Abstract: Provided are an apparatus for matching URLs at high speed and a method thereof. According to the present invention, an input URL is parsed to separate host information and path information, and a host map and a URL hash map are registered. When a search target URL is input, URL matching is attempted in the registered host map and URL hash map, giving priority to the longest path based on path length, and a policy (action) is applied according to the matching result, thereby increasing matching speed.

Abstract: Disclosed are a multicast rule transformation apparatus and a method thereof. The multicast rule transformation apparatus according to an embodiment of the present invention performs an intersection transformation to convert a service flow rule for unicast transmission into a service flow rule for multicast transmission.

Abstract: Disclosed are a multicast service filter rule transformation method and apparatus. A multicast service filter rule transformation method according to an embodiment includes receiving a unicast filter table, transforming the received unicast filter table into a plurality of multicast service filter tables by dividing rule entries of the unicast filter table, and generating a multicast egress port that matches each filter rule in the multicast service filter tables.

Abstract: Disclosed are a multicast rule transformation apparatus and a method thereof. The multicast rule transformation apparatus according to an embodiment of the present invention performs an intersection transformation to convert a service flow rule for unicast transmission into a service flow rule for multicast transmission.

Abstract: Disclosed are a mobile edge computing system and a method of constructing a data feature set using the same. A mobile network system in a mobile edge computing (MEC) environment according to an embodiment includes a switch configured to copy a front end of an input packet, an MEC device configured to receive a front end copied packet from the switch to extract a data feature set of mobile network traffic, and a host configured to receive the traffic data feature set extracted from the MEC device to perform a security service.

Abstract: Disclosed are a packet processing apparatus using deep packet information and a method thereof. A network system according to an embodiment includes a packet processing apparatus configured to transmit a packet to a packet inspection apparatus, to receive and parse a packet in which deep packet information is tagged from the packet inspection apparatus, and to switch the packet according to the parsed deep packet information, and the packet inspection apparatus configured to perform deep-inspection on the packet received from the packet processing apparatus and to tag the deep packet information in a head room area of the packet.

Abstract: Disclosed are a structure and a clock synchronization method of a precision network interface card for acquiring heterogeneous PTP synchronization information for PTP synchronization network extension. In order to precisely time-synchronize a synchronous switch at a remote location with a synchronous switch of an internal network, a precision time protocol (PTP) synchronous network system and a PTP synchronization method according to an embodiment allow a plurality of switches therebetween to operate as virtual nodes and can precisely measure Ingress_Time of a time synchronization message using a clock synchronized with the virtual nodes.

Abstract: Provided are a method of providing a communication channel for secure management between a uniway data transmitting device and a uniway data receiving device which are physically separated from each other in a uniway security gateway system, and a uniway data transceiving device for providing two uniway communication channels therefor. The uniway security gateway system includes a uniway data transmitting device located in a secure area and a uniway data receiving device located in a control area, wherein the uniway data transmitting device and the uniway data receiving device provide a first communication channel for transmitting and receiving data in one direction from the secure area to the control area and a second communication channel for transmitting and receiving management data in one direction from the control area to the secure area.

Abstract: Disclosed are a method and apparatus for high-speed processing of GTP-U packets in a mobile network. The packet processing method and the apparatus according to an embodiment implements the encapsulation or decapsulation of GTP-U packets in a mobile network in a hardware-based structure to process the LBO of the GTP-U packet at high speed. It achieves the processing and solves the difficulty of protocol interworking with the mobile core network as information for the encapsulation or decapsulation processing of the GTP-U packet independently is acquired through self-learning without the help of the mobile core network.

Abstract: Disclosed are a method and apparatus for high-speed processing of GTP-U packets in a mobile network. The packet processing method and the apparatus according to an embodiment implements the encapsulation or decapsulation of GTP-U packets in a mobile network in a hardware-based structure to process the LBO of the GTP-U packet at high speed. It achieves the processing and solves the difficulty of protocol interworking with the mobile core network as information for the encapsulation or decapsulation processing of the GTP-U packet independently is acquired through self-learning without the help of the mobile core network.

Abstract: Provided are a method of providing a communication channel for secure management between a uniway data transmitting device and a uniway data receiving device which are physically separated from each other in a uniway security gateway system, and a uniway data transceiving device for providing two uniway communication channels therefor. The uniway security gateway system includes a uniway data transmitting device located in a secure area and a uniway data receiving device located in a control area, wherein the uniway data transmitting device and the uniway data receiving device provide a first communication channel for transmitting and receiving data in one direction from the secure area to the control area and a second communication channel for transmitting and receiving management data in one direction from the control area to the secure area.

Abstract: A method of and apparatus for searching for a signature in a packet according to a signature location. The method may include extracting a sub-payload to be compared with a signature from a payload of a packet, generating an offset that is location information about a location of the sub-payload in the payload, generating a search key that includes the extracted sub-payload and the generated offset, and performing ternary content addressable memory (TCAM) matching to check if the generated search key matches a TCAM entry.

Abstract: A network apparatus and method of classifying received packets in a security system, the method comprises parsing a received packet and extracting a payload from the parsed packet; scanning the payload to check whether or not a predetermined signature code is included in the payload; if it is determined from the result of the scanning that the predetermined signature code is included in the payload, generating a presumptive signature based on information included in the predetermined signature code; and determining whether or not the generated presumptive signature is identical with a signature corresponding to the predetermined signature code, and allocating an classification identifier (ID) to the received packet according to the result of the determination, thereby classifying the received packet according to the classification ID, wherein the predetermined signature code is formed by a part of the signature corresponding to the signature code.

Abstract: A method of and apparatus for searching for a signature in a packet according to a signature location. The method may include extracting a sub-payload to be compared with a signature from a payload of a packet, generating an offset that is location information about a location of the sub-payload in the payload, generating a search key that includes the extracted sub-payload and the generated offset, and performing ternary content addressable memory (TCAM) matching to check if the generated search key matches a TCAM entry.

Abstract: A network apparatus and method of classifying received packets based on a predetermined standard are disclosed.