Abstract: Provided are an apparatus and method for forecasting the security threat level of a network. The apparatus includes: a security data collection unit for collecting traffic data and intrusion detection data transmitted from an external network to a managed network; a malicious code data collection unit for collecting malicious code data transmitted from a security enterprise network; a time series data transformation unit for transforming the data collected by the security data collection unit into time series data; a network traffic analysis unit for analyzing traffic distribution of the managed network using the data collected by the security data collection unit; and a security forecast engine for forecasting security data of the managed network using the time series data obtained by the time data transformation unit, the data analyzed by the network traffic analysis unit, and the data collected by the malicious code data collection unit.

Abstract: A system for an engine for forecasting cyber threats and a method enabling the forecast of a low-level cyber threat and the forecast of a high-level cyber threat using the low-level cyber threat in a hierarchical structure of cyber threats are provided. The system includes a forecast information database which stores forecast information including cyber threat forecast items, a forecast schedule related to the items, forecast simulation information, forecast item hierarchical structure information, time series data on cyber threats, and sample data on cyber threats; a forecast engine core subsystem which forecasts the levels of threats for the cyber threat forecast items having a hierarchical structure using the forecast information stored in the forecast information database; and a forecast engine control interface which receives control commands for the forecast engine core subsystem from a user or external system, and delivers the received control commands to the forecast engine core subsystem.

Abstract: Provided are a system and method for predicting a cyber threat. The system and method collect various variables and synthetically predict the frequency, dangerousness, possibility, and time of the occurrence of a cyber threat including hacking, a worm/virus, a Denial of Service (DoS) attack, illegal system access, a malicious code, a social engineering attack, system/data falsification, cyber terror/war, weakness exploitation, etc., using a time-series analysis method and a Delphi method, and inform a user in advance of the prediction result, thereby enabling the user to prepare against the cyber threat.

Abstract: Provided are a pattern analyzing/detecting method and a system using the same that are capable of detecting and effectively preventing an unknown malicious code attack. To detect such an attack, the method monitors the system to combine all behaviors exhibited within the system due to corresponding malicious codes, reprocess and learn the behaviors, analyze existing malicious behavior feature values (prediction patterns), and compare them with a behavior pattern exhibited by an execution code.

Abstract: A system for an engine for forecasting cyber threats and a method enabling the forecast of a low-level cyber threat and the forecast of a high-level cyber threat using the low-level cyber threat in a hierarchical structure of cyber threats are provided. The system includes a forecast information database which stores forecast information including cyber threat forecast items, a forecast schedule related to the items, forecast simulation information, forecast item hierarchical structure information, time series data on cyber threats, and sample data on cyber threats; a forecast engine core subsystem which forecasts the levels of threats for the cyber threat forecast items having a hierarchical structure using the forecast information stored in the forecast information database; and a forecast engine control interface which receives control commands for the forecast engine core subsystem from a user or external system, and delivers the received control commands to the forecast engine core subsystem.

Abstract: An apparatus and method for detecting anomalous traffic are provided. More particularly, an apparatus and method for detecting anomalous traffic based on entropy of network traffic are provided. The apparatus of detecting anomalous traffic includes: an entropy extraction module for extracting entropy from network traffic; a visualization module for generating an entropy graph based on the entropy; a graph model experience module for updating a graph model for each network attack based on the entropy graph; and an anomalous traffic detection module for detecting anomalous traffic based on the entropy graph and the graph model for each network attack and outputting the detection results to a user. In the apparatus and method, anomalous traffic is detected based on network entropy rather than simple statistics based on the amount of traffic, so that a false alarm rate of the apparatus for detecting anomalous traffic can be reduced.

Abstract: An apparatus and method for detecting anomalous traffic are provided. More particularly, an apparatus and method for detecting anomalous traffic based on entropy of network traffic are provided. The apparatus of detecting anomalous traffic includes: an entropy extraction module for extracting entropy from network traffic; a visualization module for generating an entropy graph based on the entropy; a graph model experience module for updating a graph model for each network attack based on the entropy graph; and an anomalous traffic detection module for detecting anomalous traffic based on the entropy graph and the graph model for each network attack and outputting the detection results to a user. In the apparatus and method, anomalous traffic is detected based on network entropy rather than simple statistics based on the amount of traffic, so that a false alarm rate of the apparatus for detecting anomalous traffic can be reduced.

Abstract: Provided are an apparatus and method for forecasting the security threat level of a network. The apparatus includes: a security data collection unit for collecting traffic data and intrusion detection data transmitted from an external network to a managed network; a malicious code data collection unit for collecting malicious code data transmitted from a security enterprise network; a time series data transformation unit for transforming the data collected by the security data collection unit into time series data; a network traffic analysis unit for analyzing traffic distribution of the managed network using the data collected by the security data collection unit; and a security forecast engine for forecasting security data of the managed network using the time series data obtained by the time data transformation unit, the data analyzed by the network traffic analysis unit, and the data collected by the malicious code data collection unit.

Abstract: Provided are a pattern analyzing/detecting method and a system using the same that are capable of detecting and effectively preventing an unknown malicious code attack. To detect such an attack, the method monitors the system to combine all behaviors exhibited within the system due to corresponding malicious codes, reprocess and learn the behaviors, analyze existing malicious behavior feature values (prediction patterns), and compare them with a behavior pattern exhibited by an execution code.

Abstract: Provided are a system and method for predicting a cyber threat. The system and method collect various variables and synthetically predict the frequency, dangerousness, possibility, and time of the occurrence of a cyber threat including hacking, a worm/virus, a Denial of Service (DoS) attack, illegal system access, a malicious code, a social engineering attack, system/data falsification, cyber terror/war, weakness exploitation, etc., using a time-series analysis method and a Delphi method, and inform a user in advance of the prediction result, thereby enabling the user to prepare against the cyber threat.