57 results about "Attack tree" patented technology

Systems and methods for discovery and classification of denial of service attacks in a distributed computing system may employ local agents on nodes thereof to detect resource-related events. An information later agent may determine if events indicate attacks, perform clustering analysis to determine if they represent known or unknown attack patterns, classify the attacks, and initiate appropriate responses to prevent and/or mitigate the attack, including sending warnings and/or modifying resource pool(s). The information layer agent may consult a knowledge base comprising information associated with known attack patterns, including state-action mappings. An attack tree model and an overlay network (over which detection and/or response messages may be sent) may be constructed for the distributed system. They may be dynamically modified in response to changes in system configuration, state, and/or workload. Reinforcement learning may be applied to the tuning of attack detection and classification techniques and to the identification of appropriate responses.

Described are techniques used for assessing the security of a network. Pruned attack trees are generated using a forward chaining, breadth-first technique representing the attack paths of a possible attacker in the network. A vulnerability score is determined for each network and attacker starting point using attack loss values assigned to each host and information extracted from the attack tree(s) concerning compromised hosts. Different hypothetical alternatives may be evaluated to improve security of the network and each alternative may be evaluated by recomputing the network vulnerability score and comparing the recomputed score to the original network vulnerability score. Also disclosed is a method for determining end-to-end connectivity of a network. The resulting end-to-end connectivity information is used in generating the pruned attack tree.

The invention discloses a method, a device and a system for determining a safety event of an electric power monitoring system, and the method comprises the steps: obtaining an alarm log which comprises a plurality of alarm records; performing tree diagram modeling on the alarm logs based on the correlation among the alarm records, and constructing an attack tree; performing aggregation processingon the attack tree to obtain an initial attack chain set; and performing pruning and noise reduction on each initial attack chain in the initial attack chain set to form a final attack chain set, anddetermining a power monitoring system security event. According to the method, the alarm data of the power monitoring system can be automatically and effectively analyzed, the attack event is extracted and presented in a visual mode, a network administrator is helped to know the network security state, a security disposal measure can be conveniently and timely taken, and the security of a network,data, equipment and the like is guaranteed.

An exception handling system and method are provided for dynamically recovering from a workflow exception occurring in a mobile network communication system. The system has multiple workflows and at least one mission critical item. An attack tree modeling analyses is performed to identify the mission critical item. Another operation includes writing a plurality of forward recovery rules to protect the mission critical item using a transaction datalog fragment of transaction logic. The recovery rules are enabled through an engine in communication with the mobile network communication system. The multiple workflows are monitored for indication of a system attack on any one of the multiple workflows. A new workflow is automatically generated upon detection of the system attack. The exception handling system is overlayed on the mobile network.

A computer-implemented method for assessing and managing network security for a network includes retrieving topology data and network traffic data with a processor, where the topology data is indicative of a topology of the network. The method may further include retrieving network flow data from a plurality of network data collectors via the processor, generating an attack tree based on the topology data and the network flow data via the processor, updating a customer model database with the attack tree and the topology data, and outputting a security assessment based on the attack tree and the topology data.

The invention discloses an intelligent network connection vehicle information security event occurrence probability evaluation method based on attack tree, in this method, the attack tree analysis method is used to calculate the probability of security events in the intelligent network vehicle information system, the attack sequence of attack tree is analyzed, and the probability of the root nodeand each attack sequence being attacked by information is calculated by using multi-attribute utility theory, which reveals the most risky attack path in the attack tree, so as to determine the attackmode that should be most prevented when the protective measures are made for the system. The method for evaluating the occurrence probability of the information security event adopted by the invention is suitable for evaluating the occurrence probability of the security event of the vehicle service case of the intelligent network connection.

The invention discloses a big data analysis method applied to the field of information security, and belongs to the technical field of information security. The big data analysis method comprises thefollowing steps: S1, establishing a network security database; S2, analyzing network data; S3, carrying out safety management of the data; S4, constructing a safety early warning; and S5, performing alarm processing. The big data analysis method detects whether a security threat occurs in network data analysis by establishing a big data analysis model, wherein the big data analysis model is used for preprocessing acquired data, reorganizing the original data and forming a basic data relation graph through feature extraction and data fusion modes, constructing an attack tree model through the data relation graph so as to speculate the attack behavior of the next step, combining the data statistical characteristics in the attack, designing the data analysis process, method and rule, and deeply mining the preprocessed data by applying the real-time analysis and offline analysis modes, so that the hidden danger information in the data can be detected more quickly, and the security detection efficiency is improved.

The invention relates to an information physical integration system security risk assessment method, and belongs to the technical field of the information physical integration system. The method comprises the following steps: constructing a dynamic fault tree of an information physical integration system; constructing an attack tree model of the information physical integration system; constructing an attack-fault mapping table; and integrating the dynamic fault tree model and the attack tree model according to the attack-fault mapping table to establish an Attack-DFTs model. The attack-faultis comprehensively assessed, so that the influence on the physical system by the network attack can be accurately estimated through the security risk assessment, thereby giving out improvement suggestions for avoiding the risk.

The invention relates to the technical field of power internet of things, and particularly relates to a power internet of things security vulnerability evaluation method integrating service security.The method comprises the steps of acquiring an attack tree model of a target power internet of things, data corresponding to each leaf node in the attack tree model and at least one evaluation index;determining the weight of at least one evaluation index based on the data of each leaf node; calculating the security vulnerability of each leaf node by using the weight of the at least one evaluationindex and the at least one evaluation index; determining the security vulnerability of each node in the attack tree model according to the security vulnerability of each leaf node and the relationship between each node in the attack tree model and the corresponding child node; and based on the security vulnerability of each node, performing security protection on the corresponding node of the power Internet of Things. After the security vulnerability of each node is calculated, security protection can be carried out on each node in a targeted manner, so that the security protection accuracy is improved.

The invention discloses an ROP (Return-Oriented Program) protection method based on an attack tree and belongs to the field of software security of computers. The ROP protection method comprises the following steps: extracting gadgets instruction segments from a program to be protected and a system library file; determining the type of each extracted gadgets instruction segment, and selecting a plurality of sensitive system functions; carrying out attack modeling by utilizing the extracted gadgets instruction segments through a method of constructing the attack tree, and analyzing all attack methods to obtain key gadgets; finally, protecting the key gadgets. The program is protected by utilizing an attack modeling manner, so that the difficulty that an attacker hijacks a control flow is enhanced and the protection efficiency is improved, and finally, the program control flow is safer.

The invention discloses a method for identifying suspicious attack codes based on sandbox dynamic behaviors. The method comprises the following steps: establishing a sandbox system; constructing an attack tree model according to the API calling sequence of the common malicious program; judging whether the PE file of the suspicious program is shelled, deformed and the like; introducing the suspicious program with the packing deformation behavior into a sandbox, and analyzing an API calling sequence; and calculating a danger index of the suspicious code in the attack tree, and if the danger index reaches a specified threshold value, identifying an alarm. The method has the advantages that the program is introduced into the sandbox, the API behavior sequence of the unknown program is obtained, possible harm of the unknown program to a system is reduced, an attack tree model is built, whether the program is a malicious code or not is judged by calculating the static danger index of the program, and the sensitivity of unknown program detection is improved.

Computerized methods and systems determine an entry point or source of an attack on an endpoint, such as a machine, e.g., a computer, node of a network, system or the like. These computerized methods and systems utilize an attack execution/attack or start root, to build an attack tree, which shows the attack on the end point and the damage caused by the attack, as it propagates through the machine, network, system, or the like.

A method, apparatus and computer program product for detecting malicious content and predicting cyberattacks are described herein. In the context of a method, the method receives a hash query comprising a file hash based on one or more files. The method queries a cyberattack case studies information database based on the hash query to generate one or more attack correlation information items associated with at least one of the one or more files. The method also generates and outputs a file security analysis based on the attack correlation information items for authorization of the one or more files.

The invention provides a network security threat evaluation method for a substation monitoring system. The method comprises the steps of firstly, reading a UML graph which describes a monitoring system application scene, and identifying primary network security threats and attack objects of the substation monitoring system; then analyzing and combining the network security threats, outputting a monitoring system security threat model, and refining the model into an attack tree; and finally, carrying out formalized description on the attack processes and attack behaviors of the specific network security threats, and outputting the attack processes and attack behaviors in an Object-Z format. Correspondingly, the invention also provides a matched network security threat evaluation system for the substation monitoring system. According to the method provided by the invention, the network security threats of the monitoring system can be described qualitatively, and the network security threats are visual and clear; and the threat attack behaviors are described by use of a formalized mathematical language, and therefore, corresponding defensive measures can be provided.

The invention discloses a prevention and control method of long-horned beetles for macadamia. Aiming at tree trunks attacked by long-horned beetle larvae, adopted are procedures of applying microbialbacterial manure to attacked fruit trees, pruning attacked branches, finding latest bored holes from the attacked parts of the trees and applying insecticide, conducting stem spraying from the trunk root parts to fork parts of the fruit trees, using absorbent cotton balls to block holes of the long-horned beetles, covering the parts, subjected to stem spraying, of the tree trunks with straw ropes,spraying pest-killing and bacteria-killing agent liquid to the tree trunks and root parts of the whole fruit trees, timely removing the attacked trees and dead branches, and meanwhile using phagostimulant to trap the long-horned beetle adults. Comprehensive prevention and control are conducted by combining physical prevention and control with chemical prevention and control, so that the attackingrate of the long-horned beetles is lowered to 0.2% or below, the yield of nuts is obviously increased, and good economic benefit is obtained.

The embodiment of the invention provides an intrusion response measure determination method and device, and the method comprises the steps: determining one or more attack paths according to each nodein an attack tree and a node relationship; determining the security utility of candidate response measures which can be used for blocking the attack path; based on multiple iterations of a greedy algorithm, selecting candidate response measures with the maximum security effectiveness for each attack path to form a measure set so as to realize intrusion prevention; wherein in each iteration process, the candidate response measure with the maximum safety effect is selected from the candidate response measures of the attack path to be blocked, the response measure selected this time serves as a deployed measure, and the safety effects of the candidate response measures of the remaining attack path to be blocked are recalculated and used for next iteration selection. According to the method, the overall security effectiveness when a plurality of attack paths are coped can be improved to the maximum extent, and the optimal coping for multi-path attacks is realized.