35 results about "Attack response" patented technology

The invention discloses a DDoS attack distributed detection and response system and method based on information entropy. The system comprises a controller, the controller is connected with a plurality of exchangers, each exchanger is connected with a plurality of host computers, each exchanger is also connected with the other exchangers, and the controller is used for managing network topology, developing data forwarding strategies, and sending down the strategies to the exchangers; the exchangers are used for data forwarding; the exchangers comprise boundary exchangers and / or non-boundary exchangers; an attack detection algorithm and an attack response algorithm are operated by the boundary exchangers to achieve the attack detection and the attack response; the host computers are computers of users and each host computer corresponds to a certain IP address, and data of the host computers are forwarded by the boundary exchangers. The DDoS attack distributed detection and response system and method based on the information entropy has the advantages of being fast in detection speed, high in detection precision rate, rapid in attack response, and small in resource burden.

The invention relates to an indirect distributed denial of service attack defense method and an indirect distributed denial of service attack defense system based on a Web agency. A behavior characteristic of a proxy-to-server network flow is described by extracting the space-time local property of the proxy-to-server network flow; the interference of a small-probability large value on an available signal is restrained by a nonlinear mapping function; a normal behavior model of the proxy-to-server network is constructed through a hidden semi-markov model (HsMM); normal degree estimation, namely long-time behavior estimation and short-time behavior estimation, under different time scales is performed by using behavior indexes acquired by the model; as to an abnormal behavior sequence (HTTP request sequence), an attack response is implemented by adopting a soft control method; and the basis of the soft control represents an HsMM model parameter and a structure index which are used for performing a normal behavior. The parameter for describing the proxy-to-server network is the space-time local property which is irrelevant to the change of the Web content on a target server; and the detection property of the method is the nature property based on the agent network flow and irrelevant to the size of the attack flow. By the method, the attack response can be realized before the resources of the target server are used by the attack flow, so that early detection can be realized effectively.

The invention relates to a method for responding TOCTOU attack aiming at a TPM credible computer. The components of the method comprise a virtual TPM device program and a privileged domain proxy module which both have more powerful functions. Just as the prior methods, the method of the invention adopts a method of PCR register information updating, but the methods for enabling and executing eventupdate is different from the prior methods so that a TPM command in the following two conditions can correctly indicate the current state of a client virtual domain platform: the first TPM command condition is that a TPM command processing result is not sent out of the virtual TPM device program when the TOCTOU attack is detected, and the second TPM command condition is that the TPM command is not received by the virtual TPM device program when the TOCTOU attack is detected. While considering the security, the invention also takes the system performance into full consideration and ensures theutilization effectiveness and the expandability of system resources by adopting event drive and avoiding process scheduling of an extra user space.

The invention discloses a simulation method, device, storage medium, processor and terminal of model vibration. The method includes: obtaining the attacked position of the attack object model; when the collision body intersection detection method is used to determine that the attack object model has one or more adjacent object models, setting the attacked position as the seismic source, triggering the attack object model and a One or more of the adjacent object models or some or all of the adjacent object models to simulate the vibration behavior, or, in the case of using the collision body intersection detection method to determine that the attack object model does not have one or more adjacent object models, set the hit position as the seismic source , which triggers the attack object model to simulate the shaking behavior. The invention solves the technical problem of lack of simulation of attack response in the mobile game scene provided in the related art.

The present invention proposes an attack defense method, including: when receiving communication data, performing feature matching on the communication data and each attack data stored in a preset database; In the case of a matching feature, security defense processing is performed according to a preset attack response strategy corresponding to any attack data stored in the preset database. The invention also discloses an attack defense device, an Internet of Things device, and a computer-readable storage medium. By implementing the above scheme, the ability of the Internet of Things device to respond to attacks and the self-healing ability of the Internet of Things device after being attacked are effectively improved.