51 results about "Threat perception" patented technology

Information is received from a set of peer clients associated with a client, the information indicating likelihoods of peer client exposure to malware threats. An environmental safety score associated with the client is determined based, at least in part, on the information received from the set of peer clients, wherein the environmental safety score indicates a likelihood that the client is exposed to malware threats. A set of malware signatures is retrieved from the server at a time determined responsive to the environmental safety score and stored.

The invention provides an electromagnetic radiation interference resisting method and device for an information link of an unmanned aerial vehicle. The electromagnetic radiation interference resistingmethod comprises the steps that unmanned aerial vehicle electromagnetic parameters and external electromagnetic radiation interference information are obtained, and a first parameter sensitive threshold, a second parameter sensitive threshold and a third parameter sensitive threshold are generated according to electromagnetic radiation sensitive information; an early warning signal is generated if the current interference signal intensity is greater than a first interference signal intensity threshold and less than a second interference signal intensity threshold; the unmanned aerial vehicleautomatically switches the channel if the current interference signal intensity is greater than the second interference signal intensity threshold and less than a third interference signal intensity threshold; and the unmanned aerial vehicle automatically executes a return instruction if the current interference signal intensity is greater than the third interference signal intensity threshold. According to the invention, the unmanned aerial vehicle can be avoided from being trapped in a strong electromagnetic interference area suddenly or having a sudden unexpected situation, the electromagnetic threat perception ability of the unmanned aerial vehicle is improved, the degree of influences imposed on unmanned aerial vehicle equipment by external continuous wave in-band electromagnetic radiation interference is reduced, and the intelligent development level of the equipment is improved.

The invention discloses a disease prevention and health management method and system; the method comprises the following steps: multi-dimensionally collecting individual basic information; analyzing whether the individual has protruding disease danger factors or not according to collected basic information, and evaluating and predicting main disease risks caused by the disease danger factors if the analysis result is yes; determining whether the individual belongs to high risk population needing intervention or not according to the evaluation and prediction result, determining the danger factors needing intervention if the individual belongs to the high risk population, and predicting individual risk control compliance according to different danger factors; using VR technology to configure a corresponding disease threat perception scene for the individual with the predicted risk control compliance lower than a preset value, thus carrying out perception induction for the individual. The method and system can use VR scene technology to carry out disease danger perception induction for individuals, thus promoting behavior correction, and realizing disease prevention and health management.

The invention provides a power grid security situation awareness platform architecture. The power grid security situation awareness platform architecture comprises a security data acquisition and storage module, an intrusion detection module, an intelligent situation analysis module and a situation visualization module, through technologies of active monitoring, flow analysis, enterprise side collection and the like, power Internet of Things security threat perception, attack discovery, violation behavior monitoring, threat alarm and the like are formed, and security situation perception service is provided for the power industry aiming at the characteristics of multiple perception nodes, different types, diversified connections, dynamic and changeable information and the like in the power Internet of Things environment. An electric power Internet of Things security situation awareness solution is formed.

The invention provides an unknown threat perception method and system based on active self-paced learning, a storage medium and a terminal. The unknown threat perception method comprises the followingsteps: selecting a label-free sample with the information amount greater than a first preset threshold value for manual labeling based on an active learning selection strategy; Selecting a label-freesample with the confidence higher than a second preset threshold based on a self-learning selection strategy to carry out prediction labeling; Training a log classification model based on samples ofmanual annotation and predictive annotation; And sensing unknown threats in the network data based on the trained log classification model. According to the unknown threat perception method and systembased on active self-paced learning, the storage medium and the terminal, the accuracy of network threat recognition is improved through a mode of combining manual annotation and predictive annotation, and an unknown network can be recognized.

The invention discloses a Docker-based automated honey pot construction and threat perception method. The method comprises: step one, creating and running a data collection container; step two, carrying out formatting processing on original data according to a data processing algorithm; step three, carrying out depth model training on the formatted data; step four, carrying out data visualizationby using NodeJS as a web background; and step five, determining an unknown flow by using a threat perception technology. Therefore, functions of data collection, data processing, data visualization and the like can be completed automatically; and parameters for model training need to be adjusted manually, so that the model becomes stable and accurate.

The invention belongs to the technical field of network security, and particularly relates to a network information security protection method and system. According to the method, real-time monitoringand active protection can be carried out on data in a network system, and when external invasion is monitored, protection measures can be actively adopted to protect the server and the information security on the server. According to the method and system, comprehensive resource supervision, login behavior recording, attack recording, file tamper-proofing, emergency supervision and security supervision can be conveniently and intensively carried out on various information systems, and operation conditions, security situations, risk identification, threat perception and security disposal-attack event traceability of all the information systems can be fully grasped..

The embodiment of the invention provides a depth data packet detection method and device and a readable storage medium. Data prediction is carried out on each data stream component in data stream characteristics of a detected data packet, therefore, the threat perception situation of the data stream characteristics in the future unit time can be predicted and classified, so that the threat perception detection can timely respond to the change of the data packet, and the influence of the computer security when the data packet is quickly changed can be reduced.

The invention provides a router threat perception method and system. The method comprises the following steps that: the threat perception system is consistent with the input of a monitored router; theoutput data of the monitored router is sent to the threat perception system at the same time; wherein the configuration information of the monitored router needs to be synchronously configured to thethreat perception system; and the state information of the monitored router needs to be timely collected to the threat perception system. The output data and state of the monitored router are compared with the output data and state of the threat sensing system, if the output data or state of the monitored router is inconsistent with the output data or state of the threat sensing system, the monitored router may have a threat, and alarm information is sent to a management system. The threat perception system comprises an input processing unit, a function equivalent actuator unit, a state comparison unit, an output comparison unit and an analysis alarm unit. According to the method, the problem of high difficulty in judging router threats caused by various vulnerability and attack technicalmeans can be solved, and unknown vulnerabilities and zero-day attacks can be perceived.

The invention discloses an implementation method of a dynamic intelligent self-adaptive honeynet, which comprises a dynamic intelligent self-adaptive honeynet architecture. The dynamic intelligent self-adaptive honeynet architecture comprises an intelligent honeynet architecture basic hardware facility layer, an intelligent honeynet architecture component recognition engine layer, an intelligent honeynet architecture decision distribution engine layer, an intelligent honeynet architecture flow cleaning engine layer, an intelligent honeynet architecture forwarding decision engine layer and an intelligent honeynet architecture behavior learning engine layer. Through mutual configuration and cooperation of multiple engines, the flexibility of the honeynet is improved, and the score of the attacker connection activity, the self-adaptive attack and the network environment are calculated according to the algorithm weight. Aiming at the problems of a traditional honeypot, resources are reasonably called and a honeynet most suitable for a client is deployed according to the actual situation of the client and the strength degree of an attack technique, and a balance point is achieved between the threat perception effect and the resource utilization efficiency.

The invention provides a Web attack behavior detection method and system. The system comprises a Web service website, a Web honeypot and a threat perception tracing platform. The Web service website and the Web honeypot are used for embedding a tracing script into webpage data returned to a visitor; the tracing script automatically runs after being loaded and is used for collecting access data ofa visitor and sending the access data to the threat perception tracing platform; and the threat perception tracing platform is used for collecting the access data of the visitor sent by the tracing script and detecting the Web attack behavior according to the access data of the visitor. According to the invention, the detection effect of Web attack behaviors can be effectively improved.

The invention belongs to the technical field of computers, and particularly relates to a network attack monitoring system based on multi-source information analysis. The system comprises a rule makingmodule, a flow acquisition module, a flow processing module, a malicious code sample acquisition module, a flow scanning and analysis module and a threat assessment and early warning release module.The method has the technical effects that the network threats are comprehensively perceived, specifically, based on flow analysis, network potential safety hazards are accurately recognized, sensitivenetwork threat perception capacity is constructed, and the comprehensive network security situation is displayed. Timely loss stopping and quick response: providing a network security threat assessment report through network attack security analysis, assisting network security management personnel to take corresponding treatment measures in time, and preventing the situation from continuing to develop.

The invention relates to a threat-driven network attack detection and response method, and belongs to the technical field of information security. Aiming at the defects of a traditional static defensetechnology system and an emergency threat response protection mechanism, the invention designs a threat-driven security response method according to a PPDR model starting from the attack thought andprocess of an attacker on the basis of research and analysis of a universal network attack process. The invention designs a threat-based attack detection and response method, so as to establish a threat dynamic response system which is linked internally and externally, is mainly used for prevention and has overall threat perception and rapid response processing capabilities in the near future.

The invention discloses a botnet detection device based on HTTP first question and answer packet clustering analysis, and relates to the field of information technology. The botnet detection device iscomposed of an HTTP head field statistical feature extraction module, a botnet traffic recording module, a request packet and response packet content acquisition module, a feature vector extraction module, a clustering module, a feature code generation module and a rule generator, wherein the feature code generation module consists of a single feature code generator, a feature code combiner and afeature code trimmer. The botnet detection device does not depend on priori knowledge, does not need a large amount of manual intervention, and can automatically extract and generate high-quality feature codes from HTTP botnet traffic. The feature code detection can be added into an intrusion detection system to be used for rapid and wide botnet threat perception and botnet family classification,and wide and rapid botnet host discovery is achieved.

The embodiments of the invention disclose a threat perception method based on operating scenario analysis, based on a system comprising at least one client and a server. The method comprises: the server receiving operating data, application matching result data and/or control trigger data uploaded by the client, analyzing the operating data, the application matching result data and/or the controltrigger data to determine whether a preset operating scenario that matches the operating data, the application matching result data and/or the control trigger data is present, using the matching operating scenario as a target operating scenario, determining a target execution strategy corresponding to the target operating scenario, and transmitting a target execution instruction included in the target execution strategy to the client by an operation assistance system; and the client executing a response operation included in the target execution instruction after receiving the target executioninstruction. The method and the system can improve the recognition efficiency of the security risk of an application during use, and improve the defense ability against the unknown threat.

The embodiment of the invention provides a big data processing method and system based on threat perception, and a cloud platform. An information promotion plan occupied by operation is divided into scattered information promotion objects, and the number of information promotion intermediate flows in one information promotion object is smaller than the number of information promotion intermediate flows in the whole information promotion plan, so the process of determining a first reference threat perception behavior set corresponding to one information promotion object through a threat perception unit is faster, and the determination of first reference threat perception behavior sets corresponding to the plurality of information promotion objects is synchronously processed through different threat perception units, so that the cost of threat perception can be reduced, the cost of determining the user group threat perception behavior set of the information promotion node in the information promotion plan is reduced, the efficiency of generating the user group threat perception behavior set is improved, and the reliability of information promotion service operation is improved.

The invention discloses a multi-attribute self-adjusting network transformation system and method based on an SDN. The method comprises the following steps: collecting a request data message, and carrying out calculation and statistics on distribution probabilities of a source IP address and a destination IP address of the request message; comparing similarity of distribution of the source IP address and the destination IP address in adjacent time intervals, and determining a scanning attack target and scanning strategies; generating different IP address conversion strategies according to different scanning strategies; and executing the IP address conversion strategies to complete active migration of the IP address and a port number. According to the invention, a jump strategy is triggered based on threat perception, so that the pertinence of network jump strategy selection is improved; and moderate protection of end nodes is realized by adaptively adjusting jump end information and a jump period.

The embodiment of the invention provides a threat attack protection decision-making method adopting AI and big data analysis and an AI system, and the method comprises the steps: obtaining a protection attention index cluster related to threat perception data of a threat perception system for a target protection server, and carrying out the protection attention index cluster according to the protection attention index cluster related to the threat perception data, and the protection enhancement scheme of the target online page service of the target protection server is adjusted, so that protection enhancement adjustment is performed on the related online page on the basis of the protection attention index, and compared with global unified protection enhancement adjustment in the related technology, the method has higher pertinence and accuracy.

An embodiment of the invention provides an information generation method based on threat perception big data, and an artificial intelligence perception system. According to the information generation method based on the threat perception big data, and the artificial intelligence perception system provided by the embodiment of the invention, after the security optimization application data is obtained, the security optimization performance evaluation is performed on the security optimization firmware information and the security optimization application data, whether the safety optimization application data are matched with the optimization performance of the safety optimization firmware information is judged by judging whether the safety optimization application data is matched with the optimization performance of the safety optimization firmware information, so that whether the safety performance optimization meets the safety performance optimization condition can be determined, and if yes, the target safety optimization firmware information can be added to a safety upgrading library to carry out upgrading basic resource recording. Therefore, high-reliability security upgrade library resources are continuously formed, and prompt information for updating the threat perception thermodynamic diagram information of a security optimization firmware information pushing basis is generated when the security upgrade library resources do not accord with the threat perception thermodynamic diagram information so as to prompt that the current threat perception thermodynamic diagram information needs to be updated.