Abstract: An apparatus for identifying a web page for an industrial control system includes an information collection unit and an industrial control system identification unit. The information collection unit receives IP targets, from which web pages are to be collected, from a user, and collects web pages and information from the IP targets. The industrial control system identification unit identifies web pages for one or more industrial control systems with respect to the IP targets based on the information collected by the information collection unit.

Abstract: A method and system for extracting an access control list having a predetermined format from packets collected for a predetermined period of time, without requiring TCP flag information. By an information collection unit, network packets and network traffic logs are collected. By the information collection unit, a network traffic log including Media Access Control (MAC), Internet Protocol (IP), and port information is extracted from each network packet. By an information analysis unit, an access control list is generated based on the network traffic log.

Abstract: A one-way gateway and a vehicle network system and method for protecting networks within a vehicle using the one-way gateway. The one-way gateway includes a communication control unit, a physical one-way communication unit, and a data transmission/reception unit. The communication control unit takes charge of communication with a device of the internal network or infortainment network of a vehicle. The physical one-way communication unit configures a communication section between the internal network and the infortainment network in a physically one-way form. The data transmission/reception unit transfers data, transmitted by the device of the internal network or infortainment network, to the physical one-way communication unit via the communication control unit, and transfers data, received via the physical one-way communication unit, to the device of the internal network or infortainment network.

Abstract: A physical unidirectional communication apparatus and method intended to utilize a structure that exploits an electrical signal by which data cannot be transmitted and to guarantee the reliability of data transmission via a transmission method that uses the structure.

Abstract: The present invention presents a network apparatus and a selective information monitoring method using the network apparatus, which allow a user to monitor only required information (the field information of packets) from all received packets. The network apparatus one or more physical interfaces connected to a monitoring target host and configured to receive network packets from the monitoring target host, and a switch fabric module including a configurable monitoring module configured to perform filtering so that selective information is extracted from the network packets collected through the one or more physical interfaces.

Abstract: An apparatus and a method for multilateral one-way communication are provided. The apparatus includes a one-way input module unit, detachably mounted to a plurality of slots formed in a rail, for receiving data from an external transmission host and for transmitting the received data to an internal network through one-way communication; a one-way output module unit, mounted detachably to the plurality of slots formed in the rail, for transferring data of interest to an internal network through one-way communication, and transmitting data of interest to an external reception host, and a two-way module unit, mounted detachably to the plurality of slots formed in the rail, for performing data communication between the transmission host and the reception host in a bidirectional mode.

Abstract: An out-of-vehicle device interface apparatus includes a request message reception unit, a response message request unit, and a response message transmission unit. The request message reception unit receives a request message from an out-of-vehicle device, generates electrical signals in electric lines, and transfers the request message. The response message request unit requests response messages for the request message from one or more devices constituting an in-vehicle network based on one or more of the electric lines in which electrical signals have been generated. The response message transmission unit receives the response messages from the one or more devices, and transfers the response messages to the out-of-vehicle device via unidirectional communication.

Abstract: A network security apparatus includes a management unit, a security policies monitoring unit, a security monitoring unit, a log security check unit, and a log transmission unit. The management unit receives network security apparatus setting information, security policies and log generation policies from the outside. The security policies monitoring unit checks whether the security policies comply with a set format. If the security policies comply with the set format, the security monitoring unit monitors whether a communication node communicates in compliance with the security policies. The log security check unit generates a monitoring log based on the log generation policies, and checks whether the monitoring log complies with a log setting format. If the monitoring log complies with the log setting format, the log transmission unit transmits the security log to the outside, thereby performing the outside network security.

Abstract: A one-way gateway and a vehicle network system and method for protecting networks within a vehicle using the one-way gateway. The one-way gateway includes a communication control unit, a physical one-way communication unit, and a data transmission/reception unit. The communication control unit takes charge of communication with a device of the internal network or infortainment network of a vehicle. The physical one-way communication unit configures a communication section between the internal network and the infortainment network in a physically one-way form. The data transmission/reception unit transfers data, transmitted by the device of the internal network or infortainment network, to the physical one-way communication unit via the communication control unit, and transfers data, received via the physical one-way communication unit, to the device of the internal network or infortainment network.

Abstract: The present invention relates to a system and method for unidirectional data transmission. Data is unidirectionally transmitted from a network having a higher security level to a network having a lower security level and a corresponding data verification result is received through a separate line. Hence, it is possible not only to physically block access to the network having a higher security level from the network having a lower security level but also to improve reliability of data delivery by appropriately handling packet loss and bit errors that may occur during data transmission.

Abstract: A whitelist-based network switch defines a whitelist and a handling rule based on an access control list, security policies, etc., and monitors and blocks network traffic based on the whitelist and the handling rule. The whitelist-based network switch includes a whitelist monitoring unit for storing a whitelist including permitted communication rules, monitoring one or more packets input through a plurality of switch interfaces based on the whitelist, and permitting communication of each packet conforming to the whitelist, and a whitelist management unit for updating the whitelist and transmitting an updated whitelist to the whitelist monitoring unit.

Abstract: An apparatus for protecting traffic trend in a network of a control system using artificial communication is provided. In accordance with an embodiment, the apparatus includes a communication terminal device installed in a network and configured to create and filter artificial communication. A communication server device determines whether to create artificial communication at a current time in the communication terminal device, requests a transmitting side-communication terminal device to create artificial communication, and requests a receiving side-communication terminal device to filter the artificial communication.

Abstract: A technology for preventing leakage of personal information from traffics of terminals by transmitting and receiving fake communication data artificially generated so that an attacker does not identify normal communication between terminals is provided. A method for transmitting fake communication data includes: making a response request to whether or not a fake communication application is presented in an opponent terminal using an address book registered in a terminal; receiving a response corresponding to the response request and selecting targets to and from which the fake communication data are to be transmitted and received in a terminal list corresponding to the received response; controlling a communication amount depending on the selected targets; and transmitting the fake communication data to a corresponding receiving terminal depending on a control result.

Abstract: An apparatus and method for preventing the leakage of vehicle information in a normal communication environment by inserting fake communication data into vehicle communication traffic on a vehicle network. In the method for preventing leakage of vehicle information, a vehicle information leakage prevention apparatus connected to an in-vehicle module analyzes a vehicle communication protocol between the module and another module. It is determined whether encryption has been applied to the vehicle communication protocol, based on results of analysis of the vehicle communication protocol. A method of generating fake communication data is selected depending on whether encryption has been applied to the vehicle communication protocol. A fake communication data is generated depending on the selected method, and the generated fake communication data is transferred to a vehicle information leakage prevention apparatus connected to the other module.

Abstract: A physical unidirectional communication apparatus and method intended to utilize a structure that exploits an electrical signal by which data cannot be transmitted and to guarantee the reliability of data transmission via a transmission method that uses the structure.

Abstract: An apparatus for identifying a web page for an industrial control system includes an information collection unit and an industrial control system identification unit. The information collection unit receives IP targets, from which web pages are to be collected, from a user, and collects web pages and information from the IP targets. The industrial control system identification unit identifies web pages for one or more industrial control systems with respect to the IP targets based on the information collected by the information collection unit.

Abstract: An out-of-vehicle device interface apparatus includes a request message reception unit, a response message request unit, and a response message transmission unit. The request message reception unit receives a request message from an out-of-vehicle device, generates electrical signals in electric lines, and transfers the request message. The response message request unit requests response messages for the request message from one or more devices constituting an in-vehicle network based on one or more of the electric lines in which electrical signals have been generated. The response message transmission unit receives the response messages from the one or more devices, and transfers the response messages to the out-of-vehicle device via unidirectional communication.

Abstract: A method and system for extracting an access control list having a predetermined format from packets collected for a predetermined period of time, without requiring TCP flag information. By an information collection unit, network packets and network traffic logs are collected. By the information collection unit, a network traffic log including Media Access Control (MAC), Internet Protocol (IP), and port information is extracted from each network packet. By an information analysis unit, an access control list is generated based on the network traffic log.

Abstract: An apparatus and a method for multilateral one-way communication are provided. The apparatus includes a one-way input module unit, detachably mounted to a plurality of slots formed in a rail, for receiving data from an external transmission host and for transmitting the received data to an internal network through one-way communication; a one-way output module unit, mounted detachably to the plurality of slots formed in the rail, for transferring data of interest to an internal network through one-way communication, and transmitting data of interest to an external reception host, and a two-way module unit, mounted detachably to the plurality of slots formed in the rail, for performing data communication between the transmission host and the reception host in a bidirectional mode.

Abstract: An apparatus and method for preventing the leakage of vehicle information in a normal communication environment by inserting fake communication data into vehicle communication traffic on a vehicle network. In the method for preventing leakage of vehicle information, a vehicle information leakage prevention apparatus connected to an in-vehicle module analyzes a vehicle communication protocol between the module and another module. It is determined whether encryption has been applied to the vehicle communication protocol, based on results of analysis of the vehicle communication protocol. A method of generating fake communication data is selected depending on whether encryption has been applied to the vehicle communication protocol. A fake communication data is generated depending on the selected method, and the generated fake communication data is transferred to a vehicle information leakage prevention apparatus connected to the other module.