48results about How to "Increase attack cost" patented technology

The invention provides a mimetic defense-based network function deploying method in a software defined network. The method comprises the following steps: 1, virtual network functions are deployed on adata plane through a virtualization technology; 2, based on a mimetic architecture, a heterogeneous executor pool, a dispatcher and an adjudicator part are constructed on a control plane; 3, the dispatcher performs dynamic dispatching on heterogeneous executors in the heterogeneous executor pool based on business requirements of an application plane, and a business deployment strategy flow tablefile is generated; 4, the adjudicator adjudicates the business deployment strategy flow table file and outputs the number of the selected heterogeneous executor to the heterogeneous executor pool; and5, the heterogeneous executor pool controls the selected heterogeneous executor to issue the business deployment strategy flow table file to the data plane according to the number of the selected heterogeneous executor, and the business deployment strategy flow table file is guided to complete deployment of the network functions through the virtual network functions.

The invention discloses a dynamic signature method, a client using the same and a server. The method comprises steps that: an authentication request is sent to the server through the client; after the server receives the authentication request, an authentication request response message carrying a challenging value is sent to the client; the client selects a signature algorithm according to the challenging value in the authentication request response message, signs the generated authentication response message by using the selected signature algorithm and sends the authentication response message to the server; and the server receives the authentication response message, selects the signature algorithm according to the challenging value, and verifies the signature of the response message. If the verification is passed, the authentication is passed, or else an error is reported. According to the invention, a random signature algorithm is adopted, and even if a user key is leaked, an attacker does not know the signature algorithm and fails to forge the response message, so safety is improved.

The invention belongs to the technical field of information security, and discloses a management query system and method for a hidden communication key node. The system comprises a key node set management query server, a network user terminal and a key node terminal. The key node set management query server can provide registration and key distribution services for the network user terminal, generate and manage a key node set and a user set, monitor bandwidth abnormal nodes and provide key node set query services for the network user terminal, the network user terminal can send an encrypted query service request to the key node set management query server, and the key node terminal generates an obfuscated target by adopting a UDP-based data backhaul obfuscation strategy when sending backhaul data to a client, and sends data to the real client and the obfuscated target at the same time. Management query of key nodes and an effective data backhaul confusion scheme are realized, the useridentity hiding performance is improved, and the method is used for enhancing the security of a hidden communication system.

The invention discloses a food and beverage recommendation algorithm based on rating and feature similarity in a social network. The method mainly comprises the following steps: (1) building a user rating library in the current social network; (2) calculating the rating similarity between Ua and other users in the user rating library; (3) selecting k users having highest rating similarity with the Ua to obtain a rating similarity recommendation user set; (4) constructing a feature similarity model M=([chi]a, i, [delta]a, i, [sigma]a, i, [gamma]a, i) of the Ua; and (5) calculating feature similarity recommendation levels, and recommending top ranked items to a target user. According to the food and beverage recommendation algorithm, the feature similarity among users is taken as a second basis for the recommendation algorithm other than conventional rating similarity, and various user features are calculated, so that the attack cost is increased greatly; the attack resistance is enhanced greatly; and the recommendation accuracy is increased.

The invention discloses an executive scheduling method for a mimicry structure Web server, which comprises the following steps of: 1, generating an alternative executive set, randomly selecting m executive bodies, calculating a vulnerability value mean value and a vulnerability value standard deviation of each layer of software stack, and screening n executive bodies positioned in a vulnerabilityvalue threshold range; 2, randomly selecting two QoS parameters, and calculating QoS parameter values; 3, mapping the Bayesian-Stackelberg game model to a web server of the mimicry structure, and constructing an objective function for solving an optimal scheduling strategy; 4, substituting the two QoS parameter values into the target function to obtain k actuators with optimal QoS parameter values; and step 5, generating a random number r, and if r is greater than or equal to epsilon, dynamically scheduling the heterogeneous executors of the mimicry web server according to the k executors. Themethod has the beneficial effects that the confusion is increased and the defense capability is improved while the service quality of the Web server is ensured.

The invention discloses a virtualized packing method for Android local layer instruction compilation based on ELF infection. The method is characterized in that Hex extraction and mapping virtualization are conducted on a to-be-protected so document, so a so document of a virtual machine is formed; key code sections of the so document is encrypted, so an encrypted so document is formed; ELF infection is conducted on the encrypted so document by the so document of the virtual machine, so an infected so document is formed; and Hook replacement is conducted on the encrypted so document by a Cydia Substrate framework, so encrypted codes in the encrypted so document are replaced by virtual instruction codes in the so document of the virtual machine. The method disclosed by the invention applies an idea of virtualization in compilation. The idea does not involve problems generated from different ARM platform versions, so the method has high compatibility, prevents memory Dump analysis and increases attack cost of an attacker.

The invention discloses a method for randomly simulating sensitive information in a cloud database. By adopting the method, the content of real sensitive information collected by an attacker can be replaced through a random simulating algorithm, the replacing simulated sensitive information is strictly generated according to the format of the context grammar of the real sensitive information, the attacker may take the simulated sensitive information as the real sensitive information, so the cost of attack can be raised to a certain extent. Valid users do not need the sensitive information or need a series of standard authorization processes to get the sensitive information, so the method will not influence valid users during usage.

The invention discloses a financial POS system capable of resisting a channel Trojan attack and an anti-attack realization method thereof. The system comprises a POS mainboard, an IC card box, a password keyboard, a user PIN disk, a nonvolatile memory, an IC card and a trust management party. The IC card box is connected with the POS mainboard. The password keyboard is connected with the IC card box. The POS mainboard is connected with the trust management party through an I/O interface. The IC card is connected with the trust management party through the IC card box. By using the system and the method of the invention, a subliminal channel can be reliably shielded on a POS terminal of a dealer. A card holder uses the private user PIN disk to confirm a transaction amount and output a PIN password so that the dealer and the card holder can avoid the attack of the channel Trojan.

The invention discloses an Android application program protection method based on dual ARM instruction virtualization. The method comprises the steps that key code segments needing to be protected ina so file are searched for, wherein the key code segments include a key code segment needing VOP protection and a key code segment needing VMP protection; Hex extraction and mapping virtualization areperformed on the key code segment needing VOP protection, and a VOP virtual machine so file is formed; the key code segment needing VOP protection is encrypted, Hook replacement is performed on the encrypted VOP key code segment, and a virtual instruction code in the VOP virtual machine so file is made to replace an encrypted code, corresponding to the encrypted VOP key code segment, in the so file; instruction virtualization is performed on the key code segment needing VMP protection, and a protected VMP virtual machine so file with virtual sections is formed; and driving data in the VMP virtual machine so file is made to replace the code, corresponding to the key code segment, in the so file. Through the method, two different virtual machine protection thoughts are combined, attack costof a reverser is increased, and the complexity of a protected program is enhanced.

The present invention relates to a link camouflage system and a method. The system comprises a camouflage link creation unit and a camouflage database. The camouflage link creation unit is used for converting an original link in a camouflage request into a corresponding camouflage link, storing the mapping relationship between the original link and the camouflage link in the camouflage database, and returning the camouflage link to a requesting party. The camouflage link creation unit comprises N number allocation units and a coding unit. Each number allocation unit is used for allocating a number value to the camouflage request as the unique identifier of the camouflage request. The coding unit is used for converting the unique identifier into the camouflage link according to a predetermined coding rule. The difference between the initial values of the number values of the N number allocation units is N. Each number allocation unit also includes a calculation unit and the calculation unit progressively increases or decreases the number value of the above number allocation unit by N in response to each camouflage request, wherein N is greater than 1.

The invention provides a transaction group attack protection method and device and a storage medium, and the method comprises the steps of detecting whether a first transaction to be stored in a memory pool has a transaction group: if yes, expanding the first transaction according to a transaction group structure, and obtaining a plurality of second transactions; traversing and detecting whether illegal transactions exist in the second transactions or not: if so, generating the error information and reporting the error information, and deleting the first transaction; and if not, storing the first transaction into a memory pool. According to the invention, each transaction in the transaction group is illegally detected before the transaction group is stored in the memory pool, and the transaction group comprising the illegal transaction is deleted, so that the transaction group comprising the illegal transaction cannot enter the memory pool, and the memory pool cannot be jammed by caching a large number of transaction groups comprising the illegal transaction.

The invention discloses a php-based independent sql injection defense analysis alarm method and a system thereof, and the method comprises the steps: checking whether a request IP is a forbidden IP blacklist, ending the request if the request IP is the forbidden IP blacklist, and entering the next step if the request IP is not the forbidden IP blacklist; judging whether parameters of sql injectioncontain blacklist symbols, and if yes, setting the sql injection as a note level; judging whether parameters of sql injection contain blacklist keywords, and if yes, setting the sql injection as a winning level; dividing the parameters of the sql injection by taking a space as a criterion, judging whether the parameters contain blacklist keywords, and if yes, setting the sql injection as an errorlevel; and performing sql injection on the error level, checking whether the request ip injected by the sql is subjected to injection attacks for a specified number of times, and if yes, forbidding the request ip and listing the request ip into a forbidden IP blacklist. According to the method, measures are taken for the sql injection problem in an omnibearing manner, corresponding measures are taken for prevention, response, monitoring and recording, and the data security is protected to a greater extent.

The invention discloses a big data network data protection method and system based on edge computing. The big data network data protection method comprises the steps of S1, determining a computing power level of a client; S2, determining the data encryption strength of this time; S3, judging whether the computing power level of the client can meet the encryption strength requirement or not, if yes, executing the step S4, and if not, executing the step S5; S4, slowly encrypting the plaintext password to obtain a first temporary password, and executing the step S8; S5, the application server selects a plurality of other connected clients, and sends the plaintext password, the salt and the encryption strength to the selected client; S6, slowly encrypting the plaintext password by the selectedclient to obtain a second temporary password; S7, the application server determines a first temporary password based on the plurality of received second temporary passwords; and S8, the server quickly encrypts the first temporary password to obtain an encrypted password, and stores the user name, the salt and the encrypted password. Effective balance between safety protection and calculation performance is achieved, and data safety is high.

The invention relates to the technical field of communication, and discloses a method for establishing network connection and electronic equipment. The method for establishing the network connection comprises the following steps: after first equipment and second equipment establish a data channel, periodically updating a session key, and sending the first session key to the second equipment through the data channel. Then the first equipment and the second equipment establish a first network channel. And then, under the condition that the second session key is received through the first networkchannel within the first preset duration and the second session key is the same as the first session key, the first equipment sends response information to the second equipment through the first network channel. It can be seen that the first equipment periodically updates the session key, and the reliability of the session key can be ensured. Accordingly, the first equipment authenticates the network channel by detecting whether the session key transmitted by the network channel is the same as the pre-generated session key so that the security of a mechanism for establishing the network channel can be improved.

The invention provides an APT heuristic detection method and system based on abnormal component association. The method includes the steps of monitoring all startup processes in the system; recordingcall relations and component environment information of all components and buffering the call relations and the component environment information into a cache knowledge base; recording call relationsand component environment information of components newly acquired by the system; matching the call relations and the component environment information of the newly-acquired components with the cacheknowledge base, and determining whether the components in the system are abnormal based on matching rules; if yes, making an alarm to users and performing risk prompting, or else storing the call relations and the component environment information of the newly-acquired components into the cache knowledge base. The invention further provides a corresponding system and a storage medium. Through themethod, detect modularization, engineering, high concealment and complex APT attacks can be effectively detected.

The invention discloses a financial transaction system authentication method based on OCR identification, which comprises the following steps: acquiring picture information data of a user through an input interface and a calling recognition interface, and recognizing and reading the data by utilizing an OCR technology and combining a set algorithm; carrying out information identification, identifying the type of the user picture information data, carrying out authenticity check, and verifying whether the dynamic verification code is consistent with the displayed dynamic verification code or not; after the identification is successful, performing data check and field value integration, so that the data can be modified or filled by a user; after the field data is integrated, performing authority distribution and data processing of the user according to the output data, and triggering interaction of a transaction page. The user information identification login is performed by calling the OCR identification interface to perform image character identification of the user information and perform information verification and storage, so that the information input cost is reduced, the user authentication security mechanism is verified, the security risk is avoided, the input is accurate, the data correctness is ensured, and flexible configuration can be performed according to the system requirements.

The invention discloses a sequence attack detection implementation method based on an industrial firewall. The method comprises: a first instruction arrives, establishing an instruction sequence table, a next instruction arriving, checking the instruction sequence table, refreshing the instruction sequence table according to the hit situation, and subsequent instructions arriving until the instruction sequence table is empty or one instruction sequence remains. The method has the advantages that increasingly accurate targeted attacks can be dealt with, the attack cost is remarkably improved, and shutdown of an industrial control system is reduced. The sequence attack detection method is realized, and any sequence of illegal instructions are intercepted and warned, so that all instructionswith a sequence relationship in the industrial control system are normally operated in an ordered and legal state, and the possible harm of the industrial control system due to sequence attack or misoperation of a user is eliminated.