Patents by Inventor Kyoung-Hee Ko

Kyoung-Hee Ko has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 8259723
    Abstract: A statistical information generator for VoIP traffic analysis is provided, which comprises a packet collection module collecting packets from a network; and a statistical information generation module analyzing information of a call setup packet or a media packet among the packets collected by the packet collection module, and generating statistical information of the network; wherein if the packet collected by the packet collection module is the call setup packet, the statistical information generation module generates the statistical information of the network using at least one of transmitter identification information, receiver identification information, and call identification information among information of the call setup packet as a key value, while if the packet collected by the packet collection module is the media packet, the statistical information generation module generates the statistical information of the network using media session identification information among information of the media p
    Type: Grant
    Filed: December 23, 2009
    Date of Patent: September 4, 2012
    Assignee: Korea Internet & Security Agency
    Inventors: Chang-Yong Lee, Hwan-Kuk Kim, Kyoung-Hee Ko, Hyun-Cheol Jeong
  • Publication number: 20120060218
    Abstract: Provided is a system for blocking session initiation protocol (SIP)-based abnormal traffic. The system includes: a policy database (DB) in which allowed traffic is stored according to transmission priority; an abnormal traffic response module which receives traffic from a first network and transmits only portions of the received traffic, which match the allowed traffic stored in the policy DB, to a second network in order of transmission priority; and an abnormal traffic detection module which analyzes the traffic received from the first network and provides an activation signal to the abnormal traffic response module when detecting that the received traffic is abnormal traffic, wherein the abnormal traffic response module transmits the portions of the received traffic, which match the allowed traffic stored in the policy DB, to the second network such that the sum of the portions transmitted to the second network does not exceed a maximum allowed traffic limit.
    Type: Application
    Filed: November 10, 2010
    Publication date: March 8, 2012
    Inventors: JEONG-WOOK KIM, Hwan-Kuk Kim, Kyoung-Hee Ko, Chang-Yong Lee, Hyun-Cheol Jeong
  • Publication number: 20120036579
    Abstract: Provided is a system for detecting abnormal traffic on a network. The system includes: a receiving module which receives session initiation protocol (SIP) traffic information from a network; a decoding module which receives the SIP traffic information from the receiving module and decodes the received SIP traffic information; a traffic information database (DB) which receives the decoded SIP traffic information from the decoding module and stores the received SIP traffic information; an analysis traffic information DB which collects information from the traffic information DB for a predetermined period and stores the collected information as analysis traffic information; a reference traffic information DB which stores reference traffic information; and an attack detection module which compares the analysis traffic information with the reference traffic information and detects whether analysis traffic is attack traffic.
    Type: Application
    Filed: December 9, 2010
    Publication date: February 9, 2012
    Inventors: Chang-Yong LEE, Hwan-Kuk KIM, Kyoung-Hee KO, Jeong-Wook KIM, Hyun-Cheol JEONG
  • Publication number: 20110138462
    Abstract: Provided is a system for detecting a voice over Internet protocol (VoIP) toll fraud attack. The system includes: a database (DB) storing registration information of normal users; a packet reception module receiving a call set-up packet from a network; and a VoIP signaling message forgery/falsification detection module receiving the call set-up packet from the packet reception module and comparing sender address information or header information of the call set-up packet with the registration information stored in the DB to detect whether the call set-up packet is a packet received from one of the normal users.
    Type: Application
    Filed: December 23, 2009
    Publication date: June 9, 2011
    Inventors: Jeong-Wook Kim, Hwan-Kuk Kim, Hyun-Cheol Jeong, Yoo-Jae Won, Seok-Ung Yoon, Jong-II Jeong, Kyoung-Hee Ko
  • Publication number: 20110058481
    Abstract: A statistical information generator for VoIP traffic analysis is provided, which comprises a packet collection module collecting packets from a network; and a statistical information generation module analyzing information of a call setup packet or a media packet among the packets collected by the packet collection module, and generating statistical information of the network; wherein if the packet collected by the packet collection module is the call setup packet, the statistical information generation module generates the statistical information of the network using at least one of transmitter identification information, receiver identification information, and call identification information among information of the call setup packet as a key value, while if the packet collected by the packet collection module is the media packet, the statistical information generation module generates the statistical information of the network using media session identification information among information of the media p
    Type: Application
    Filed: December 23, 2009
    Publication date: March 10, 2011
    Inventors: CHANG-YONG LEE, Hwan-Kuk Kim, Kyoung-Hee Ko, Hyun-Cheol Jeong
  • Publication number: 20100154057
    Abstract: The present invention relates to a Session Initiation Protocol (SIP) intrusion detection and response architecture for protecting SIP-based services, and more specifically, to an SIP intrusion detection and response architecture for protecting SIP-based services, in which SIP-based attacks of a new type can be coped with by detecting the SIP-based attacks and SIP traffic anomalies and managing an SIP-aware security device without degrading quality of multimedia, and signal and media channels can be examined through an SIP-aware intrusion prevention system (IPS) for the purpose of preventing an attacker from hindering a call through manipulation of an SIP message and session-hijacking among legitimate users and attempting a toll fraud by detouring authentication.
    Type: Application
    Filed: January 14, 2009
    Publication date: June 17, 2010
    Applicant: Korea Information Security Agency
    Inventors: Kyoung Hee KO, Hwan-Kuk Kim, JeongWook Kim, Chang-Yong Lee, HyunCheol Jeong
  • Publication number: 20090122721
    Abstract: A hybrid network discovery method for detecting client applications. The method has the steps of: (a) applying test traffic packets to a network which is to be measured, and analyzing responses so as to check target nodes; (b) transmitting a protocol request packet to each of the checked target nodes; and (c) when the URL of the header of the protocol request packet coincides with a site for a specific application of the target node, extracting the URL and the IP address of the target node.
    Type: Application
    Filed: November 16, 2007
    Publication date: May 14, 2009
    Inventors: Kyoung-Hee Ko, Won-Tae Sim, Woo-Han Kim
  • Publication number: 20080092237
    Abstract: An integrative analysis system and method of network vulnerability utilizing multiple heterogeneous vulnerability scanners to enhance the accuracy of the network vulnerability analysis are provided. The method comprises a scanning policy setting-up step of setting-up a common scanning policy able to be adapted to the multiple heterogeneous vulnerability scanners and specifying the policy for the respective vulnerability scanners, a vulnerability scanning and result collecting step of performing for the multiple heterogeneous vulnerability scanners to scan, to collect a result thereof, and to store the same in a database and a scanning result integrative analysis step of performing a relevance analysis and an integrative analysis on the scanning results collected, thereby obtaining a complementary vulnerability scanning utilizing multiple heterogeneous vulnerability scanners, enhancing the accuracy and the comprehension of the scanning results, and obtaining a comprehensive vulnerability analysis on a network.
    Type: Application
    Filed: October 26, 2006
    Publication date: April 17, 2008
    Inventors: Jun YOON, Kyoung Hee Ko, Tae In Jung, Won Tae Sim, Woo Han Kim