Abstract: Disclosed is a method of obfuscating a Controller Area Network (CAN) message performed by a first computing device including a processor, the method including: obtaining a first index from a first input value corresponding to a first time point by using an index output algorithm; determining a first CAN ID of the first computing device corresponding to the first index based on a predetermined CAN ID table; and generating a first normal CAN message including the first CAN ID and first normal data.

Abstract: Provided are an intrusion prevention system and a method for detecting and responding to a vehicle intrusion by means of an SDN support switch installed in an in-vehicle network (IVN) and an SDN controller communicating with the SDN-enabled switch, the method in which the SDN controller receives a flow table from the SDN-enabled switch, enables an intrusion detection system (IDS) to perform intrusion detection, and updates the flow table on the basis of the intrusion detection execution result.

Abstract: [SUMMARY] A method of detecting a sequence-based intrusion by using a Database CAN (DBC) file, the method being performed by a computing device including a processor according to some exemplary embodiments of the present disclosure, includes: obtaining a first Controller Area Network (CAN) message generated from a CAN; determining the first CAN message as a first category among a plurality of categories based on a pre-stored DBC file; obtaining first predictive data from the first CAN message by using a pre-trained first neural network model, the pre-trained first neural network model corresponding to the first category and including a first hidden layer; and comparing the first predictive data and first actual data obtained based on the first CAN message to determine whether the first CAN message has an anomaly.

Abstract: Provided is a method for deciphering obfuscated text for cyber security and an apparatus for the same. The method according to some embodiments includes: converting text including a target character string into an image; recognizing a character string in the image using a text recognition model; and determining that the target character string is an obfuscated character string, based on a similarity between the target character string and the recognized character string being equal to or less than a first reference value.

Abstract: Disclosed is a method for preventing an attack on an IoT network. The method may further include: generating attack situation information of an attack on a network by inputting one or more packet data for the IoT network into an attack discrimination unit; generating, by an attack analysis unit, main feature information for the attack based on the attack situation information; and generating, by an attack prevention unit, attack prevention information based on the main feature information, in which the attack discrimination unit may be an artificial neural network model of a modified autoencoder structure including a softmax layer.

Abstract: The present disclosure an intrusion prevention (or response) system and method for detecting and preventing a vehicle intrusion by means of an SDN-enabled switch installed in an in-vehicle network (IVN) and an SDN controller communicating with the SDN-enabled switch, the method in which the SDN support switch transmits a packet-in message to the SDN controller, enables an intrusion detection system (IDS) to determine whether a particular packet is an intrusion packet, receives an action according to a result of the determination, and transmits a packet-out message to the SDN-enabled switch so as to control a flow of a particular packet.

Abstract: Disclosed is a method of detecting anomaly of an unmanned moving object by using a message ID sequence, and the method includes: collecting packet data generated in the unmanned moving object; pre-processing the collected packet data; and detecting an anomaly of the unmanned moving object based on a message ID pattern of the packet data by inputting the pre-processed packet data to a pre-trained neural network model.

Abstract: Disclosed is a method for training an anomaly detection model of an unmanned moving object utilizing a message ID sequence, which includes: collecting packet data generated from the unmanned moving object; pre-processing the collected packet data; generating converted data for a message ID sequence of the packet data by inputting the preprocessed packet data into a language model; generating similar data similar to the message ID sequence of the packet data by inputting the preprocessed packet data into a first neural network model; training and evaluating the first neural network model by inputting the converted data of the language model and the similar data of the first neural network model into a training model; and predicting and training a symptom of the unmanned moving object by inputting the preprocessed packet data and the similar data of the first neural network model into a second neural network model.

Abstract: A computer-implemented method for monitoring the security of a computing network which includes a plurality of hosts and a plurality of edges which link connected hosts. The method comprises capturing and storing first and second network state information at first and second times respectively. The method comprises comparing the first and second network state information to detect a change in the security of the network during the time window between the first and second times. The method further comprises storing security change data which is indicative of the change in the security of the network during the time window for a user to monitor the change in the security of the network.

Abstract: A computer-implemented method for monitoring the security of a computing network which includes a plurality of hosts and a plurality of edges which link connected hosts. The method comprises capturing and storing first and second network state information at first and second times respectively. The method comprises comparing the first and second network state information to detect a change in the security of the network during the time window between the first and second times. The method further comprises storing security change data which is indicative of the change in the security of the network during the time window for a user to monitor the change in the security of the network.

Abstract: An apparatus is provided. The apparatus includes a detector configured to detect a state of the apparatus, and a processor configured to determine a current change degree of an apparatus state between a current point of time and a previous point of time based on a first change value of the apparatus state at the current point of time and a second change value of the apparatus state at the previous point of time earlier than the current point of time, and determine whether change in the apparatus state is normal or abnormal based on a result of comparison between the determined current change degree and an accumulated change degree of the apparatus state accumulated for a predetermined time section before the current point of time.

Abstract: Disclosed is technology relating to a device and method for detecting bypass access and account theft. In the method for detecting bypass access from a client to a server according to the present invention: a server receives access data comprising data about hops on the route from the client to the server by using a route tracing agent; region data is extracted from the IP address(es) of the hop(s) comprised in the received access data; a judgment is made as to whether the extracted region data belongs to a pre-set access-permitted region; and the server detects whether the access from the client is bypass access, in accordance with the judgment results.

Abstract: Disclosed are an apparatus and method for detecting an anomaly of a network and a recording medium on which the method is recorded. The method for detecting an anomaly in a network measures self-similarity from at least one attribute information representing a traffic state of the network in a normal state in advance to set a critical value for the self-similarity, measures self-similarity in real time from the at least one attribute information in the network, and determines an anomaly of the network by comparing the measured real-time self-similarity value with the set critical value.

Abstract: Disclosed is technology relating to a device and method for detecting bypass access and account theft. In the method for detecting bypass access from a client to a server according to the present invention: a server receives access data comprising data about hops on the route from the client to the server by using a route tracing agent; region data is extracted from the IP address(es) of the hop(s) comprised in the received access data; a judgment is made as to whether the extracted region data belongs to a pre-set access-permitted region; and the server detects whether the access from the client is bypass access, in accordance with the judgment results.