30 results about "Sality" patented technology

Embodiments of the present invention provide methods, systems, and software for implementing trust policies. Such policies may be implemented in a variety of ways, including at one or more border devices, client computers, etc. In accordance with various embodiments, a communication between a client computer (and / or application) and an online entity may be monitored and / or otherwise detected. The online entity may be identified, and / or one or more trust scores associated with the online entity may be obtained. Based on the trust scores, as well, perhaps as the nature of the communication, an action (such as allowing the communication, blocking the communication, quarantining the communication, warning a user, administrator, etc.) may be taken. In some cases, a trust policy may be consulted to determine what action should be taken with respect to a given communication.

A malware warning system, including a client sending requests to and receiving replies from a server, and a server, including a first warning generator sending to the client a warning including a threat level of content located at a web site, in response to receiving from the client a URL for accessing content at the web site, a second warning generator sending to the client a warning including information about at least one of the nature of the threat of the content located at the web site and a location of the web site, in response to receiving from the client a request for more information about the nature of the threat, and a third warning generator, sending to the client a warning including an instruction to perform a swipe gesture to confirm a request to access the URL, in response to receiving that request from the client.

State of security in a mobile communications network is communicated. Data regarding nature and severity of security events onboard at least one mobile platform is generated and processed. A message that includes the processed data is generated and transmitted periodically. The processed data makes up a security state vector that includes the number of security events detected since power-up of the mobile platform node, sum of highest severity security events since power-up or counter rollover, sum of the second highest severity security events detected since power-up or counter rollover, sum of the third highest severity security events detected since power-up or counter rollover, highest security event classification, second-highest security event classification, and third-highest security event classification. The processed data may be used in a network operations center to prioritize mobile platforms from which logged data should be retrieved for further investigation and monitoring.

The invention relates to a message filtering method. A Bayes classifier model is used for calculating the probability that a message is a rogue message; the property of the message is judged according to the probability of the rogue message, wherein the property of the message includes the normal message, the rogue message and the suspicious message; the rogue message is directly filtered away, and the normal message and the rogue message are remained; then, the further classification is performed by using a semanticbased deep study model; and the message is determined to be the normal message or the rogue message. Compared with the prior art, the method and the device have the advantages that the automatic study can be realized; a training set is regularly updated; the synonym is recognized; the manual annotation cost is greatly reduced; and high accuracy, robustness and stability are realized. In addition, the invention also provides a message filtering realization device.

Cross-Site Request Forgery attacks are mitigated by a CSRF mechanism executing at a computing entity. The CSRF mechanism is operative to analyze information associated with an HTTP request for a resource. The HTTP request typically originates as an HTTP redirect from another computing entity, such as an enterprise Web portal. Depending on the nature of the information associated with the HTTP request, the HTTP request may be rejected because the CSRF mechanism determines that the request is or is likely associated with a CSRF attack. To facilitate this determination, the approach leverages a new type of “referer” attribute, a trustedReferer, which indicates that the request originates from a server that has previously established a trust relationship with the site at which the CSRF mechanism executes. The trustedReferer attribute typically is set by the redirecting entity, and in an HTTP request header field dedicated for that attribute.

Coordinated SYN denial of service (CSDoS) attacks are reduced or eliminated by a process that instructs a layer 4-7 switch to divert a small fraction of SYN packets destined to a server S to a web guard processor. The web guard processor acts as a termination point in the connection with the one or more clients from which the packets originated, and upon the establishment of a first TCP connection with a legitimate client, opens a new TCP connection to the server and transfers the data between these two connections. It also monitors the number of timed-out connections to each client. When a CSDoS attack is in progress, the number of the forged attack packets and hence the number of timed-out connections increases significantly. If this number exceeds a predetermined threshold amount, the web guard processor declares that this server is under attack. It then reprograms the switch to divert all traffic (i.e. SYN packets) destined to this server to the web guard processor, or to delete all SYN packets to the server in question. If the number of timed-out connections increases, it can also inform other web guard processor arrangements, and / or try to find the real originating hosts for the forged packets. In either event, the server is thus shielded from, and does not feel the effects of, the DoS attack. Alternatively, a simpler approach is to arrange layer 4-7 switches to forward SYN packets to respective “null-cache” TCP proxies that each are arranged to operate without an associated cache, and therefore be inexpensive to install and operate. These null-cache TCP proxies, when subject to a CSDoS attack, will not successfully establish a TCP connection with a malicious host, due to the nature of the attack itself. Accordingly, no connections will be made from the null-cache TCP proxies to the server under attack, and the server will be protected.

This disclosure describes a technique to determine whether a client computing device accessing an API is masquerading its device type (i.e., pretending to be a device that it is not). To this end, and according to this disclosure, the client performs certain processing requested by the server to reveal its actual processing capabilities and thereby its true device type, whereupon—once the server learns the true nature of the client device—it can take appropriate actions to mitigate or prevent further damage. To this end, during the API transaction the server returns information to the client device that causes the client device to perform certain computations or actions. The resulting activity is captured on the client computing and then transmitted back to the server, which then analyzes the data to inform its decision about the true client device type. Thus, when the server detects the true client device type (as opposed to the device type that the device is masquerading to be), it can take appropriate action to defend the site.

The invention discloses a quantitative analysis method of a ThingML (Modeling Language) model under uncertain environment. The quantitative analysis method comprises the following steps: 1) expanding the language and the semantics of the ThingML, causing the ThingML to model uncertainty in the environment, and providing required quality-of-service requirements for a user; 2) utilizing Java to analyze to obtain the meta-model of the ThingML, and obtaining each required field of the ThingML; 3) converting the meta-model of the ThingML into a NPTA (Networks Priced Timed Automata) model, which includes foreground and back-end configuration; and 4) converting the quality-of-service property of the user into a query statement of UPPALL-SMC (Statistical Model Checking), and carrying out quantitative analysis on the system. The quantitative analysis method can evaluate the quality of service of the application of the Internet of Things so as to revise a corresponding design level to guarantee the quality of service.

The present invention proposes a heuristic detection method, system, and storage medium for nested files. The method includes: splitting the obtained nested files; Regularized processing, sorting into knowledge data; matching the knowledge data with the knowledge base; if the matching is successful, the nested class file is malicious, output the detection result, and end the detection; otherwise, the nested class file that has not been matched successfully file for malicious analysis. The present invention does not need complex logical analysis, nor does it need a virtual environment to dynamically execute scripts, but performs heuristic detection based on the nature of threatening behaviors that will occur in abnormal environments based on nested class files, which can effectively improve detection speed, accuracy, etc.

The invention discloses an openwhisk serviceless framework migration method for microservice applications, which utilizes the exprima syntax parsing tool of Node.js language to generate abstract syntax tree nodes, and extracts key information from them to generate function call graphs. Communication diagram and judgment of the nature of microservice submodules, and try to divide stateful microservice modules to maximize automatic migration. Parse project source code files, project package files, configuration files, etc. from the level of abstract syntax tree, which is simple and efficient. At present, there is no similar technical solution, and the emergence of the present invention will help developers to improve the migration efficiency of applications to the serverless computing platform.

The invention belongs to the technical field of malicious software detection, and discloses a mixed detection method, system and device for multiple malicious software with privacy protection. The third party generates a public-private key pair according to the homomorphic encryption algorithm, and publishes the public key; the client collects the behavior data of the user group using the software, conducts preliminary calculations, encrypts with the third-party public key, adds it to the generated random number, and uploads the result to Server: The server uses the reputation evaluation algorithm to encrypt data according to the uploaded user group, utilizes the homomorphic nature and interacts with the third party to decrypt, completes the calculation of different software reputation values, and determines the software detection sequence according to the software reputation value; Call the API usage data obtained by the decompiled software APK from the client in order, and perform static detection on the software according to the static learning model. Public key, using homomorphic properties and dynamic learning model for real-time detection.

The invention discloses a recordable and traceable block chain security deletion method, the process is: create a block with arbitrary data according to the requirements of different applications; the block contains fields that record the nature of the block, and the identification Divided into: original block, deleted block, modified block; deleted block and modified block also contain pointers to other blocks, which are used to connect the original block, deleted block and modified block; When deleting, the user creates a deleted block with a deleted block identifier. The deleted block contains a pointer to the original block that needs to be deleted, indicating that the deleted block deletes the original block; the rest of the data is the same as the original block The user data is completely consistent; after the deletion is completed, the block needs to be modified. The modification process is as follows: the user creates a modified block with a modification identifier, and the modification points to the deleted block. The rest of the data is the same as or different from the original block. At the same time, the original block information is saved for the undo deletion process; otherwise, the modification is completed.

The invention discloses a privacy protection set intersection calculation method and system based on polynomial representation. According to the intersection calculation method provided by the invention, two participants (a caller B and a responder A) contain the sets of the own attributes and are not acquired by the other party, and the two participants obtain a set intersection through secure multi-party calculation, so that the common attributes of the two parties are acquired. The method specifically comprises the following steps that firstly, a participant and a participant initialize; apolynomial formed by combining the calling party with the random number encrypts the attribute set of the calling party and sends the encrypted attribute set to the responder A; the responder A receives a polynomial formed by the data information and the random numbers, encrypts the data of the two parties of the participant again and sends the data to the responder A; and an intersection set is obtaind through the calculation of two secure parties. The privacy protection set intersection calculation method based on polynomial representation can be used for the multi-party data security communication by utilizing the properties of the polynomial, so that the technical effect of improving the cracking difficulty and safety is achieved.

The present invention relates to a method for identifying node properties based on a distributed system, comprising the following steps: treating participants who apply for resources or provide resources in the distributed system as nodes; the nodes include good faith nodes and Sybil nodes (malicious nodes) and pending nodes; if there is a record of providing resources or obtaining resources between nodes, it is considered to form a connection edge; when the pending node sends out a resource application as the applicant, it is assumed that the participant that receives the resource application and provides resources is a bona fide node. In the random routing, the characteristics of the applicant node and the provider node are respectively extracted, and the nature of the pending node that sends out the resource application is identified accordingly, so as to decide whether to provide resources to it. The invention can effectively identify Sybil nodes, so as to resist Sybil attacks.

The present invention relates to a method for identifying node properties based on a distributed system, comprising the following steps: treating participants who apply for resources or provide resources in the distributed system as nodes; the nodes include good faith nodes and Sybil nodes (malicious nodes) and pending nodes; if there is a record of providing resources or obtaining resources between nodes, it is considered to form a connection edge; when the pending node sends out a resource application as the applicant, it is assumed that the participant that receives the resource application and provides resources is a bona fide node. In the random routing, the characteristics of the applicant node are extracted, and based on this, the nature of the pending node that sends out the resource application is identified, so as to decide whether to provide resources to it. The invention can effectively identify Sybil nodes, so as to resist Sybil attacks.

The invention discloses a crowdsourcing classification data quality control method based on self-learning and belongs to the field of computer scientific data mining technology. The method is used for true classification discovery of multiple classification crowdsourcing annotation tasks and recognition of a malicious worker. According to the method, first, sample credibility is calculated according to initial dataset nature; second, a sample is selected; third, a true tag and the ability of a worker are calculated; fourth, another sample is selected according to updated ability and the true tag; fifth, after all sample points are completely selected, further optimization is performed; and finally an annotated true answer and recognition results of the ability of the worker and a malicious and passive worker are acquired at the same time. Experiments prove that a better result can be obtained through the method compared with a traditional method.

The invention relates to a method for executing Epoll system calling by a Docker and application of the method, and the method comprises the following steps: creating an Epoll instance, and returninga file descriptor of the instance; registering a required specific file descriptor; waiting for a registration event; after monitoring that a certain event occurs, detecting whether an error is reported in the event occurrence process or not; detecting the property of the event, if the event is an OOM event, entering an OOM event processing flow, and if the event is a conventional event, performing the next operation; judging whether the event is an EPOLLHUP event or not, if not, ending, and if yes, performing the next operation; and deleting the EPOLLHUP event from the event list corresponding to the corresponding file descriptor, and reporting an error if the deletion fails. According to the method and the device, the defect that the executive quit speed of an existing Docker container is low is overcome, and the response speed of the Docker container is increased.

The invention discloses a 16-bit S box construction method based on NFSR and an Feistel structure. The method comprises the following steps: constructing an 8-bit S box sample set; constructing two NFSR components by using an eight-stage nonlinear feedback shift register; combining the two constructed NFSR components with a Feistel structure, carrying out multi-round iteration based on the 8-bit password S box sample set, and carrying out output after iteration so as to construct a 16-bit password S box; and finally, testing the constructed 16-bit S box, performing screening according to difference uniformity, nonlinearity, algebraic times and signal-to-noise ratio in sequence, and screening out the 16-bit S box with better password property for outputting. The method is based on an NFSR and Feistel structure, an S box is used for replacing a round function, and the construction structure is simple; the 16-bit S box with better cryptographic properties can be constructed, and S box support with high security is provided for a block cipher algorithm.

The invention relates to a parallel parsing method for SCD files of an intelligent substation. A master-slave parsing mechanism is adopted, the main thread extracts the structure of the SCD file, and the slave threads parse the names and properties of labels. The main thread and the slave thread are in a serial relationship; the main thread and the main thread, and the slave thread and the slave thread are in a parallel relationship. Start five types of main threads in parallel according to the SCD file structure, mark the first-level label position of the SCD file, and save the label position information; count the number of first-level label positions, and start the same number of slave threads to analyze the first-level label and the labels it contains The name and nature of the analysis result of each slave thread is stored in a tree structure, and a type subtree is established, and each subtree is integrated into a complete main tree according to the SCD file structure; the parsing process uses a parallel hash algorithm to realize the tree structure Quick Search. The invention adopts the parallel multi-thread technology to greatly reduce the analysis time of the SCD file and improve the result query efficiency.