Patents
Literature
Hiro is an intelligent assistant for R&D personnel, combined with Patent DNA, to facilitate innovative research.
Hiro

30 results about "Sality" patented technology

Sality is the classification for a family of malicious software (malware), which infects files on Microsoft Windows systems. Sality was first discovered in 2003 and has advanced over the years to become a dynamic, enduring and full-featured form of malicious code. Systems infected with Sality may communicate over a peer-to-peer (P2P) network to form a botnet for the purpose of relaying spam, proxying of communications, exfiltrating sensitive data, compromising web servers and/or coordinating distributed computing tasks for the purpose of processing intensive tasks (e.g. password cracking). Since 2010, certain variants of Sality have also incorporated the use of rootkit functions as part of an ongoing evolution of the malware family. Because of its continued development and capabilities, Sality is considered to be one of the most complex and formidable forms of malware to date.

A Method to Mitigate Distributed Denial of Service Attack

InactiveCN102281295AMitigate Distributed Denial of Service AttacksStrong noveltyTransmissionIp addressEngineering
The invention discloses a method for easing distributed denial of service attacks, which solves the defects in the prior detection or defense technologies. The method provided by the invention comprises the following steps of: presetting a group of regional scope presented by an IP (Internet Protocol) address block, and a threshold of the number of messages of a protocol type or a message property allowed by each sub-region in the regional scope; when receiving one message of the corresponding protocol type or message property, searching the sub-region to which the message belongs according to a source IP address; if a cv (current value) of the number of the messages of the protocol type or message property corresponding to the sub-region to which the message belongs is more than 0, subtracting 1 from the cv, and further processing the received messages regularly according to the protocol type or message property; if the cv is equal to 0, or directly discarding the messages or discarding the messages after recording related information of the messages; aiming at the request on easing different types of distributed denial of service attacks, concurrently executing different recovery processing for the cv of the number of the messages of the corresponding protocol type or message property in corresponding sub-region within a given scope. The method is used in an IP network.
Owner:HEILONGJIANG UNIV

Multi-malicious-software hybrid detection method, system and device with privacy protection

The invention belongs to the technical field of malicious software detection, and discloses a multi-malicious-software hybrid detection method, system and device with privacy protection. The third party generates a public and private key pair according to a homomorphic encryption algorithm, and publishes a public key; the client collects behavior data of software used by the user group, carries out preliminary calculation, encrypts the behavior data by using a third-party public key, adds the behavior data to the generated random number and then uploads a result to the server; the server usesa reputation evaluation algorithm to complete calculation of different software reputation values by using homomorphic properties and interacting decryption with a third party according to the uploaded user group encryption data, and determines a software detection sequence according to the software reputation values; during detection, the server sequentially calls API use frequency data acquiredby decompilation software APK from the client according to a sequence; static detection is performed on the software according to the static learning model; if the detection result is non-malicious,related encrypted data and a public key thereof are called according to the system collected by the client, and real-time detection is performed by utilizing homomorphic properties and the dynamic learning model.
Owner:XIDIAN UNIV

Process to thwart denial of service attacks on the internet

Coordinated SYN denial of service (CSDoS) attacks are reduced or eliminated by a process that instructs a layer 4-7 switch to divert a small fraction of SYN packets destined to a server S to a web guard processor. The web guard processor acts as a termination point in the connection with the one or more clients from which the packets originated, and upon the establishment of a first TCP connection with a legitimate client, opens a new TCP connection to the server and transfers the data between these two connections. It also monitors the number of timed-out connections to each client. When a CSDoS attack is in progress, the number of the forged attack packets and hence the number of timed-out connections increases significantly. If this number exceeds a predetermined threshold amount, the web guard processor declares that this server is under attack. It then reprograms the switch to divert all traffic (i.e. SYN packets) destined to this server to the web guard processor, or to delete all SYN packets to the server in question. If the number of timed-out connections increases, it can also inform other web guard processor arrangements, and / or try to find the real originating hosts for the forged packets. In either event, the server is thus shielded from, and does not feel the effects of, the DoS attack. Alternatively, a simpler approach is to arrange layer 4-7 switches to forward SYN packets to respective “null-cache” TCP proxies that each are arranged to operate without an associated cache, and therefore be inexpensive to install and operate. These null-cache TCP proxies, when subject to a CSDoS attack, will not successfully establish a TCP connection with a malicious host, due to the nature of the attack itself. Accordingly, no connections will be made from the null-cache TCP proxies to the server under attack, and the server will be protected.
Owner:ALCATEL-LUCENT USA INC

Heuristic detection method and system of nested file and storage medium

The invention provides a heuristic detection method and system of a nested file and a storage medium. The method comprises the steps of dividing the obtained nested file; obtaining a divided file type, regularizing the file type and sorting the file type into knowledge data; matching the knowledge data with a knowledge base; if matching is successful, determining that the nested file is malignant,outputting the detection result and finishing the detection; if not, conducting malignance analysis on the unmatched nested file. Complex logic analysis is not needed, a virtual environment is not needed either to execute a script, instead, heuristic detection is conducted based on the property that a threat action will be generated based on the nested file in an abnormal environment, the detection speed can be effectively increased, and the detection accuracy can be effectively improved.
Owner:HARBIN ANTIY TECH

A caching and prefetching acceleration method and device for computing equipment based on big data

ActiveCN104320448BImprove the effectImprove caching accelerationTransmissionActive feedbackWeb operations
A caching and prefetching acceleration method and device for computing equipment based on big data, which is different from the traditional caching mode in which equipment is optimized, in that the method submits data to the cloud by a large number of caching or prefetching service devices, including these Part of the characteristic data of various applications or network operations on the service device served by the service device. The so-called characteristic data mainly refers to the characteristic data concerned by the cache and prefetch operations, such as the proportion of application read and write operations, I / O Request type, file size, frequency of use, cache optimization experience, hardware type of the cached device on the server side, user group characteristics, etc., the cloud will perform statistics and analysis after receiving the data, dig out optimized cache or prefetch solutions for different applications, and then By means of active feedback or passive response, the optimized caching scheme and prediction scheme are returned to the caching service device for processing, so that the work of the nature of prediction and targeted optimization can be directly performed without re-accumulating cache data for a long time.
Owner:张维加

Secure calling convention system and methods

The present disclosure is directed to systems and methods for protecting software application information that is passed between a caller of an API and the logic contained within the API by using a Secure Calling Convention (SCC). The SCC involves performing a cryptographic operation on the information such that the true nature of the information is obfuscated. The SCC prevents a hacker from using the information to reverse-engineer the software application to behave as desired.
Owner:阿韦瓦软件有限责任公司

Malicious software identification method, system and device and readable storage medium

The invention discloses a malicious software identification method, which comprises the following steps: obtaining an executable file of software to be identified, and extracting binary instruction characteristics in the executable file; performing feature matching on the binary instruction features in a feature library to obtain corresponding same features and/or similar features; and judging whether the to-be-identified software is malicious software or not according to the properties of the same features and/or similar features. Because the control flow diagram is an abstract data structure of the minimum control logic in the program execution process, the binary instruction feature obtained by splicing and combining the binary instructions according to each control flow diagram has smaller granularity than the function, and the real-time execution process of the control flow of the function can be reflected; therefore, similarity matching is carried out by utilizing the binary instruction characteristics of the executable file, and the malicious software identification precision can be obviously improved. The invention also provides a malicious software identification system and device and a readable storage medium, which have the above beneficial effects.
Owner:SANGFOR TECH INC

Method and system for computing intersection of privacy-preserving sets based on polynomial representation

The invention discloses a privacy protection set intersection calculation method and system based on polynomial representation. According to the intersection calculation method provided by the invention, two participants (a caller B and a responder A) contain the sets of the own attributes and are not acquired by the other party, and the two participants obtain a set intersection through secure multi-party calculation, so that the common attributes of the two parties are acquired. The method specifically comprises the following steps that firstly, a participant and a participant initialize; apolynomial formed by combining the calling party with the random number encrypts the attribute set of the calling party and sends the encrypted attribute set to the responder A; the responder A receives a polynomial formed by the data information and the random numbers, encrypts the data of the two parties of the participant again and sends the data to the responder A; and an intersection set is obtaind through the calculation of two secure parties. The privacy protection set intersection calculation method based on polynomial representation can be used for the multi-party data security communication by utilizing the properties of the polynomial, so that the technical effect of improving the cracking difficulty and safety is achieved.
Owner:HUBEI UNIV OF TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products