Abstract: Disclosed is an apparatus for distributed processing of an identical packet in high-speed network security equipment, including: a plurality of analysis modules for each determining whether vulnerability analysis is required by analyzing a received packet; a circular queue for receiving the packet from an analysis module initially determining that the vulnerability analysis is required and storing the received packet as a bucket structure; and a plurality of analysis engines for each performing different vulnerability analyses for the packet acquired from the circular queue based on a packet address of the bucket structure, in which the bucket structure includes a packet data storage unit and packet use information storage units which are as many as the plurality of analysis engines, and the packet use information storage units store packet use information of the plurality of respective analysis engines, respectively.

Abstract: Disclosed is an apparatus for distributed processing of an identical packet in high-speed network security equipment, including: a plurality of analysis modules for each determining whether vulnerability analysis is required by analyzing a received packet; a circular queue for receiving the packet from an analysis module initially determining that the vulnerability analysis is required and storing the received packet as a bucket structure; and a plurality of analysis engines for each performing different vulnerability analyses for the packet acquired from the circular queue based on a packet address of the bucket structure, in which the bucket structure includes a packet data storage unit and packet use information storage units which are as many as the plurality of analysis engines, and the packet use information storage units store packet use information of the plurality of respective analysis engines, respectively.

Abstract: The present disclosure relates to an apparatus and method for reconfiguring a signature used in a signature-based abnormal traffic detection scheme. A signature reconfiguration method of the present disclosure comprises: selecting a signature from a signature list and dividing the selected signature into a plurality of signature fragments; calculating a first impact for each of a plurality of load elements by inspection of the plurality of signature fragments for the plurality of load elements; calculating a second impact for each of the plurality of load elements by applying a weight for each of the plurality of load elements to the first impact; calculating a final load impact for each signature fragment by summing corresponding second impacts to each signature fragment among the calculated second impacts; and rearranging an order of the plurality of signature fragments according to a magnitude of the calculated final load impact.

Abstract: Provided are a multi-pattern policy detection system and method, wherein, in an environment that operates a plurality of policies for determining matching or non-matching by a string or a normalized format, the plurality of policies are expressed by a data structure that is searchable at a time, and are optimized to improve search performance.

Abstract: An intrusion protection system (IPS) switch system forwards traffic inserted from a switch to a destination port, simultaneously copying and storing the traffic output to an internal port by a port mirroring method of the switch, detecting maleficence inspection of the stored packet based on a protocol/pattern, providing a blocking control policy (e.g., Access Control List (ACL)) to an output port of the switch based on IP or MAC information of the terminal detected of maleficence to prevent expansion of maleficent packets, and transmitting traffic whose destination is outside to the IPS processor to transmit only normal packets to the outside after detecting/blocking maleficence based on the protocol/pattern, and a processing method thereof.

Abstract: Disclosed is an apparatus for verifying a malicious code machine learning classification model, which includes: a main feature processing subsystem performing feature extracting and processing functions in an input file; and a multi-layer cyclic verification subsystem performing multi-layer verification in order to determine whether the file is normal or malicious based on the extracted and processed features to verify a machine learning model that classifies malicious codes, thereby ensuring reliability of a prediction result for a machine learning model.

Abstract: Provided are a multi-pattern policy detection system and method, wherein, in an environment that operates a plurality of policies for determining matching or non-matching by a string or a normalized format, the plurality of policies are expressed by a data structure that is searchable at a time, and are optimized to improve search performance.

Abstract: The present invention relates to a multicore communication processing service. More specifically, aspects of the present invention provide a technology for converting a plurality of data packet units into one jumbo frame unit, copying the converted jumbo frame to a plurality of dual in-line memories (DIMMs) by logical distribution, and computing the jumbo frame through each CPU including multicore processors corresponding to the plurality of DIMM channels, thereby reducing the number of packets per second and securing efficiency in memories and CPU resources, and also adding/removing a header field for each data packet included in the jumbo frame according to a path transmitted or received from a network interface card (NIC) of the jumbo frame or processing the data packet using the header field only, thereby minimizing packet receive event and reducing context switching generated upon the packet receive event, which results in improvement of jumbo frame processing performance.

Abstract: The present invention provides a technology for controlling an IoT gateway command control based packet, preemptively blocking information leakage by detecting/blocking command not allowed through a DB updated by automatically learning new commands recognized based thereon in real-time, determining whether they correspond to each other through search/comparison in each pattern DB corresponding thereto and selectively processing the corresponding packet according to the determined result, generating a session table based on the processed result and determining whether there is an abnormal act by checking a predetermined item, and blocking access to IoT server of abnormal packet by performing a policy according to packet blocking rule management flow.

Abstract: The present invention is directed to configure an effective search node based on splitting, regrouping, complexity calculation, and learning information, and perform high-performance regular expression search. To this end, the present invention includes: a policy database; a regular expression extraction processor; a regular expression fragment processor that splits each of the regular expression character strings extracted by the regular expression extraction processor in accordance with a fragmentation rule; a regular expression normalization processor that generates an optimized regular expression fragment table; a cost calculation engine processor that determines a cost for each of the regular expression fragments; a decision tree generation processor that generates a decision tree based on cost information; and a pattern matching engine processor that configures a search engine.

Abstract: A system and method for providing authentication service for IoT security are disclosed herein. The system for providing authentication service for IoT security includes an Internet of Things (IoT) service server, and an IoT gateway node. The IoT service server supports an IoT communication service in accordance with an IoT communication service policy. The IoT gateway node receives an IoT service request from a terminal attempting to control an IoT device that supports the IoT communication service while operating in conjunction with the IoT service server, identifies whether the terminal attempting to control the IoT device is a normal user based on profile information, collected from the terminal via the IoT service request, via the IoT service server, and performs the security authentication of the IoT device.

Abstract: Provided is an arrow, wherein by forming a diameter of a shaft, at a fore end of which a point is combined and at a rear end of which a nock is combined, in such a way that the diameter is reduced going from the fore end to the rear end, a center of weight is shifted toward the fore end so as to increase a hitting ratio of the arrow and a deflection deformation is reduced.

Abstract: Provided is a compound bow comprising: a bow main body; upper and lower pulley assemblies; a bowstring; and first and second cam cables, wherein at least one of the first and second cam cables is coupled to the fixing projection that moves along as a cam module moves, is wound on a cam cable winding portion via a compensation projection, and then extends toward the other side pulley assembly, and a front portion of the cam module is in contact with the one cam cable and thus the one cam cable is bent when the cam module is moved, to thus release the one cam cable from the cam cable winding portion via the compensating projection from the fixing projection that the one cam cable is coupled, to thereby maintain constant tension of the cam cable and keep the power of the bow.

Abstract: An apparatus and method for providing analysis service based on behavior in a mobile network environment are disclosed. The apparatus includes a control unit configured to control the path of a packet based on predetermined policy information, to block the packet based on a result of an analysis of the packet, or to extract information about the packet and selectively process the extracted information based on the predetermined policy information; a download path and file management engine configured to collect downloaded files corresponding to the URL of the packet, to extract the downloaded files as an app file, and to transfer the extracted app file to a virtual machine; and a virtual machine management engine unit configured to determine whether malware is present in the app file and whether the app file has accessed the resources, and to selectively manage the corresponding app based on a result of the determination.

Abstract: The present invention relates to a multicore communication processing service. More specifically, aspects of the present invention provide a technology for converting a plurality of data packet units into one jumbo frame unit, copying the converted jumbo frame to a plurality of dual in-line memories (DIMMs) by logical distribution, and computing the jumbo frame through each CPU including multicore processors corresponding to the plurality of DIMM channels, thereby reducing the number of packets per second and securing efficiency in memories and CPU resources, and also adding/removing a header field for each data packet included in the jumbo frame according to a path transmitted or received from a network interface card (NIC) of the jumbo frame or processing the data packet using the header field only, thereby minimizing packet receive event and reducing context switching generated upon the packet receive event, which results in improvement of jumbo frame processing performance.

Abstract: The present invention provides a technology for controlling an IoT gateway command control based packet, preemptively blocking information leakage by detecting/blocking command not allowed through a DB updated by automatically learning new commands recognized based thereon in real-time, determining whether they correspond to each other through search/comparison in each pattern DB corresponding thereto and selectively processing the corresponding packet according to the determined result, generating a session table based on the processed result and determining whether there is an abnormal act by checking a predetermined item, and blocking access to IoT server of abnormal packet by performing a policy according to packet blocking rule management flow.

Abstract: The present invention includes creating a session in response to a session setup request for a general packet radio service (GPRS) application service, receiving GTP packet data using GPRS tunneling protocol (GTP) tunnel, performing decoding on the GTP packet data, determining whether there is an attack attributable to malicious behavior based on a predetermined management DB, identifying the type of the GTP packet data as the type of GTP packet for attacked GTP packet data and the type of GTP packet for non-attacked packet data based on a result of the determination, carrying out a predetermined policy for the identified type of GTP packet, performing the standardization of the packet data of each GTP version, determining whether the standardized packet data has been registered with a hash buffer in accordance with the type of pairing message for each command, and processing a session based on a result of the determination.

Abstract: An automatic malignant code collecting system comprises a first database configured to store detection target website information, a virtual machine controller configured to read the website information from the first database and transmit the website information, a first virtual machine configured to periodically gain access to a website using the website information and to collect a malignant code and evidence thereof if an abnormal event occurs when the first virtual machine gains access to the website, a second virtual machine configured to periodically gain access to the same website as accessed by the first virtual machine using the website information received from the virtual machine controller and to collect a malignant code and evidence thereof if an abnormal event occurs when the second virtual machine gains access to the website, and a second database configured to store the malignant code and the evidence thereof collected by the first virtual machine and the second virtual machine.

Abstract: Disclosed herein is a body frame for a bicycle which is able to provide higher strength in such a way to use a carbon material even when the outer diameters of a top tube, a bottom tube, a seat tube, a chain tube, etc. have the thickness of a body frame of a classical bicycle, while relatively reducing the weight of the body frame. For this, the body frame for a bicycle according to the present invention is configured in such a way that each of the top tube, the bottom tube and the seat tube is made in a circular shape wherein the outer diameters are same from one end to the other end of each tube, and the flesh thickness of each tube is relatively thicker at the other end portion than one end portion, and each tube is made of a carbon material.

Abstract: A fast application recognition system includes an output management unit to buffer an input packet and transmit the packet to an outside according to control information, a preprocessing path selection unit to receive the packet from the output management unit, extract control information corresponding to a packet's header information, and return the extracted control information to the output management unit, a primary processing unit to receive a packet not processed at the preprocessing path selection unit, extract control information corresponding to a packet's pattern using a primary pattern database, and return the extracted control information to the output management unit, and a statistics control unit to receive a packet from the output management unit according to the control information and the primary processing unit, extract control information corresponding to a packet's pattern using a secondary pattern database, and return the extracted control information to the output management unit.