Patents by Inventor Ki Wook Sohn

Ki Wook Sohn has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20190134974
    Abstract: An ultraviolet curing apparatus includes a housing, a plurality of ultraviolet light emitting diodes (LEDs) arranged in a length direction of the housing, and at least one shutter part coupled to the housing to be movable in the length direction, to cover at least a portion of the plurality of ultraviolet LEDs to limit an irradiation region of ultraviolet light emitted by the plurality of ultraviolet LEDs.
    Type: Application
    Filed: May 17, 2018
    Publication date: May 9, 2019
    Inventors: Ho YU, Dong Wook KIM, Byeong Sang KIM, Kyung Bin PARK, Ki Ju SOHN, Ju Hyun LEE
  • Patent number: 9444828
    Abstract: A network intrusion detection apparatus and method that perform Perl Compatible Regular Expressions (PCRE)-based pattern matching on the payloads of packets using a network processor equipped with a Deterministic Finite Automata (DFA) engine. The network intrusion detection apparatus includes a network processor core for receiving packets from a network, and transmitting payloads of the received packets to a Deterministic Finite Automata (DFA) engine. A detection rule converter converts a PCRE-based detection rule, preset to detect an attack packet, into a detection rule including a pattern to which only PCRE grammar corresponding to the DFA engine is applied. The DFA engine performs PCRE pattern matching on the payloads of the packets based on the detection rule converted by the detection rule converter.
    Type: Grant
    Filed: September 11, 2013
    Date of Patent: September 13, 2016
    Assignee: ELECTRONICS AND TELECOMMUNICATIONS RESERACH INSTITUTE
    Inventors: Sung-Ryoul Lee, Young-Han Choi, Jung-Hee Lee, Byung-Chul Bae, Hyung-Geun Oh, Ki-Wook Sohn
  • Patent number: 9275224
    Abstract: An apparatus for improving detection performance of an intrusion detection system includes a transformed detected data generation unit for changing original detected data, detected based on current detection rules, to transformed detected data complying with transformed detected data standard. A transformed detected data classification unit classifies the transformed detected data by attack type, classifies transformed detected data for attack types by current detection rule, and classifies transformed detected data for detection rules into true positives/false positives. A transformed keyword tree generation unit generates a true positive transformed keyword tree and a false positive transformed keyword tree. A true positive path identification unit generates a true positive node, and identifies a true positive path connecting a base node to the true positive node in the true positive transformed keyword tree.
    Type: Grant
    Filed: July 23, 2014
    Date of Patent: March 1, 2016
    Assignee: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE
    Inventors: NamHoon Lee, Seokwon Lee, Soonjwa Hong, TaekKyu Lee, KyuCheol Jung, Geunyong Kim, Hyung Geun Oh, Ki Wook Sohn
  • Publication number: 20150113646
    Abstract: An apparatus for improving detection performance of an intrusion detection system includes a transformed detected data generation unit for changing original detected data, detected based on current detection rules, to transformed detected data complying with transformed detected data standard. A transformed detected data classification unit classifies the transformed detected data by attack type, classifies transformed detected data for attack types by current detection rule, and classifies transformed detected data for detection rules into true positives/false positives. A transformed keyword tree generation unit generates a true positive transformed keyword tree and a false positive transformed keyword tree. A true positive path identification unit generates a true positive node, and identifies a true positive path connecting a base node to the true positive node in the true positive transformed keyword tree.
    Type: Application
    Filed: July 23, 2014
    Publication date: April 23, 2015
    Inventors: NamHoon LEE, Seokwon LEE, Soonjwa HONG, TaekKyu LEE, KyuCheol JUNG, Geunyong KIM, Hyung Geun OH, Ki Wook SOHN
  • Patent number: 8955124
    Abstract: Provided are an apparatus, system and method for detecting malicious code inserted into a normal process in disguise. The apparatus includes a malicious code detection module for extracting information on a thread generated by a process running on a computer system to identify code related to the thread, preliminarily determining whether or not the identified code is malicious and extracting the code preliminarily determined to be malicious; and a forcible malicious code termination module for finally determining the code as malicious code based on an analysis result of behavior of the extracted code executed in a virtual environment and forcibly terminating execution of the code.
    Type: Grant
    Filed: January 5, 2011
    Date of Patent: February 10, 2015
    Assignee: Electronics and Telecommunications Research Institute
    Inventors: Yo Sik Kim, Sang Kyun Noh, Yoon Jung Chung, Dong Soo Kim, Won Ho Kim, Yu Jung Han, Young Tae Yun, Ki Wook Sohn, Cheol Won Lee
  • Patent number: 8839440
    Abstract: Provided are an apparatus and method for forecasting the security threat level of a network. The apparatus includes: a security data collection unit for collecting traffic data and intrusion detection data transmitted from an external network to a managed network; a malicious code data collection unit for collecting malicious code data transmitted from a security enterprise network; a time series data transformation unit for transforming the data collected by the security data collection unit into time series data; a network traffic analysis unit for analyzing traffic distribution of the managed network using the data collected by the security data collection unit; and a security forecast engine for forecasting security data of the managed network using the time series data obtained by the time data transformation unit, the data analyzed by the network traffic analysis unit, and the data collected by the malicious code data collection unit.
    Type: Grant
    Filed: April 15, 2008
    Date of Patent: September 16, 2014
    Assignee: Electronics and Telecommunications Research Institute
    Inventors: JooBeom Yun, Seung-Hyun Paek, InSung Park, Eun Young Lee, Ki Wook Sohn
  • Patent number: 8800037
    Abstract: A system for an engine for forecasting cyber threats and a method enabling the forecast of a low-level cyber threat and the forecast of a high-level cyber threat using the low-level cyber threat in a hierarchical structure of cyber threats are provided. The system includes a forecast information database which stores forecast information including cyber threat forecast items, a forecast schedule related to the items, forecast simulation information, forecast item hierarchical structure information, time series data on cyber threats, and sample data on cyber threats; a forecast engine core subsystem which forecasts the levels of threats for the cyber threat forecast items having a hierarchical structure using the forecast information stored in the forecast information database; and a forecast engine control interface which receives control commands for the forecast engine core subsystem from a user or external system, and delivers the received control commands to the forecast engine core subsystem.
    Type: Grant
    Filed: June 22, 2010
    Date of Patent: August 5, 2014
    Assignee: Electronics and Telecommunications Research Institute
    Inventors: Seung Hyun Paek, In Sung Park, Eun Young Lee, Joo Beom Yun, Ki Wook Sohn, Seok Jin Choi
  • Publication number: 20140123288
    Abstract: A network intrusion detection apparatus and method that perform Perl Compatible Regular Expressions (PCRE)-based pattern matching on the payloads of packets using a network processor equipped with a Deterministic Finite Automata (DFA) engine. The network intrusion detection apparatus includes a network processor core for receiving packets from a network, and transmitting payloads of the received packets to a Deterministic Finite Automata (DFA) engine. A detection rule converter converts a PCRE-based detection rule, preset to detect an attack packet, into a detection rule including a pattern to which only PCRE grammar corresponding to the DFA engine is applied. The DFA engine performs PCRE pattern matching on the payloads of the packets based on the detection rule converted by the detection rule converter.
    Type: Application
    Filed: September 11, 2013
    Publication date: May 1, 2014
    Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE
    Inventors: Sung-Ryoul LEE, Young-Han CHOI, Jung-Hee LEE, Byung-Chul BAE, Hyung-Geun OH, Ki-Wook SOHN
  • Publication number: 20140047543
    Abstract: An apparatus and method for detecting a Hyper Text Transfer Protocol (HTTP) botnet based on the densities of transactions. The apparatus includes a collection management unit, a web transaction classification unit, and a filtering unit. The collection management unit extracts metadata from HTTP request packets collected by a traffic collection sensor. The web transaction classification unit extracts web transactions by analyzing the metadata, and generates a gray list by arranging the extracted web transactions according to the frequency of access. The filtering unit detects an HTTP botnet by filtering the gray list based on a white list and a black list.
    Type: Application
    Filed: August 3, 2013
    Publication date: February 13, 2014
    Applicant: Electronics and Telecommunications Research Institute
    Inventors: Sung-Jin KIM, Jong-Moon LEE, Byung-Chul BAE, Hyung-Geun OH, Ki-Wook SOHN
  • Publication number: 20140020067
    Abstract: An apparatus and method for controlling traffic based on a Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) are provided. The traffic control apparatus includes a traffic monitoring unit, a CAPTCHA verification unit, a list management unit, and a traffic control unit. The traffic monitoring unit monitors a packet between an internal network and an external network. The CAPTCHA verification unit, if packet information is not present in an access control list, sends a CAPTCHA request message to a client computer, receives a CAPTCHA response message, and verifies the CAPTCHA response message. The list management unit, if the packet information is present in the access control list, detects an access control policy corresponding to the packet information in the access control list. The traffic control unit controls traffic based the verification of the CAPTCHA response message and the control policy.
    Type: Application
    Filed: September 9, 2012
    Publication date: January 16, 2014
    Applicant: Electronics and Telecommunications Research Institute
    Inventors: Deok-Jin KIM, Byoung-Jin HAN, Chul-Woo LEE, Man-Hee LEE, Byung-Chul BAE, Hyung-Geun OH, Ki-Wook SOHN
  • Publication number: 20140013389
    Abstract: A communication blocking control method includes receiving a communication blocking request from a terminal in an idle state in which it is difficult to find out whether information is leaked or not; registering a state of the terminal in a communication blocked list according to the communication blocking request; and blocking external communication of the terminal through a network.
    Type: Application
    Filed: September 14, 2012
    Publication date: January 9, 2014
    Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE
    Inventors: Byoung-Jin HAN, Deok-Jin KIM, Chul-Woo LEE, Man-Hee LEE, Byung-Chul BAE, Hyung-Geun OH, Ki-Wook SOHN
  • Patent number: 8590016
    Abstract: Provided are an apparatus and method for safely removing a malicious code from a file, or reporting the probable presence of a malicious code when it cannot be removed safely. The method includes: determining whether a file is a document or image file; opening and saving the document file as a new file by using an application associated with the document file to remove a malicious code from the document file, when it is determined that the file is the document file; and converting the image file into a different file format from a present file format and saving the converted image file to remove a malicious code from the image file, when it is determined that the file is the image file.
    Type: Grant
    Filed: April 21, 2008
    Date of Patent: November 19, 2013
    Assignee: Electronics and Telecommunications Research Institute
    Inventors: Won Ho Kim, Jung Hwan Moon, Ki Wook Sohn
  • Patent number: 8584101
    Abstract: Provided is an apparatus and method for automatically analyzing a program in order to detect window malicious codes that are programmed to perform malicious behaviors when a specific event occurs, when the specific event does not occur, when a specific program execution condition is satisfied, and when the specific program execution condition is not satisfied.
    Type: Grant
    Filed: November 14, 2008
    Date of Patent: November 12, 2013
    Assignee: Electronics and Telecommunications Research Institute
    Inventors: Jung Hwan Moon, Won Ho Kim, Ki Wook Sohn
  • Publication number: 20120096552
    Abstract: A system for an engine for forecasting cyber threats and a method enabling the forecast of a low-level cyber threat and the forecast of a high-level cyber threat using the low-level cyber threat in a hierarchical structure of cyber threats are provided. The system includes a forecast information database which stores forecast information including cyber threat forecast items, a forecast schedule related to the items, forecast simulation information, forecast item hierarchical structure information, time series data on cyber threats, and sample data on cyber threats; a forecast engine core subsystem which forecasts the levels of threats for the cyber threat forecast items having a hierarchical structure using the forecast information stored in the forecast information database; and a forecast engine control interface which receives control commands for the forecast engine core subsystem from a user or external system, and delivers the received control commands to the forecast engine core subsystem.
    Type: Application
    Filed: June 22, 2010
    Publication date: April 19, 2012
    Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE
    Inventors: Seung Hyun Paek, In Sung Park, Eun Young Lee, Joo Beom Yun, Ki Wook Sohn, Seok Jin Choi
  • Publication number: 20110271343
    Abstract: Provided are an apparatus, system and method for detecting malicious code inserted into a normal process in disguise. The apparatus includes a malicious code detection module for extracting information on a thread generated by a process running on a computer system to identify code related to the thread, preliminarily determining whether or not the identified code is malicious and extracting the code preliminarily determined to be malicious; and a forcible malicious code termination module for finally determining the code as malicious code based on an analysis result of behavior of the extracted code executed in a virtual environment and forcibly terminating execution of the code.
    Type: Application
    Filed: January 5, 2011
    Publication date: November 3, 2011
    Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE
    Inventors: Yo Sik Kim, Sang Kyun Noh, Yoon Jung Chung, Dong Soo Kim, Won Ho Kim, Yu Jung Han, Young Tae Yun, Ki Wook Sohn, Cheol Won Lee
  • Patent number: 7716329
    Abstract: An apparatus and method for detecting anomalous traffic are provided. More particularly, an apparatus and method for detecting anomalous traffic based on entropy of network traffic are provided. The apparatus of detecting anomalous traffic includes: an entropy extraction module for extracting entropy from network traffic; a visualization module for generating an entropy graph based on the entropy; a graph model experience module for updating a graph model for each network attack based on the entropy graph; and an anomalous traffic detection module for detecting anomalous traffic based on the entropy graph and the graph model for each network attack and outputting the detection results to a user. In the apparatus and method, anomalous traffic is detected based on network entropy rather than simple statistics based on the amount of traffic, so that a false alarm rate of the apparatus for detecting anomalous traffic can be reduced.
    Type: Grant
    Filed: April 15, 2008
    Date of Patent: May 11, 2010
    Assignee: Electronics and Telecommunications Research Institute
    Inventors: Eun Young Lee, Seung Hyun Paek, In Sung Park, Joo Beom Yun, Ki Wook Sohn
  • Publication number: 20090158260
    Abstract: Provided is an apparatus for automatically analyzing a program in order to detect window malicious codes that are programmed to perform malicious behaviors only when a specific event occurs or when a specific program execution condition is satisfied. The automatic program analyzing apparatus includes an automatic analysis engine for analyzing statements in a program and generating program execution information by forcefully executing each statement in the program; an execution information database for storing the program execution information generated by the automatic analysis engine; an execution flow analyzer for analyzing execution flow of the program based on the execution information stored in the execution information database; and an execution result provider for providing a user with an execution result based on the execution flow information analyzed by the execution flow analyzer.
    Type: Application
    Filed: November 14, 2008
    Publication date: June 18, 2009
    Inventors: Jung Hwan MOON, Won Ho KIM, Ki Wook SOHN
  • Publication number: 20090150419
    Abstract: Provided are an apparatus and method for safely removing a malicious code from a file, or reporting the probable presence of a malicious code when it cannot be removed safely. The method includes: determining whether a file is a document or image file; opening and saving the document file as a new file by using an application associated with the document file to remove a malicious code from the document file, when it is determined that the file is the document file; and converting the image file into a different file format from a present file format and saving the converted image file to remove a malicious code from the image file, when it is determined that the file is the image file.
    Type: Application
    Filed: April 21, 2008
    Publication date: June 11, 2009
    Inventors: Won Ho Kim, Jung Hwan Moon, Ki Wook Sohn
  • Publication number: 20090138590
    Abstract: An apparatus and method for detecting anomalous traffic are provided. More particularly, an apparatus and method for detecting anomalous traffic based on entropy of network traffic are provided. The apparatus of detecting anomalous traffic includes: an entropy extraction module for extracting entropy from network traffic; a visualization module for generating an entropy graph based on the entropy; a graph model experience module for updating a graph model for each network attack based on the entropy graph; and an anomalous traffic detection module for detecting anomalous traffic based on the entropy graph and the graph model for each network attack and outputting the detection results to a user. In the apparatus and method, anomalous traffic is detected based on network entropy rather than simple statistics based on the amount of traffic, so that a false alarm rate of the apparatus for detecting anomalous traffic can be reduced.
    Type: Application
    Filed: April 15, 2008
    Publication date: May 28, 2009
    Inventors: Eun Young LEE, Seung Hyun PAEK, In Sung PARK, Joo Beom YUN, Ki Wook SOHN
  • Publication number: 20090126023
    Abstract: Provided are an apparatus and method for forecasting the security threat level of a network. The apparatus includes: a security data collection unit for collecting traffic data and intrusion detection data transmitted from an external network to a managed network; a malicious code data collection unit for collecting malicious code data transmitted from a security enterprise network; a time series data transformation unit for transforming the data collected by the security data collection unit into time series data; a network traffic analysis unit for analyzing traffic distribution of the managed network using the data collected by the security data collection unit; and a security forecast engine for forecasting security data of the managed network using the time series data obtained by the time data transformation unit, the data analyzed by the network traffic analysis unit, and the data collected by the malicious code data collection unit.
    Type: Application
    Filed: April 15, 2008
    Publication date: May 14, 2009
    Inventors: JooBeom YUN, Seung-Hyun PAEK, InSung PARK, Eun Young LEE, Ki Wook SOHN