97results about How to "Achieve defense" patented technology

The invention provides a defense method, a defense device and a defense system for DNS (Domain Name System) services. The method comprises: monitoring a DNS data query request message flux of a DNS recursive server network gateway within unit time; judging whether the DNS data query request message flux exceeds a predetermined safety access flux threshold value or not; obtaining a proportional value between the quantity of DNS data query request messages containing top-level domain addresses and the DNS data query request message flux; in the case of judging the proportional value to exceed the predetermined value, recording the top-level domain addresses as attacked addresses; transmitting the DNS data query request messages of which the domain addresses are not the attacked addresses; judging whether second-level domain addresses of the DNS data query request messages corresponding to the attacked addresses exist in a normal domain name list or not; and performing defense processing on the DNS data query request messages of which the second-level domain name addresses do not exist in the normal domain name list. The transmission of attack messages can be effectively decreased, so that the defense of a DNS server is realized; and meanwhile, the normal DNS data query request is not affected.

The invention discloses a software defined opportunity network DDoS defense method based on a block chain. Firstly, the characteristic that the SDN can perform logic centralized management and controlon a control layer is utilized; the network state is dynamically monitored in real time; then, the possibility of existence of a DDoS amplification attack is analyzed by analyzing the traffic characteristics obtained by monitoring, an attacker address is determined according to a traceability algorithm, and finally, a public accessible attacker blacklist is maintained by using a block chain architecture to assist an application layer in malicious traffic filtering so as to realize defense of the DDoS attack. According to the method, the attack source tracking accuracy is improved, the storage of the attack source blacklist address is realized in combination with the block chain architecture, and the attack source storage architecture based on the distributed account book technology can effectively prevent the data from being tampered or damaged while maintaining the data reliability. The whole network can perform filtering in a data packet receiving stage by inquiring a blacklist address, so that the DDoS attack is prevented from the source.

The invention belongs to the technical field of transformer substation network intrusion detection, and particularly relates to an intelligent transformer substation network intrusion detection systemand method based on deep learning. The system is used for intrusion detection aiming at network attacks of an IEC61850 communication protocol of an intelligent substation. The system comprises a datacollection module, a feature extraction module, a behavior analysis module and a defense behavior trigger module which are sequentially connected, wherein the data collection module is connected to an intelligent substation network to collect data, the defense behavior trigger module is connected to the intelligent substation network, the network information flow based on the IEC61850 protocol inthe intelligent substation is collected and analyzed in real time, and abnormal communication behaviors are detected and alarmed in real time.

The invention belongs to the field of information security, and particularly relates to a machine learning training data poisoning attack defense method, which is used for intelligent security and protection, training data are collected in security and protection video data, and the method comprises the following steps: obtaining prediction value distribution of a clean training data set corresponding to a training data set to be identified; inputting each piece of to-be-identified training data into the trained prediction model to obtain a prediction value; determining and identifying poisoning data based on the predicted value and the predicted value distribution so as to realize defense; generating synthetic data based on the trusted training data of the same type as the training data to be identified; training by adopting an enhanced data set consisting of the synthetic data and the trustworthy training data to obtain a prediction model; wherein the distribution of the enhanced data set is the same as that of the clean training data set, and the prediction model takes the distribution of prediction values output by the enhanced data set as the prediction value distribution. Effective protection can be provided without defining a machine learning algorithm or an attack type, and the problem of limitation on specific attacks in an existing defense method is solved.

The invention discloses a Java Web framework vulnerability attack general detection and positioning method and system, and the system comprises: a context information collection module which is used for deploying a probe code of an RASP at each key level of an application program, and obtaining key context data such as parameter information of a related sensitive function; a vulnerability judgment module which is used for constructing an attack detection rule matching algorithm according to the established vulnerability utilization rule set, namely the representation characteristics of different vulnerability attack types in each level of the Web program; and a vulnerability alarm module which is used for receiving a judgment result of the vulnerability judgment module and outputting feedback information which comprises a judgment result of vulnerability attacks suffered by the program. The collected context information application rules in the program can be directly matched, meanwhile, the detection rule set can be expanded along with expansion of vulnerability attack types analyzed in the early stage, the operation state in the program can be monitored in real time, unknown vulnerability defense is achieved, and effectiveness and practicability are achieved.

The invention discloses a distributed optical fiber fence intrusion detection and location method based on a phi-OTDR (Optical Time Domain Reflectometer), and the method comprises the following steps of: firstly, subtracting an acquired ith signal by an acquired (i-1)th signal to obtain a preprocessing monitoring signal; secondly, carrying out at least four-layer wavelet decomposition on the preprocessing monitoring signal by adopting a plurality of wavelet functions; thirdly, judging whether actual intrusion exists according to the consistency of distribution positions of maximum-wavelet mode maximums in all scale signals; fourthly, judging that the actual intrusion exists if the distribution positions of the maximum-wavelet mode maximums in at least three scale signals are consistent; fifthly, corresponding multiplying the scale signals in which the intrusion exists and the distribution positions of the maximum-wavelet mode maximums are consistent to obtain a composite signal of which pseudo maximums are inhibited and mode maximums at a catastrophe point are enhanced, using a position corresponding to the maximum-mode maximum in the composite signal as a position of the determined intrusion point, determining the intrusion generation and the intrusion position by combining various composite signal judgment results of wavelet multi-scale analysis according to the majority voting criterion.

The invention discloses a federated learning defense method based on a block chain. The method comprises the following steps: a participant establishing an intelligent contract with an authority; obtaining the model from the block chain by the participant in the book, carrying out local training, uploading the trained local model and the corresponding training time to the corresponding block node,and broadcasting the local model and the corresponding training time to the block chain; constructing a noise committee of a noise committee for each on-book participant, and adding noise to the local model of the corresponding on-book participant by using the noise committee to update the local model to obtain an updated model; constructing a verification committee for all in-book participants,verifying the prediction reliability and authenticity of each update model by using the verification committee according to the data set and the training time, and recording the update model passing the verification in a new block node; and the authority obtaining all the updated models passing the verification from the block nodes and aggregating the updated models to obtain an aggregated model,and broadcasting the aggregated model to the block chain for the next round of in-book participants to download local training.

The invention discloses an abnormal data detection defense method for reinforcement learning, and the method comprises the steps: (1) building a car automatic driving environment, carrying out the reinforcement learning through employing a deep deterministic strategy gradient algorithm based on the state data provided according to the car automatic driving environment, and generating driving statedata as a training sample; (2) training a generative adversarial network composed of a generator and a discriminator by using the training sample; (3) according to the collected driving state data, generating predicted driving state data at the next moment according to the driving state data at the current moment by utilizing a trained generator; and (4) judging whether the real driving state data and the predicted driving state data at the next moment are normal or not by utilizing the trained discriminator, and when the real driving state data at the next moment are abnormal, judging that the predicted driving state data are normal, and replacing the real driving state data by utilizing the predicted driving state data.

The invention discloses an SDN-based SDP security group implementation method and a security system, and the method achieves SPA single-packet authorization service logic through adoption of a flow table method of an SDN network, and carries out the planning and identity authentication of access authorities of different users through combining with the IAM user management of a cloud platform. According to the invention, the security of the cloud platform security group function is enhanced; accurate control of the security group on external authorization is realized; in combination with the identity authentication technology of the cloud platform and the SDN cloud network, the additional cost of the SDP gateway and the SDP controller is reduced, the SDP technology and the cloud computing security technology are fused, meanwhile, attacks from an internal network can be effectively defended, and comprehensive defense of flow in all directions of the cloud platform can be achieved.

The invention provides a method and a system for defending denial of service attack, a wireless access point and a wireless controller. The method comprises the following steps that: the wireless controller receives a first message of a client forwarded by the wireless access point; the wireless controller judges whether the first message is an attack message or not according to a receiving signal intensity indication threshold which corresponds to the client and is returned by the wireless access point; and the wireless controller directly discards the first message when determining that thefirst message is the attack message. By the method and the system for defending the denial of service attack, the wireless access point and the wireless controller which are provided by the invention, defense against a denial of service (DOS) attack can be realized, the client cannot be off-line or a wireless access service cannot be interrupted due to the DOS attack to the message, and the service quality of the wireless access of the client is improved.

The invention provides a remote sensing image classification network robustness improvement method based on self-supervised learning, which not only utilizes labeled data, but also fully utilizes a large amount of non-labeled data existing in the remote sensing field, and effectively improves the robustness of a model by mining the information of images through a twin network. Feature extraction is conducted on the clean sample and the adversarial sample simultaneously by using a twin network to obtain feature vectors, and model training is completed by comparing and learning the feature vectors approaching the clean sample and the adversarial sample, so that the image has stable expression in a deep remote sensing image encoder network in an online network in the twin network, and therefore, the robustness is improved. According to the method, the robustness of the model to adversarial sample noise and natural noise is effectively enhanced, meanwhile, the classification effect of a clean data set is hardly influenced, and application is facilitated.

A defense method based on generative adversarial network attacks comprises the following steps: 1) establishing an appropriate generative adversarial network structure GAN by using a long short term memory (LSTM) network; 2) pre-training a discrimination model in the structure; 3) according to the loss function of the generator G, training the generator G by taking the number of iterations as a limit and the convergence loss function as a purpose; 4) according to the loss function of the generator D, training the generator D by taking the number of iterations as a limit and the convergence loss function as a purpose; (5) repeating the steps (3) to (4), optimizing a generator and a discriminator in the generative adversarial network in turn, obtaining a better network structure by taking the number of iterations as an upper limit, and completing the generation of an optimal adversarial sample; 6) observing indexes of the adversarial samples and generating a large number of adversarial samples of different types of signals, and 7) adding some screened adversarial samples into a model training stage to achieve a defense effect on signal boundary exploration attacks.

The invention provides a network layer mobile target defense method and system based on OpenFlow. The method comprises steps of address acquisition, construction of initial data packet header information, first IP jump, first port jump, second port jump, second IP jump and destination node communication. The method is advantaged in that upper-layer opacity protection can be achieved without third-party software, that is, modifying an upper-layer application is not needed, and the information sent from a node is always in the movement and change state, and thereby attack of an attacker is effectively avoided.

The invention relates to an LDoS attack detection method under an SDN environment, comprising the following steps: positioning an exchange suspected to be attacked according to a difference Del between an incoming data packet and an outgoing data packet in a unit time of each exchange in an SDN network; Aiming at the switch suspected to be attacked, locating the incoming port of the attack trafficthrough the traffic statistics of each port, For each stream flowing into the port, counting the traffic information separately, and locating the source Mac and destination Mac information of the attack stream, so as to find the attack stream.

The invention discloses an internet financial gang fraud behavior detection method based on a knowledge graph. The method comprises the following steps: obtaining personal application information, operation behavior burying point data and blacklist data of users of a plurality of preset data sources; preprocessing application information and operation behavior buried point data, segmenting a training set and a test set, marking clients as fraudulent nodes and unmarked nodes according to blacklist hit conditions, solving similarity and affiliation factors between the fraudulent nodes and adjacent user nodes, and performing fraudulent risk assessment on the unmarked nodes to obtain a fraudulent risk assessment result; adopting a Neo4j graph database to construct a knowledge graph, testing averification set fraud risk assessment result, and detecting and processing real-time application user fraud behaviors. According to gang fraud behavior detection of the knowledge graph, the anti-fraud engine is constructed, suspicious group fraud risks are rapidly and efficiently recognized, financial risk control capacity is improved, and credit risks are reduced.

The invention discloses a defense method based on signal boundary exploration attack, which comprises the following steps: S101, screening a to-be-attacked signal A, and carrying out initialization disturbance addition to obtain an adversarial signal A '; S102, according to confidence coefficient changes of the to-be-attacked signal A and the countermeasure signal A ', judging a decision boundarydistribution condition around the to-be-attacked signal A; S103, performing disturbance modification on the countermeasure signal A' according to the decision boundary distribution condition around the to-be-attacked signal A; S104, randomly generating deviation disturbance, so that the adversarial signal A' explores the boundary; S105, optimizing disturbance to enable the countermeasure signal A'not to deviate from an expected track; S106, realizing disturbance optimization until an iteration upper limit is reached or a good confrontation signal A' is obtained; S107, screening adversarial signals, adding the adversarial signals into the training set, and training the signal classification model; and S108, classifying the to-be-classified signals by utilizing the trained signal classification model so as to defend attacks.

The invention discloses an anti-chopping shield with a W-shaped shield body. The anti-chopping shield comprises the shield body, handheld handles, a protective pad, and elbow locking and fixing devices, wherein the shield body comprises a shield body front surface and a shield body back surface; the protective pad is connected with the shield body back surface; each handheld handle and the corresponding elbow locking and fixing device penetrate through the protective pad and are connected with the shield body; the shield body front surface comprises shield ridges, shield front surfaces, shield lateral surfaces and a shield bottom; the shield ridges transversely extend to the shield bottom to form the shield front surfaces, and height gradually decreases when the shield ridges transversely extend; the shield ridges extend along the direction of the shield body back surface to form the shield lateral surfaces; the shield ridges, the shield front surfaces and the shield lateral surfaces are in symmetrical arrangement along the axis of the shield bottom, and are integrated into the W-shaped shield body front surface; and an anti-chopping bar is arranged on the surface of each shield ridge. The shield can be used for defending against the attack of liquid, thrown objects, cutters and the like, and has offending and defending functions.

The invention provides a data processing method and device, a server and a user terminal, and belongs to the field of computer technology. The data processing method comprises the following steps that: a server generates response data according to a data request sent by a client; the server generates check information according to the data request, the response data and a key; and the server sendsthe response data and the check information to the client, so that the client judges whether the response data are hijacked or not according to the check information in order to prevent the hijackedresponse data from affecting the user experience.

The invention provides a suspicious process processing method and device, a storage medium and electronic equipment, relates to the technical field of data security, and aims to effectively detect attack behaviors of ransomware. The suspicious process processing method comprises the following steps: monitoring processes running in a terminal system; in response to monitoring that the operation corresponding to the process meets the preset condition, determining that the process is a suspicious process, and suspending the suspicious process; sending the information of the suspicious process to a server to request the server to judge whether the suspicious process has a secret stealing behavior or not, and obtaining a judgment result; obtaining the judgment result sent by the server; and processing the suspicious process according to the judgment result. The method provided by the embodiment of the invention are suitable for detecting the attack behavior of the ransomware.