Patents by Inventor Kyoung Soon Kang
Kyoung Soon Kang has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20150146563Abstract: A method of sensing an excessive bandwidth usage includes acquiring an information set of a network bandwidth usage, applying a plurality of excessive bandwidth use sensing techniques to the acquired information set, determining an excessive bandwidth usage, and then limiting the determined excessive bandwidth usage. Accordingly, the network bandwidth may be uniformly secured and provided by limiting the bandwidth usage that uses the excessive network band.Type: ApplicationFiled: November 19, 2014Publication date: May 28, 2015Inventors: Young Min KIM, Kyoung Soon KANG, Hea Sook PARK, Byung Jun AHN, Boo Geum JUNG
-
Publication number: 20150074247Abstract: A method for setting up a computing environment, which includes: storing data for setting up computing environments necessary for the update of a plurality of client terminals that are connected through a network; receiving information about computing environments that are configured on the client terminals from the client terminals; upon receiving a request for the update from the client terminals, classifying the client terminals that share the same system image; and transferring the latest version of the data for setting up the computing environments which are higher than the client terminals of the client terminals; and updating the classified client terminals with the latest version of the data.Type: ApplicationFiled: April 4, 2014Publication date: March 12, 2015Applicant: Electronics and Telecommunications Research InstituteInventors: Kyoung-Soon KANG, Kyeong Ho LEE, Byungjun AHN, Ki Cheol JEON, Hea Sook PARK
-
Publication number: 20140355440Abstract: An apparatus for allocating a network bandwidth includes an information collection unit configured to collect flow information of a network; and a traffic check unit configured to check traffic of the collected flow information. Further, the apparatus includes a traffic respond unit configured to suppress the network bandwidth depending on a check result of the traffic; and a control unit configured to the information collection unit, the traffic check unit, and the traffic respond unit.Type: ApplicationFiled: July 31, 2013Publication date: December 4, 2014Applicant: Electronics and Telecommunications Research InstituteInventors: Kyoung-Soon KANG, Kyeong Ho LEE, Byungjun AHN, Ki Cheol JEON, Hea Sook PARK
-
Publication number: 20140189867Abstract: An OpenFlow switch in an OpenFlow environment includes an attack determination module to collect statistical information on packet processing with respect to incoming packets to be processed in the OpenFlow switch at a predetermined period interval to determine whether a DDoS attack occurs. The Openflow switch also includes an attack responding module to perceive a feature of the DDoS attack by using the incoming packets introduced into the OpenFlow switch after the determination of the occurrence of the DDoS attack and process the incoming packets in line with the perceived feature of the DDoS attack. Therefore, it is possible to determine and responds to DDos attacks in the OpenFlow switches.Type: ApplicationFiled: November 14, 2013Publication date: July 3, 2014Applicant: Electronics and Telecommunications Research InstituteInventors: Boo Geum JUNG, Young Min KIM, Kyoung-Soon KANG, Kyeong Ho LEE, Hea Sook PARK
-
Patent number: 8732832Abstract: Routing apparatus and method for detecting a server attack are disclosed. The routing apparatus includes: a reception unit configured to receive a packet transmitted in a network; a transmission unit configured to transmit the packet along a transmission path; a memory unit configured to store data and/or information required for an operation; and a controller configured to set the transmission path of the packet in the network and perform packet switching along the set transmission path, wherein the reception unit receives server state information from servers at every certain time, the memory unit stores the received server state information, and the controller calculates a change in the state of the servers based on the received server state information, and determines that a server is attacked when a change in the state of the server is greater than a certain threshold value.Type: GrantFiled: December 2, 2011Date of Patent: May 20, 2014Assignee: Electronics and Telecommunications Research InstituteInventors: Hak Suh Kim, Kyoung Soon Kang, Gang Uk Hwang, Hyeon Je Cho, Myung Woo Lee
-
Patent number: 8677488Abstract: Provided is a DDoS attack detection apparatus including an information collecting unit to collect DDoS detection information including rate information about traffic change, variation of a first type flow and a Packet Per Second (PPS) for a second type flow, in which the rate information about traffic change is obtained using packet count of packets input per a unit time, flow count of flows input per the unit time and the byte count of bytes input per the unit time; and a testing unit to calculate a probability of occurrence of the DDoS attack by use of a first probability determined by the rate information about traffic change, a second probability determined by the variation of the first type flow and a third probability determined by the PPS for the second type flow and detect occurrence of the DDoS attack based on the probability of occurrence of the DDoS attack.Type: GrantFiled: December 12, 2011Date of Patent: March 18, 2014Assignee: Electronics and Telecommunications Research InstituteInventors: Kyoung-Soon Kang, Hak-Suh Kim, Boo-Geum Jung, Ki-Cheol Jeon, Byung-Jun Ahn
-
Patent number: 8634717Abstract: A Distributed Denial of Service (DDoS) attack detection and defense apparatus and method are provided. The Distributed Denial of Service (DDoS) attack detection and defense apparatus includes: a flow information collection unit to collect, from one or more input packets with an IP address of an attack target system as a destination IP address, flow information including source IP addresses of the input packets and packet counts of one or more flows that are classified for each of the source IP addresses and each of different protocol types; an inspection unit to calculate packets per second (PPS) values of the flows based on the packet counts; and a response unit to determine a DDoS attack response method for each of the flows based on the PPS value and the protocol type of a corresponding flow and to process the corresponding flow using the determined DDoS attack response method.Type: GrantFiled: December 8, 2011Date of Patent: January 21, 2014Assignee: Electronics and Telecommunicatiions Research InstituteInventors: Kyoung-Soon Kang, Hak-Suh Kim, Byung-Jun Ahn
-
Patent number: 8599690Abstract: A method and an apparatus for fairly allocating resources to network users are provided. The method for fair resource allocation to network users allows the resource allocation apparatus to collect flow information between a user terminal and a service server and aggregates the flow information based on at least one of a user terminal address, a service server address, a user terminal, a service server address, and a service. The allocation resource of the user is controlled to the predetermined recommended bandwidth by using the ratio of the aggregated flow information.Type: GrantFiled: October 26, 2010Date of Patent: December 3, 2013Assignee: Electronics and Telecommunications Research InstituteInventors: Kyoung-Soon Kang, Hak Suh Kim, Hyunjoo Kang, Boo Geum Jung, Ki Cheol Jeon, Byungjun Ahn
-
Publication number: 20130298220Abstract: The present disclosure relates to a system and a method for managing filtering information of attack traffic, and more particularly, to a system and a method for managing filtering information of attack traffic that may block attack traffic in a front end from which the attack traffic is transmitted by transmitting traffic filtering information, to a first autonomous system of the front end from which the attack traffic is transmitted, through a border gateway protocol (BGP) and by applying, to a relevant router, the transmitted traffic filtering information in the corresponding first autonomous system, when an edge router of a second autonomous system (AS) positioned in a rear end sets the traffic filtering information by detecting the attack traffic.Type: ApplicationFiled: January 23, 2013Publication date: November 7, 2013Applicant: Electronics and Telecommunications Research InstituteInventors: Hyeonsik YOON, Kyoung-Soon KANG, Yoo Hwa KANG, Hyunjoo KANG, Hak Suh KIM, Byungjun AHN, Kyeong-Ho LEE, Ki Cheol JEON, Boo Geum JUNG, Hea Sook PARK, Soon Seok LEE
-
Publication number: 20130166733Abstract: Disclosed is a network bandwidth distribution device which includes an information collector which collects information associated with a connection environment; a controller which judges a state of a connection environment according to the collected information and collects information of each user to judge whether an occupied bandwidth of each user is exceeded; and a bandwidth allotter which limits an occupied bandwidth of each user based on the judged state of a connection environment and whether an occupied bandwidth of each user is exceeded.Type: ApplicationFiled: September 14, 2012Publication date: June 27, 2013Applicant: Electronics and Telecommunications Research InstituteInventors: Kyoung-Soon KANG, Hak Suh KIM, Ki Cheol JEON, Hyeonsik YOON, Boo Geum JUNG, Hea Sook PARK
-
Publication number: 20130167229Abstract: Disclosed is a traffic managing device which includes an information collector collecting primary information associated with a flow; a controller judging a traffic state, collecting secondary information associated with the traffic based on the judged traffic state and the primary information, and judging whether the flow is abnormal, based on the secondary information; and a traffic correspondence unit dropping the flow based on the judged traffic state and whether the flow is abnormal. The primary information includes internet protocol addresses of source and destination of the flow and the secondary information includes a flow number of each internet protocol address of a source.Type: ApplicationFiled: September 13, 2012Publication date: June 27, 2013Applicant: Electronics and Telecommunications Research InstituteInventors: Kyoung-Soon KANG, Hea Sook PARK, Kyeong Ho LEE, Byungjun AHN, Hyunjoo KANG, Yoo Hwa KANG
-
Publication number: 20120151593Abstract: Provided is a DDoS attack detection apparatus including an information collecting unit to collect DDoS detection information including rate information about traffic change, variation of a first type flow and a Packet Per Second (PPS) for a second type flow, in which the rate information about traffic change is obtained using packet count of packets input per a unit time, flow count of flows input per the unit time and the byte count of bytes input per the unit time; and a testing unit to calculate a probability of occurrence of the DDoS attack by use of a first probability determined by the rate information about traffic change, a second probability determined by the variation of the first type flow and a third probability determined by the PPS for the second type flow and detect occurrence of the DDoS attack based on the probability of occurrence of the DDoS attack.Type: ApplicationFiled: December 12, 2011Publication date: June 14, 2012Applicant: Electronics and Telecommunications Research InstituteInventors: Kyoung-Soon KANG, Hak-Suh Kim, Boo-Geum Jung, Ki-Cheol Jeon, Byung-jun Ahn
-
Publication number: 20120151583Abstract: A Distributed Denial of Service (DDoS) attack detection and defense apparatus and method are provided.Type: ApplicationFiled: December 8, 2011Publication date: June 14, 2012Applicant: ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUTEInventors: Kyoung-Soon KANG, Hak-Suh Kim, Byung-Jun Ahn
-
Publication number: 20120144487Abstract: Routing apparatus and method for detecting a server attack are disclosed. The routing apparatus includes: a reception unit configured to receive a packet transmitted in a network; a transmission unit configured to transmit the packet along a transmission path; a memory unit configured to store data and/or information required for an operation; and a controller configured to set the transmission path of the packet in the network and perform packet switching along the set transmission path, wherein the reception unit receives server state information from servers at every certain time, the memory unit stores the received server state information, and the controller calculates a change in the state of the servers based on the received server state information, and determines that a server is attacked when a change in the state of the server is greater than a certain threshold value.Type: ApplicationFiled: December 2, 2011Publication date: June 7, 2012Applicant: Electronics and Telecommunications Research InstituteInventors: Hak Suh KIM, Kyoung Soon KANG, Gang Uk HWANG, Hyeon Je CHO, Myung Woo LEE
-
Publication number: 20110134754Abstract: A method and an apparatus for fairly allocating resources to network users are provided. The method for fair resource allocation to network users allows the resource allocation apparatus to collect flow information between a user terminal and a service server and aggregates the flow information based on at least one of a user terminal address, a service server address, a user terminal, a service server address, and a service. The allocation resource of the user is controlled to the predetermined recommended bandwidth by using the ratio of the aggregated flow information.Type: ApplicationFiled: October 26, 2010Publication date: June 9, 2011Applicant: Electronics and Telecommunications Research InstituteInventors: Kyoung-Soon Kang, Hak Suh Kim, Hyunjoo Kang, Boo Geum Jung, Ki Cheol Jeon, Byungjun Ahn
-
Publication number: 20110138463Abstract: Disclosed are a method and system for distributed denial of service (DDoS) attack detection and traffic mitigation using flow statistics. The method for DDoS attack detection and traffic mitigation using flow statistics includes: collecting first statistics for each flow based on flow information generated by traffic flow of a network connection device; and grouping the first statistics for each flow on a per-flow basis and processing the same into second statistics containing at least one of the number of bytes, the number of packets, and the number of flows per unit time.Type: ApplicationFiled: November 15, 2010Publication date: June 9, 2011Applicant: Electronics and Telecommunications Research InstituteInventors: Hak Suh KIM, Kyoung-Soon KANG, Ki Cheol JEON, Bong Tae KIM, Byungjun AHN
-
Publication number: 20100156715Abstract: The present invention relates to a method for displaying accompanying vehicle position information and an apparatus thereof. The method for displaying the position information according to the present invention receives position information, displays the received position information with a unique identifier of a preset partner terminal, when the position information includes the unique identifier, and displays the received position information with an own identifier, when the position information does not include the unique identifier. According to the present invention, it is possible to display the accompanying vehicle position information with the own position information, without using a separate group management server.Type: ApplicationFiled: August 24, 2009Publication date: June 24, 2010Applicant: Electronics and Telecommunications Research InstituteInventors: Kyoung Soon KANG, Ki Cheol JEON, Wang Bong LEE, Boo Geum JUNG
-
Publication number: 20100158018Abstract: Provided is a method for forwarding path virtualization for a router, which prevents the processing speed of the router from decreasing due to a plurality of operating systems installed in an upper layer of a hypervisor when the router is virtualized.Type: ApplicationFiled: July 20, 2009Publication date: June 24, 2010Applicant: Electronics and TelecommunIcations Research InstututeInventors: Wang Bong Lee, Kyoung Soon Kang, Ki Cheol Jeon, Tae II Kim, Boo Geum Jung
-
Patent number: 7471700Abstract: Provided are a router and a method of controlling a maximum transmission unit (MTU) of an external network interface. The router controls the MTU by disassembling packet data segments of a predetermined size and assembling the data segments of the predetermined size into the original packet data structure when the external network interface physically included in a linecard processor has an MTU that is greater than that of an internal data communication channel of the router, so that the external network interface can transmit and receive data with another router without being affected by the MTU of the internal data communication channel in the operating system of the router.Type: GrantFiled: October 15, 2003Date of Patent: December 30, 2008Assignee: Electronics and Telecommunications Research InstituteInventors: Seong Moon, Boo Geum Jung, Kyoung Soon Kang, Wan Choi
-
Publication number: 20080137655Abstract: Provided is a method of resource management and call admission control in an access network in a hierarchical manner.Type: ApplicationFiled: October 30, 2007Publication date: June 12, 2008Inventors: Sun Me Kim, Kyoung-Soon Kang, Dong-Yong Kwak, Hae Sook Kim, Jong Rak Kim, Jeong-Jong Lee, Wang Bong Lee, Sang Kwon Shin