254 results about "Spoofing attack" patented technology

This invention is a system, method, and apparatus for detecting compromise of IP devices that make up an IP-based network. One embodiment is a method for detecting and alerting on the following conditions: (1) Denial of Service Attack; (2) Unauthorized Usage Attack; and (3) Spoofing Attack. A survey of services running on the IP device, historical benchmark data, and traceroute information may be used to detect a possible Denial of Service Attack. A detailed log analysis and a passive DNS compromise system may be used to detect a possible unauthorized usage. Finally, a fingerprint of the IP device or its configuration settings, a watermark inserted in the data-stream, and a private key burned into the IP devices' physical memory may be used to detect a possible spoofing attack. The present invention may be used to help mitigate intrusions and vulnerabilities in IP networks.

Protecting computer users from online frauds, such as phishing and pharming. A client computer may include a page signature extractor and a policy enforcer. The page signature extractor may encode a web page to generate its signature, which may be provided to a remote server computer for comparison with signatures of phishing pages. The client computer and the server computer may communicate using the DNS protocol. The policy enforcer may perform one or more predetermined actions when a match is found. Examples of such actions include replacing the web page with a blocking page, displaying a warning message, or both. The policy enforcer may be configured to determine if the web page is part of a phishing or pharming attack by comparing the URL of the web page to URLs of legitimate web pages.

A secure authentication process detects and prevents phishing and pharming attacks for specific web sites. The process is based on a dedicated secure hardware store for user sign-in credentials, a database of information about specific web sites, and a private secure browser. All user web activity is monitored by an agent program. The agent program checks to make sure that user attempts to send any sign-in credentials stored in secure hardware store of user sign-in credentials, to any web site accessed by the user, is allowed only if the IP address of the web site accessed by the user matches at least one of the IP addresses stored web site database associated with the sign-in credential the user is attempting to send. The process also detects mismatches between a URL and the actual IP address of the web site associated with the URL.

A system and method for detecting global positioning system (GPS) spoofing attacks includes collecting GPS readings along with inertial navigational system (INS) readings as a ground truth, and sequentially testing the GPS readings and INS readings through the use of a sequential probability ratio testing (SPRT) process.

The invention discloses a method and a system for detecting voice spoofing attack of speakers on the basis of deep learning. The method includes constructing audio-frequency training sets, initializing deep feed-forward neural networks and deep recurrent neural networks and respectively training the deep feed-forward neural networks and the deep recurrent neural networks by the aid of multi-frame feature vectors and single-frame vector sequences of the training sets; respectively leading frame level and sequence level feature vectors of to-be-tested audio frequencies into two trained linear differential analysis models in test phases, weighting two obtained result grades to obtain scores and comparing the scores to predefined threshold values so as to discriminate voice spoofing. The method and the system have the advantages that local features can be captured, and global information can be grasped; the linear differential analysis models are used as classifiers in identification and verification phases, the voice spoofing attack can be judged by means of grade fusion, and accordingly the voice spoofing detection accuracy can be greatly improved.

Provided is a biometric authentication system capable of preventing spoofing attacks even if leakage of key information and a registration conversion template occurs. A communication terminal device (300) calculates secret key information k′ which is exclusive OR of key information k of the registration biological information and masked value c′ which is randomly selected from a predetermined error correction code group, and calculates verified information c′″ which is exclusive OR of sent information c″ and value c′. A biometric authentication device (500) calculates exclusive OR of authentication biological information, information k′, and registration conversion template w, as information c″, wherein the template w is exclusive OR of information x, information k, and authentication parameter c randomly selected from the code group; and performs biometric authentication on the basis of a degree of matching between information c′″ corresponding to information c″, and the parameter c.

A storage area network resistant to spoofing attack has several nodes each having a port, and storage area network interconnect interconnecting the ports. Each port is provided with a hash function generator for providing and verifying an authentication code for frames transmitted over the storage area network, and a key table for providing a key to the hash function generator. The authentication code is generated by applying a hash function to the key and to at least an address portion of each frame. In each node, the key is selected from that node's key table according to address information of the frame.

Methods and systems that can detect GNSS spoofing attacks and that do not require explicit or implicit knowledge of exact position or attitude and that provide hypothesis test statistics, threshold values, and probabilities of false alarm and missed detection.

A routing Cable Modem Termination System (CMTS) configured to enable Point-to-Point Protocol over Ethernet (PPPoE). The routing CMTS may bridge Ethernet frames related to a PPPoE connection from a first network to a second network. Bridging Ethernet frames allows terminals in different networks to establish a PPPoE connection. A routing CMTS may also collect state information regarding PPPoE connections. The routing CMTS may use the state information to only bridge Ethernet frames related to valid PPPoE connections. It may act as a firewall to prevent spoofing attacks.

A method of assessing the possibility of an iris print-attack includes measurement of the eye movement of a person. One or more values (e.g., a feature vector) are determined based on the measured eye movements. Based on the determined values, an assessment is made of whether or not the person is engaging in an iris print-attack.

This invention discloses a living person detection method applied to face recognition. The method includes the following steps that: modeling is performed on the background of a current recognition environment; face detection is performed: the locations and sizes of faces are obtained and are adopted as the initial position of next face detection; the similarity between the background of inputted face images and a modeling background image is calculated through adopting an SSIM method; when the faces are detected, ultrasonic waves are utilized to measure the distance between a camera and an obstacle, and a classification probability value f is obtained through utilizing a logistic regression model; and an SSIM value and the value f are combined linearly, so that a final result R can be obtained, and when R is smaller than a certain threshold value, a spoofing attack is determined. The living person detection method applied to face recognition of the invention has the advantages of high success rate and excellent stability.

There are provided a system and method for detecting Address Resolution Protocol (ARP) attacks. The ARP spoofing attack detection system includes: a reception module which receives an ARP packet, and which determines whether the received ARP packet is an unsolicited ARP packet; a transmission module which creates, if the ARP packet is an unsolicited ARP packet, an ARP request packet corresponding to the unsolicited ARP packet, and which broadcasts the ARP request packet; and a detection module which determines, if an ARP response packet corresponding to the ARP request packet is received, whether an input port of the ARP response packet is identical to an input port of the unsolicited ARP packet, and which determines that an ARP spoofing attack has occurred if the input port of the ARP response packet is not identical to the input port of the unsolicited ARP packet.

A method and an apparatus for defending against Address Resolution Protocol (ARP) spoofing attacks are disclosed. The method includes: when an ARP entry is updatable, judging whether the MAC address of a received ARP message is the same as the MAC address in the ARP entry, where the ARP message has the same Internet Protocol (IP) address as the ARP entry; if the MAC addresses are different, determining the received ARP message as an ambiguous ARP message and starting an ARP verification process, or else starting no ARP verification. In this way, when no address spoofing attacks occur, no verification messages are generated, and thus reducing signaling interactions and saving network resources; besides, spooling attacks possibly happening at any time are avoided, which effectively prevents address spoofing attacks via random scanning and protects the normal application of the real host.

The invention relates to a deception recognizing method and device of a face image. The method includes: acquiring the face image to be recognized; utilizing a trained first neural network to extractlocal features of the face in the face image to acquire a local feature value of the face image; utilizing a trained second neural network to extract depth features of the face in the face image to acquire a depth feature value of the face image; fusing the local feature value and the depth feature value to acquire a fusion value of the face image; comparing the fusion value with a threshold value, and judging a deception recognizing result of the face image according to a comparison result. The deception recognizing method is high in recognizing accuracy and robustness and capable of dealingwith various image deception attacks.

The invention provides a liveness detection method and system for face recognition on a mobile platform. The method includes the following steps that: a facial video containing of user photos at different angles as well as motion acceleration and rotation data of a mobile device in video recording are captured; the feature information of the correlation of head pose vector data and device movement vector data in the video are calculated and extracted; and whether the detected video is a real face or a face counterfeited from photos/videos is distinguished through a classifier. With the liveness detection method and system of the invention adopted, a face recognition-based identity recognition application on the mobile platform can resist photo and video-based spoofing attacks, and hardware devices which most mobile devices are not provided with are not needed to be adopted. The method and system have robustness for complex light conditions and can tolerate head rotation of the user in a use process.

A method or network that addresses cybersecurity vulnerabilities in an ADS-B network by validating and authenticating ADS-B messages. Nodes of the network maintain a validated ledger of ADS-B transactions and use validated information from this ledger to improve security against common cybersecurity attacks including, but not limited to, denial of service attacks, jamming attacks, spoofing attacks, flooding attacks and eavesdropping.

A caller ID verifier may be employed to protect telephone users against caller ID spoofing. The caller ID verifier may be implemented in a telephony apparatus, such as a smart phone, stand alone caller ID device, or telephone network infrastructure, for example. Telephone numbers of related callers may be grouped into caller groups. The caller ID verifier may be configured to play one of several audio messages depending on the caller group of the telephone number corresponding to the caller ID of the telephone call. An audio message may include a question. The caller ID verifier may forward the telephone call to the telephone user when the caller answers the question correctly. Otherwise, the caller ID verifier may terminate the telephone call and give the telephone user the option to return the telephone call using the caller ID.

A method and device enables detecting a spoofing attack in a wireless communication network (100). The method includes receiving at the primary access point (105) a beacon signal transmitted from an alternative access point (115), where the beacon signal includes an alternative access point identification. The primary access point (105) then compares the alternative access point identification with an actual identification of the primary access point (105). It is then determined at the primary access point that the alternative access point (115) is conducting a spoofing attack if the alternative access point identification matches the actual identification of the primary access point (105).

In a networked environment, where multiple Internet Service Providers and multi-vendor equipment are involved in e-Business services and applications offering, the risk of overloading the Internet devices are real and security management is a challenge. Internet device traffic overloads could result from spoof attacks, (Denial-of-Service (DoS) or Distributed DoS (DDoS) attacks), device failures, special events, or widespread loads above engineered levels. To solve the problem of Internet security management for integrated optical and wireless devices, a new apparatus and functions running on IP devices are defined in this invention. Each Internet device includes counters and thresholding feature to manage the security attacks and prevent failure of the device being attacked.