Abstract: There are provided an apparatus and method for sampling a security event based on contents of the security event, the apparatus including: a security event accumulation module collecting security events occurring in a network system and storing the security events for each type according to contents of the security event; a security event analysis module calculating distribution of the security events for each type by analyzing the stored security events; and a security event extraction module sampling the stored security events according to the calculated distribution of the security events for each type. The apparatus and method may improve speed of visualization of a security event and a security event analysis apparatus and may increase accuracy thereof.

Abstract: A network status display device using a traffic pattern map is provided.

Abstract: Provided is a network system using diameter authentication, authorization and accounting (AAA) infrastructure to support the bootstrapping of a Mobile Internet Protocol version 6 (IPv6) mobile node. The network system includes a mobile node equipped with Mobile IPv6, an attendant which is accessed by the mobile node when the mobile node moves toward a new network, an AAA local server which supports AAA processes for the mobile node in a local network, an AAA home server which supports AAA processes for the mobile node in a home network, and supports initial settings during the bootstrapping of the mobile node, and a home agent which handles binding update (BU) and binding acknowledgement (BA) regarding the mobile node. The AAA home server can configure initial settings for the mobile node that is authenticated by the AAA local server so that the mobile node can be effectively bootstrapped.

Abstract: A real-time stateful packet inspection method and apparatus is provided, which uses a session table processing method that can efficiently generate state information. In the apparatus, a session table stores session data of a packet received from an external network. A hash key generator hashes a parameter extracted from the received packet and generates a hash pointer of the session table corresponding to the packet. A session detection module searches the session table for a session corresponding to the received packet. A session management module performs management of the session table such as addition, deletion, and change of sessions of the session table. A packet inspection module generates state information corresponding to the received packet from both directionality information of the packet and entry header information of the packet stored in the session table and then inspects the packet based on the generated state information.

Abstract: A system and method for image information processing are disclosed. The system for image information processing includes: at least one image pickup terminal for providing image data picked up through a camera; an image information processing server for processing data collected from at least one image pickup terminal into data of a new format; and an application server for receiving the processed data from the image information processing server and providing the same to at least one user terminal. The amount of transmission data can be reduced and the reliability of information security can be increased since it is possible to allocate unique IDS to a plurality of image pickup terminals and application servers and identify the image pickup terminals and application servers only by their unique IDs without containing any particular information upon data transmission.

Abstract: An apparatus and method for managing a session state are provided.

Abstract: An apparatus and a method for processing image information are provided. The apparatus for processing image information includes an image capturing device and an image information server for receiving and storing an image captured by the image capturing device and adds information on the image capturing device and signature information to image data obtained by the image capturing device. Accordingly, the device information and the signature information can be added to the image data obtained by the image capturing device to maintain security of the image data and use the image data as digital proof when a specific event is generated.

Abstract: An apparatus for filtering malicious multimedia data using sequential processing and a method thereof are provided. The apparatus includes: a maliciousness classification model training unit extracting a predetermined feature from at least one or more types of moving pictures and then, through machine training, generating a maliciousness determination model for each of at least one or more classes; a malicious data classification unit sequentially inputting input moving pictures for which maliciousness is required to be determined, to the maliciousness determination model, and determining the maliciousness class of the input moving pictures, based on a probability that data at a determination time of the input moving pictures belongs to a predetermined maliciousness class, and an accumulated maliciousness probability to a current time; and a malicious information filtering unit cutting off service if the maliciousness class belongs to a predetermined reference maliciousness class.

Abstract: A network status display device using a traffic flow-radar is provided.

Abstract: There is provided a system and method for providing an application service using image data. One image data processing server collects images (for example, still images and moving images) captured by various kinds of image capturing apparatuses, such as CCTV systems and processes the collected images into data required to provide application services. A plurality of application service servers only provide processed data of the image data processing server without requiring an additional process to a display device of a user. Accordingly, the configuration of each of the application service servers is simplified to thereby reduce manufacturing costs.

Abstract: There are provided a system and method for tracing back an attacker by using centroid decomposition technique, the system including: a log data input module collecting log data of an intrusion alarm from an intrusion detection system; a centroid node detection module generating a shortest path tree by applying a shortest path algorithm to network router connection information collected by a network administration server, detecting a centroid node by applying centroid decomposition technique removing a leaf-node to the shortest path tree, and generating a centroid tree whose node of each level is the detected centroid node; and a traceback processing module requesting log data of a router matched with the node of each level of the centroid tree, and tracing back a router identical to the log data of the collected intrusion alarm as a router connected to a source of an attacker by comparing the log data of the router with the log data of the collected intrusion alarm.

Abstract: A method and apparatus for generating discriminant functions for distinguishing obscene videos by using visual features of video data, and a method and apparatus for determining whether videos are obscene by using the generated discriminant functions, are provided.

Abstract: There are provided a network state display apparatus and method capable of easily determining a present network security state in real time by analyzing an abnormality and harmful traffic deteriorating performance of a network in software by using a result of combining essential characteristics of traffic, a distinct dispersion, and an entropy and displaying the network state to be intuitionally recognized, the method including selecting and combining three of a source address, a source port, a destination address, and a destination port of collected traffic and calculating a distinct dispersion and an entropy of a residual one therefrom; displaying the calculated distinct dispersion and entropy on a security radar where the distinct dispersion and the entropy are assigned to an angle and a radius; determining whether a network state is abnormal, based on a result displayed on the security radar; and detecting reporting detailed information on abnormal traffic causing the abnormal network state.

Abstract: A method and apparatus for extracting a windows executable file that can search for a pattern related to windows executable files among a large quantity of network packets using a hardware-based session tracking and pattern matching technology and that can extract all packets included in the corresponding session are provided. The method of extracting a windows executable file includes: collecting incoming packets having a payload according to a session of a reference packet having an MZ pattern; performing a portable executable (PE) pattern matching for the collected incoming packets; and forming a PE file based on at least one incoming packet satisfying the PE pattern matching.

Abstract: A method of storing a pattern matching policy and a method of controlling an alert message are provided.

Abstract: A method and a device for discriminating an obscene video using a time-based feature value are provided. The method includes: forming a first time-based flow of predetermined feature values varying with the lapse of time from one or more types of videos which are normalized with a first time interval; extracting a feature value varying with time from an input video of which obsceneness is to be determined and which is normalized with a second time interval, and forming a second time-based flow of the extracted feature value; and determining the obsceneness of the input video by calculating a loss value between the first time-based flow and the second time-based flow. The videos such as movies and dramas in which many persons appear have different obscenity characteristics from that of pornography, so it is possible to enhance reliability in determination of obsceneness.

Abstract: A method and apparatus for storing an intrusion rule are provided. The method stores a new intrusion rule in an intrusion detection system having already stored intrusion rules, and includes: generating combinations of divisions capable of dividing the new intrusion rule into a plurality of partial intrusion rules; calculating the frequency of hash value collisions between each of the generated division combinations and the already stored intrusion rules; dividing the new intrusion rule according to the division combination which has the lowest calculated frequency of hash value collisions; and storing the divided new intrusion rule in a corresponding position of the intrusion detection system. According to the method and apparatus, the size of the storage unit occupied by the intrusion rule can be reduced, and by performing pattern matching, the performance of the intrusion detection system can be enhanced.

Abstract: There are provided a network security state visualization device and method, the device including: a security event collector collecting original security event information from network security apparatuses; a security event analyzer analyzing the original security event information collected by the security event collector and extracting characteristic data corresponding to a security event; and a three-dimensional visualization display unit visualizing a correlation between the characteristic data extracted by the security event analyzer as a three-dimensional screen to be displayed.

Abstract: An apparatus and method for visualizing a network condition related to a network security are provided. The apparatus includes a traffic feature extracting unit, a network condition displaying unit, and a traffic abnormal condition determining unit. The traffic feature extracting unit extracts information including source address, source port, destination address, and destination port from network traffics, selects two of the extracted information, and calculates unique dispersion degrees of two unselected information. The network condition displaying unit displays a two-dimensional cube expressed using the calculated unique dispersion degrees for the classified traffics. The traffic abnormal condition determining unit determines whether the traffics are in an abnormal condition or not based on the two-dimensional security cube.

Abstract: An image protection apparatus includes an information collecting unit for collecting personally identifiable information to be embedded in images captured by an image capturing instrument; and an information processing unit for extracting personal information from the collected personally identifiable information. Further, the image protection apparatus includes an information embedding unit for embedding the extracted personal information into a captured image; and an image signaturing unit for writing a signature on the captured image by using the extracted personal information.