Patents by Inventor Byung-Chul BAE
Byung-Chul BAE has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20230376591Abstract: Disclosed herein is a method for processing a security event in a container virtualization environment. The method may include collecting designated security events in a kernel space, storing the collected security events in a security event storage module in real time, and providing a security manager with the security event corresponding to a query request from a security event management module, among the security events stored in the security event storage module.Type: ApplicationFiled: September 27, 2022Publication date: November 23, 2023Inventors: Sung-Jin KIM, In-Hyeok JANG, Woo-Min HWANG, Byung-Chul BAE, Byung-Joon KIM
-
Patent number: 9965631Abstract: Disclosed herein are an apparatus and method for analyzing malicious code in a multi-core environment. The apparatus for analyzing malicious code includes a core setting unit for setting at least one monitoring core, on which malicious code is to be monitored, among cores of a multi-core Central Processing Unit (CPU), and executing a monitoring program on the monitoring core, a behavioral information collection unit for, when execution cores that are not set as the monitoring core execute analysis target code, collecting pieces of behavioral information using the monitoring program and a hardware debugging device, and a storage unit for storing the behavioral information.Type: GrantFiled: March 18, 2016Date of Patent: May 8, 2018Assignee: Electronics and Telecommunications Research InstituteInventors: Sang-Rok Lee, Jung-Hee Lee, Byung-Chul Bae
-
Publication number: 20170083705Abstract: Disclosed herein are an apparatus and method for analyzing malicious code in a multi-core environment. The apparatus for analyzing malicious code includes a core setting unit for setting at least one monitoring core, on which malicious code is to be monitored, among cores of a multi-core Central Processing Unit (CPU), and executing a monitoring program on the monitoring core, a behavioral information collection unit for, when execution cores that are not set as the monitoring core execute analysis target code, collecting pieces of behavioral information using the monitoring program and a hardware debugging device, and a storage unit for storing the behavioral information.Type: ApplicationFiled: March 18, 2016Publication date: March 23, 2017Applicant: Electronics and Telecommunications Research InstituteInventors: Sang-Rok LEE, Jung-Hee LEE, Byung-Chul BAE
-
Patent number: 9444828Abstract: A network intrusion detection apparatus and method that perform Perl Compatible Regular Expressions (PCRE)-based pattern matching on the payloads of packets using a network processor equipped with a Deterministic Finite Automata (DFA) engine. The network intrusion detection apparatus includes a network processor core for receiving packets from a network, and transmitting payloads of the received packets to a Deterministic Finite Automata (DFA) engine. A detection rule converter converts a PCRE-based detection rule, preset to detect an attack packet, into a detection rule including a pattern to which only PCRE grammar corresponding to the DFA engine is applied. The DFA engine performs PCRE pattern matching on the payloads of the packets based on the detection rule converted by the detection rule converter.Type: GrantFiled: September 11, 2013Date of Patent: September 13, 2016Assignee: ELECTRONICS AND TELECOMMUNICATIONS RESERACH INSTITUTEInventors: Sung-Ryoul Lee, Young-Han Choi, Jung-Hee Lee, Byung-Chul Bae, Hyung-Geun Oh, Ki-Wook Sohn
-
Patent number: 9083678Abstract: A firewall policy inspection apparatus and method is provided. The firewall policy inspection apparatus includes an intrusion prevention rule obtainment unit for obtaining intrusion prevention rules from a target firewall policy. An anomaly rule detection unit detects an anomaly rule in a relationship between the intrusion prevention rules. A screen display unit displays an anomaly rule graph on a screen using results of the detection.Type: GrantFiled: July 19, 2013Date of Patent: July 14, 2015Assignee: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTEInventors: Jae-Sung Lee, Jung-Min Kang, Byung-Chul Bae
-
Patent number: 8893233Abstract: A referer verification apparatus and method for controlling web traffic having malicious code are provided. In the referer verification method, whether a referer is present in a Hypertext Transfer Protocol (HTTP) packet is determined. If it is determined that the referer is present in the HTTP packet, Uniform Resource Locators (URLs) are extracted from a referer web page corresponding to the referer. The referer is verified based on a URL corresponding to a referer verification request received from a server and the extracted URLs. A Completely Automated Public Test to tell Computers and Humans Apart (CAPTCHA) verification procedure conducted by a user is performed based on results of the verification of the referer.Type: GrantFiled: September 10, 2012Date of Patent: November 18, 2014Assignee: Electronics and Telecommunications ResearchInventors: Chul-Woo Lee, Deok-Jin Kim, Byoung-Jin Han, Byung-Chul Bae, Sang-Woo Park, Man-Hee Lee, E-Joong Yoon
-
Publication number: 20140157356Abstract: A firewall policy inspection apparatus and method is provided. The firewall policy inspection apparatus includes an intrusion prevention rule obtainment unit for obtaining intrusion prevention rules from a target firewall policy. An anomaly rule detection unit detects an anomaly rule in a relationship between the intrusion prevention rules. A screen display unit displays an anomaly rule graph on a screen using results of the detection.Type: ApplicationFiled: July 19, 2013Publication date: June 5, 2014Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTEInventors: Jae-Sung LEE, Jung-Min KANG, Byung-Chul BAE
-
Patent number: 8732833Abstract: A system and method for detecting network intrusion by using a network processor are provided. The intrusion detection system includes: a first intrusion detector, configured to use a first network processor to perform intrusion detection on layer 3 and layer 4 of a protocol field among information included in a packet header of a packet transmitted to the intrusion detection system, and when no intrusion is detected, classify the packets according to stream and transmit the classified packets to a second intrusion detector; and a second intrusion detector, configured to use a second network processor to perform intrusion detection through deep packet inspection (DPI) for the packet payload of the packets transmitted from the first intrusion detector. Thereby, intrusion detection for high-speed packets can be performed in a network environment.Type: GrantFiled: April 22, 2012Date of Patent: May 20, 2014Assignee: Electronics and Telecommunications Research InstituteInventors: Young-Han Choi, Deok-Jin Kim, Sung-Ryoul Lee, Man-Hee Lee, Byung-Chul Bae, Sang-Woo Park, E-Joong Yoon
-
Publication number: 20140123288Abstract: A network intrusion detection apparatus and method that perform Perl Compatible Regular Expressions (PCRE)-based pattern matching on the payloads of packets using a network processor equipped with a Deterministic Finite Automata (DFA) engine. The network intrusion detection apparatus includes a network processor core for receiving packets from a network, and transmitting payloads of the received packets to a Deterministic Finite Automata (DFA) engine. A detection rule converter converts a PCRE-based detection rule, preset to detect an attack packet, into a detection rule including a pattern to which only PCRE grammar corresponding to the DFA engine is applied. The DFA engine performs PCRE pattern matching on the payloads of the packets based on the detection rule converted by the detection rule converter.Type: ApplicationFiled: September 11, 2013Publication date: May 1, 2014Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTEInventors: Sung-Ryoul LEE, Young-Han CHOI, Jung-Hee LEE, Byung-Chul BAE, Hyung-Geun OH, Ki-Wook SOHN
-
Patent number: 8661543Abstract: A mobile terminal having security diagnosis functionality and a method of making a diagnosis on the security of the mobile terminal are provided. The mobile terminal includes a system check unit, an interface unit, a blacklist check unit, and a security diagnosis unit. The system check unit collects the basic information of the mobile terminal by performing a system check on the mobile terminal. The interface unit provides the basic information of the mobile terminal to a user and receives a control command from the user. The blacklist check unit checks whether at least one application installed in the mobile terminal is present in a blacklist registered on a server. The security diagnosis unit checks whether an abnormality has occurred in the corresponding application based on results of the comparison between the basic information of the mobile terminal with preset abnormality detection reference information and the control command.Type: GrantFiled: June 5, 2012Date of Patent: February 25, 2014Assignee: Electronics and Telecommunications Research InstituteInventors: Jung-Hee Lee, Sang-Wook Lee, Jong-Moon Lee, Byung-Chul Bae, Sang-Woo Park, E-Joong Yoon
-
Publication number: 20140047543Abstract: An apparatus and method for detecting a Hyper Text Transfer Protocol (HTTP) botnet based on the densities of transactions. The apparatus includes a collection management unit, a web transaction classification unit, and a filtering unit. The collection management unit extracts metadata from HTTP request packets collected by a traffic collection sensor. The web transaction classification unit extracts web transactions by analyzing the metadata, and generates a gray list by arranging the extracted web transactions according to the frequency of access. The filtering unit detects an HTTP botnet by filtering the gray list based on a white list and a black list.Type: ApplicationFiled: August 3, 2013Publication date: February 13, 2014Applicant: Electronics and Telecommunications Research InstituteInventors: Sung-Jin KIM, Jong-Moon LEE, Byung-Chul BAE, Hyung-Geun OH, Ki-Wook SOHN
-
Publication number: 20140020067Abstract: An apparatus and method for controlling traffic based on a Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) are provided. The traffic control apparatus includes a traffic monitoring unit, a CAPTCHA verification unit, a list management unit, and a traffic control unit. The traffic monitoring unit monitors a packet between an internal network and an external network. The CAPTCHA verification unit, if packet information is not present in an access control list, sends a CAPTCHA request message to a client computer, receives a CAPTCHA response message, and verifies the CAPTCHA response message. The list management unit, if the packet information is present in the access control list, detects an access control policy corresponding to the packet information in the access control list. The traffic control unit controls traffic based the verification of the CAPTCHA response message and the control policy.Type: ApplicationFiled: September 9, 2012Publication date: January 16, 2014Applicant: Electronics and Telecommunications Research InstituteInventors: Deok-Jin KIM, Byoung-Jin HAN, Chul-Woo LEE, Man-Hee LEE, Byung-Chul BAE, Hyung-Geun OH, Ki-Wook SOHN
-
Publication number: 20140013389Abstract: A communication blocking control method includes receiving a communication blocking request from a terminal in an idle state in which it is difficult to find out whether information is leaked or not; registering a state of the terminal in a communication blocked list according to the communication blocking request; and blocking external communication of the terminal through a network.Type: ApplicationFiled: September 14, 2012Publication date: January 9, 2014Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTEInventors: Byoung-Jin HAN, Deok-Jin KIM, Chul-Woo LEE, Man-Hee LEE, Byung-Chul BAE, Hyung-Geun OH, Ki-Wook SOHN
-
Publication number: 20130347069Abstract: A referer verification apparatus and method for controlling web traffic having malicious code are provided. In the referer verification method, whether a referer is present in a Hypertext Transfer Protocol (HTTP) packet is determined. If it is determined that the referer is present in the HTTP packet, Uniform Resource Locators (URLs) are extracted from a referer web page corresponding to the referer. The referer is verified based on a URL corresponding to a referer verification request received from a server and the extracted URLs. A Completely Automated Public Test to tell Computers and Humans Apart (CAPTCHA) verification procedure conducted by a user is performed based on results of the verification of the referer.Type: ApplicationFiled: September 10, 2012Publication date: December 26, 2013Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTEInventors: Chul-Woo LEE, Deok-Jin KIM, Byoung-Jin HAN, Byung-Chul BAE, Sang-Woo PARK, Man-Hee LEE, E-Joong YOON
-
Publication number: 20130219498Abstract: A mobile terminal having security diagnosis functionality and a method of making a diagnosis on the security of the mobile terminal are provided. The mobile terminal includes a system check unit, an interface unit, a blacklist check unit, and a security diagnosis unit. The system check unit collects the basic information of the mobile terminal by performing a system check on the mobile terminal. The interface unit provides the basic information of the mobile terminal to a user and receives a control command from the user. The blacklist check unit checks whether at least one application installed in the mobile terminal is present in a blacklist registered on a server. The security diagnosis unit checks whether an abnormality has occurred in the corresponding application based on results of the comparison between the basic information of the mobile terminal with preset abnormality detection reference information and the control command.Type: ApplicationFiled: June 5, 2012Publication date: August 22, 2013Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTEInventors: Jung-Hee LEE, Sang-Wook LEE, Jong-Moon LEE, Byung-Chul BAE, Sang-Woo PARK, E-Joong YOON
-
Publication number: 20130160122Abstract: A system and method for detecting network intrusion by using a network processor are provided. The intrusion detection system includes: a first intrusion detector, configured to use a first network processor to perform intrusion detection on layer 3 and layer 4 of a protocol field among information included in a packet header of a packet transmitted to the intrusion detection system, and when no intrusion is detected, classify the packets according to stream and transmit the classified packets to a second intrusion detector; and a second intrusion detector, configured to use a second network processor to perform intrusion detection through deep packet inspection (DPI) for the packet payload of the packets transmitted from the first intrusion detector. Thereby, intrusion detection for high-speed packets can be performed in a network environment.Type: ApplicationFiled: April 22, 2012Publication date: June 20, 2013Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTEInventors: Young-Han CHOI, Deok-Jin KIM, Sung-Ryoul LEE, Man-Hee LEE, Byung-Chul BAE, Sang-Woo PARK, E-Joong YOON
-
Publication number: 20080294725Abstract: Provided are a method and system for supporting a simulated-exercise in a cyber space using a message. The system for supporting a simulated-exercise using a massage includes a simulated-exercise manager system for training trainees in a remote location connected through a network by transmitting a situation message for informing critical situations to the trainees and an automatic response message.Type: ApplicationFiled: December 13, 2007Publication date: November 27, 2008Inventors: Eun Young KIM, Byung-Chul BAE, Young-Tae YUN, Eung-Ki PARK