Abstract: According to an embodiment of the present disclosure, a server for providing online threat data based on user-customized keywords includes: an online threat data collection unit that accesses a channel of a messenger program and collects channel-specific online threat data; an online threat database construction unit that analyzes the online threat data to extract a string, uses the string as an index to generate information for retrieving the online threat data, and stores the generated information in a channel-specific database; when the user-customized keywords and user identifiers are received from a user terminal through a user-customized keyword registration procedure, a user-customized keyword database construction unit that matches the user-customized keywords with the user identifiers and stores the matched user-customized keywords and user identifiers in a user-customized keyword database; and when the user terminal logs in using the user identifiers, an online threat data providing unit that extrac

Abstract: Provided is an apparatus for detecting a command control server, the apparatus including: a collection unit configured to collect a malicious application; a malicious type determination unit configured to analyze the malicious application to determine a malicious type of the malicious application; and a command control server detection unit configured to detect a command control server associated with the malicious application based on the determined malicious type.

Abstract: Disclosed is an electronic apparatus for implementing a honeypot control system. The electronic apparatus includes a communication interface, a memory configured to store execution information including information on a virtual machine built on a cloud server, information on a running service, and information on an open port, and a processor configured to functionally control the communication interface and the memory, wherein the processor is configured to transmit execution information obtained based on information stored in the memory to each of a plurality of cloud servers in different Internet Protocol (IP) bands through the communication interface, when log information is received from each of the plurality of cloud servers that have received the execution information through the communication interface, normalize the received log information, and obtain malicious code information using the normalized log information.

Abstract: A server for storing and managing online threat data according to an embodiment of the present disclosure includes: an online threat data collection unit that collects online threat data from an online threat data providing server; an online threat data analysis unit that analyzes the online threat data to extract an online threat string, and uses the online threat string as an index to generate information for retrieving the online threat data; and a database in which information generated by the online threat data analysis unit is stored.

Abstract: Provided are a device, system, method, and computer program for inferring an attacker group by analyzing malicious code. The system includes a sandbox pool manager configured to allocate analysis target files for inferring an attacker group to one or more nodes and separately execute the analysis target files in separate malicious code analysis environments by controlling each node, an event manager configured to determine in real time whether all events related to the analysis target files have been collected on the basis of running state information of each node and collect events which are recorded in the malicious code analysis environments of each of the nodes and related to the analysis target files, an attacker group inference part configured to infer an attacker group by analyzing the collected events, and an analysis result provider configured to provide information on the inferred attacker group.

Abstract: Provided is a system for training a language model for cybersecurity, which includes: a document collection unit that collects a cybersecurity document used for training a language model for cybersecurity; an extraction unit that identifies non-linguistic elements in the cybersecurity document based on a non-linguistic element database; a tokenization unit that tokenizes the cybersecurity document to generate a plurality of tokens; and a language model application unit that controls the language model to simultaneously perform a first task of classifying types of the non-linguistic elements including at least one of a Bitcoin address, a hash value, an IP address, and a vulnerability identifier included in the cybersecurity document and a second task of recovering only linguistic elements of the cybersecurity document.

Abstract: Provided are a device and method for performing a task for cybersecurity on the basis of a dark web. The method performed by a device includes acquiring raw dark web data from a database, acquiring first dark web data by preprocessing the raw dark web data, pretraining a bidirectional encoder representations from transformers (BERT)-based language model using the first dark web data, fine-tuning the pretrained BERT-based language model using second dark web data, and performing a task for cybersecurity using the fine-tuned BERT-based language model.

Abstract: The present invention relates to a method for collecting data from a multi-domain in a data collection device. The method includes a step A of collecting data from a general web that is accessible through a search engine; a step B of collecting data from a dark web site that is not accessible with a general web browser and is accessible with preset specific software; and a step C of standardizing the collected data in a preset format and generating metadata for the collected data.

Abstract: The present disclosure relates to a method of crawling a website by a terminal. The method may include a method of crawling a website by a terminal including: modifying a header included in a hypertext transfer protocol (HTTP) request message to avoid bot detection; transmitting the HTTP request message to a client server through a proxy server providing a dynamic Internet protocol (IP); receiving a response message for accessing the website from the client server; collecting a tag for confirming an element displayed on a user screen in the response message; and performing the crawling based on the confirmation result.

Abstract: The present invention relates to a method and system for tracking abnormal transactions in e-commerce, and an object of the present invention is to track abnormal transactions by analyzing complex characteristic data of product information uploaded to an e-commerce platform. In order to achieve this object, a method for detecting an abnormal transaction in an electronic device according to the present invention includes: step a of generating an identity map based on first transaction information previously stored in an e-commerce server; step b of collecting second transaction information newly uploaded to the e-commerce server; step c of extracting a first identifier and second identifiers included in the second transaction information and generating a third identifier by combining the plurality of second identifiers; and step d of determining whether the second transaction information is an abnormal transaction by searching the identity map for the first identifier and the third identifier.

Abstract: Provided is a system for training a language model for cybersecurity, which includes: a document collection unit that collects a cybersecurity document used for training a language model for cybersecurity; an extraction unit that identifies non-linguistic elements in the cybersecurity document based on a non-linguistic element database; a tokenization unit that tokenizes the cybersecurity document to generate a plurality of tokens; and a language model application unit that controls the language model to simultaneously perform a first task of classifying types of the non-linguistic elements including at least one of a Bitcoin address, a hash value, an IP address, and a vulnerability identifier included in the cybersecurity document and a second task of recovering only linguistic elements of the cybersecurity document.

Abstract: The present invention relates to a method for collecting data from a multi-domain in a data collection device. The method includes a step A of collecting data from a general web that is accessible through a search engine; a step B of collecting data from a dark web site that is not accessible with a general web browser and is accessible with preset specific software; and a step C of standardizing the collected data in a preset format and generating metadata for the collected data.

Abstract: Provided is a system for training a language model for cybersecurity, which includes: a document collection unit that collects a cybersecurity document used for training a language model for cybersecurity; an extraction unit that identifies non-linguistic elements in the cybersecurity document based on a non-linguistic element database; a tokenization unit that tokenizes the cybersecurity document to generate a plurality of tokens; and a language model application unit that controls the language model to simultaneously perform a first task of classifying types of the non-linguistic elements including at least one of a Bitcoin address, a hash value, an IP address, and a vulnerability identifier included in the cybersecurity document and a second task of recovering only linguistic elements of the cybersecurity document.

Abstract: According to the present specification, a method for inspecting a high-speed network packet payload by a terminal includes: a step of receiving L7 (Layer 7) policy related to containers from a user; a step of extracting string patterns to be inspected for each of the containers on the basis of the L7 policy through a pattern compiler; a step of creating a deterministic finite automaton (DFA) on the basis of the extracted string patterns through the pattern complier; and a step of converting a state transition table of the deterministic finite automaton into a match-action table through the pattern compiler and storing the match-action table in an eBPF (extended Berkeley Packet Filter) map for a payload inspection engine.

Abstract: The present disclosure relates to a method, device, and computer program capable of detecting whether a brand logo is illegally being used by an unauthorized person using an image and text of the brand logo. The present disclosure provides a detection technique capable of accurately detecting illegal use of a brand logo even when variously transformed forms and background images are used to avoid legal use detection. According to embodiments of the present disclosure, since the logo identification model can be generated through the machine learning dataset based on the logo transformation images and the image illegal use information can be generated using the logo identification model, it is possible to more accurately detect the illegal use of the logo that is used in variously transformed forms. In addition, since the illegal use information on the logo text can be considered in addition to the logo image, it is possible to further increase the accuracy of the illegal use detection.

Abstract: According to a one embodiment of the present invention, a method for collecting a website in an electronic device includes: step a of accessing a web server corresponding to a Uniform Resource Locator (URL) and receiving a website corresponding to the URL; step b of obtaining a first solution key based on a CAPTCHA solution model when CAPTCHA exists in the website; step c of transmitting the first solution key to the web server and receiving an authentication result; step d of recalculating the first solution key when authentication of the first solution key has failed and transmitting a CAPTCHA resolution request signal to a user terminal when the authentication has failed more than a preset number of times; and step e of receiving a second solution key from the user terminal, transmitting the second solution key to the web server, and crawling the website.

Abstract: Provided are a terminal and method for storing and parsing log data. The method includes collecting log data on the basis of a file path of the log data, storing metadata including the file path and log data paired with the metadata in a database (DB), classifying the log data on the basis of the metadata, acquiring type information of a parser related to the log data, and parsing the log data through the parser having the type information.

Abstract: A method of detecting a brand theft according to an embodiment of the present disclosure includes: acquiring protected object data related to a brand to be protected, the protected object data including brand character data and brand logo image data related to a brand, and CDN keyword data indicating a source in which the brand logo image data is stored; acquiring crawled data by crawling an e-commerce web page; parsing the crawled data to acquire first data corresponding to a title or content of the web page, second data corresponding to an image, and third data related to a source of the image; analyzing each of the first data, the second data, and the third data to detect whether the protected object data is included in the crawled data for the web page; and monitoring e-commerce websites based on the detection result.

Abstract: According to the present specification, a method for inspecting a high-speed network packet payload by a terminal includes: a step of receiving L7 (Layer 7) policy related to containers from a user; a step of extracting string patterns to be inspected for each of the containers on the basis of the L7 policy through a pattern compiler; a step of creating a deterministic finite automaton (DFA) on the basis of the extracted string patterns through the pattern complier; and a step of converting a state transition table of the deterministic finite automaton into a match-action table through the pattern compiler and storing the match-action table in an eBPF (extended Berkeley Packet Filter) map for a payload inspection engine.

Abstract: A method for securing network communication between containers by a terminal, includes: a step of installing an HSI (Hyperion Secure Interface) for communication with a secure bridge included in an NIC (Network Interface Chip) in a secure container through a manager module; a step of changing a source address of a transmission packet to a specific token on the basis of a map of the HSI through the manager module; a step of delivering the transmission packet to the secure bridge through the HSI; a step of determining whether the specific token of the transmission packet is valid; and a step of changing the specific token to the source address and delivering the transmission packet to a target container when the specific token is valid.