Abstract: According to a one embodiment of the present invention, a method for collecting a website in an electronic device includes: step a of accessing a web server corresponding to a Uniform Resource Locator (URL) and receiving a website corresponding to the URL; step b of obtaining a first solution key based on a CAPTCHA solution model when CAPTCHA exists in the website; step c of transmitting the first solution key to the web server and receiving an authentication result; step d of recalculating the first solution key when authentication of the first solution key has failed and transmitting a CAPTCHA resolution request signal to a user terminal when the authentication has failed more than a preset number of times; and step e of receiving a second solution key from the user terminal, transmitting the second solution key to the web server, and crawling the website.

Abstract: Provided are a terminal and method for storing and parsing log data. The method includes collecting log data on the basis of a file path of the log data, storing metadata including the file path and log data paired with the metadata in a database (DB), classifying the log data on the basis of the metadata, acquiring type information of a parser related to the log data, and parsing the log data through the parser having the type information.

Abstract: A method of detecting a brand theft according to an embodiment of the present disclosure includes: acquiring protected object data related to a brand to be protected, the protected object data including brand character data and brand logo image data related to a brand, and CDN keyword data indicating a source in which the brand logo image data is stored; acquiring crawled data by crawling an e-commerce web page; parsing the crawled data to acquire first data corresponding to a title or content of the web page, second data corresponding to an image, and third data related to a source of the image; analyzing each of the first data, the second data, and the third data to detect whether the protected object data is included in the crawled data for the web page; and monitoring e-commerce websites based on the detection result.

Abstract: According to the present specification, a method for inspecting a high-speed network packet payload by a terminal includes: a step of receiving L7 (Layer 7) policy related to containers from a user; a step of extracting string patterns to be inspected for each of the containers on the basis of the L7 policy through a pattern compiler; a step of creating a deterministic finite automaton (DFA) on the basis of the extracted string patterns through the pattern complier; and a step of converting a state transition table of the deterministic finite automaton into a match-action table through the pattern compiler and storing the match-action table in an eBPF (extended Berkeley Packet Filter) map for a payload inspection engine.

Abstract: A method for securing network communication between containers by a terminal, includes: a step of installing an HSI (Hyperion Secure Interface) for communication with a secure bridge included in an NIC (Network Interface Chip) in a secure container through a manager module; a step of changing a source address of a transmission packet to a specific token on the basis of a map of the HSI through the manager module; a step of delivering the transmission packet to the secure bridge through the HSI; a step of determining whether the specific token of the transmission packet is valid; and a step of changing the specific token to the source address and delivering the transmission packet to a target container when the specific token is valid.

Abstract: Provided are an electronic device and method for detecting a malicious server. The method includes acquiring first feature information of a server Internet protocol (IP) of a malicious website, acquiring second feature information of a server IP of a comparative website, comparing the first feature information with the second feature information, and determining that the malicious website has been changed to the comparative website on the basis of the comparison result.

Abstract: The present invention relates to a method for processing a knowledge graph in a data processing apparatus, comprising the steps of: (a) creating a knowledge graph including a taxonomy graph for a classification system of information objects and an entity graph for a relationship between specific information object instances; (b) updating the knowledge graph by reflecting the information objects extracted from a database in the knowledge graph; and (c) inferring the relevance of a random information object by using the updated knowledge graph.

Abstract: Provided is an apparatus for detecting a command control server, the apparatus including: a collection unit configured to collect a malicious application; a malicious type determination unit configured to analyze the malicious application to determine a malicious type of the malicious application; and a command control server detection unit configured to detect a command control server associated with the malicious application based on the determined malicious type.

Abstract: An apparatus for deriving a threat level of data according to an embodiment of the present disclosure includes a first scanning unit configured to confirm network information including host information and information about one or more services included in a server, a second scanning unit configured to confirm data disclosed on the server and generate a plurality of data sets by combining at least one of the confirmed data and pre-stored words, and a threat level analysis unit configured to analyze the threat level based on the network information and the plurality of data sets.

Abstract: The present disclosure relates to a method for detecting a scam address of cryptocurrency using a machine learning model, and the method comprises: acquiring information about scam addresses labeled as being used for a scam transaction and information about benign addresses labeled as being used for a normal transaction from a database; acquiring information about a mule address group used for money laundering on the basis of the scam address group; acquiring feature information corresponding to each of the benign addresses and the addresses included in the scam address group or the mule address group on the basis of at least one of the information about the benign addresses, the information about the scam address group, and the information about the mule address group; and generating a machine learning model by machine learning of the feature information corresponding to each of the addresses and label information corresponding to each of the addresses.

Abstract: Disclosed is an electronic apparatus for implementing a honeypot control system. The electronic apparatus includes a communication interface, a memory configured to store execution information including information on a virtual machine built on a cloud server, information on a running service, and information on an open port, and a processor configured to functionally control the communication interface and the memory, wherein the processor is configured to transmit execution information obtained based on information stored in the memory to each of a plurality of cloud servers in different Internet Protocol (IP) bands through the communication interface, when log information is received from each of the plurality of cloud servers that have received the execution information through the communication interface, normalize the received log information, and obtain malicious code information using the normalized log information.

Abstract: A method of detecting a brand theft according to an embodiment of the present disclosure includes: acquiring protected object data related to a brand to be protected, the protected object data including brand character data and brand logo image data related to a brand, and CDN keyword data indicating a source in which the brand logo image data is stored; acquiring crawled data by crawling an e-commerce web page; parsing the crawled data to acquire first data corresponding to a title or content of the web page, second data corresponding to an image, and third data related to a source of the image; analyzing each of the first data, the second data, and the third data to detect whether the protected object data is included in the crawled data for the web page; and monitoring e-commerce websites based on the detection result.

Abstract: According to an embodiment of the present disclosure, a server for providing online threat data based on user-customized keywords includes: an online threat data collection unit that accesses a channel of a messenger program and collects channel- specific online threat data; an online threat database construction unit that analyzes the online threat data to extract a string, uses the string as an index to generate information for retrieving the online threat data, and stores the generated information in a channel- specific database; when the user-customized keywords and user identifiers are received from a user terminal through a user-customized keyword registration procedure, a user-customized keyword database construction unit that matches the user-customized keywords with the user identifiers and stores the matched user-customized keywords and user identifiers in a user-customized keyword database; and when the user terminal logs in using the user identifiers, an online threat data providing unit that extr

Abstract: A server for storing and managing online threat data according to an embodiment of the present disclosure includes: an online threat data collection unit that collects online threat data from an online threat data providing server, an online threat data analysis unit that analyzes the online threat data to extract an online threat string, and uses the online threat string as an index to generate information for retrieving the online threat data; and a database in which information generated by the online threat data analysis unit is stored.

Abstract: Provided is a method of analyzing social influence. The method according to the embodiments includes obtaining posts containing text data in a forum, generating a forum interaction graph including a plurality of nodes corresponding to a plurality of embedded vectors generated by embedding the posts and edges indicating a connection relationship between the posts, and training an artificial intelligence model using the forum interaction graph.

Abstract: Provided are an electronic device and method for detecting a malicious server. The method includes acquiring first feature information of a server Internet protocol (IP) of a malicious website, acquiring second feature information of a server IP of a comparative website, comparing the first feature information with the second feature information, and determining that the malicious website has been changed to the comparative website on the basis of the comparison result.

Abstract: The present disclosure relates to a method of generating, by a terminal, an integrated graph using a distributed graph including: receiving source node information from a user; identifying, by a graph types module, a location of a graph database related to a type of a source node based on the source node information; requesting, by a graph manager module, graph data to an application corresponding to the location of the graph database; receiving the graph data from the application; and integrating, by a graph integration module, a node and an edge based on the source node and the graph data to generate the integrated graph.

Abstract: The present disclosure relates to a method of collecting, by a terminal, learning data of an artificial intelligence model to perform dark web document classification, the method including: generating a first word set masked with a first identifier based on text included in a first dark web document; generating a second word set masked with a second identifier based on text included in a second dark web document; calculating a similarity by comparing the first word set and the second word set; and, based on the similarity, collecting the second dark web document in a second storage unit when the similarity does not exceed a specific value, and discarding the second dark web document when the similarity exceeds the specific value.

Abstract: The present disclosure relates to a method of crawling a website by a terminal. The method may include a method of crawling a website by a terminal including: modifying a header included in a hypertext transfer protocol (HTTP) request message to avoid bot detection; transmitting the HTTP request message to a client server through a proxy server providing a dynamic Internet protocol (IP); receiving a response message for accessing the website from the client server; collecting a tag for confirming an element displayed on a user screen in the response message; and performing the crawling based on the confirmation result.

Abstract: The present disclosure relates to a method of collecting, by a terminal, learning data of an artificial intelligence model to perform dark web document classification, the method including: generating a first word set masked with a first identifier based on text included in a first dark web document; generating a second word set masked with a second identifier based on text included in a second dark web document; calculating a similarity by comparing the first word set and the second word set; and, based on the similarity, collecting the second dark web document in a second storage unit when the similarity does not exceed a specific value, and discarding the second dark web document when the similarity exceeds the specific value.