a passive point. A value of a network device is determined according to the number of active points connected to the corresponding network device, and a value of a network device that is in a path of communication between network devices is determined based on a value of a network device passing through the corresponding network device. When a policy for changing a network environment is transferred in a state where the values of the network devices have been estimated, a policy conflict test is performed on the basis of the estimated values of the network devices, thereby determining application of the policy in due consideration of the values and significance of the network devices.

Abstract: Provided is a method for responding a distributed denial of service (DDoS) attack using deterministic pushback scheme. In the method, all of packets outbound from an edge router of a predetermined network system to the other network system are marked with own IP address in order to enable a victim system to confirm an IP address of an attack source edge router for DDoS attack packets. Then, IP address information of an attack source edge router is obtained by reassembling an IP address of detected DDoS attack packets at a victim system that detects DDoS attack. A deterministic pushback message is received at an attack source edge router if a victim system transmits a deterministic pushback message to the attack source edge router, information of the attack source edge router is confirmed, and corresponding attack packets are filtered.

Abstract: A system and method for detecting a hidden process using system event information are provided. The system includes: a kernel layer monitoring module for extracting system event information by monitoring a kernel layer system; a kernel layer process list detecting module for detecting processes related to an event from the extracted system event information; an application layer process list detecting module for detecting a process list provided to a user from an application layer; and a hidden process detecting module for detecting a process that is present only in the kernel layer as a hidden process by comparing the processes detected from the kernel layer process list detecting module and the processes detected from the application layer process list detecting module.

Abstract: A multistep integrated security management system and method using an intrusion detection log collection engine and a traffic statistic generation engine is disclosed. An intrusion detection log collection engine capable of collecting logs generated from diverse intrusion detection engines and a traffic statistic generation engine collect and transmit analyzed data to a control intermediate management server. The control intermediate management server performs more accurate intrusion detection by relationally analyzing the intrusion detection log information and the traffic statistic information. A control uppermost management server performs an integrated security management on a large-scale group subject to control by performing an integrated analysis on a large-scale group subject to control, and thus can support the large-scale integrated security management efficiently.

Abstract: A system and method for detecting Internet worm traffics through classification of traffic characteristics by types is disclosed. The system and method defines Internet worm as a characteristic profile classified into diverse traffic characteristics, detects Internet worm traffics by comparing the similarity of a collected traffic with that of a defined traffic, classifies the type of the Internet worm, and performs severity judgment and alarming. The detection efficiency of most worms, which cannot be detected based on the existing rule, can be increased. Also, the risk grade of the corresponding worm traffic can be quantitatively provided by judging the severity according to the similarity scores and the predefined severity grade. Accordingly, the survival of the entire communication network can be heightened through the countermeasure and the forecast/alarm in steps, and mass information can be effectively seized.

Abstract: A system and method for transmitting cyber threat information in real time, which is designed to minimize overload of a server in order to support large-scale clients, is disclosed. Important related information such as countermeasures against cyber threats or cyber attacks is transmitted in real time to a user through diverse methods including an SMS message, an email message, and a popup message, and thus the user can cope with such cyber threats effectively, actively, and promptly, so that the damage due to the cyber threats against important systems and services can be minimized.

Abstract: Provided are N grouping of traffic and pattern-free Internet worm response system and method. According to the method, traffic factors generated by respective worms are grouped into N groups so that a great quantity of information may be effectively understood and a worn generated afterward is involved with characteristics of a relevant group. Damages of a network or a system predictable through already classified N traffic characteristics are defined so that corresponding step-by-step measures are taken. Characteristics of the grouped worms are quantitatively analyzed so that a danger degree of a new worm is predicted when the new worm appears afterward and a forecast and alarming through the prediction are performed. Easiness with which a controlling operator instantly understands an accident using a visualization method having an approximate real-time characteristic is increased, so that detection efficiency for most of worms not detected using a conventional rule is increased.