Abstract: A method for identifying a wallet address associated with a virtual asset service provider is provided. The method comprises receiving a target wallet address, obtaining a transaction of a virtual asset associated with the target wallet address, obtaining a list of a plurality of known wallet addresses of virtual asset service providers (VASPs) and identifying a type of the target wallet address, by performing at least one of a cold wallet determination routine and a hot wallet determination routine for the target wallet address, based on the transaction and the list of known wallet addresses of the VASPs.

Abstract: A method for identifying a wallet address associated with a virtual asset service provider is provided. The method comprises receiving a target wallet address, obtaining a transaction of a virtual asset associated with the target wallet address, obtaining a list of a plurality of known wallet addresses of virtual asset service providers (VASPs) and identifying a type of the target wallet address, by performing at least one of a cold wallet determination routine and a hot wallet determination routine for the target wallet address, based on the transaction and the list of known wallet addresses of the VASPs.

Abstract: A method for identifying a wallet address associated with a virtual asset service provider is provided. The method comprises receiving a target wallet address, obtaining a transaction of a virtual asset associated with the target wallet address, obtaining a list of a plurality of known wallet addresses of virtual asset service providers (VASPs) and identifying a type of the target wallet address, by performing at least one of a cold wallet determination routine and a hot wallet determination routine for the target wallet address, based on the transaction and the list of known wallet addresses of the VASPs.

Abstract: A method for identifying a wallet address associated with a virtual asset service provider is provided. The method comprises receiving a target wallet address, obtaining a transaction of a virtual asset associated with the target wallet address, obtaining a list of a plurality of known wallet addresses of virtual asset service providers (VASPs) and identifying a type of the target wallet address, by performing at least one of a cold wallet determination routine and a hot wallet determination routine for the target wallet address, based on the transaction and the list of known wallet addresses of the VASPs.

Abstract: A detection system of a suspicious malicious website using the analysis of a JavaScript obfuscation strength, which includes: an entropy measuring processor of measuring an entropy of an obfuscated JavaScript present in the website, a special character entropy, and a variable/function name entropy; a frequency measuring processor of measuring a specific function frequency, an encoding mark frequency and a % symbol frequency of the JavaScript; a density measuring processor of measuring the maximum length of a single character string of the JavaScript; and a malicious website confirming processor of determining whether the relevant website is malicious by comparing an obfuscation strength value, measured by the entropy measuring processor, the frequency measuring processor and the density measuring processor, with a threshold value.

Abstract: An apparatus and method for effectively tracking a network path by using packet information generated when visiting a Web page are provided. According to embodiments of the invention, referrer information, seed information, and arrival information are extracted by using HTTP packet information generated while a particular Web page is being executed, whereby an infection path of malicious codes generated in several Web pages can be checked, thus preventing infection of a malicious code generated in Web pages.

Abstract: A system and method for collecting a URL using a retrieval service of an SNS capable of accurately and effectively extracting and collecting information including a malicious code among information exchanged in an SNS are provided. URL information included in post (a bulletin script, a message, a note, or the like) exchanged in an SNS based on real-time search word information is extracted and collected to be utilized for collecting a malicious code in the SNS, whereby generation of a malicious code in the SNS can be prevented in advance, and thus, damage to users due to infection of a malicious code can be significantly reduced. In addition, the URL information can be effectively collected through crawling.

Abstract: Disclosed herein is a PDF document type malicious code detection system for efficiently detecting a malicious code embedded in a document type and a method thereof. The present invention may perform a dynamic and static analysis on JavaScript within a PDF document, and execute the PDF document to perform a PDF dynamic analysis, thereby achieving an effect of efficiently extracting a malicious code embedded in the PDF document.

Abstract: An automatic management system includes a malicious code group-mutant storage module that receives a malicious codes analysis result from a malicious code collection-analysis system and extracts group information and mutant information of the malicious codes based on the malicious code analysis result, a malicious code group-mutant DB that stores the extracted group information and mutant information, a malicious code group-mutant management module that provides interface to allow a user to detect the group information and mutant information stored in the malicious code group-mutant DB, and a visualizing module that outputs the detection result to the user, wherein the malicious code group-mutant management module that groups malicious codes having action associations using the group information and mutant information stored in the malicious code group-mutant DB, outputs the group information through the visualizing module and outputs the mutant information based on CFG similarity and string similarity throug

Abstract: Provided is seed information collecting device for detecting malicious code landing/hopping/distribution sites. The device comprises: a seed information collecting module collecting social issue keywords from a seed information collecting channel and collecting address information of potential malicious code landing/hopping/distribution sites using the collected social issue keywords; a web source code collecting module collecting web source code of the potential malicious code landing/hopping/distribution sites using the address information of the potential malicious code landing/hopping/distribution sites collected by the seed information collecting module; and a policy management module managing collection policies of the seed information collecting module and the web source code collecting module.

Abstract: The present invention provides a detection system of a suspicious malicious website using the analysis of a JavaScript obfuscation strength, which includes: an entropy measuring block of measuring an entropy of an obfuscated JavaScript present in the website, a special character entropy, and a variable/function name entropy; a frequency measuring block of measuring a specific function frequency, an encoding mark frequency and a % symbol frequency of the JavaScript; a density measuring block of measuring the maximum length of a single character string of the JavaScript; and a malicious website confirming block of determining whether the relevant website is malicious by comparing an obfuscation strength value, measured by the entropy measuring block, the frequency measuring block and the density measuring block, with a threshold value.

Abstract: The present invention provides a malicious code detection and classification system using a string comparison technique, including a string extracting unit configured to extract all expressed strings existing in a binary file from the malicious code binary file; a string refining unit configured to refine elements obstructing malicious code detection and classification in the strings extracted from the string extracting unit; and a string comparison unit configured to determine how similar one binary is to another binary by comparing strings refined from the string refining unit.

Abstract: A system for analyzing malicious botnet activity in real time is disclosed. This system may include: a control server configured to generate botnet activity information relating to a type of malicious botnet activity, and transmit the botnet activity information to the outside, after receiving bot occurrence information from the outside; and a bot executing server configured to execute a malicious bot corresponding to the bot occurrence information received from the outside in a virtual environment operating system and transmit a real-time botnet detection result to the control server for generating the botnet activity information, according to a control of the control server, wherein the real-time botnet detection result includes information on whether or not the malicious bot performs malicious activity based on a command from a remote command/control server existing independently outside.

Abstract: The present invention relates to a malicious traffic isolation system and method using botnet information, and more particularly, to a malicious traffic isolation system and method using botnet information, in which traffics for a set of clients having the same destination are routed to the isolation system based on a destination IP/Port, and botnet traffics are isolated using botnet information based on similarity among groups of the routed and flowed in traffics. The present invention may provide a malicious traffic isolation method using botnet information, which can accommodate traffics received from a PC or a C&C server infected with a bot into a quarantine area, isolate traffics generated by normal users from traffics transmitted from malicious bots, and block the malicious traffics. In addition, the present invention may provide a malicious traffic isolation method using botnet information, which can provide a function of mitigating DDoS attacks of a botnet.

Abstract: The present invention relates to a method of managing a mobile multicast key using a foreign key. More specifically, the present invention relates to a method of managing a mobile multicast key using a foreign key for secure communication between a mobile terminal and a secure relay server in the region where microwaves from plural access points overlap. A method of managing a mobile multicast key using a foreign key according to the present invention has an advantage that multicast secure relay servers perform delegated authentication in advance in a region where microwaves overlap, thus reducing a delay time for authentication in a mobile terminal and it has an advantage that it can minimize an effect from changes in group keys that user's movement make, by using a primary group key and a foreign key. This results in a reduction of an overhead from update of a group key while moving, and accordingly a reduction of a delay time.

Abstract: The present invention relates to a method of efficiently managing dynamic multicast groups. In the method of efficiently managing dynamic multicast groups a hierarchical structure is used as a network structure for a multicast service. Accordingly, there are advantages in that groups can be merged or divided efficiently and overload depending on group management can be reduced.

Abstract: There is provided a system and method for detecting unknown malicious code by analyzing kernel based system actions. More particularly, the system and method provides an advantage of actively countering unknown malicious code or viruses by monitoring kernel based system events in real time, organizing action data based on the collected event data, determining whether the action data corresponds to predetermined malicious actions, backtracking a subject of a malicious action when the action data is determined to correspond to the malicious action, and processing the malicious action.

Abstract: The present invention relates to a security system of managing IRC and HTTP botnets and a method therefor. More specifically, the present invention relates to a system and a method that detects a botnet in an Internet service provider network to store information related to the detected botnet in a database and performs security management of IRC and HTTP botnets, including a botnet management security management (BMSM) system, configured to visualize the information related to the detected botnet and establish an against policy related to the detected botnet.

Abstract: The present invention relates to a delegated authentication method for secure mobile multicasting. More specifically, the present invention relates to a delegated authentication method for secure mobile multicasting in which, when a mobile terminal in a wireless area moves from one network to another, the mobile terminal receives beacon information from an access point (AP) and the multicast secure relay server of the mobile terminal requests the multicast secure relay server controlling the access point to delegated-authenticate the mobile terminal, and after the multicast secure relay server which has received the request makes delegated-authentication, the multicast secure relay server encrypts data using the group key which the mobile terminal used before moving.

Abstract: The present invention relates to a method of managing a mobile multicast key using a foreign key. More specifically, the present invention relates to a method of managing a mobile multicast key using a foreign key for secure communication between a mobile terminal and a secure relay server in the region where microwaves from plural access points overlap. A method of managing a mobile multicast key using a foreign key according to the present invention has an advantage that multicast secure relay servers perform delegated authentication in advance in a region where microwaves overlap, thus reducing a delay time for authentication in a mobile terminal. And it has an advantage that it can minimize an effect from changes in group keys that user's movement make, by using a primary group key and a foreign key. This results in a reduction of an overhead from update of a group key while moving, and accordingly a reduction of a delay time.