Abstract: An apparatus and method for providing traffic control service are disclosed herein. The apparatus for providing traffic control service includes a multi-sensor fusion processing unit, an image object tracking and combination unit, and an information provision unit. The multi-sensor fusion processing unit generates the location information of a vessel by fusing radar information and automatic identification system (AIS) information together. The image object tracking and combination unit sets a detection area on a closed-circuit television (CCTV) image based on the information of the vessel, and detects the vessel by performing image processing within the set detection area. The information provision unit generates mapping display information based on the information of the vessel and the result of the detection achieved by performing the image processing, and displays the generated mapping display information within a CCTV screen, thereby providing traffic control service.

Abstract: Disclosed are a system and a method for controlling a vehicle at an intersection, and more particularly, disclosed is a technology that can efficiently control a start time of a vehicle that is waiting for a signal at an intersection. The system includes: a simultaneous starting group designating unit which designates vehicles of a simultaneous starting group, which are capable of starting simultaneously, among waiting vehicles when receiving an intersection entering state message from vehicles; a session key generating unit generating a session key for the simultaneous starting group; a message generating unit which generates a start request message for the simultaneous starting group; and a control unit which receives the intersection entering state message and transmits the session key and the start request message to the vehicles corresponding to the simultaneous starting group.

Abstract: The present invention relates to an apparatus and method that control a vessel deviating from an anchorage using wide-range sensor-based spherical trigonometry. In the method, vessels anchored in an anchorage are monitored. The anchorage is defined as a group, and the group of the anchored vessels is managed. Leaving of a vessel, needing to deviate from the anchorage, from the group is controlled. If a vessel recognized as a vessel identical to one that left the group requests anchoring after a predetermined period of time has elapsed, the anchoring-requesting vessel is controlled.

Abstract: The present invention relates to an insider threat detection device and method which collects and analyzes a variety of information generated by insiders working for an organization, such as behaviors, events, and states of the insider, and detects an abnormal insider who may become a potential threat. According to the present invention, the insider threat detection method and apparatus analyzes information related to insiders using the correlation analysis method, and previously detects an abnormal sign of an insider who may become a potential threat to an organization, which makes it possible to protect the organization from attacks on systems inside the organization or seizure of important information inside the organization.

Abstract: Disclosed is an apparatus for preventing illegal access of industrial control system and a method thereof in accordance with the present invention. The apparatus for preventing illegal access of industrial control system includes: a first interface communicating a packet by interoperating with a management network group that requests a control command; a second interface communicating a packet by interoperating with a control network group that receives a control command from the management network group and processes it; and a control device, which, when a packet flows therein from the management network group or the control network group, checks whether or not at least one filter rule is set and controls the packet flow between the management network group and the control network group using the filter where the rule is set.

Abstract: An apparatus for detecting an abnormality sign in a control system, the control system comprising control equipments, network equipments, security equipments or server equipments, the apparatus includes an information collection module configured to collect system information, network information, security event information or transaction information in interworking with a control equipments, network equipments, security equipments or server equipments. The apparatus includes storage module that stores the information collected by the information collection module. The apparatus includes an abnormality detection module configured to analyze a correlation between the collected information and a prescribed security policy to detect whether there is an abnormality sign in the control system.

Abstract: A method for detecting an abnormal traffic on a control system protocol, includes: checking whether session information exists in a management table; adding a new entry to the management table; checking whether a transaction ID in a table entry is the same as that of the received MODBUS request message; and checking whether data and length thereof of the received MODBUS request message are the same as those in the table entry. Further, the method includes detecting an abnormal traffic; and updating the table entry with packet information of the MODBUS request message.

Abstract: The present invention relates to an insider threat detection device and method which collects and analyzes a variety of information generated by insiders working for an organization, such as behaviors, events, and states of the insider, and detects an abnormal insider who may become a potential threat. According to the present invention, the insider threat detection method and apparatus analyzes information related to insiders using the correlation analysis method, and previously detects an abnormal sign of an insider who may become a potential threat to an organization, which makes it possible to protect the organization from attacks on systems inside the organization or seizure of important information inside the organization.

Abstract: Provided are a web-based traceback system and method using reverse caching proxy, which can effectively protect a web server against various attacks launched by illegitimate user by acquiring network information and location information of users who attempt to access the web server through an anonymous server, without a requirement of installing any agent program in the users' clients.

Abstract: There are provided a system and method for tracing back an attacker by using centroid decomposition technique, the system including: a log data input module collecting log data of an intrusion alarm from an intrusion detection system; a centroid node detection module generating a shortest path tree by applying a shortest path algorithm to network router connection information collected by a network administration server, detecting a centroid node by applying centroid decomposition technique removing a leaf-node to the shortest path tree, and generating a centroid tree whose node of each level is the detected centroid node; and a traceback processing module requesting log data of a router matched with the node of each level of the centroid tree, and tracing back a router identical to the log data of the collected intrusion alarm as a router connected to a source of an attacker by comparing the log data of the router with the log data of the collected intrusion alarm.

Abstract: An apparatus for detecting a malicious code includes: a malicious code visualization device for generating a graph for a malicious file by using strings in the malicious file, a connection among the strings and entropies for the strings and establishing a malicious code database with the generated graph for the malicious file. The apparatus further includes a malicious code determination device for generating a graph for a specific executable file and comparing the graph for the executable file with graphs for malicious files stored in the malicious code database to detect a malicious code in the executable file.

Abstract: There are provided an apparatus and method for sampling a security event based on contents of the security event, the apparatus including: a security event accumulation module collecting security events occurring in a network system and storing the security events for each type according to contents of the security event; a security event analysis module calculating distribution of the security events for each type by analyzing the stored security events; and a security event extraction module sampling the stored security events according to the calculated distribution of the security events for each type. The apparatus and method may improve speed of visualization of a security event and a security event analysis apparatus and may increase accuracy thereof.

Abstract: A message security processing system and method for Web services are provided. In the message security processing system in which messages are exchanged between a client and a server with a SOAP-RPC format, each of the client and the server includes: a security interface allowing information related to digital signature, encryption, and timestamp insertion to be set in a security context object for an application program to meet security requirements of the client or the server; a security handler receiving the security context object from the security interface, and performing security processing of a request message by calling security objects stored in a request queue of the security context object one by one in order or performing security processing of a response message by calling security objects stored in a response queue of the security context object one by one in order; and an XML security unit supporting an XML security functions by called by the security handler.

Abstract: There are provided a network security state visualization device and method, the device including: a security event collector collecting original security event information from network security apparatuses; a security event analyzer analyzing the original security event information collected by the security event collector and extracting characteristic data corresponding to a security event; and a three-dimensional visualization display unit visualizing a correlation between the characteristic data extracted by the security event analyzer as a three-dimensional screen to be displayed.

Abstract: An apparatus and method for visualizing a network condition related to a network security are provided. The apparatus includes a traffic feature extracting unit, a network condition displaying unit, and a traffic abnormal condition determining unit. The traffic feature extracting unit extracts information including source address, source port, destination address, and destination port from network traffics, selects two of the extracted information, and calculates unique dispersion degrees of two unselected information. The network condition displaying unit displays a two-dimensional cube expressed using the calculated unique dispersion degrees for the classified traffics. The traffic abnormal condition determining unit determines whether the traffics are in an abnormal condition or not based on the two-dimensional security cube.

Abstract: Provided are an apparatus and method for tracing web user using signed code. The apparatus for tracing web user includes at least one access terminal, a web server, and a monitoring server. The at least one access terminal requests a web page. The web server provides the web page including a signed code to the each access terminal according to the request. The monitoring server receives and analyzes access information which is extracted from the each access terminal according to execution of the signed code.

Abstract: An apparatus for detecting a network attack includes a traffic image generator for generating a traffic image using traffic information and additional IP information extracted from the traffic information; a network attack detector for comparing similarities between the traffic image and a previously generated traffic image based on a predetermined similarity threshold to detect the presence of the network attack; and a network attack analyzer for analyzing the traffic image at a time when the network attack is detected to detect network attack information and pattern information of the network attack. A representation unit for visualizing the network attack information and the pattern information of the network attack.

Abstract: There are provided an apparatus and method for sampling a security event based on contents of the security event, the apparatus including: a security event accumulation module collecting security events occurring in a network system and storing the security events for each type according to contents of the security event; a security event analysis module calculating distribution of the security events for each type by analyzing the stored security events; and a security event extraction module sampling the stored security events according to the calculated distribution of the security events for each type. The apparatus and method may improve speed of visualization of a security event and a security event analysis apparatus and may increase accuracy thereof.

Abstract: A network status display device using a traffic pattern map is provided.

Abstract: A network status display device using a traffic flow-radar is provided.