Patents by Inventor Jong Soo Jang

Jong Soo Jang has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 7386733
    Abstract: An alert transmission apparatus for a policy-based intrusion detection and response has a central policy server (CPS) and an intrusion detection and response system (IDRS). In the CPS, a policy management tool generates security policy information and then stores the generated security policy information in a policy repository. A COPS-IDR server sends the information to the IDRS and an IDMEF-XML-type alert transmission message to a high-level module. An IDMEF-XML message parsing and translation module stores a parsed and translated IDMEF-XML-type alert transmission message in an alert DB or provides the message to an alert viewer. In the IDRS, a COPS-IDR client generates the IDMEF-XML-type alert transmission message and provides the message to the CPS. An intrusion detection module detects an intrusion. An intrusion response module responds to the intrusion. An IDMEF-XML message building module generates an IDMEF-XML alert message and provides the message to the COPS-IDR client.
    Type: Grant
    Filed: May 30, 2003
    Date of Patent: June 10, 2008
    Assignee: Electronics and Telecommunications Research Institute
    Inventors: Seung Yong Yoon, Gae II Ahn, Ki Young Kim, Jong Soo Jang
  • Publication number: 20080134334
    Abstract: There are provided a network attack detection apparatus and method capable of determining even unknown network attack, the apparatus connected between two networks or connected by port mirroring of an Ethernet switch to real-time monitor all packets flowing through the networks. The apparatus decodes a payload portion of an inputted network packet into a machine code instruction, determines whether an executable code is included in the decoded machine code by analyzing relationship between instructions, and determines whether the packet is harmful based on statistics with respect to a possibility that an executable code exists in a service and a certain transaction of the service when the executable code is included.
    Type: Application
    Filed: October 29, 2007
    Publication date: June 5, 2008
    Applicant: Electronics and Telecommunications Research Institute
    Inventors: Ik Kyun Kim, Yang Seo Choi, Dae Won Kim, Jin Tae Oh, Jong Soo Jang
  • Publication number: 20080083034
    Abstract: Provided is an attack classification method for computer network security. In the attack classification method, attacks are classified depending on vulnerability abused by an attack, attack propagation skills, and attack intentions. The classification results are arranged in the order of the vulnerability abused by an attack, the attack propagation skills, and the attack intentions. The arranged classification results are output. Accordingly, it is possible to easily detect an attack flow where an attack A propagates in the propagation skill C using the vulnerability B and the attack skill F is used for the attack target E to achieve the attack purpose D.
    Type: Application
    Filed: June 4, 2007
    Publication date: April 3, 2008
    Inventors: Dae Won KIM, Yang Seo CHOI, Ik Kyun KIM, Jin Tae OH, Jong Soo JANG
  • Patent number: 7327259
    Abstract: Provided are a method and an apparatus for managing online and offline documents using RFID technology. The method includes: pre-registering online and offline documents using radio frequency identification tag information stored in at least one of the online and offline documents to be output; determining whether the pre-registered online and offline documents are authorized to be output; and if it is determined that the pre-registered online and offline documents are authorized to be output, generating documents of the online and offline documents to be output and storing new radio frequency identification tag information in radio frequency identification tags attached to the documents to be output.
    Type: Grant
    Filed: March 29, 2005
    Date of Patent: February 5, 2008
    Assignee: Electronics and Telecommunications Research Institute
    Inventors: Ju Han Kim, Joo Young Lee, Ki Young Moon, Jong Soo Jang, Sung Won Sohn
  • Publication number: 20080028468
    Abstract: A method and apparatus for automatically generating a signature used in a security system are provided. The apparatus and method include a configuration for combining a plurality of substrings extracted from a packet and generating a substring set; a configuration for examining the attacking characteristic of a packet having a substring set and confirming whether or not the substring can be used as a signature for detecting an attacking packet; and a configuration for optimization so as to increase the distinction and storing efficiency of a signature.
    Type: Application
    Filed: July 9, 2007
    Publication date: January 31, 2008
    Inventors: Sungwon YI, Hwa Shin MOON, Jintae OH, Jong Soo JANG
  • Publication number: 20070297410
    Abstract: A real-time stateful packet inspection method and apparatus is provided, which uses a session table processing method that can efficiently generate state information. In the apparatus, a session table stores session data of a packet received from an external network. A hash key generator hashes a parameter extracted from the received packet and generates a hash pointer of the session table corresponding to the packet. A session detection module searches the session table for a session corresponding to the received packet. A session management module performs management of the session table such as addition, deletion, and change of sessions of the session table. A packet inspection module generates state information corresponding to the received packet from both directionality information of the packet and entry header information of the packet stored in the session table and then inspects the packet based on the generated state information.
    Type: Application
    Filed: December 4, 2006
    Publication date: December 27, 2007
    Inventors: Seung Yong Yoon, Jin Tae Oh, Jong Soo Jang
  • Publication number: 20070233735
    Abstract: An apparatus for filtering malicious multimedia data using sequential processing and a method thereof are provided. The apparatus includes: a maliciousness classification model training unit extracting a predetermined feature from at least one or more types of moving pictures and then, through machine training, generating a maliciousness determination model for each of at least one or more classes; a malicious data classification unit sequentially inputting input moving pictures for which maliciousness is required to be determined, to the maliciousness determination model, and determining the maliciousness class of the input moving pictures, based on a probability that data at a determination time of the input moving pictures belongs to a predetermined maliciousness class, and an accumulated maliciousness probability to a current time; and a malicious information filtering unit cutting off service if the maliciousness class belongs to a predetermined reference maliciousness class.
    Type: Application
    Filed: December 5, 2006
    Publication date: October 4, 2007
    Inventors: Seung Wan Han, Chi Yoon Jeong, SuGil Choi, Taek Yong Nam, Jong Soo Jang
  • Publication number: 20070177728
    Abstract: Disclosed is an Academy, Research Institute, and Agency (ARIA) encryption/decryption apparatus for encrypting and decrypting input data by repeating a plurality of rounds.
    Type: Application
    Filed: December 6, 2006
    Publication date: August 2, 2007
    Inventors: Sang Woo Lee, Yong Sung Jeon, Ki Young Kim, Jong Soo Jang
  • Publication number: 20070177550
    Abstract: Provided are a method for providing virtual private network (VPN) services to a mobile node (MN) in an IPv6 network and a gateway using the same. The method includes: performing IKE (Internet key exchange) negotiation with an MN (mobile node) which has performed handover, acquiring SA (security association) and then authenticating a terminal of the MN; receiving a BU (binding update) message from the MN and verifying the BU message, storing new position information of the MN, transmitting a BA (binding acknowledgement) message and performing mobility processing; if the mobility processing is completed, performing IPsec processing on packets which the MN transmits to a CN (correspondent node), and transmitting the packets; and re-configuring and transmitting packets so that packets which the CN transmits to a home address of the MN can be transmitted to a CoA (Care-of-Address) of the MN.
    Type: Application
    Filed: December 6, 2006
    Publication date: August 2, 2007
    Inventors: Hyeok Chan Kwon, Jae Hoon Nah, Jong Soo Jang
  • Publication number: 20070118528
    Abstract: An apparatus and a method for blocking access to a phishing web page are provided. The apparatus includes a media collection unit collecting media having a function of connecting to a web page, a management unit managing phishing information comprising at least one of location information on phishing web pages, location information on web pages targeted for phishing, and features of the phishing web pages, a phishing determination unit determining whether a collected medium is connected to a phishing web page and a phishing blocking unit blocking a link connecting to the phishing web page by editing the medium determined to connect to the phishing web page by the phishing determination unit. According to the present invention, damage caused by phishing can be prevented, even when a web page or an e-mail provided by a web site or an e-mail server includes a link connecting to a phishing web page.
    Type: Application
    Filed: August 21, 2006
    Publication date: May 24, 2007
    Inventors: Su Gil Choi, Seung Wan Han, Chi Yoon Jeong, Taek Yong Nam, Jong Soo Jang
  • Publication number: 20070101353
    Abstract: An apparatus and method for blocking harmful multimedia contents in a personal computer using intelligent screen monitoring are provided. The apparatus includes a screen capture determination unit determining a screen capture time based on the status of a personal computer; an active screen capture unit capturing a screen displaying an active program at the screen capture time; an image harmfulness determination unit determining the harmfulness of the captured screen; and a harmful program blocking unit blocking the program displayed on the captured screen, if the screen is determined to be harmful. The method and apparatus can be used to block access to harmful multimedia contents in real time using a screen capture method in which a screen of the personal computer is captured intelligently, harmfulness of the captured screen is determined, and a corresponding program using the captured screen is blocked.
    Type: Application
    Filed: May 31, 2006
    Publication date: May 3, 2007
    Inventors: Chi Yoon Jeong, Seung Wan Han, Su Gil Choi, Taek Yong Nam, Jong Soo Jang
  • Publication number: 20070101354
    Abstract: A method and a device for discriminating an obscene video using a time-based feature value are provided. The method includes: forming a first time-based flow of predetermined feature values varying with the lapse of time from one or more types of videos which are normalized with a first time interval; extracting a feature value varying with time from an input video of which obsceneness is to be determined and which is normalized with a second time interval, and forming a second time-based flow of the extracted feature value; and determining the obsceneness of the input video by calculating a loss value between the first time-based flow and the second time-based flow. The videos such as movies and dramas in which many persons appear have different obscenity characteristics from that of pornography, so it is possible to enhance reliability in determination of obsceneness.
    Type: Application
    Filed: May 31, 2006
    Publication date: May 3, 2007
    Inventors: Seung Lee, Ho Lee, Taek Nam, Jong Soo Jang
  • Patent number: 7158024
    Abstract: A packet intrusion detection rule simplification apparatus and method and an intrusion detection apparatus and method are provided. Test conditions of at least one intrusion detection rules are rearranged based on test items, and the same test conditions for the same test items are grouped. Group rules having a connection structure of the test conditions are generated so that the test items and orders of the intrusion detection rules are satisfied. A common rule consisting of test conditions existing at the test start positions in the connection structure of the group rules is generated. Next, packet intrusion detection is performed by using the common rule, and the packet intrusion detection is performed by using the group rules. According, it is possible to reduce a load involved in the intrusion detection process by using the grouped and simplified intrusion detection rules.
    Type: Grant
    Filed: December 3, 2004
    Date of Patent: January 2, 2007
    Assignee: Electronics and Telecommunications Research Institute
    Inventors: Bo Heung Chung, Seungho Ryu, Jeong Nyeo Kim, Jong Soo Jang
  • Publication number: 20060041667
    Abstract: An apparatus for protecting legitimate traffic from DoS and DDoS attacks has a high-priority (505) and a low-priority (506) queue. Besides, a queue information table (402) has STT (Source-based Traffic Trunk) service queue information of a specific packet. A queue coordinator (502) updates the queue information table (502) based on a load of a provided STT and a load of the high-priority queue (505). A packet classifier (504) receives a packet from the network access unit (508), investigates an STT service queue of the packet from the queue information table (502), selectively transfers the packet to the high-priority (505) or the low-priority (506) queue and provides information on the packet to the queue coordinator (503). A buffer (507) buffers outputs of the high-priority (505) and the low-priority (506) queue and provides outputs to the network (509) to be protected.
    Type: Application
    Filed: March 28, 2003
    Publication date: February 23, 2006
    Inventors: Gaeil Ahn, Ki-Young Kim, Jong Soo Jang
  • Publication number: 20050125551
    Abstract: The high-speed pattern storing and matching method includes dividing pattern data having a defined rule into parts having a defined length, tabulating and storing input position sequence information of the divided parts of the pattern data and information about the pattern data subsequent to the corresponding divided part of the pattern data, dividing input pattern data into parts having a defined length, independently searching the divided parts of the input pattern data, and determining whether the pattern data input according to each input position sequence are matched to the pattern data having the defined rules, thereby enabling high-speed pattern matching in real time and storing repeating words in one address of memories to enhance the memory efficiency.
    Type: Application
    Filed: December 31, 2003
    Publication date: June 9, 2005
    Inventors: Jin-Tae Oh, Young-Joon Heo, Jong-Soo Jang
  • Publication number: 20050076227
    Abstract: Disclosed is an in-line mode network intrusion detecting and preventing system coupled between a protection network and an external network, for detecting intrusion states between the networks and preventing the intrusion. The system comprises a first network processor unit for monitoring the packets communicated between the networks to collect various statistical data, and performing a packet filtering process according to a packet preventing rule and a packet sensing process according to a sensing rule; and a second network processor unit for checking payloads of the packets with reference to attack signatures to detect the attack states to one of the networks.
    Type: Application
    Filed: February 5, 2004
    Publication date: April 7, 2005
    Inventors: Koo-Hong Kang, Ik-Kyun Kim, Byoung-Koo Kim, Jong-Kook Lee, Ki-Young Kim, Jong-Soo Jang
  • Publication number: 20040255162
    Abstract: A security gateway system for detecting an intrusion has an intrusion pattern table, a hardware intrusion detecting unit, and a kernel intrusion detecting unit. The intrusion pattern table includes a header pattern table having header pattern information and a data pattern table having data pattern information. The hardware intrusion detecting unit collects a packet and checks whether a header section of the packet is matched with the header pattern information. The kernel intrusion detecting unit checks whether a data section of the packet is matched with the data pattern information in order to determine whether the intrusion is detected or not.
    Type: Application
    Filed: December 18, 2003
    Publication date: December 16, 2004
    Inventors: Byoung Koo Kim, Ik-Kyun Kim, Jong Kook Lee, Ki Young Kim, Jong Soo Jang
  • Publication number: 20040088583
    Abstract: An alert transmission apparatus for a policy-based intrusion detection and response has a central policy server (CPS) and an intrusion detection and response system (IDRS). In the CPS, a policy management tool generates security policy information and then stores the generated security policy information in a policy repository. A COPS-IDR server sends the information to the IDRS and an IDMEF-XML-type alert transmission message to a high-level module. An IDMEF-XML message parsing and translation module stores a parsed and translated IDMEF-XML-type alert transmission message in an alert DB or provides the message to an alert viewer. In the IDRS, a COPS-IDR client generates the IDMEF-XML-type alert transmission message and provides the message to the CPS. An intrusion detection module detects an intrusion. An intrusion response module responds to the intrusion. An IDMEF-XML message building module generates an IDMEF-XML alert message and provides the message to the COPS-IDR client.
    Type: Application
    Filed: May 30, 2003
    Publication date: May 6, 2004
    Inventors: Seung Yong Yoon, Gae Il Ahn, Ki Young Kim, Jong Soo Jang
  • Publication number: 20030135759
    Abstract: A network security policy is represented, stored and edited by using a rule object, a condition object, an action object, and their associations. The condition object is a one-packet-condition object, a repeated-packet-condition object or a linear-packet-condition object. The action object is an alert-action object, a packet-drop-action object, a packet-admission-action object, a session-drop-action object, a session-admission-action object, a session-logging-action object, a traceback-action object or an ICMP-unreachable-message-sending-action object.
    Type: Application
    Filed: September 5, 2002
    Publication date: July 17, 2003
    Inventors: Sook Yeon Kim, Geon Lyang Kim, Myung Eun Kim, Ki Young Kim, Jong Soo Jang, Sung Won Sohn, Hyochan Bang