Abstract: A method of supporting decision-making of security control includes: (a) when an system for automatically analyzing a security threat receives a security warning from a security device, collecting security threat events generating the security warning from the security device; (b) when the collected security threat events exceed a preset event processing threshold, generating, by the system for automatically analyzing a security threat, a first request message for preferentially processing a security event; (c) when receiving the first request message generated from the system, determining, by the system for supporting priority of security control, a priority processing order of the security threat events, and notifying the system; and (d) when receiving the second request message generated from the system, determining, by the system for supporting priority of security control, a priority processing order and notifying the system for automatically analyzing a security threat of the determined priority process

Abstract: Disclosed are a system and method for automatically generating a playbook and verifying validity of a playbook based on artificial intelligence, wherein the system present invention includes a system for automatically generating a playbook that automatically generates the playbook, and a system for verifying validity of a playbook that is connected to the system for automatically generating a playbook through a network to perform the verification of the validity on the playbook received from the system for automatically generating a playbook.

Abstract: A device for automatically sorting a cyber attack includes an event feature generator that extracts a unique attacker IP by analyzing attacker IPs for each of the different kinds of security devices, and generates AI learning features of the security events of the different kinds of security devices including feature numerical data quantifying at least two or more features through attack information analysis recorded in the different kinds of security devices based on the information on the security events of the different kinds of security devices mapped to the extracted unique attacker IP, and an attack type sorter that learns the generated feature numerical data using an unsupervised learning algorithm, generates clustering data by sorting the feature numerical data into similar attack data and clustering sorted feature numerical data, and then analyzes the generated clustering data to identify a short-term or long-term attacker's cyber attack type.

Abstract: A method for identifying a wallet address associated with a virtual asset service provider is provided. The method comprises receiving a target wallet address, obtaining a transaction of a virtual asset associated with the target wallet address, obtaining a list of a plurality of known wallet addresses of virtual asset service providers (VASPs) and identifying a type of the target wallet address, by performing at least one of a cold wallet determination routine and a hot wallet determination routine for the target wallet address, based on the transaction and the list of known wallet addresses of the VASPs.

Abstract: A method for collecting dark web information is provided. The method for collecting dark web information is performed by a computing device and comprises obtaining a list of onion addresses of a plurality of target dark web sites, accessing at least one of the plurality of target dark web sites, collecting web page information of the accessed dark web site, storing information on the accessed dark web site by analyzing the collected web page information and providing an analysis result of the accessed dark web site by using the stored information on the accessed dark web site.

Abstract: Disclosed are a system and a method for detecting session initiation protocol (SIP) noncoding, and more particularly, to a system and a method for detecting SIP noncoding, which can manage reputation of a client terminal according to whether or not the client terminal sends an encoded SIP message through a 5G non-standalone/Standalone (5G NSA/SA), thereby preventing an SIP spoofing attack.

Abstract: Disclosed is a system and a method of automatizing a threat analysis based on artificial intelligence according to the present invention, the system comprising: a playbook automatic-generation module configured to generate a playbook based on a template by utilizing an artificial learning model; a playbook verification and management module configured to verify effectiveness of the playbook generated by the playbook automatic-generation module; a playbook database configured to save the playbook verified by the playbook verification and management module; and a playbook execution module configured to automatically execute any playbook corresponding to a detected event through matching therebetween from the playbook database.

Abstract: Disclosed is a system and a method of supporting a decision-making for security management to cause a security controller to rapidly take precautions against a threat, the system comprising: an interface unit configured to receive a request for support of a decision-making, and a processing unit configured to support at least one decision-making concerning materialization of the threat, the selection of a security event to be preferentially processed, or the recommendation of a most suitable response according to the request for the support of the decision-making.

Abstract: Disclosed is a system and a method of detecting an abnormal act threatening to security based on artificial intelligence according to the present invention, and, more particularly, a system and a method of detecting an abnormal act threatening to security based on artificial intelligence that are capable of rapidly carrying out pre-processing of a large-scaled data set based on multi processing, and efficiently detecting the abnormal act threatening to security via various pieces of security device on the basis of studied artificial intelligence.

Abstract: A method for identifying a wallet address associated with a virtual asset service provider is provided. The method comprises receiving a target wallet address, obtaining a transaction of a virtual asset associated with the target wallet address, obtaining a list of a plurality of known wallet addresses of virtual asset service providers (VASPs) and identifying a type of the target wallet address, by performing at least one of a cold wallet determination routine and a hot wallet determination routine for the target wallet address, based on the transaction and the list of known wallet addresses of the VASPs.

Abstract: A method for identifying a wallet address associated with a virtual asset service provider is provided. The method comprises receiving a target wallet address, obtaining a transaction of a virtual asset associated with the target wallet address, obtaining a list of a plurality of known wallet addresses of virtual asset service providers (VASPs) and identifying a type of the target wallet address, by performing at least one of a cold wallet determination routine and a hot wallet determination routine for the target wallet address, based on the transaction and the list of known wallet addresses of the VASPs.

Abstract: A method for collecting dark web information is provided. The method for collecting dark web information is performed by a computing device and comprises obtaining a list of onion addresses of a plurality of target dark web sites, accessing at least one of the plurality of target dark web sites, collecting web page information of the accessed dark web site, storing information on the accessed dark web site by analyzing the collected web page information and providing an analysis result of the accessed dark web site by using the stored information on the accessed dark web site.

Abstract: A method for identifying a wallet address associated with a virtual asset service provider is provided. The method comprises receiving a target wallet address, obtaining a transaction of a virtual asset associated with the target wallet address, obtaining a list of a plurality of known wallet addresses of virtual asset service providers (VASPs) and identifying a type of the target wallet address, by performing at least one of a cold wallet determination routine and a hot wallet determination routine for the target wallet address, based on the transaction and the list of known wallet addresses of the VASPs.

Abstract: Provided is a method performed by a computing device for classifying a type of exploit.

Abstract: Provided is a method performed by a computing device for monitoring an abnormal behavior of a plurality IoT devices. The method comprises determining abnormality of a behavior of each of the plurality of IoT devices based on traffic data representing the behavior of each of the plurality of IoT devices, clustering the behavior of each of the plurality of IoT devices based on the traffic data and a result of the determining the abnormality and generating data for representing a plurality of clusters formed as a result of the clustering such that a first cluster corresponding to a normal behavior cluster and a second cluster corresponding to an abnormal behavior cluster are displayed on different planes, the first cluster and the second cluster being divided based on the result of the determining the abnormality.

Abstract: Provided is a method for detecting abnormal traffic. The method comprises collecting non-access stratum (NAS) traffic between a user equipment (UE) and a mobility management node, identifying a ciphering algorithm supported by the UE from a network access request message transmitted from the UE to the mobility management node, and identifying the UE as a first type of terminal at risk based on a determination that the UE only supports a null ciphering algorithm.

Abstract: Provided is a method performed by a computing device for identifying a device. The method include receiving a target packet from an identification target device, extracting a pattern of the target packet, the target packet being transmitted by the identification target device from the packet, matching the pattern of the target packet with at least one of packet patterns stored in an identification information DB, comparing a first model name with a second model name, the first model name being corresponding to the matched pattern stored in the identification information DB, the second model name being selected by a user of a user terminal, and transmitting a proposed model name to the user terminal based on determining that the first model name and the second model name are different, the proposed model name being used for connection between the user terminal and the identification target device.

Abstract: Provided is a method performed by a computing device for identifying a device. The method include receiving a target packet from an identification target device, extracting a pattern of the target packet, the target packet being transmitted by the identification target device from the packet, matching the pattern of the target packet with at least one of packet patterns stored in an identification information DB, comparing a first model name with a second model name, the first model name being corresponding to the matched pattern stored in the identification information DB, the second model name being selected by a user of a user terminal, and transmitting a proposed model name to the user terminal based on determining that the first model name and the second model name are different, the proposed model name being used for connection between the user terminal and the identification target device.

Abstract: Provided are a method for detecting an anomaly in devices, the method being performed by a computing device and comprising: acquiring operation information on a first device connected to a security management unit (SMU) of a first domain, and operation information on a second device connected to a SMU of a second domain, and detecting an anomaly in the first device and/or the second device by comparing the operation information on the first device with the operation information on the second device, wherein the SMU of the first domain is not directly connected to the SMU of the second domain.

Abstract: A method for collecting dark web information is provided. The method for collecting dark web information is performed by a computing device and comprises obtaining a list of onion addresses of a plurality of target dark web sites, accessing at least one of the plurality of target dark web sites, collecting web page information of the accessed dark web site, storing information on the accessed dark web site by analyzing the collected web page information and providing an analysis result of the accessed dark web site by using the stored information on the accessed dark web site.