Patents by Inventor Koo-Hong Kang

Koo-Hong Kang has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 10447715
    Abstract: Disclosed is an apparatus of detecting a distributed reflection denial of service attack, including: a monitoring unit obtaining flow information including an IP and a port number of a source, an IP and a port number of a destination of data, and the number and the sizes of packets; a memory unit storing a flow table in which the flow information of the data, the packet number and the packet size are input; and a control unit detecting the DRDoS attack by using at least one of the number and the size of packets of the first entry and the flow information of the first entry.
    Type: Grant
    Filed: August 30, 2016
    Date of Patent: October 15, 2019
    Assignee: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE
    Inventors: Jung Tae Kim, Koo Hong Kang, Ik Kyun Kim
  • Patent number: 10264004
    Abstract: The method for tracking a cyber hacking is provided. The method of connection fingerprint generation and stepping-stone traceback based on NetFlow includes receiving a traceback request including IP packet attribute information of a victim and an attacker which corresponds to a target connection that is the last connection on a connection chain, generating a fingerprint for an associated connection based on the IP packet attribute information and requesting a NetFlow collector for relevant information, detecting a stepping-stone connection to the target connection which is generated at the time of generation of the fingerprint and instructing to check whether sorted candidate connections are present on the same connection chain as the target connection, and determining an order of the candidate connections based on an attacker host when the candidate connections are determined to be present on the same connection chain as the target connection.
    Type: Grant
    Filed: November 7, 2016
    Date of Patent: April 16, 2019
    Assignee: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTE
    Inventors: Jung Tae Kim, Koo Hong Kang, Ik Kyun Kim
  • Publication number: 20180234436
    Abstract: Disclosed herein are a stepping-stone detection apparatus and method. The stepping-stone detection apparatus includes a target connection information reception unit for receiving information about a target connection from an intrusion detection system (IDS), a fingerprint generation unit for generating a target connection fingerprint based on the information about the target connection, and generating one or more candidate connection fingerprints using information about one or more candidate connections corresponding to one or more flow information collectors, and a stepping-stone detection unit for detecting a stepping stone by comparing the target connection fingerprint, in which a maximum allowable delay time is reflected, with the candidate connection fingerprints.
    Type: Application
    Filed: November 8, 2017
    Publication date: August 16, 2018
    Inventors: Jung-Tae KIM, Ik-Kyun KIM, Koo-Hong KANG
  • Publication number: 20170257386
    Abstract: Disclosed is an apparatus of detecting a distributed reflection denial of service attack, including: a monitoring unit obtaining flow information including an IP and a port number of a source, an IP and a port number of a destination of data, and the number and the sizes of packets; a memory unit storing a flow table in which the flow information of the data, the packet number and the packet size are input; and a control unit detecting the DRDoS attack by using at least one of the number and the size of packets of the first entry and the flow information of the first entry.
    Type: Application
    Filed: August 30, 2016
    Publication date: September 7, 2017
    Inventors: Jung Tae KIM, Koo Hong KANG, Ik Kyun KIM
  • Publication number: 20170134413
    Abstract: The method for tracking a cyber hacking is provided. The method of connection fingerprint generation and stepping-stone traceback based on NetFlow includes receiving a traceback request including IP packet attribute information of a victim and an attacker which corresponds to a target connection that is the last connection on a connection chain, generating a fingerprint for an associated connection based on the IP packet attribute information and requesting a NetFlow collector for relevant information, detecting a stepping-stone connection to the target connection which is generated at the time of generation of the fingerprint and instructing to check whether sorted candidate connections are present on the same connection chain as the target connection, and determining an order of the candidate connections based on an attacker host when the candidate connections are determined to be present on the same connection chain as the target connection.
    Type: Application
    Filed: November 7, 2016
    Publication date: May 11, 2017
    Inventors: Jung Tae KIM, Koo Hong KANG, Ik Kyun KIM
  • Patent number: 7401145
    Abstract: Disclosed is an in-line mode network intrusion detecting and preventing system coupled between a protection network and an external network, for detecting intrusion states between the networks and preventing the intrusion. The system comprises a first network processor unit for monitoring the packets communicated between the networks to collect various statistical data, and performing a packet filtering process according to a packet preventing rule and a packet sensing process according to a sensing rule; and a second network processor unit for checking payloads of the packets with reference to attack signatures to detect the attack states to one of the networks.
    Type: Grant
    Filed: February 5, 2004
    Date of Patent: July 15, 2008
    Assignee: Electronics and Telecommunications Research Institute
    Inventors: Koo-Hong Kang, Ik-Kyun Kim, Byoung-Koo Kim, Jong-Kook Lee, Ki-Young Kim, Jong-Soo Jang
  • Publication number: 20050076227
    Abstract: Disclosed is an in-line mode network intrusion detecting and preventing system coupled between a protection network and an external network, for detecting intrusion states between the networks and preventing the intrusion. The system comprises a first network processor unit for monitoring the packets communicated between the networks to collect various statistical data, and performing a packet filtering process according to a packet preventing rule and a packet sensing process according to a sensing rule; and a second network processor unit for checking payloads of the packets with reference to attack signatures to detect the attack states to one of the networks.
    Type: Application
    Filed: February 5, 2004
    Publication date: April 7, 2005
    Inventors: Koo-Hong Kang, Ik-Kyun Kim, Byoung-Koo Kim, Jong-Kook Lee, Ki-Young Kim, Jong-Soo Jang