Abstract: Disclosed herein are an attack detection apparatus and method based on measurement of networking behavior abnormalities in symbolic spaces. The attack detection method based on measurement of networking behavior abnormalities in symbolic spaces includes creating profiles based on a transmission address of a flow received from a network, measuring a behavior abnormality of a device corresponding to the transmission address of the flow on the network, and mapping the measured behavior abnormality to behavior symbols in symbolic spaces, generating a behavior symbol sequence pattern, in which the behavior symbols are sequentially connected, for each profile, and detecting presence or non-presence of an attack and a device associated with the attack based on an output of the abnormal behavior prediction model that receives the behavior symbol sequence pattern as input.

Abstract: Disclosed herein is a method for detecting a network attack based on a fusion feature vector. The method includes extracting feature vectors corresponding to a preset unit time from network traffic, generating fusion feature vectors based on the extracted feature vectors, and performing training using the generated fusion feature vectors.

Abstract: Disclosed herein are a device identification apparatus and method based on network behavior. The device identification apparatus includes one or more processors, and execution memory for storing at least one program that is executed by the one or more processors, wherein the at least one program is configured to collect packet data of a device connected to a network through port mirroring and extract behavior features from the packet data, analyze the behavior features and then generate unique information based on a previously created detection model, and extract an identification number corresponding to the unique information from a database and then identify the device.

Abstract: Disclosed herein are a finite-field division operator, an elliptic curve cryptosystem having the finite-field division operator, and a method for operating the elliptic curve cryptosystem. The method for operating an elliptic curve cryptosystem may include, setting, by a key setting unit, a length of a key of a cryptographic algorithm, generating, by the key setting unit, first setup information that indicates a number of words corresponding to the key length, and generating, by the key setting unit, second setup information that indicates a number of repetitions of an operation by a finite-field division operator corresponding to the key length.

Abstract: Disclosed herein are a device identification apparatus and method based on network behavior. The device identification apparatus includes one or more processors, and execution memory for storing at least one program that is executed by the one or more processors, wherein the at least one program is configured to collect packet data of a device connected to a network through port mirroring and extract behavior features from the packet data, analyze the behavior features and then generate unique information based on a previously created detection model, and extract an identification number corresponding to the unique information from a database and then identify the device.

Abstract: Disclosed herein are a finite-field division operator, an elliptic curve cryptosystem having the finite-field division operator, and a method for operating the elliptic curve cryptosystem. The method for operating an elliptic curve cryptosystem may include, setting, by a key setting unit, a length of a key of a cryptographic algorithm, generating, by the key setting unit, first setup information that indicates a number of words corresponding to the key length, and generating, by the key setting unit, second setup information that indicates a number of repetitions of an operation by a finite-field division operator corresponding to the key length.

Abstract: A method of operating a vehicle communication security management system includes receiving a request for registration in a vehicle communication service from a vehicle, generating a security policy corresponding to the request for registration and a pseudonym corresponding to the vehicle, transmitting a request to generate a pseudonym certificate corresponding to the generated pseudonym to a certification center, receiving the pseudonym certificate from the certification center in response to the request to generate the pseudonym certificate, and transmitting vehicle communication service registration information, corresponding to the request for registration in the vehicle communication service, to the vehicle.

Abstract: A method for detecting anomalies in a controller area network of a vehicle and an apparatus for the same. The method for detecting anomalies in a Controller Area Network (CAN) of a vehicle includes monitoring the controller area network of the vehicle and generating sequence trees for respective multiple sub-networks included in the controller area network at a time at which monitoring is performed, comparing at least one normal sequence tree, generated in accordance with the controller area network when a status of the vehicle is normal, with the generated sequence trees, and calculating differences between traffic proportions for respective nodes based on a result of the comparison between the sequence trees, and detecting an anomaly in the vehicle in consideration of the differences.

Abstract: Disclosed herein are an intrusion response apparatus and method for a vehicle network. The intrusion response method for a vehicle network is performed by an intrusion response apparatus for the vehicle network, and includes receiving attack detection information about an intrusive attack on the vehicle network from an intrusion detection system, selecting at least one target electronic control unit that is to be instructed to respond to the intrusive attack from among multiple electronic control units, and sending a response instruction message to the at least one target electronic control unit so that the target electronic control unit responds to the intrusive attack.

Abstract: Disclosed herein is an onboard cybersecurity diagnostic system for a vehicle, which may include at least one In-Vehicle Network (IVN) security diagnostic sensor configured to detect and diagnose an Electronic Control Unit (ECU) attack command on a communication bus; at least one ECU configured to control an actuator based on sensor data collected from a sensor, autonomously diagnose the integrity of ECU electronic control software, and diagnose the integrity of ECU electronic control data by combining the sensor data with a security diagnostic packet received from the at least one IVN security diagnostic sensor; and a cyber dashboard configured to display a security problem in the event of the security problem in the integrity of the ECU electronic control software or the ECU electronic control data.

Abstract: Disclosed is a vehicle network access control method and infotainment apparatus thereof. According to one aspect of the present disclosure, a vehicle network access control method comprises: checking an access subject on the basis of at least one among an ID of the terminal device, an application ID, and a user ID of the infotainment apparatus; determining an access right on the basis of at least one among the access subject, state information of the terminal device, and vehicle state information; and controlling vehicle network access of the infotainment apparatus according to the determined access right, wherein the access right comprises at least one among access permission, access denial, and access permission within a preset time.

Abstract: A vessel location validation method and apparatus are provided. The vessel location validation method includes receiving a wireless signal from a vessel, acquiring location information of the vessel from the received wireless signal, and determining whether the acquired location information is valid based on the acquired location information and a signal strength of the received wireless signal.

Abstract: Disclosed herein are a health device, a gateway device, and a method for securing a protocol using the health device and the gateway device. The method includes performing, by the health device and the gateway device, authentication and key exchange based on security session information; sending, by any one of the health device and the gateway device, an application message protected based on the security session information; and receiving, by a remaining one of the health device and the gateway device, the protected application message.

Abstract: A vessel location validation method and apparatus are provided. The vessel location validation method includes receiving a wireless signal from a vessel, acquiring location information of the vessel from the received wireless signal, and determining whether the acquired location information is valid based on the acquired location information and a signal strength of the received wireless signal.

Abstract: An apparatus and method for collecting the radio frequency (RF) feature of a wireless device in a wireless communication apparatus are disclosed herein. The RF feature extraction unit adds a tag having a unique value to a received radio signal, and extracts RF feature information from the radio signal. The MAC information extraction unit extracts the source MAC address and tag information of a MAC protocol frame from the received radio signal, and then removes the added tag. The tag comparison unit selects an source MAC address and RF feature information, when the tags have the same value, from the RF feature information and tag information from the RF feature extraction unit and the source MAC address and tag information from the MAC information extraction unit. The RF feature storage unit stores the selected source MAC address and RF feature information.

Abstract: Provided is a healthcare device including a sensor unit configured to collect patient's biometric information or perform medical treatment on the patient; a communication unit configured to communicate with a healthcare gateway; a control unit configured to receive a control command from the healthcare gateway through the communication unit and control the sensor unit according to the received control command; and a device verification unit configured to receive a verification request from the healthcare gateway, verify an error of the control unit or the sensor unit in response to the received verification request, and transmit results of the verification to the healthcare gateway.

Abstract: An apparatus and a method for identifying a rogue device having a media access control (MAC) address counterfeited/forged when a wireless intrusion prevention system controls an access to an access point (AP) and a wireless terminal which are not applied are disclosed. The apparatus includes: a sensor unit configured to collect MAC addresses, RSSI values, and RF feature values based on RF signals of wireless terminals; an RF feature database configured to store the collected MAC addresses, RSSI values, and RF feature values; and a terminal identification unit configured to identify whether a MAC of any one of the wireless terminals is forged by comparing information of the RF feature database with the RSSI value and the RF feature value of any one of the wireless terminals according to a MAC verification request of any one of the wireless terminals from the sensor unit.

Abstract: Disclosed are a method for providing a security service for a wireless device and an apparatus thereof. The method includes obtaining a wireless fingerprint of a wireless device, determining a wireless device type corresponding to the obtained wireless fingerprint by referring to a first database, determining a security policy corresponding to the determined wireless device type by referring to a second database, and applying the determined security policy to a service for the wireless device, so that the wireless device is provided with a tight security service.

Abstract: A method for generating smart contents includes contents protected by a digital right management (DRM) technology; and metadata including information necessary to use the contents. Further, the method includes a smart code for protecting copyright of the contents and position information which the smart code is downloaded.

Abstract: An apparatus and method for collecting the radio frequency (RF) feature of a wireless device in a wireless communication apparatus are disclosed herein. The RF feature extraction unit adds a tag having a unique value to a received radio signal, and extracts RF feature information from the radio signal. The MAC information extraction unit extracts the source MAC address and tag information of a MAC protocol frame from the received radio signal, and then removes the added tag. The tag comparison unit selects an source MAC address and RF feature information, when the tags have the same value, from the RF feature information and tag information from the RF feature extraction unit and the source MAC address and tag information from the MAC information extraction unit. The RF feature storage unit stores the selected source MAC address and RF feature information.