59results about How to "Improve security defense performance" patented technology

The invention provides an industrial control system trusted environment control method and platform based on a safety chip. The method comprises the steps: (1) registering an industrial control terminal to a management server on the basis of the safety chip; (2) carrying out complete measurement on each operating process by adopting the industrial control terminal; (3) checking the measurement information by the management party on the management server, and forming a white list; (4) downloading the white list formed by the management party from the management server by the industrial control terminal, leading the white list into an operating system core, and then carrying out the control on the process to be operated. By adopting the method and platform, malicious code of an untrusted, unknown and uncontrollable program process is prevented from damaging the system of the industrial control terminal, from stealing the confidential information and damaging the industrial production, so that the safety defense capacity of the industrial control system can be improved.

This invention discloses a method for testing inbreak, which obtains the information of software behavior characters of a program, a structure access model and acts it on the program to prevent abnormal behavior so as to protect the entire network server system to avoid network inbreak including the following basic processes: collecting and processing a behavior security box to monitor the software behavior timely and a protection system suitable for the above mentioned method is also disclosed to realize the close coupling control to the behavior of the applied program.

The invention discloses a weighted decision and random scheduling method based on physical heterogeneous redundancy. Different unicast, multicast routing protocols are executed in each routing protocol processing unit, and a calculation result is output to a multi-mode decision unit; the multi-mode decision unit decides the calculation result of each routing protocol processing unit, and deliversand outputs a final decision result to a data forwarding plane; a redundancy scheduling unit builds a routing protocol pool, performs protocol setting on each routing protocol processing unit, recordsand calculates each decision result, and then dynamically and randomly schedules the routing processing unit according to the calculation result. Due to design of the routing mechanism with the heterogeneous redundant decision function, the invention provides a weighted multi-mode decision method to compare output results of multiple heterogeneous routing function execution bodies, so as to perform multi-mode decision on final routing selection, dynamic random scheduling selection is performed on the execution bodies through a trust degree weight, then a simulation defense capability of a switch routing control plane is realized.

The invention discloses a threat detection method. The method comprises the steps of collecting weblog monitored in real time; performing threat detection on the weblog by utilizing a threat detectionmodel to obtain a detection result; if the detection result represents that the behavior of the weblog is abnormal, determining a target attack link to which the weblog with the abnormal behavior belongs based on an attack chain of a network space security framework; and taking the target attack link in the attack chain and all preorder attack links of the target attack link as attacked links tocomplete threat detection of the weblog. The invention further discloses a threat detection device and equipment and a storage medium. Threat capture is carried out from the global perspective of theattack chain, and the security defense capability is improved.

The invention relates to a machine learning type domain name system security defense method. The method includes the following steps: performing characteristic contrast on data included in received domain name resolution requests and learning result data obtained by historical domain name resolution record operation according to given regulations; resolving for the characteristic-conformed domain name resolution request to generate a domain name resolution record; responding to the corresponding domain name resolution request with the domain name resolution record. Besides, the invention further discloses a device corresponding to the device according to modularized thinking. By implementation of the method and the device, a DNS (domain name server) can understand DNS attacks more intelligently, operation efficiency is optimized, and the function of a disaster recovery system is achieved.

The invention relates to a home network security management method and device and a system. The method includes the steps of conducting security scanning on a home network so as to obtain network connection information of all terminals in the home network and network configuration information of gateway devices, confirming whether unknown terminals have access to the home network or no according to the network connection information of all the terminals, conducting security management configuration on the unknown terminals if the unknown terminals have access to the home network so that the unknown terminals can be allowed or refused to have access to the home network, detecting the network configuration information to obtain a detection result, and conducting security set operation on the gateway devices according to the detection result. According to the technical scheme, security vulnerabilities can be effectively checked, resource occupancy and/or security threats caused when unknown devices have access to the network can be effectively avoided, and the security defense capacity of the home network is improved.

The invention discloses a tamper-proof data storage method, device and system based on a block chain, and the method comprises the steps: storing original data as blocks, and enabling all blocks to belinked into the block chain; wherein original data is stored in the block body; wherein the block head comprises a version number, signature information, a random number set and a Merkle root; wherein the signature information is generated by encrypting a hash value generated by performing hash operation on a previous block; wherein the random number set comprises N elements, and the elements arerandom block version numbers or set values; and when the random number group element is the version number corresponding to the block, the leaf node of the Merkle root is the hash value of the corresponding block, otherwise, the leaf node of the Merkle root is the hash value of the set value. During data review, chain verification can be carried out through block signature information, and merkleroot verification can be carried out through merkle roots to verify whether the data is tampered or not. According to the method, whether the data is tampered or not is verified through the stored data, hardware does not need to be additionally added, the time cost for tampering the data is very high, and the credibility of data auditing can be effectively guaranteed.

The embodiment of the present invention discloses a door lock control method and device. The method includes the steps of: when a person is detected and the preset image collection conditions are met, collect an image of the person present, and according to the collected image and the pre-stored image, determine the identity of the person who appears, control whether the door lock is opened according to the identity of the person who appears, and send a notification message for the person who appears to the preset terminal when the preset information sending conditions are met . Applying the technical solutions provided by the embodiments of the present invention to control the door lock can improve the security defense capability of the door lock.

The invention provides an Internet of Vehicles-oriented lossless information security vulnerability detection system and method, and the method comprises a module M1: enabling a vulnerability detection subsystem in the detection system to analyze the flow data of an out-vehicle network and/or an in-vehicle network, and obtaining an attack detection result; a module M2: comparing the attack detection result with a vulnerability knowledge base in the detection system to discover vulnerabilities and generating a vulnerability detection report; a module M3: generating a log file according to the vulnerability detection report, modifying the vulnerability knowledge base according to the log file, and updating the detection system according to the detection system configuration data. According to the invention, before the intelligent networked automobile is attacked on a large scale, the security hole is detected in time under the condition of not influencing the normal running of the automobile, and the security defense capability of the intelligent networked automobile is improved.

The invention discloses a multi-mode ruling system based on time iteration and a negative feedback mechanism. The multi-mode ruling system comprises a heterogeneous pool unit, a multi-mode ruling device and a negative feedback unit, wherein the heterogeneous pool unit comprises three or more heterogeneous SDN controllers; in each SDN control layer, the heterogeneous SDN controllers are used for processing input requests at the same time, and submit an output result set of each SDN controller in unit time to the multi-mode ruling device; the multi-mode ruling device performs consistency rulingon information distribution in a flow table of the output result set, and issues a ruling result to a switch; and after each judgment, the negative feedback mechanism adjusts the confidence of the corresponding heterogeneous SDN controller according to the ruling result, so that dynamic selection of the heterogeneous SDN controllers in the heterogeneous pool is realized, and the security defense capability of the system is improved.

The invention discloses an ocean nuclear power platform power grid grounding fault line selection protection method and an ocean nuclear power platform power grid grounding fault line selection protection system, belonging to the field of ocean nuclear power platform power grid protection. The ocean nuclear power platform power grid grounding fault line selection protection method comprises the following steps of: when a single-phase earth fault occurs in the system, if a fault current amplitude is higher than a given threshold, keeping a neutral point in a high-resistance grounding mode, selecting an optimal wavelet basis and a decomposition scale based on a maximum energy joint entropy ratio, and performing earth fault line selection by utilizing a wavelet transformation method based ona modulus maximum value; when a high-transition resistance grounding fault occurs in the system, switching the neutral point to a small-resistance grounding mode, and constructing a branch zero-sequence current and fault phase voltage break variable phase comparison line selection protection method based on features of the high-resistance grounding fault to perform grounding fault line selection.The ocean nuclear power platform power grid grounding fault line selection protection method can be effectively matched with the operation mode and the grounding fault features of an ocean nuclear power platform power system, is high in line selection accuracy rate, is suitable for various grounding fault modes possibly happening to the platform system, and effectively improves the safety defensecapacity of the ocean nuclear power platform.

The invention provides a defense method and device, a client, a server, a storage medium and a system. The method is applied to the client and comprises the steps of: obtaining honeypot resource information, wherein a camouflage service program is configured according to the honeypot resource information; under the condition that the disguised service program is accessed, forwarding access data for accessing the disguised service program to the server, wherein the server is deployed with a honeypot system; and receiving an analysis result of the server for the access data, and performing corresponding disposal operation based on the analysis result. Thus, by configuring the disguise service program in the client and combining the honeypot system in the server, the client has the active defense capability, and the overall security defense effect is improved; in addition, an attacker can be decoy to attack only by configuring a normal client, so that the deployment cost and the hardware cost are greatly reduced.

The invention provides a network security protection method, device and an electronic device and relates to the technical field of network security. The method comprises the steps of obtaining environmental data changing along with time through a terminal device; calculating the fluctuation quantity of the environmental data at current moment relative to the environmental data at the adjacent moment and judging whether the fluctuation quantity is greater than a set fluctuation quantity threshold or not; if so, obtaining a to-be-detected program of the terminal device at the current moment, extracting an operation code of the to-be-detected program and determining characteristics of the to-be-detected program according to the operation code; determining a characteristic vector corresponding to the to-be-detected program according to the characteristic of the to-be-detected program and a characteristic library obtained in advance; detecting the characteristic vector by using the trained classifier and judging whether the to-be-detected program is a malicious program or not; and if so, determining that an attack event appears in the terminal device and carrying out protection control on the terminal device. The abnormal condition of a physical network sensing layer can be timely found out and the security protection performance of the Internet of Things is improved.

The invention discloses a security threat intelligence management method and system based on big data, a storage medium and a terminal. The method comprises the steps of obtaining a data set pre-stored in a data warehouse; inputting each piece of data in the data set into a preset data analysis layer to generate threat intelligence which comprises static threat intelligence and dynamic threat intelligence; and performing network security defense based on the threat information. Therefore, by adopting the embodiment of the invention, the security defense capability of the whole network can be improved.

The invention supplies a method of interlocking between strategy execution points and invading testing system. It includes the following steps: building up interlocking connection between invading testing system and strategy executing points; keeping communication between the strategy execution points and the invading testing system; if checking invading action, the strategy execution points would response invading process result. The invention improves the safety and defending ability of the system.

The invention provides a firewall security policy adjustment method and device. The method comprises the steps that in a preset time period, after log information generated when a user accesses the Internet is obtained, an access record can be obtained by analyzing the log information, and the access record can comprise multiple access paths; then, a preset firewall security policy can be adjustedaccording to the access path. Thus, compared with the mode of considering to configure the security policy in the prior art, the method provided by the embodiment of the invention can adjust the security policy according to the actual access situation, so that the problem of artificial judgment errors can be avoided, and the overall security defense capability of the network can be improved.

The invention relates to the field of automobile visual surveillance intelligent safe-guard system, and provides an automobile safety pre-warning method, an automobile safety pre-warning device, equipment and a storage medium. The method comprises the following steps: obtaining monitoring information inside an automobile, wherein the monitoring information comprises environmental state, video dataand using state of the automobile, the video data comprises moving objects inside the automobile, the moving objects comprise persons and/or animals, the using state of the automobile comprises the condition whether an engine operates and whether windows and doors are locked; after the monitoring information is determined to meet abnormal warning conditions, automatically opening the windows anddoors of the automobile, wherein the abnormal warning conditions comprise one of the following items: the oxygen concentration is lower than preset concentration, the temperature is higher than a first temperature value and lower than a second temperature value, the temperature is higher than the second temperature value, the humidity is lower than a first humidity value, the air pressure is higher than a first air pressure value, the air pressure is higher than a second air pressure value, or the concentration of harmful gas is higher than a warning value. By using the scheme, the occurrenceof unnecessary tragedies can be avoided, and the safety defense performance of the automobile is improved.

The invention discloses an ARP bidirectional defense system and method, and relates to the technical field of ARP defense. The system comprises a gateway server comprising a gateway ARP packet filtering module and a plurality of hosts provided with host ARP packet filtering modules, the plurality of hosts are connected with the gateway server and are used for actively acquiring the gateway MAC ofthe gateway server; a gateway ARP cache mapping table is also arranged in the gateway server; wherein an ARP request packet and an ARP response packet which are sent to the host through the gateway server within a preset time threshold value are stored in the gateway ARP cache mapping table. A gateway ARP packet filtering module is arranged in a gateway server, and whether an IP address and an MACaddress in an ARP message exist in a cheating record table or not is retrieved through the gateway ARP packet filtering module and used for surface monitoring of a malicious attack source host; then,the abnormal ARP message in the ARP message is identified through the gateway ARP packet filtering module and is marked as abnormity, the source host for deceptive attack is efficiently removed, andthe security is improved.

The invention discloses an incidence matrix-based object-oriented network attack modeling method and device, and the method comprises the steps: describing a communication information network structure and a network attack path through employing an incidence matrix method; and describing the modes and processes of network attacks with an object-oriented method. According to the method, the influence of attack behaviors on a single node or link can be analyzed, and potential vulnerabilities of the single node or link can be found; the method and the process of the network attack and the attackpath in the network can be visually reflected, the vulnerability of the system can be conveniently analyzed by the network security personnel, the attack source and the attack path can be found out, and the network security analysis is promoted to be expanded from a local area network or a smaller network to the whole network, so that the management capability of the network is improved.

The invention discloses a revolving door radar imaging security inspection device, which includes a radar imaging security inspection system, and the radar imaging security inspection system includes a computer, a network port analysis module, an FPGA control processing module, a first driving branch, and a second driving branch , a signal generator, a transmitting antenna, a receiving antenna, a signal processing device, a signal acquisition device and an A/D converter; the first driving branch and the second driving branch are respectively provided with a first input end, a second input end, a second An output terminal and a second output terminal; the signal processing device is provided with a first input terminal, a second input terminal, a first output terminal and a second output terminal; the signal acquisition device is provided with a first input terminal, a second input terminal, a second input terminal An output terminal and a second output terminal. The invention utilizes the characteristics of low radiation in the millimeter wave frequency band and the ability to penetrate clothing, which is not only suitable for human body security inspection, but also can detect weapons hidden under clothing.