Patents by Inventor Ik Kyun Kim

Ik Kyun Kim has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20200007496
    Abstract: Disclosed herein are a server apparatus, a client apparatus, and a method for communication based on network address mutation. The method for communication based on network address mutation, performed by the server apparatus and the client apparatus, includes setting the external address of a network interface for receiving a packet from the client apparatus; setting the internal address of a hidden interface in order to forward the packet received through the network interface to the hidden interface; modifying the external address based on a preset network address mutation rule; and communicating with the client apparatus by forwarding the packet, received from the client apparatus based on the modified external address, to the hidden interface.
    Type: Application
    Filed: June 26, 2019
    Publication date: January 2, 2020
    Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE
    Inventors: Kyung-Min PARK, Samuel WOO, Dae-Sung MOON, Ki-Jong KOO, Ik-Kyun KIM, Joo-Young LEE
  • Patent number: 10523697
    Abstract: Disclosed is a method for detecting a cyberthreat through correlation analysis of security events, which includes extracting a false-positive data set by extracting, from source data, information about security events occurring during a predetermined time period based on a time at which erroneous detection occurred; extracting a true-positive data set by extracting, from the source data, information about security events occurring during the predetermined time period based on a time at which an intrusion threat was correctly detected; extracting a current data set by extracting information about security events occurring during the predetermined time period from data to be analyzed; generating event coincidence statistics by extracting a frequency of each security event in the respective data sets and by compiling statistics thereon; generating an event vector based on the event coincidence statistics; and performing intrusion threat detection through a vector space model based on the event vector.
    Type: Grant
    Filed: November 27, 2017
    Date of Patent: December 31, 2019
    Assignee: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE
    Inventors: Jong-Hoon Lee, Ik-Kyun Kim
  • Patent number: 10509796
    Abstract: An apparatus and method for visualizing data. The apparatus for visualizing data includes a behavior information collection unit for executing an application from which information is to be collected and collecting behavior information from a process of the executed application, a behavior feature extraction unit for extracting behavior features in an order in which the behavior information is called, a behavior sequence generation unit for generating a behavior sequence by arranging the behavior features in chronological order, and a behavior sequence visualization unit for visualizing the behavior sequence as a 3D sequence object.
    Type: Grant
    Filed: January 3, 2018
    Date of Patent: December 17, 2019
    Assignee: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE
    Inventors: Hyun-Joo Kim, Jong-Hyun Kim, Ik-Kyun Kim
  • Patent number: 10447715
    Abstract: Disclosed is an apparatus of detecting a distributed reflection denial of service attack, including: a monitoring unit obtaining flow information including an IP and a port number of a source, an IP and a port number of a destination of data, and the number and the sizes of packets; a memory unit storing a flow table in which the flow information of the data, the packet number and the packet size are input; and a control unit detecting the DRDoS attack by using at least one of the number and the size of packets of the first entry and the flow information of the first entry.
    Type: Grant
    Filed: August 30, 2016
    Date of Patent: October 15, 2019
    Assignee: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE
    Inventors: Jung Tae Kim, Koo Hong Kang, Ik Kyun Kim
  • Patent number: 10404782
    Abstract: Disclosed are an apparatus and method for reconstructing a transmitted file with high performance in real time, which select analysis target packets for reconstruction by first checking using hardware whether data file-related information is present in packets transmitted via large-capacity traffic over a broadband network, and which reconstruct a file in real time only from the selected analysis target packets. The file reconstruction apparatus for reconstructing a data file from packets on a network includes a packet monitoring unit for extracting packets on the network, a collected packet selection unit for determining whether, for the extracted packets, each packet is a reconstruction target based on flow information, and selecting a reconstruction target packet, and a file reconstruction unit for performing file reconstruction by extracting data from the reconstruction target packet and by storing the extracted data as data of a reconstructed file in a relevant flow.
    Type: Grant
    Filed: October 21, 2016
    Date of Patent: September 3, 2019
    Assignee: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE
    Inventors: Yang-Seo Choi, Jong-Hyun Kim, Joo-Young Lee, Sun-Oh Choi, Ik-Kyun Kim, Dae-Sung Moon
  • Patent number: 10264004
    Abstract: The method for tracking a cyber hacking is provided. The method of connection fingerprint generation and stepping-stone traceback based on NetFlow includes receiving a traceback request including IP packet attribute information of a victim and an attacker which corresponds to a target connection that is the last connection on a connection chain, generating a fingerprint for an associated connection based on the IP packet attribute information and requesting a NetFlow collector for relevant information, detecting a stepping-stone connection to the target connection which is generated at the time of generation of the fingerprint and instructing to check whether sorted candidate connections are present on the same connection chain as the target connection, and determining an order of the candidate connections based on an attacker host when the candidate connections are determined to be present on the same connection chain as the target connection.
    Type: Grant
    Filed: November 7, 2016
    Date of Patent: April 16, 2019
    Assignee: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE
    Inventors: Jung Tae Kim, Koo Hong Kang, Ik Kyun Kim
  • Publication number: 20190065776
    Abstract: In the present invention, by providing an apparatus for securing data comprising a memory for storing information for data processing, a processor configured to partition original data into a plurality of partial data and generate a plurality of divided data by randomly determining positions of each of the plurality of partial data within the original data, and a communication interface configured to transmit each of the plurality of divided data to each of a plurality of servers, respectively, if an attacker obtains a portion of the divided data, it prevents the entire original data from being restored, and the legitimate user can restore the original data accurately even if some divided data is corrupted, and provides an efficient data polymorphic dividing technique that can minimize the amount of calculation required to secure data.
    Type: Application
    Filed: August 27, 2018
    Publication date: February 28, 2019
    Applicant: Electronics and Telecommunications Research Institute
    Inventors: Nam-Su JHO, Taek-Young YOUN, Dae Sung MOON, Ik Kyun KIM, Seung Hun JIN
  • Publication number: 20190052663
    Abstract: Disclosed herein is an apparatus for enhancing network security, which includes an information collection unit for collecting information about states of hosts that form a network and information about connectivity in the network; an attack surface analysis unit for analyzing attack surfaces by creating an attack graph using the information about the states and the information about connectivity; a security-enhancing strategy establishment unit for establishing a security-enhancing strategy based on the attack graph; and a security-enhancing strategy implementation unit for delivering a measure based on the security-enhancing strategy to a corresponding host, thereby taking a security-enhancing measure.
    Type: Application
    Filed: May 21, 2018
    Publication date: February 14, 2019
    Applicant: Electronics and Telecommunications Research Institute
    Inventors: Jooyoung LEE, Dae-Sung MOON, Kyung-Min PARK, Samuel WOO, Ho HWANG, Ik-Kyun KIM, Seung-Hun JIN
  • Publication number: 20190044730
    Abstract: Disclosed herein are an apparatus and method for generating and operating a dynamic Controller Area Network (CAN) Identifier (ID). The apparatus includes a priority ID generation unit for generating a priority ID that is a base ID, a dynamic ID generation unit for generating a dynamic ID that is dynamically changed, and a communication unit for transmitting/receiving a data frame in which a dynamic CAN ID including the priority ID and the dynamic ID is combined with data.
    Type: Application
    Filed: May 31, 2018
    Publication date: February 7, 2019
    Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE
    Inventors: Samuel WOO, Dae-Sung MOON, Kyung-Min PARK, Jooyoung LEE, IK-KYUN KIM, Seung-Hun JIN, Ho HWANG
  • Publication number: 20190012459
    Abstract: A ransomware detection apparatus and an operation method thereof are provided. The ransomware detection apparatus may include a frequency converter receiving an OP code currently being executed in a CPU and converting a value of the OP code into a frequency domain to generate a first OP code frequency waveform, a memory storing a second OP code frequency waveform, which is a value obtained by converting the OP code corresponding to a ransomware encryption algorithm into a frequency domain, and a ransomware determiner comparing the first OP code frequency waveform with the second OP code frequency waveform to determine whether ransomware operates.
    Type: Application
    Filed: April 26, 2018
    Publication date: January 10, 2019
    Applicant: Electronics and Telecommunications Research Institute
    Inventors: Doo Ho CHOI, Ik Kyun KIM, Jonghyun KIM, Taesung KIM, Seung Hun JIN
  • Patent number: 10089460
    Abstract: A behavior-based malicious code detecting apparatus and method using multiple feature vectors is disclosed. A malicious code learning method may include collecting characteristic factor information when a training target process comprising a malicious code is executed, generating a feature vector for malicious code verification based on the collected characteristic factor information, learning the generated feature vector through a plurality of machine learning algorithms to generate a model of representing the malicious code and a model of representing a normal file, and storing the model of representing the malicious code and the model of representing the normal file generated through the learning.
    Type: Grant
    Filed: May 31, 2016
    Date of Patent: October 2, 2018
    Assignee: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE
    Inventors: Dae Sung Moon, Ik Kyun Kim, Yang Seo Choi
  • Publication number: 20180234436
    Abstract: Disclosed herein are a stepping-stone detection apparatus and method. The stepping-stone detection apparatus includes a target connection information reception unit for receiving information about a target connection from an intrusion detection system (IDS), a fingerprint generation unit for generating a target connection fingerprint based on the information about the target connection, and generating one or more candidate connection fingerprints using information about one or more candidate connections corresponding to one or more flow information collectors, and a stepping-stone detection unit for detecting a stepping stone by comparing the target connection fingerprint, in which a maximum allowable delay time is reflected, with the candidate connection fingerprints.
    Type: Application
    Filed: November 8, 2017
    Publication date: August 16, 2018
    Inventors: Jung-Tae KIM, Ik-Kyun KIM, Koo-Hong KANG
  • Publication number: 20180217860
    Abstract: Disclosed herein are an integrated network data collection apparatus and method. The integrated network data collection apparatus includes a packet collection unit for collecting packets corresponding to one or more virtual machines included in a cloud server, a flow-processing unit for generating flow information based on the collected packets, a session-processing unit for generating session information based on the generated flow information, and a storage unit for storing network data including at least one of the generated flow information and the generated session information.
    Type: Application
    Filed: January 4, 2018
    Publication date: August 2, 2018
    Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE
    Inventors: Jung-Tae KIM, Ik-Kyun KIM
  • Publication number: 20180210930
    Abstract: An apparatus and method for visualizing data. The apparatus for visualizing data includes a behavior information collection unit for executing an application from which information is to be collected and collecting behavior information from a process of the executed application, a behavior feature extraction unit for extracting behavior features in an order in which the behavior information is called, a behavior sequence generation unit for generating a behavior sequence by arranging the behavior features in chronological order, and a behavior sequence visualization unit for visualizing the behavior sequence as a 3D sequence object.
    Type: Application
    Filed: January 3, 2018
    Publication date: July 26, 2018
    Inventors: Hyun-Joo KIM, Jong-Hyun KIM, Ik-Kyun KIM
  • Publication number: 20180191761
    Abstract: Disclosed is a method for detecting a cyberthreat through correlation analysis of security events, which includes extracting a false-positive data set by extracting, from source data, information about security events occurring during a predetermined time period based on a time at which erroneous detection occurred; extracting a true-positive data set by extracting, from the source data, information about security events occurring during the predetermined time period based on a time at which an intrusion threat was correctly detected; extracting a current data set by extracting information about security events occurring during the predetermined time period from data to be analyzed; generating event coincidence statistics by extracting a frequency of each security event in the respective data sets and by compiling statistics thereon; generating an event vector based on the event coincidence statistics; and performing intrusion threat detection through a vector space model based on the event vector.
    Type: Application
    Filed: November 27, 2017
    Publication date: July 5, 2018
    Inventors: Jong-Hoon LEE, Ik-Kyun KIM
  • Patent number: 10007788
    Abstract: A computing device configured to execute an instruction set is provided. The computing device includes a system call hooker for hooking system calls that occur by the instruction set while the instruction set is executed, a category extractor for extracting a category to which each of the hooked system calls belongs with reference to category information associated with a correspondence relationship between a system call and a category, a sequence extractor for extracting one or more behavior sequences expressed in an N-gram manner from a full sequence of the hooked system calls with reference to the extracted category, and a model generator for generating a behavior pattern model of the system calls that occur when the instruction set is executed, based on a number of times that each of the extracted behavior sequences occurs.
    Type: Grant
    Filed: February 5, 2016
    Date of Patent: June 26, 2018
    Assignee: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE
    Inventors: Dae Sung Moon, Ik Kyun Kim, Han Sung Lee
  • Patent number: 10007789
    Abstract: The present invention relates to an apparatus and a method for detecting a malware code by generating and analyzing behavior pattern. A malware code detecting apparatus includes a behavior pattern generating unit which defines a characteristic parameter which distinguishes and specifies behaviors of a malware code and normally executable programs, converts an API calling event corresponding to the defined characteristic parameter and generates a behavior pattern in accordance with a similarity for behaviors of converted API call sequences to store the behavior pattern in a behavior pattern DB; and a malware code detecting unit which converts the API calling event corresponding to the defined characteristic parameter when the target process is executed into the API call sequence and determines whether the behavior pattern is a malware code in accordance with a similarity for behaviors of the converted API call sequence and the sequence stored in the behavior pattern DB.
    Type: Grant
    Filed: August 18, 2016
    Date of Patent: June 26, 2018
    Assignee: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE
    Inventors: Hyun Joo Kim, Jong Hyun Kim, Ik Kyun Kim
  • Publication number: 20180131717
    Abstract: Disclosed herein are an apparatus and method for detecting a Distributed Reflection Denial of Service (DRDoS) attack. The DRDoS attack detection apparatus includes a network flow data reception unit for receiving network flow data from network equipment, a session type determination unit for determining a session type of the received network flow data, a host type determination unit for determining a type of host corresponding to the network flow data based on the session type, an attack method determination unit for determining an attack method corresponding to the network flow data, a protocol identification unit for identifying a protocol of the network flow data, and an attack detection unit for detecting a DRDoS attack based on the session type, the host type, the attack method, and the protocol.
    Type: Application
    Filed: November 3, 2017
    Publication date: May 10, 2018
    Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE
    Inventors: Jung-Tae KIM, Ik-Kyun KIM
  • Publication number: 20170270299
    Abstract: The present invention relates to an apparatus and a method for detecting a malware code by generating and analyzing behavior pattern. A malware code detecting apparatus includes a behavior pattern generating unit which defines a characteristic parameter which distinguishes and specifies behaviors of a malware code and normally executable programs, converts an API calling event corresponding to the defined characteristic parameter and generates a behavior pattern in accordance with a similarity for behaviors of converted API call sequences to store the behavior pattern in a behavior pattern DB; and a malware code detecting unit which converts the API calling event corresponding to the defined characteristic parameter when the target process is executed into the API call sequence and determines whether the behavior pattern is a malware code in accordance with a similarity for behaviors of the converted API call sequence and the sequence stored in the behavior pattern DB.
    Type: Application
    Filed: August 18, 2016
    Publication date: September 21, 2017
    Inventors: Hyun Joo KIM, Jong Hyun KIM, Ik Kyun KIM
  • Publication number: 20170257386
    Abstract: Disclosed is an apparatus of detecting a distributed reflection denial of service attack, including: a monitoring unit obtaining flow information including an IP and a port number of a source, an IP and a port number of a destination of data, and the number and the sizes of packets; a memory unit storing a flow table in which the flow information of the data, the packet number and the packet size are input; and a control unit detecting the DRDoS attack by using at least one of the number and the size of packets of the first entry and the flow information of the first entry.
    Type: Application
    Filed: August 30, 2016
    Publication date: September 7, 2017
    Inventors: Jung Tae KIM, Koo Hong KANG, Ik Kyun KIM