Abstract: Proposed are a wafer heating apparatus and a wafer processing apparatus using the same. More particularly, proposed are a wafer heating apparatus having an improved structure to enable efficient cooling of a terminal block, and a wafer processing apparatus using the same. A wafer heating apparatus for heating a wafer according to one embodiment includes a heater disposed below the wafer and configured to serve as a heat source, a cooling plate disposed below the heater and configured to provide cool air, and a terminal block configured to supply power to the heater and having a lower end portion in contact with the cooling plate.

Abstract: A network intrusion detection apparatus and method that perform Perl Compatible Regular Expressions (PCRE)-based pattern matching on the payloads of packets using a network processor equipped with a Deterministic Finite Automata (DFA) engine. The network intrusion detection apparatus includes a network processor core for receiving packets from a network, and transmitting payloads of the received packets to a Deterministic Finite Automata (DFA) engine. A detection rule converter converts a PCRE-based detection rule, preset to detect an attack packet, into a detection rule including a pattern to which only PCRE grammar corresponding to the DFA engine is applied. The DFA engine performs PCRE pattern matching on the payloads of the packets based on the detection rule converted by the detection rule converter.

Abstract: An intrusion detection apparatus and method using a load balancer responsive to traffic conditions between a central processing unit (CPU) and a graphics processing unit (GPU) are provided. The intrusion detection apparatus includes a packet acquisition unit, a character string check task allocation unit, a CPU character string check unit, and a GPU character string check unit. The packet acquisition unit receives packets, and stores the packets in a single task queue. The character string check task allocation unit determines the number of packets in the packet acquisition unit, and allocates character string check tasks to the CPU or the GPU. The CPU character string check unit compares the character strings of the packets with a character string defined in at least one detection rule inside the CPU. The GPU character string check unit compares the character strings of the packets with the character string inside the GPU.

Abstract: A system and method of measuring power consumption in an appliance is provided. An electrical characteristic of a power signal, such as a voltage component and/or a current component, can be detected at the appliance. The detected electrical characteristic can be processed using a signal processor. During signal processing, the detected electrical characteristic can be shifted based on a predetermined threshold and converted to a digital signal. An electrical characteristic offset can be determined based on an average electrical characteristic value of a plurality of detected electrical characteristics. The difference between the electrical characteristic offset value and an instantaneously detected electrical characteristic value can be used to determine power consumption of the appliance.

Abstract: Provided are a system and method for detecting a malicious script. The system includes a script decomposition module for decomposing a web page into scripts, a static analysis module for statically analyzing the decomposed scripts in the form of a document file, a dynamic analysis module for dynamically executing and analyzing the decomposed scripts, and a comparison module for comparing an analysis result of the static analysis module and an analysis result of the dynamic analysis module to determine whether the decomposed scripts are malicious scripts. The system and method can recognize a hidden dangerous hypertext markup language (HTML) tag irrespective of an obfuscation technique for hiding a malicious script in a web page and thus can cope with an unknown obfuscation technique.

Abstract: A system and method for detecting malware based on a virtual host are provided. The system for detecting malware based on a virtual host includes a terminal network behavior analysis server and a virtual host. The terminal network behavior analysis server extracts network behavior information by monitoring the network behavior of an actual host, and outputs the extracted the network behavior information. The virtual host detects malware corresponding to abnormal behavior in the actual host, by receiving the network behavior information and then performing corresponding behavior.

Abstract: An apparatus and method for monitoring power consumption of an appliance includes a processor in communication with a memory, the memory including program instructions for execution by the processor to determine a first stable power consumption state of the appliance, record a power consumption of the appliance during the first stable power consumption state, determine an unstable power consumption state of the appliance, suspend recording of the power consumption of the appliance during the unstable state, determine a second stable power consumption state of the appliance, resume recording of the power consumption of the appliance when the appliance is in the second stable power consumption state, and estimate a value of a power consumed during the unstable power consumption state as a factor of the recorded power consumption of the appliance during the first stable power consumption state and the second stable power consumption power state.

Abstract: A system and method of measuring power consumption in an appliance is provided. An electrical characteristic of a power signal, such as a voltage component and/or a current component, can be detected at the appliance. The detected electrical characteristic can be processed using a signal processor. During signal processing, the detected electrical characteristic can be shifted based on a predetermined threshold and converted to a digital signal. An electrical characteristic offset can be determined based on an average electrical characteristic value of a plurality of detected electrical characteristics. The difference between the electrical characteristic offset value and an instantaneously detected electrical characteristic value can be used to determine power consumption of the appliance.

Abstract: A system and method for detecting network intrusion by using a network processor are provided. The intrusion detection system includes: a first intrusion detector, configured to use a first network processor to perform intrusion detection on layer 3 and layer 4 of a protocol field among information included in a packet header of a packet transmitted to the intrusion detection system, and when no intrusion is detected, classify the packets according to stream and transmit the classified packets to a second intrusion detector; and a second intrusion detector, configured to use a second network processor to perform intrusion detection through deep packet inspection (DPI) for the packet payload of the packets transmitted from the first intrusion detector. Thereby, intrusion detection for high-speed packets can be performed in a network environment.

Abstract: A network intrusion detection apparatus and method that perform Perl Compatible Regular Expressions (PCRE)-based pattern matching on the payloads of packets using a network processor equipped with a Deterministic Finite Automata (DFA) engine. The network intrusion detection apparatus includes a network processor core for receiving packets from a network, and transmitting payloads of the received packets to a Deterministic Finite Automata (DFA) engine. A detection rule converter converts a PCRE-based detection rule, preset to detect an attack packet, into a detection rule including a pattern to which only PCRE grammar corresponding to the DFA engine is applied. The DFA engine performs PCRE pattern matching on the payloads of the packets based on the detection rule converted by the detection rule converter.

Abstract: An intrusion detection apparatus and method using a load balancer responsive to traffic conditions between a central processing unit (CPU) and a graphics processing unit (GPU) are provided. The intrusion detection apparatus includes a packet acquisition unit, a character string check task allocation unit, a CPU character string check unit, and a GPU character string check unit. The packet acquisition unit receives packets, and stores the packets in a single task queue. The character string check task allocation unit determines the number of packets in the packet acquisition unit, and allocates character string check tasks to the CPU or the GPU. The CPU character string check unit compares the character strings of the packets with a character string defined in at least one detection rule inside the CPU. The GPU character string check unit compares the character strings of the packets with the character string inside the GPU.

Abstract: An apparatus and method for monitoring power consumption of an appliance includes a processor in communication with a memory, the memory including program instructions for execution by the processor to determine a first stable power consumption state of the appliance, record a power consumption of the appliance during the first stable power consumption state, determine an unstable power consumption state of the appliance, suspend recording of the power consumption of the appliance during the unstable state, determine a second stable power consumption state of the appliance, resume recording of the power consumption of the appliance when the appliance is in the second stable power consumption state, and estimate a value of a power consumed during the unstable power consumption state as a factor of the recorded power consumption of the appliance during the first stable power consumption state and the second stable power consumption power state.

Abstract: A system and method for detecting network intrusion by using a network processor are provided. The intrusion detection system includes: a first intrusion detector, configured to use a first network processor to perform intrusion detection on layer 3 and layer 4 of a protocol field among information included in a packet header of a packet transmitted to the intrusion detection system, and when no intrusion is detected, classify the packets according to stream and transmit the classified packets to a second intrusion detector; and a second intrusion detector, configured to use a second network processor to perform intrusion detection through deep packet inspection (DPI) for the packet payload of the packets transmitted from the first intrusion detector. Thereby, intrusion detection for high-speed packets can be performed in a network environment.

Abstract: An apparatus and method for detecting an obfuscated malicious web page are provided to find a malicious web page by deobfuscating an obfuscated malicious code. The apparatus includes an obfuscated code detector that detects whether an obfuscated code is included in a source code of a web page, a deobfuscation function inserter that reconfigures the source code by inserting a function for deobfuscating the obfuscated code into the source code, a deobfuscator that is called by the function inserted into the reconfigured source code and deobfuscates the obfuscated code, and a malicious code detector that detects a malicious code using the deobfuscated code.

Abstract: A system and method for managing a network by value-based estimation is provided. A network device requesting communication is defined as an active point and a network device receiving a request for communication is defined as a passive point. A value of a network device is determined according to the number of active points connected to the corresponding network device, and a value of a network device that is in a path of communication between network devices is determined based on a value of a network device passing through the corresponding network device. When a policy for changing a network environment is transferred in a state where the values of the network devices have been estimated, a policy conflict test is performed on the basis of the estimated values of the network devices, thereby determining application of the policy in due consideration of the values and significance of the network devices.

Abstract: A method and apparatus for digital forensics are provided. The apparatus for digital forensics includes a page file extractor for extracting a page file stored in a target storage medium, a stored-page feature extractor for extracting features of pages stored in the extracted page file, a page classifier for comparing the extracted features of the pages with at least one predetermined classification criterion and classifying the pages according to the comparison results, and a digital forensics unit for performing digital forensics according to the classified pages. According to the method and apparatus, it is possible to perform digital forensics using only information of a page file.

Abstract: Provided are a system and method for detecting a malicious script. The system includes a script decomposition module for decomposing a web page into scripts, a static analysis module for statically analyzing the decomposed scripts in the form of a document file, a dynamic analysis module for dynamically executing and analyzing the decomposed scripts, and a comparison module for comparing an analysis result of the static analysis module and an analysis result of the dynamic analysis module to determine whether the decomposed scripts are malicious scripts. The system and method can recognize a hidden dangerous hypertext markup language (HTML) tag irrespective of an obfuscation technique for hiding a malicious script in a web page and thus can cope with an unknown obfuscation technique.

Abstract: The present invention relates to an apparatus for recovering re-evaporated steam and condensate, and in particular, to an apparatus for mixing the steam re-evaporated from condensate that is discharged from a heating unit for heating an object to be treated, with high-temperature steam supplied from a boiler, and for resupplying the mixed steam to the heating unit. To this end, the apparatus comprises: a steam recovery unit for recovering the condensate discharged from a heating unit for heating an object to be treated, and the steam re-evaporated from the condensate, and then supplying the recovered re-evaporated steam to a steam-pressurizing unit and the recovered condensate to a boiler; and the steam-pressurizing unit for mixing the re-evaporated steam supplied from the steam recovery unit, with high-temperature steam supplied from the boiler and then supplying the mixed steam to the heating unit.

Abstract: An apparatus and method for detecting an obfuscated malicious web page are provided to find a malicious web page by deobfuscating an obfuscated malicious code. The apparatus includes an obfuscated code detector that detects whether an obfuscated code is included in a source code of a web page, a deobfuscation function inserter that reconfigures the source code by inserting a function for deobfuscating the obfuscated code into the source code, a deobfuscator that is called by the function inserted into the reconfigured source code and deobfuscates the obfuscated code, and a malicious code detector that detects a malicious code using the deobfuscated code.

Abstract: A method and apparatus for digital forensics are provided. The apparatus for digital forensics includes a page file extractor for extracting a page file stored in a target storage medium, a stored-page feature extractor for extracting features of pages stored in the extracted page file, a page classifier for comparing the extracted features of the pages with at least one predetermined classification criterion and classifying the pages according to the comparison results, and a digital forensics unit for performing digital forensics according to the classified pages. According to the method and apparatus, it is possible to perform digital forensics using only information of a page file.