31results about How to "Protect against malicious attacks" patented technology

A method and apparatus for identifying an object include encoding physical attributes of an object where the encoded information is utilized as at least one element for composing a digital watermark for the object. In another embodiment the physical attributes of the object are utilized as a key for accessing information included in a digital watermark for the object.

The invention discloses a perceptual hashing-based practical and safe image forensic system and a perceptual hashing-based practical and safe image forensic method. The system comprises a certificate authority (CA), forensics computing platform (FCP) and a forensic center (FC). The method comprises the following steps that: the CA provides a certificate for a user, the FCP and the FC and distributes and manages a control key of a hash function for the FCP and the FC; the FCP calculates a characteristic value and generates a hash value of an image at a registration or forensics stage; the FC manages an image hash value from the FCP and provides retrieval and forensics services; the user submits the image to the FCP, extracts an image retrieval characteristic by using the FCP, calculates the hash value of an image segment by using a key distributed by the CA and submits the hash value to an FC database; and when the user needs an authentication image, the image is also submitted to the FCP, the retrieval characteristic is extracted to retrieve the most coincident original image from the FC, the image is segmented and the hash value is calculated by using the same key and the difference between the image and the hash value is compared so as to determine a position on which content tampering occurs. The system achieves high balanced performance in the aspects of safety, robustness, sensibility, rapid retrieval and the like.

The present invention discloses a robust digital audio frequency watermark method based on discrete fractional transformation, comprises following procedures to original audio frequency signal: segmenting FFT; choosing middle frequency coefficient in each audio frequency segmentation FFT domain for embedding watermark; to get a final audio frequency signal including digital watermark. Compared with existing transform-domain audio frequency watermark algorithm, discrete fractional transformation angel uncertainty is fully utilized through the invention, and special angel of discrete fractional transformation of each audio frequency segment is selected according to some certain rules. In this way, robustness to general audio frequency signal processing attack by the invention can be guaranteed, malicious attack can be resisted strongly, and audio frequency signal quality will descend severely while attackers destroying watermark. The invention also has strong robustness to general audio frequency signal processing attack with simple algorithm, can be easily realized, and is beneficial to practical application of robust audio digital frequency watermark technology.

The invention discloses a trusted sensing cloud data collection and evaluation method that is used for trust evaluation on a node and a mobile base station in a network during a sensing cloud data collection process. According to the method, a working area of a mobile base station is determined, wherein the area is determined by the number M of mobile base stations; the logical relationship of the system is determined as follows: sending data to a target node Sj by a subjective node Si; and when the target node Sj is not within the scope of the subjective node Si, data exchange needs to be forwarded by recommending a node; models for evaluating trust degrees of a node and a mobile base station in the network is established, wherein the models consist of a direct trust model Tdir, an indirect trust model Tindir and a functional trust model Tfunct; and then according to evaluation parameters Tdir, Tindir, and Tfunct obtained by calculation at the last step, a confidence level of sensing cloud data collection is determined. According to the invention, malicious attacks in the data collection process can be resisted effectively and the reliability of sensing cloud system data collection can be improved; and usability of the data can be ensured.

The invention relates to a power grid Web application mimicry defense system. A heterogeneous virtual Web server pool which is equivalent in function, diversified and dynamic is constructed, technologies such as redundancy voting, dynamic executor scheduling and database instruction isomerization are adopted, an attack chain is blocked, the utilization difficulty of vulnerabilities or backdoors isincreased, and the availability and safety of Web services are guaranteed. A dynamic environment is realized through active change of software and hardware elements of different layers such as a network, a platform, a system, software and an application, and therefore, the dependency condition of the network attack on the determinacy and continuity of the operating environment is destroyed, controllable active defense is realized in the toxic bacteria-carrying software and hardware element environment with the vulnerability and the backdoor, the unknown attack defense problem by using the unknown vulnerability and the unknown backdoor is solved, and the network security of the key Web application system in the power industry is effectively enhanced.

The invention discloses a cloud storage data verification method and system based on elliptic curve cryptography. The method comprises the following steps: generating a private key of a user and a public key of the user through an elliptic curve based key generation algorithm; generating a tag set according to input data files and the private key of the user, and sending the tag set, the input data files and the public key of the user to a cloud server; enabling a verifier to receive a challenge request launched by the user, generating a challenge set in combination with the tag set and the input data files, and sending the challenge set to the cloud server; after the cloud server receives the challenge set, generating an evidence set in combination with the tag set, the input data files and the public key of the user, and returning the evidence set to the verifier; and enabling the verifier to perform evidence verification according to the evidence set, the challenge set and the public key of the user to obtain a verification result of evidences, and returning the verification result to the user. The cloud storage data verification method and system disclosed by the invention havethe advantages of security and high efficiency, and can be widely applied to the field of cloud storage.

The invention discloses a node selection and aggregation optimization system and method for federated learning under a micro-service architecture, and the system comprises a node division module which is used for dividing nodes into data nodes and model nodes according to the specific privacy protection demands; the participation model aggregation node selection module is used for selecting model nodes participating in model aggregation and data nodes for verifying model parameters by the center party according to the node credibility; the node creditworthiness is generated based on the quality of transmission data or a model of the sensing node and the historical creditworthiness of the sensing node; and the credit chain and transaction chain construction module is used for establishing two block chains, namely a credit chain and a transaction chain, and respectively recording the credibility of the nodes and the types of exchange data or models between the federal learning center party and the nodes in each round. According to the method, a specific quality evaluation and model aggregation method is constructed for different privacy requirements of nodes, and the advantages of federated learning on node data privacy protection and non-tampering and traceability of a block chain are brought into full play.

The invention discloses a lightweight wireless sensor network safety small data distribution method. The method comprises the following stages that: at a first stage, namely, a system initializing stage, a base station generates a one-way key chain, and adds a key chain commitment value into each sensor node before deploying each sensor node; at a second stage, namely, a data packet preprocessing stage, the base station constructs a legal data packet of specific data items by using a Hash function; at a third stage, namely, a data packet verification stage, each sensor node verifies the received data packet, the data packet is received and the sensor node is updated if the received data packet is a legal data packet, otherwise, the data packet is abandoned directly. Under the consideration of limitation on common sensor node resources, the lightweight wireless sensor network safety small data distribution method has the advantages of resistance to sensor node compromise, high robustness on the aspects of packet loss and data packet transmission out-of-sequence, no need of time synchronism between the base station and each sensor node, and the like. Meanwhile, the lightweight wireless sensor network safety small data distribution method has the excellent characteristics of high efficiency, saving in energy, low storage overhead, resistance to malicious attacks, and the like.

The invention discloses a double-layer wear-leveling method and system, and is suitable for the memory of a phase transition storage. The method specifically comprises the following steps: an outer layer is in charge of mapping the storage area logic address of the whole memory to a middle address, and a secrete key is exchanged before a malicious program detects the integral secret key through the increase of the complexity of the secret key; and an inner layer is in charge of using an independent algebra wear-leveling method in each subarea to realize wear-leveling in the area under a situation of low expenditure. The problem that the safety of a memory system is lowered since the secret key of the wear-leveling algorithm is leaked since the phase transition storage has the time delay difference of a resetting operation and a setting operation can be solved.

The invention provides a blockchain security control method and device based on a software defined network, and a blockchain. According to the invention, the security threat in the SDN environment canbe controlled according to the black and white list, and the node of the block chain is protected from DoS attack and unauthorized access by using the SDN, so that the security of the node in the block chain is ensured.

The invention discloses an image verification method and system based on chaotic encryption and digital watermarking, and the method comprises a chaotic encryption step: selecting a to-be-encrypted image, and carrying out the chaotic encryption to obtain a first encrypted image; a watermark encryption step: embedding the first watermark code text into the first encrypted image to form a second encrypted image containing the first watermark code text; a verification step: judging whether the watermark information of the second encrypted image can be extracted according to the pre-extracted watermark processing result: if the watermark codes can be decrypted and the watermark codes are consistent when the similarity of the watermark codes is detected, continuing to execute the decryption step; otherwise, finishing the subsequent processing of the second encrypted image; and a decryption step: performing watermark removal processing to restore the first encrypted image, and decrypting the first encrypted image to obtain a decrypted image. According to the method, the defects of a chaotic encryption algorithm in resisting selected plaintext attacks are overcome by adopting the digital watermarking, so that the method has good shearing resistance and robustness, and image information transmission is safer.

The invention discloses a two-stage image robust reversible information hiding method based on singular value decomposition, which comprises the steps of embedding a watermark and extracting the watermark, and when the watermark is extracted, the watermark is extracted in different ways according to whether an image is attacked or not. According to the method, the watermark is embedded into the maximum value in the S matrix which is not easy to change even when attacked through singular value decomposition, and compared with a classical robust reversible information hiding algorithm, the method can effectively resist malicious attacks such as JPEG attacks, Gaussian filtering and scaling. In addition, the designed improved quantization watermark algorithm rounds the S value to effectively reduce the auxiliary information embedded in the second stage, and the quantization error and the watermark error in the first stage are used as the auxiliary information embedded in the second stage to improve the feasibility of the reversible embedding amount. The method can be applied to the fields of copyright protection, image protection and the like, and has a wide application prospect.

The invention discloses a method for achieving a white list based on a smart contract based on deep learning, which comprises an evidence storage service system, protected data, a log auditing systemand a log auditing alliance chain scheme; the log auditing system comprises a data collection stage, a data bearing and processing stage and a data distribution stage; the output end of the data collection stage is connected with the input end of the data bearing and processing stage, the output end of the data bearing and processing stage is connected with the input end of the data distribution stage;according to the invention, a blockchain technology and a trusted computing technology are innovatively combined and applied to a financial information systemto ensure the continuity and the security of the user service; In the whole transmission and circulation process of the financial key data, internal and external malicious attacks are effectively resisted, the data cannot be tampered, the reliability and the safety of the financial key data are improved, the field supervision cost and the log tampering possibility are reduced, and the auditing efficiency is improved.

The invention discloses a portable security computer architecture based on encrypted hash tag protection, which is characterized in that a portable security computer realizes security isolation with the Internet based on a data block encrypted hash tag protection mechanism, adopts a security TFTP protocol to realize security exchange of encrypted files with a mobile intelligent terminal, and implements single device function limitation on a USB HID interface to defend against attacks from the interface. According to the portable security computer architecture, the data block encrypted hash tagprotection mechanism, a secure transmission protocol control mechanism, a USB HID interface single equipment function limiting mechanism and the like are adopted, and the security mechanisms providestrict security isolation protection for the operation environment of the portable computer together, thus a safe operation environment can be provided for all processing links related to sensitive files, and meanwhile various possible malicious attacks can be resisted.

The invention discloses a distributed account book data tamper-proofing method and system. A first hardware encryption card obtains a first data segment from an account book and transmits the first data segment to a second hardware encryption card, one first hardware encryption card is deployed in each accounting server, and one second hardware encryption card is deplyed in each consensus server;the second hardware encryption card compares all the received first data segments and judges whether all the received first data segments are consistent or not, and if not, an alarm is given out. According to the data tamper-proofing reinforced security scheme based on a hardware encryption card, even if part of the servers are controlled by attackers, due to the fact that consistency check of theaccount book is implemented in the hardware encryption cards, under the condition that an attacker cannot control all the hardware encryption cards on all the server nodes, malicious attack behaviorexposure caused by data security alarm of the scheme cannot be prevented, malicious attacks are effectively resisted, and data security is protected.