Abstract: A hybrid network discovery method for detecting client applications. The method has the steps of: (a) applying test traffic packets to a network which is to be measured, and analyzing responses so as to check target nodes; (b) transmitting a protocol request packet to each of the checked target nodes; and (c) when the URL of the header of the protocol request packet coincides with a site for a specific application of the target node, extracting the URL and the IP address of the target node.

Abstract: Provided is a security risk evaluation method for threat management. According to the present invention, new threats or vulnerabilities for a network which should be protected (target network) are collected, and a threat management environment is assessed by checking whether or not to apply attack-attempt detection rules and vulnerability assessment rules for assets related to the threats or vulnerabilities. Based on the assessment result, the range and level of response are previously checked and complemented, and corresponding risk evaluation is provided. Therefore, the threat management environment can be managed effectively.

Abstract: Provided are a system and a method for vulnerability assessment of a network based on a business model. In the system and method, services of each node existing in a monitoring target network are monitored, and a business model is generated on the basis of the monitored services so as to perform vulnerability assessment on the business model. Accordingly, it is possible to guarantee the safety and availability of the system and the network while the vulnerability assessment is performed.

Abstract: Method for detecting network attack based on time series model using the trend filtering. The method has the steps of: a) removing a trend component from the time series data to extract a residual component; and b) detecting an anomaly by applying a time series model to the residual component.

Abstract: A method for risk analysis using information asset modeling. The method has the steps of: (a) identifying an information asset which uses or provides a network service; (b) identifying a threat on the information asset through a computer network; (c) identifying a vulnerability of the information asset; (d) calculating an AL (attack likelihood) by using a CVSS (Common Vulnerability Scoring System) score obtained by converting a severity caused by a success of an attack on the vulnerability into a standardized value; (e) computing the value of the information asset so as to calculate an IM (impact analysis); and (f) multiplying the calculated AL and IM so as to determine an RL (risk level) for the information asset.

Abstract: A network risk analysis method using an information hierarchy structure is divided into 7 steps and results derived from each of the process steps are stored in a database to get a hierarchy structure for the respective steps. By using the information hierarchy structure, a network manager can easily comprehend the relationship between the derived results from each step to make a risk analysis in an efficient manner.

Abstract: Disclosed is a method for estimating an available bandwidth of a network link by transmitting small-sized probing packets using a time stamp function of an Internet control message protocol (ICMP) and using time information of the probing packet returned. According to the invention, even when the separate program or function is not activated in the router, it is possible to easily estimate and monitor the available bandwidth of the exterior network link connected to the network being managed. Accordingly, it is possible to operate the network more stably and to detect the abnormal sign of the network at early stage, thereby quickly coping with it. In addition, it is possible to prevent the excessive traffic or load from being caused in the network.

Abstract: Disclosed is a system integration method based on a system entity structure (SES). The method comprises steps of (a) analyzing an integration target system to extract a technology attribute and to represent the integration target system as a system entity structure (SES); and (b) carrying out a pruning operation for constitution elements of the integration target system represented as the system entity structure (SES) in the step (a), in consideration of the technology attribute extracted in the step (a), an environmental factor and a pruning rule, which being a basis for selection of constitutional technological elements. The invention is particularly effective for an integration target system having various element technologies such as information security system.

Abstract: An integrative analysis system and method of network vulnerability utilizing multiple heterogeneous vulnerability scanners to enhance the accuracy of the network vulnerability analysis are provided. The method comprises a scanning policy setting-up step of setting-up a common scanning policy able to be adapted to the multiple heterogeneous vulnerability scanners and specifying the policy for the respective vulnerability scanners, a vulnerability scanning and result collecting step of performing for the multiple heterogeneous vulnerability scanners to scan, to collect a result thereof, and to store the same in a database and a scanning result integrative analysis step of performing a relevance analysis and an integrative analysis on the scanning results collected, thereby obtaining a complementary vulnerability scanning utilizing multiple heterogeneous vulnerability scanners, enhancing the accuracy and the comprehension of the scanning results, and obtaining a comprehensive vulnerability analysis on a network.