Abstract: A method and apparatus for storing pattern matching data and a pattern matching method using the method and apparatus are provided. The method of storing original data for pattern matching in a pattern matching apparatus includes: dividing the original data into segments of a predetermined size; performing a hash operation on each of the divided segments; determining whether or not the hash operation value of each segment causes a hash collision with a hash operation value stored in a first external memory disposed outside the pattern matching apparatus; and controlling the hash operation value of each segment determined not to cause a hash collision to be stored in the first external memory. According to the method and apparatus, the original data desired to be used for pattern matching can be stored at a faster speed in a pattern matching data storing apparatus.

Abstract: Provided is an apparatus for detecting a network attack situation. The apparatus includes an alarm receiver receiving a plurality of alarms raised in a network to which the alarm receiver is connected, converting the alarms into predetermined alarm data, and outputting the alarm data; an alarm processor analyzing an attack situation in the network based on attributes of the alarm data and a number of times that the alarm data is generated; a memory storing basic data needed to analyze the state of the network and providing the basic data to the alarm processor; and an interface transmitting the result of the analysis by the alarm processor to an external device, receiving a predetermined critical value from the external device, which is a basis for determining the occurrence of the attack situation, and outputting the critical value to the alarm processor such that the alarm processor can store the critical value in the memory.

Abstract: An access pointer for interconnecting a power line communication (PLC) network of a home network and a wireless network and a method therefor are provided. When data is received from the PLC network through media access control of a data link layer, data on upper layers above a network layer in the received data is converted into a format suitable to a wireless network layer. The converted data is transmitted to the wireless network through the media access control of the data link layer. Accordingly, the PLC network and the wireless network are easily interconnected.

Abstract: In a real-time network attack pattern detection system and method, a common pattern is detected in real time from packets, which are suspected to be a network attack such as Worm, to effectively block the attack. The system includes: a suspicious packet detector for classifying a suspicious attack packet from all input packets; a first data delaying unit for receiving the input packet from the suspicious packet detector to output an one-clock delayed data; a second data delaying unit for receiving an output signal from the first data delaying unit to output an one-clock delayed data; a hash key generator for receiving an output data of the suspicious packet detector, an output data of the first data delaying unit and an output data of the second data delaying unit to generate a hash key; a hash table for storing a lookup result obtained by the hash key generated from the hash key generator; and an existence & hit checker for checking the lookup result of the hash table.

Abstract: The present invention relates to a network intrusion detection and prevention system. The system includes: a signature based detecting device; an anomaly behavior based detecting device; and a new signature creating and verifying device disposed between the signature based detecting device and the anomaly behavior based detecting device, wherein if the anomaly behavior based detecting device detects network-attack-suspicious packets, the new signature creating and verifying device collects and searches the detected suspicious packets for common information, and then creates a new signature on the basis of the searched common information and at the same time, verifies whether or not the created new signature is applicable to the signature based detecting device, and then registers the created new signature to the signature based detecting device if it is determined that the created new signature is applicable.

Abstract: Enclosed are a signature string storage memory optimizing method, a signature string pattern matching method, and a signature matching engine. Signature is tokenized in units of substrings and the tokenized substrings are stored in an internal memory block and an external memory block to optimize a memory storage pattern. Therefore, matching of introduction data to signature patterns is effectively performed.

Abstract: Provided is an apparatus for detecting and visualizing anomalies in network traffic which includes a traffic information storing portion storing information on network traffic, a traffic state display portion presenting a status of the network traffic generated for a predetermined threshold time based on the information on network traffic on an orthogonal coordinates system in a form of a graph connecting at least one point data as a coordinate value, and a traffic anomalies determination portion determining an existence of anomalies in the network traffic based on a shape of the graph.

Abstract: A network apparatus and packet routing method for ubiquitous computing are provided. In the network apparatus, a movement detection unit detects movement from a first network to a second network, and a movement address setting unit generates care-of-address (CoA) information corresponding to prefix information of the second network. A movement registration unit registers a movement address by transmitting a binding update message containing the generated CoA and home address (HoA) mapping information, to a home agent. A resource setting unit registers information on current terminal apparatuses among network terminal apparatuses on the second network. A packet distribution unit distributes the received packet to a current terminal apparatus corresponding to the application characteristic of the packet received from the home agent based on the information on the current terminal apparatuses.

Abstract: The AAA client generates accounting data, transmits an accounting data transmission request message to the AAA server, and then receives a response message to the accounting data transmission request message from the AAA server. If receiving a transmission failure response message for the accounting data from the AAA server, the AAA client stores accounting data generated after receiving the transmission failure response message, and if an amount of the stored accounting data is increased to a certain limit, the AAA client sets an identifier for a batch accounting application in the accounting data and transmits an accounting data transmission request message, including stored batch accounting data and the session information, to the AAA server. The AAA server confirms the identifier and the transmission request message and searches the accounting record for session information mapped to the session information included in the ACR message.

Abstract: Provided is an apparatus for detecting a network attack situation. The apparatus includes an alarm receiver receiving a plurality of alarms raised in a network to which the alarm receiver is connected, converting the alarms into predetermined alarm data, and outputting the alarm data; an alarm processor analyzing an attack situation in the network based on attributes of the alarm data and a number of times that the alarm data is generated; a memory storing basic data needed to analyze the state of the network and providing the basic data to the alarm processor; and an interface transmitting the result of the analysis by the alarm processor to an external device, receiving a predetermined critical value from the external device, which is a basis for determining the occurrence of the attack situation, and outputting the critical value to the alarm processor such that the alarm processor can store the critical value in the memory.

Abstract: A network correction security system. The network correction security system connected between a network node and a security-related external system, detects attacks on the network node, corrects weak parts of the performance of the network node, collects information for improving the security performance of the network node from a security-related external system, analyzes the information, monitors principal resources of the network node to detect a fault, and removes the fault according to a measure corresponding to a grade of the fault. The network correction security system carries out a recovery process when the fault has not been corrected, and recovers the functions of the network node according to a recovery mechanism when the fault has not been removed after the recovery process.

Abstract: An apparatus and method for performing packet header lookup based on sequential lookup is provided. A header analyzer separates a header from a packet received via a network and outputs a lookup sequence. A unit lookup unit looks up matching the header combination rules with each field to be analyzed and input from the header analyzer based on the lookup sequence input from the header analyzer and outputs a match signal and a match address. A rule combination memory stores identification information for the header combination rules. A sequence combination memory stores lookup sequence information and sequence combination information. A rule combination unit generates match results based on the match signal input from the unit lookup unit and data read from the rule combination memory and the sequence combination memory.

Abstract: Provided are a transactions certification method and system to protect privacy on details of electronic transactions, the method comprising the operations of: a) receiving and registering client information which is encoded so that a client cannot be identified; b) receiving and storing transactions details of a client including a client transactions identifier encoded by the service provider server; c) after receiving client certification information for client certification, performing client certification by comparing the client information previously registered in the operation a) with the received client certification information; d) receiving a client transactions identifier for searching transactions details of a client when the client certification is performed in the operation c), and determining whether the client transactions identifier and the client transactions identifier previously stored in the operation b) are identical with each other; and c) generating a message corresponding to the transac

Abstract: A digital distribution management system and a contents distribution management method using the same are provided. The system is formed of a contents-user, a broker, a contents-owner, and a contents distributor. The broker receives a contents use fee from the contents-user, transmits a contract document for contents use to the contents-user, pays a loyalty to a contents-owner, pays a distribution fee to the contents distributor, and makes a contract for contents use. The contents-owner transmits use rights, i.e., Service Release (SR) information on corresponding contents of a proper contents-user making a contents use contract to the contents distributor and receives a corresponding loyalty through a broker. The contents distributor receives the SR information from the contents-owner, transmits the contents and a license on the contents information so that the proper contents-user can use the corresponding contents, and receives a corresponding distribution fee through the broker.

Abstract: Provided are a method and an apparatus for managing online and offline documents using RFID technology. The method includes: pre-registering online and offline documents using radio frequency identification tag information stored in at least one of the online and offline documents to be output; determining whether the pre-registered online and offline documents are authorized to be output; and if it is determined that the pre-registered online and offline documents are authorized to be output, generating documents of the online and offline documents to be output and storing new radio frequency identification tag information in radio frequency identification tags attached to the documents to be output.

Abstract: A system for defending against a distributed denial-of-service attack includes an intrusion detection system, an active security management system and an active security node. The intrusion detection system generates alert data if a denial-of-service attack is detected. The active security management system manages a domain, analyzes the alert data, generates and transmits a backtracking sensor in a case of the distributed denial-of-service attack, transmits mobile sensors to a host backtracked by the backtracking sensor to remove a master or an agent program within the host; and generates and transmits a backtracking sensor by using an IP address of a host that has transmitted a packet to the removed master or agent program. The active security node executes the transmitted backtracking sensor to backtrack an attacking host of the distributed denial-of-service attack and, if the backtracked host is determined as a real attacker, intercepts a traffic generated from the real attacker.

Abstract: Disclosed are a system and method of sharing intrusion detection information detected at different networks and tracking the intrusion, to thereby defense against the intrusion on a network to which an intruder belongs, and a computer-readable medium storing a program for implementing the above method therein. The system detects an intrusion through the analysis of an input packet, adds information associated with the intrusion into the packet, creates an active packet and transmits the active packet to an address of an intruder, which transmitted the packet. Thereafter, the system tracks the intrusion, for all routes through which the intruder passed based on the active packet, and filters the packet associated with the intruder for the isolation thereof.

Abstract: A message security processing system and method for Web services are provided. In the message security processing system in which messages are exchanged between a client and a server with a SOAP-RPC format, each of the client and the server includes: a security interface allowing information related to digital signature, encryption, and timestamp insertion to be set in a security context object for an application program to meet security requirements of the client or the server; a security handler receiving the security context object from the security interface, and performing security processing of a request message by calling security objects stored in a request queue of the security context object one by one in order or performing security processing of a response message by calling security objects stored in a response queue of the security context object one by one in order; and an XML security unit supporting an XML security functions by called by the security handler.

Abstract: An encryption key management method for mobile terminals for providing at least one mobile terminal which is connected to a network to use services with an encryption key required for issuing a certificate which is needed for the services and managed by a certification authority by using an encryption key management server is provided. The method includes operations of: a registration requesting operation where the mobile terminal generates an encryption key registration request; an encryption key managing operation where the encryption key management server generates and manages the encryption key in response to the encryption key registration request; a transferring operation of sending the generated encryption key to the mobile terminal; and a security service providing operation of receiving the certificate managed by the certification authority and providing selective security services specific to the content of the services provided to the mobile terminal.

Abstract: Disclosed is a method of detecting abnormal traffic at the network level using a statistical analysis and a computer-readable recording medium for recording a program that implements the method. The method includes the steps of: a) gathering local traffic data from each network device and integrating a plurality of the local traffic data to generate traffic data in a network level; b) extracting a characteristic traffic data based on the traffic data in the network level; c) comparing the characteristic traffic data with a characteristic traffic data profile resulting from statistical computations, and determining whether there is abnormal traffic in the network; and d) updating the characteristic traffic data profile using the characteristic traffic data if there is no abnormal traffic in the network, analyzing seriousness of the abnormal traffic and monitoring the abnormal traffic if there is abnormal traffic in the network.