503 results about "Security analytics" patented technology

An exploit detection system deploys a threat-aware microvisor to facilitate real-time security analysis, including exploit detection and threat intelligence, of an operating system process executing on a node of a network environment. The microvisor may be organized as a main protection domain representative of the operating system process. In response to the process attempting to access a kernel resource for which it does not have permission, a capability violation may be generated at the main protection domain of the microvisor and a micro-virtual machine (VM) may be spawned as a container configured to encapsulate the process. The main protection domain may then be cloned to create a cloned protection domain that is representative of the process and that is bound to the spawned micro-VM. Capabilities of the cloned protection domain may be configured to be more restricted than the capabilities of the main protection domain with respect to access to the kernel resource. The restricted capabilities may be configured to generate more capability violations than those generated by the capabilities of the main protection domain and, in turn, enable further monitoring of the process as it attempts to access the kernel resource.

Disclosed is a system for detecting security threats in a local network. A security analytics system collects data about entities in the local network. The security analytics system identifies the entities in the raw data and determines a set of properties about each of the identified entities. The entity properties contain information about the entity and can be temporary or permanent properties about the entity. The security analytics system determines relationships between the identified entities and can be determined based on the entity properties for the identified properties. An entity graph is generated that describes the entity relationships, wherein the nodes of the entity graph represent entities and the edges of the entity graph represent entity relationships. The security analytics system provides a user interface to a user that contains the entity graph and the relationships described therein.

The present disclosure describes systems and methods for detecting malware. More particularly, the system includes a monitoring device that monitors side-channel activity of a target device. The monitoring device that can work in conjunction with (or independently of) a cloud-based security analytics engine to perform anomaly detection and classification on the side-channel activity. For example, the monitoring device can calculate a first set of features that are then transmitted to the security analytics engine for anomaly detection and classification.

The invention discloses a big data security analysis system based on massive network monitoring data. The system includes a data traffic monitoring module, a deep packet detection module, a data jointanalysis module, an anomaly detection module and a security evaluation module, wherein the data traffic monitoring module is used to monitor data traffic in real time, analyze applications, perform lossless collection on various system traffic data, and transmit the data to other modules; the deep packet detection module is used to judge the service types and application types by deeply reconstituting and analyzing the payload content of a seventh-layer packet and matching service characteristics, and performs analysis to obtain different application types; the data joint analysis module is used to perform data aggregation and study the state and association analysis to further remove redundant information in original data; the anomaly detection module is used to detect a data analysis result and judge whether the data is abnormal; and the security evaluation module is used to obtain a data evaluation result by combining the network situation based on the analysis and detection of other modules. According to the system, the real-time monitoring of network data and corresponding data security analysis can be implemented, and the data security and reliability can be improved.

An embodiment of the present invention discloses a motor-vehicle accident liability determination method and system. The method comprises the following steps of: acquiring driving state data and driving behavior data recorded in an motor-vehicle data storage device; extracting the driving state data and the driving behavior data corresponding to the accident information according to an accident analyzing instruction carrying accident information; and determining the liability for motor-vehicle accidents to be with motor-vehicle breakdowns and/or driving behaviors according to the driving state data and the driving behavior data. According to the motor-vehicle accident liability determination method and system in the embodiment of the present invention, the motor-vehicle data storage device monitors the driving state data and the driving behavior data during the driving process so as to provide the basis for defining the liability of the traffic accidents and quickly define the responsible party of the accidents. In addition, the timeliness of field investigation is solved; and data support is provided for automobile performance and safety analysis.

The invention belongs to the technical field of cloud computing and discloses an efficient and privacy-preserving single-layer perceptron learning scheme in a cloud computing environment. The scheme comprises the steps that a client provides a security parameter, operates a key generation algorithm of a symmetric homomorphic encryption algorithm to calculate a public parameter and a key, then operates an encryption algorithm, encrypts training data through utilization of the key to obtain a corresponding ciphertext, and sends the ciphertext and related expectation to a cloud server, assists acloud server to judge a positive or negative characteristic of a dot product result in a training process, and decrypts the ciphertext of the received final optimum weight vector after a training taskis finished, thereby obtaining a single-layer perceptron prediction model; and the cloud server stores the training mode, trains a single-layer perceptron model and sends the ciphertext of the finaloptimum weight vector to the client after the training task is finished. The safety analysis shows that according to the scheme, in the training process, the privacy of the training data, an intermediate result and the optimum prediction model can be preserved, and the scheme is efficient in computing overhead and communication overhead aspects.

The invention discloses a device for processing cloud application attack behaviors in a cloud computing system. The device comprises a security analyzer, a security processor and a policy manager. The policy manager is used for storing security judgment rules and malicious application processing rules; the security analyzer is used for receiving application behavior data sent by security detectors, determining whether cloud applications running on cloud hosts have attack behaviors or not, and sending the application behavior data to the security processor when determining that the cloud applications running on the cloud hosts have the attack behaviors; the security processor is used for calling an interface provided by a cloud controller in the cloud computing system to process the cloud applications with the attack behaviors according to the malicious application processing rules. Security protection is performed based on the cloud computing application level, mutual attacks between different applications inside the same host can be prevented, and impact on normal applications is reduced.

A security analytics system receives incident data (from an incident management system) and security policy information (from a security policy management system). The security analytics system evaluates these data sets against one another, preferably using a rules-based analysis engine. As a result, the security analytics system determines whether a particular security policy configuration (as established by the security policy management system) needs to be (or should be) changed, e.g., to reduce the number of incidents caused by a misconfiguration, to increase its effectiveness in some manner, or the like. As a result of the evaluation, the security analytics system may cause a policy to be updated automatically, notify an administrator of the need for the change (and the recommendation), or take some other action to evolve one or more security policies being enforced by the security policy management system.

The invention discloses a detection method and system for HTTP malicious traffic, and the method comprises the steps: capturing network traffic data, carrying out the preprocessing of the network traffic data, and obtaining formatted data corresponding to each HTTP request; performing feature extraction on the formatted data to obtain text vector features of each piece of formatted data; performing classification detection on the text vector characteristics based on a pre-trained malicious flow detection model to detect an HTTP malicious request; performing similar attack clustering on the HTTP malicious request based on a similar attack clustering algorithm to obtain a cluster; and performing analysis based on the cluster to obtain malicious attack information of the HTTP malicious request. According to the method, the Spark big data analysis engine is used for carrying out feature extraction and conversion on the flow data, and the machine learning and clustering algorithm is used for mining the malicious flow, so that the detection accuracy of the network malicious flow is improved, and the flow analysis time cost of security analysts is reduced.

The invention provides a network space security big data intelligent analysis method and a computer readable medium. The method comprises the following steps: acquiring network security related data;Restoring the acquired data, and carrying out different preprocessing operations on different types of network security related data; Extracting the preprocessed data and analyzing the preprocessed data to realize network security monitoring; And displaying the network security monitoring result. On the basis of a big data technology, data characteristics of continuous increase, complex types, various sources and the like of data in safety analysis are solved, and enterprise threats such as advanced continuous malicious attacks and internal violation behaviors can be effectively detected by using a user and entity behavior analysis technology at the same time.

The invention discloses a CRNET (China Railcom Net) safe cooperative defense system for a whole course communication network, comprising a safety analysis control center, cooperative defense devices arranged at the key parts of various network nodes and a flow data detection subsystem arranged at an outer port of the network nodes. wWherein each cooperative defense device is internally provided with a flow monitoring function unitcomponent, the cooperative defense function unitcomponent and a plurality of safety function unitcomponents, such as a fireproof wall, the flow monitoring function component unit is used for informing, receiving, analyzing and processing a data flow collected by a detection system, the cooperative defense function unitcomponent is used for generating or receiving a strategy submitted by the safety analysis control center and implementing safe management and control according to the strategy, the safety analysis control center is used for integrally configuring, monitoring and managing the plurality of presidial cooperative defense devices, and the flow data detection subsystem is used for collecting the data flows of the preliminarily entering network nodes pre-entering the network. The invention can flexibly configure according to practical use, establishes a multi-level network safety strategy control system based on the safety analysis control center, the cooperative defense devices and the flow data detection subsystems for global network safety defense and management and effectively improves the whole safety defense strength and the management flexibility of thea network.

The invention provides a smart city management system based on a cloud platform, and the system comprises: an infrastructure layer which is used for providing a system data access service and city resource data collection, and storing the city resource data in a data sharing layer in real time; a basic service layer which is used for developing and operating a platform as a service to be providedfor a user; adata sharing layer which is used for gathering various basic service system data to form massive traffic data, forming a comprehensive information sharing database by utilizing a cloud computing big data processing technology, breaking through information island limitation and realizing data gathering and sharing; an application integration layer which comprises application managementand application configuration management; and a cloud service platform which is used for performing security analysis through an application program interface and a communication network according tothe acquired data of the infrastructure layer. Data in all fields of city management are analyzed and interacted through the cloud technology, modular integrated management of the smart city is achieved, all modules are clear in function, management is more reasonable and perfect, multiple services needed by residents in the smart city can be provided, the life quality of the residents can be improved, and construction of the smart city is facilitated.

Disclosed is a system for detecting security threats in a local network. A security analytics system collects data about entities in the local network. The raw data can be filtered to extract data fields from the raw data that are relevant to detecting security threats in the local network. The filtered data can be converted into structured data that formats the information in the filtered data. The structured data may be formatted based on a set of schema, and can be used to generate a set of features. The security analytics system can use the generated features to build machine-learned models of the behavior of entities in the local network. The security analytics system can use the machine-learned models to generate threat scores representing the likelihood a security threat is present. The security analytics system can provide an indication of the security threat to a user.

A network security platform stores network telemetry information in an active memory, such as DRAM, and analyzes the network telemetry information to detect and respond to network security threats. Using a common active memory to store sensed network telemetry information and analyze that information provides a real-time dataflow engine for detecting security threats and neutralizing detected threats.

The invention relates to a big data security analysis platform system based on network security. The big data security analysis platform system comprises a unified collection platform, a basic data storage and processing capability center, an upper layer application data center and a big data list query center, the unified collection platform adopts Kafka as a message management layer of the unified collection platform to achieve flexible docking and adaption to various data source collection and to provide flexible and configurable data collection capability, the basic data storage and processing capability center utilizes the spark and hadoop technologies to provide powerful data processing capability, the upper layer application data center provides highly aggregated statistical data ofan enterprise through the RDBMS/ES, and the big data list query center provides fast query capability of big data by constructing an HBase cluster.

The invention provides a big data intelligent analysis system based on network space security. The big data intelligent analysis system comprises a unified interface module, a data acquisition module,a data processing module, a distributed storage module, a data analysis module and an interactive presentation application module. On the basis of a big data technology, data characteristics of continuous increase, complex types, various sources and the like of data in safety analysis are solved, and enterprise threats such as advanced continuous malicious attacks and internal violation behaviorscan be effectively detected by using a user and entity behavior analysis technology at the same time.

A network-accessible cyber-threat security analytics service is configured to characterize and respond to a description that includes threat indicators (e.g., IOCs), and an initial severity. Enterprises register with the service by providing identifying information, such as industry, geographies, and the like. For each threat indicator, a query is sent to each of a set of one or more security knowledge bases, and at least some of the queries are scoped by the enterprise industry/geo information specified. The knowledge bases may vary but typically include: a managed security service, a cyber threat intelligence service, and a federated search engine that searches across one or more enterprise-connected data sources. Responses to the queries are collected. A response provides an indication whether the threat indicator identified in the query has been sighted in the knowledge base and the frequency. The system then adjusts the initial severity to reflect the indications returned from querying the security knowledge bases.

A cloud-based static analysis security tool accessible by a set of application development environments is augmented to provide for anonymous knowledge sharing to facilitate reducing security vulnerabilities. To the end, a crowdsourcing platform and social network are associated with the application development environments. Access to the social network platform by users of the application development environments is enabled. The anonymous access enables users to post messages without exposing sensitive data associated with a particular application development environment. As the static analysis security tool is used, a knowledgebase of information regarding identified security findings, fix priorities, and so forth, is continuously updated. Social network content (e.g., in the form of analytics, workflow recommendations, and the like) is then published from the knowledgebase to provide users with security knowledge generated by the tool from the set of application development environments. The approach provides for secure and anonymous cross-organization information sharing based, for example, on analytics generated by an analytics platform.

The invention discloses a characteristic configuration-based fault tree generation method. The method comprises the following steps: introducing the variable modeling of software product lines into the safety analysis process, and utilizing a characteristic model as a system fault structural model to depict the hierarchical and restriction relationships of the faults; proposing a fault labeled transition system (FLTS) for the expanding of state transition and using the FLTS as a system fault behavior model; defining the process of generating the fault tree by utilizing model detection on the basis of the semantic of the FLTS; and finally realizing the method of generating the fault tree on the basis of fault configuration by utilizing an existing software product line model detector. According to the method provided by the invention, the characteristic model is utilized to depict the system static hierarchical structure, the subordination relationship between the faults and components as well as the restriction relationship among the faults; and by utilizing the characteristics of the software product line model detection, all the cut sets of specific safety attributes can found on the basis of a system model, so that the fault tree generation efficiency and correctness are improved.

Methods, systems, apparatus, and non-transitory computer readable media are described for identifying users who are likely to have unauthorized access to secure data files in an organizational network. Various aspects may include presenting the identified users on a display for a system administrator and/or security analyst to resolve. For example, the display may include a graph data structure with users represented as nodes and connections between users represented as edges. Each connection may be a pair of users belonging to a same security group. The graph data structure display may be organized and color coded in such a manner, that a system administrator and/or security analyst may quickly and easily view the users who are most likely to have unauthorized access to secure data files. The authorized access may then be remedied or taken away.

The invention discloses a fine-grained vulnerability detection method based on depth characteristics. The fine-grained vulnerability detection method comprises the following two stages: a training stage and a detection stage. The training stage comprises the steps that a large number of programs with vulnerabilities and without vulnerabilities are collected; Preprocessing the programs, and extracting program slices from the program dependency graph; Labeling the generated program slice according to the vulnerability type; Extracting a program focus point from the program slice according to a security analysis rule; Converting the program slice and the program focus point into vectors; Building a vulnerability detection model based on deep learning, and using vectors to train model parameters to be optimal; And finally, a trained vulnerability detection model based on deep learning is obtained. The detection stage comprises the following steps: extracting a program slice and a program focus point from a program to be detected according to a source code processing mode of the training stage, and respectively converting the program slice and the program focus point into vectors; And classifying the vectors by using the trained vulnerability detection model, and finally generating a vulnerability detection report according to a classification result.

Disclosed is a system for detecting security threats in a local network. A security analytics system collects data about entities in the local network. The security analytics system parses the raw data into data fields. The security analytics system identifies a subset of the data fields based on the relevance of the data fields to detecting security threats in the local network. The security analytics system generates filtered data containing the subset of data fields and generates structured data based on the filtered data. The security analytics system identifies relationships between the plurality of entities, generates a set of features based on the structured data and the identified relationships, and generates one or more threat scores based on the set of features. The security analytics system detects malicious behavior performed by an entity in the local network based on the generated threat scores.

The utility model discloses a method for safe controlling the traveling carriage, which is characterized in that the traveling carriage sends a safety-relative information report to a safe server in the network; the safe server receives the safety-relative information report and analyses the safety-relative information report according to the safety analyzing and evaluating strategy to define the safe class of the traveling carriage, and then define the user controlling strategy, which is transmitted to a controlling actuator according to the safe class; the controlling actuator performs complete safe control on the traveling carriage according to the user controlling strategy so as to solve the problem of single safe controlling strategy on the traveling carriage in prior correlated responding system and incapacity of realizing the different safe controlling on different traveling carriages, effectively avoiding the network security threat caused by the unsafe terminal at the source and ensuring the network security. The utility model also discloses a correlated response system and a safe server.