43 results about "Insider attack" patented technology

The present invention provides a policy specification framework to enable an enterprise to specify a given insider attack using a holistic view of a given data access, as well as the means to specify and implement one or more intrusion mitigation methods in response to the detection of such an attack. The policy specification provides for the use of“anomaly” and “signature” attributes that capture sophisticated behavioral characteristics of illegitimate data access. When the attack occurs, a previously-defined administrator (or system-defined) mitigation response (e.g., verification, disconnect, de-provision, or the like) is then implemented.

The invention discloses a method and a system for internet of things information transmission. Firstly, a public key infrastructure/certificate authority (PKI/CA) mechanism is established in the internet of things and an authentication key and an encryption key are distributed to an aggregation node of the internet of things; transmitted information is encrypted and authorized in an edge network of the internet of things; and key conversion is conducted after the encrypted and authorized information reaches the aggregation node of the internet of things and the information encrypted again is sent to an application management server of the internet of things. According to the method and the system for the internet of things information transmission, the internet of things can effectively resist interior attack, information safety transmission level is improved and complexity of encryption and safety authentication calculation in the edge network of the internet of things is reduced.

The present invention provides a policy specification framework to enable an enterprise to specify a given insider attack using a holistic view of a given data access, as well as the means to specify and implement one or more intrusion mitigation methods in response to the detection of such an attack. The policy specification provides for the use of “anomaly” and “signature” attributes that capture sophisticated behavioral characteristics of illegitimate data access. When the attack occurs, a previously-defined administrator (or system-defined) mitigation response (e.g., verification, disconnect, de-provision, network re-routing, or the like) is then implemented.

One embodiment of the present invention provides a system for detecting insider attacks in an organization. During operation, the system collects data describing user activities. The system extracts information from the data that includes user information and user communications. The system then generates a topic-specific graph based on the extracted information. The system analyzes a structure of the graph to determine if one or more rules have been violated. The system may determine that a rule associated with the graph has been violated and signal an alarm in response to detecting the rule violation.

The invention relates to a safety authentication method of a cloud storage system, belonging to the field of storage technology and information security technology of computers. The method solves the problems that the existing safety authentication methods are complex in authentication process and great in authentication consumption, and aims at providing simple, flexible and efficient authentication with high expandability and high safety for service safety of a cloud storage system, so as to prevent invasion of external or internal attackers to the storage system. The method comprises a client process, an authentication end progress and a storage end progress; the client loads the user identifiers of all login users, and the authentication end loads an access control library. The method checks whether the operation authorization of the user is legal by calculating the verifying identifier, the storage end does not need to maintain the access control library any longer, and verification on the access request of the user can be completed with simple calculation, thereby greatly reducing expense of the storage system on access control, and providing flexible, safe, reliable and efficient file access for users having operation authorization in the large-scale cloud storage system.

The embodiment of the invention discloses an SDN edge computing network system based on blockchain encryption, an encryption method and a medium. The embodiment of the invention provides a technical scheme. Encrypting the configured and updated network strategy through the application layer and sending the encrypted and updated network strategy to the blockchain layer; the block chain layer receives the network strategy and decrypts the network strategy; and performing consensus authentication on the decrypted network strategy through a plurality of consensus nodes, storing the authenticated network strategy in the blockchain network in a distributed manner, extracting the network strategy from the blockchain layer by the control layer, and issuing the network strategy to the data forwarding layer, so that the data forwarding layer performs data forwarding according to the network strategy. By adopting the technical means, the security of network strategy transmission and issuing can be guaranteed, and data loss and network internal attacks are avoided. And furthermore, by storing administrator account address information, the identity of a network strategy configurator is convenient to determine, so that a basis is provided for tracing the identity of an attacker in the network.

The invention discloses a dynamic access control framework facing internal attacks, and belongs to the technical field of information security access control. The dynamic access control framework comprises a submission of an access request, a calculation of user enablement roles, a calculation of enablement roles permissions, a selection of the enablement roles, a reduction of candidate enablementroles, and a calculation of risk values. According to the dynamic access control framework facing the internal attacks, the satisfiability of environmental constraints in an access control policy isevaluated by using an environment model, thereby achieving dynamic adjustment of user authority, and preventing accesses of illegal users; permission ranges of legal users are constrained according tostrategy constraints and risk analysis, thereby avoiding internal attacks of malicious users; and a triple control of access requests is achieved by analyzing environmental information, the strategyconstraints, and access risks, thereby preventing illegal and malicious access behaviors can in time, more effectively protecting network resources, and guaranteeing safe and efficient operation of the system.

The invention discloses an identity-based digital signature password reverse firewall method, and belongs to the technical field of information security. The method comprises the following steps: firstly, a transparent and credible password reverse firewall is set at a signature end, and related system parameters are set; the password reverse firewall re-randomizes part of the received parametersand then transmits the re-randomized parameters and other non-re-randomized parameters to the signature end; the signature end carries out signature to obtain a signature result sigma = (V, Ru, Rm), the rear two parts of the signature result are reset through the password reverse firewall of the signature end, and then the partially reset signature result is transmitted to a verification end; andthe verification end verifies the legality of the received signature result, if the signature result passes the verification, 'acceptance' is output, and otherwise, 'rejection' is output. According tothe identity-based digital signature password reverse firewall method, transparency and credibility are realized, leakage is prevented, the safety of a user is improved, and the attack behavior of aninternal attacker is particularly protected.

The present disclosure relates to methods and systems for protecting cloud resources. The methods and systems may use a virtual gatekeeper resource to enforce secure access controls to cloud resources for a list of privileged operations. The cloud resources and the virtual gatekeeper resource may be in different security domains within a cloud computing system and the cloud resources may be linked to the virtual gatekeeper resource. A request may be sent to perform a privileged operation on the cloud resource. Access may be provided to the virtual gatekeeper resource in response to approval of the request and the access to the virtual gatekeeper resource may be used to perform the privileged operation on the cloud resource.

The invention provides a distributed denial of service attack resisting method, system and device and a storage medium, and the method comprises the steps: randomly selecting a form endorsement node from redundant endorsement nodes, the redundant endorsement nodes being endorsement nodes except a designated endorsement node of a current transaction in a block chain; and sending a transaction endorsement request to the specified endorsement node and the formal endorsement node. According to the method, formalized endorsement is carried out by setting the formalized endorsement node, and the transaction endorsement request is randomly sent to the formalized endorsement node in the transaction process of the block chain node, so that false transaction type judgment information can be transmitted to the DDoS internal attacker, and the purpose of interfering the transaction type judgment of the DDoS internal attacker is achieved; and therefore, the attack measurement of an attacker in the DDoS is difficult to carry out effectively.

The invention belongs to the technical field of quantum arbitration signature and discloses a quantum arbitration signature method and system based on six-particle stealth transfer, and the method comprises the steps: preparing n pairs of six-particle cluster states through Charlie, enabling the Charlie and Alice and Bob to respectively share secret keys Kac and Kbc, and enabling the Alice or Bobto initiate a communication request to the Charlie; preparing three parts of ABs (| psi > AB) according to the message M and Alice, selecting a random number r1, encrypting three parts of quantum states by using a one-time pad password book, and then encrypting the three parts of quantum states by using Kac (| psi > '1); verification signature. A six-particle entanglement system composed of two three-particle GHZ states is used, and the stable entanglement attribute of the six-particle entanglement system is utilized to realize long-term particle storage, so that noise interference existing ina quantum channel can be well resisted; internal attack and external attack strategies are resisted through a shared key pair; a three-party mutual identity authentication framework is established through key pairs shared by three parties respectively.

The invention discloses a password reverse firewall method suitable for a digital signature, and belongs to the technical field of information security. The method comprises the following steps: firstly, setting a transparent and credible password reverse firewall at a signature party, and setting related system parameters; when the password reverse firewall receives the parameters, resetting partof the parameters and then forwarding to the signature party; the signature party signing the message based on the received parameters to obtain a signature result and transmitting the signature result to a password reverse firewall of the signature party, and the password reverse firewall resetting part of sub-signatures in the signature result and then transmitting the sub-signatures to the verification party; and the verification party carrying out verification processing on the received signature, verifying a legal signature about the message, outputting acceptance if the verification ispassed, and outputting rejection if the verification is not passed. The arrangement of the password reverse firewall meets three basic requirements of the password reverse firewall, transparency and credibility are achieved, leakage is prevented, the safety of a user is improved, and the attack behavior of an internal attacker is particularly protected.

The invention belongs to the field of quantum communication and quantum cryptography, and particularly relates to a private information comparison method based on a continuous variable ionic state. The method comprises the following steps: initializing a system; the third party prepares two pairs of continuous variable quantum entangled states, preprocesses the continuous variable quantum entangled states and sends corresponding particles to the participants; the participant encodes the preprocessed corresponding particles and sends the encoded particles to the third party; the third party processes the corresponding particles to obtain a first classical measurement result and a second classical measurement result; the third party carries out safety monitoring according to the first classical measurement result and the second classical measurement result, if the safety monitoring is passed, private information comparison is completed according to the first classical measurement result and the second classical measurement result, and a comparison result is published, otherwise, system initialization is returned; according to the method, external attacks and internal attacks can be effectively resisted, the security and correctness of the protocol are ensured, quantum resources can be prepared, unified operation and measurement can be realized, and the method has higher practicability.

The invention discloses a whole industrial chain product traceability authentication method and system based on a block chain technology, which support all legal nodes on an industrial chain to carry out traceability and authentication on a product at any time, and can also provide a simple and easy-to-operate authentication service for an individual user without corollary equipment and resources. Meanwhile, decentralized credible traceability is realized through a block chain technology, that is, authentication does not need to depend on the reliability of a certain node, and an authentication result can be directly and automatically deduced from information disclosed in a block chain. The method can resist more than ten attack forms including external attacks, collusion attacks and internal attacks, and has high security.