181 results about "Trojan horse" patented technology

The invention relates to a computer with double operating systems, which comprises a primary operating system (1), a secondary operating system (2), a switch key (3) used for selecting a current operational operating system, a first storage device (101) and a second storage device (201), wherein, the first storage device (101) is independently separated from the second storage device (201) in body; and is only used for accessing the main operating system (1); and the second storage device (201) is only used for accessing the auxiliary operating system (2). The main operating system (1) can be used for a majority of application with low safety requirements such as online, playing games and the like; the auxiliary operating system (2) is mainly used for application with high safety requirements such as internet banking service, processing confidential and important files, receiving and sending E-mails and the like, and only can execute a formula prearranged inside, thereby avoiding the intrusion of various viruses and Trojan horse formulae.

The invention discloses a botnet, Trojan horse and worm network analysis method based on logs. The method comprises the steps that step 1, a DNS log and a RADIUS log are obtained; the DNS log comprises date, time, visit information, IP request information, domain name request information, domain name request characteristics, type analysis, IP information analysis and DNS server characteristic information; step 2, log cleaning is performed on the DNS log and the RADIUS log, fields which have no influence on statistics are deleted, fields which influences a statistical result are retained or modified; step 3, a suspicious domain name which confirms with specific characteristics is obtained according to common behavior characteristics of a known botnet, Trojan horse and worm network and a computer which has virus of botnet, Trojan horse and worm; step 4, according to the user visit DNS log and RADIUS log of the suspicious domain name, the characteristics of user groups which visit the suspicious domain name are analyzed, and a domain name of the botnet, Trojan horse and worm is determined according to the characteristics of the user groups.

The invention relates to a network-based detection method of rebound ports Trojan horse, belonging to the technical field of network information safety. The method determines whether a corresponding mainframe is attacked by the rebound ports Trojan horse or not by capturing network data packets and utilizing data for carrying out the analysis of time features, application layer protocol and data content. The method can effectively detect the rebound ports Trojan horse which adopts process hiding, file hiding, service hiding and other technologies to a certain extent and does not need to install any proxy software or module, thereby being fully applicable to the situations of having limitations on the installation of a Trojan killing tool on the mainframe.

The embodiment of the invention discloses a payment webpage modification preventing method and a payment webpage modification preventing device. The method comprises the following steps that whether a request received by a modification webpage interface is an external request or not is judged, and the external request refers to an inter-process request sent by other processes different from the webpage operating process; and when the judgment result shows that the request is the external request, the external request is intercepted. When the method and the device are adopted, the webpage tampering by trojan horse program can be avoided, and the goal of improving the e-commerce safety is reached.

The invention relates to a gate-level hardware Trojan horse detection method based on multiple characteristic parameters. The method mainly comprises two parts: characteristic parameter extraction anddata processing. Specifically, characteristic parameters such as hopping probability, correlation, controllability and observability of a gate-level netlist are extracted in the detection process, the hopping probability reflects the activity degree of circuit nodes, the correlation reflects the correlation degree between the nodes, and the controllability and observability indicate the difficulty degree of node control and observation. Then, different algorithms are designed according to different parameter characteristics to distinguish normal nodes and Trojan horse nodes. According to themethod, the gate-level netlist hardware Trojan horse detection effect can be improved; the situation of all nodes in the circuit is reflected through multiple characteristic parameters, the possibility that a design company uses an IP core provided by a third party to introduce a hardware Trojan horse maliciously modifying the circuit in the chip design stage is reduced, and therefore the method can be universally applied to gate-level hardware Trojan horse detection and has high practicability.

The invention discloses a dynamic mobile signature system and method. An improvement is conducted on the software and hardware environment of a mobile terminal, so that the dynamic encryption process and the dynamic decryption process are achieved. The mobile terminal is made to conduct dynamic signature on trade data sent to a commercial tenant through data interaction between a cloud dynamic signature service platform and the mobile terminal and data interaction between the cloud dynamic signature service platform and a commercial tenant platform, then, the trade data are sent to the commercial tenant platform through the cloud dynamic signature service platform to be confirmed after the signature is authenticated, and the operation of mobile payment is permitted according to trade information confirmed by a commercial tenant, wherein the cloud dynamic signature service platform and the mobile terminal are connected through the internet. By means of the dynamic mobile signature scheme, the defects of the hardware signature are overcome, the dynamic signature authentication at the software level is achieved, safety and flexibility of the mobile terminal are greatly improved when the mobile terminal participates in electronic commerce trade information confirming, the signature and authentication process is produced through a dynamic signature algorithm which is unceasingly updated on the basis of a cloud server, and therefore invasion of Trojan horse viruses can be effectively resisted, and safety performance of information confirming can be improved.

The invention relates to a Java Web application memory Trojan horse detection method, terminal equipment and a storage medium. The method comprises the following steps: S1, acquiring a Class byte stream from a running Java virtual machine; s2, the Class byte stream is analyzed into an identifiable Constance and an identifiable Method, and the Class byte stream is analyzed into the identifiable Constance and the identifiable Method; and S3, according to a sensitive rule base formed by sensitive rules, matching the analyzed Constant with the analyzed Method, According to a matching result, judging the risk of the Class byte stream. Compared with a traditional detection method, the method has the advantages that the resource consumption is lower, the influence on the operation of a service system is smaller, and a large amount of I/O operation is avoided.

The invention provides a file-free Trojan searching and killing method and device, and relates to the field of information security. The method can also be used in the financial field, and comprises the following steps: running a Java Agent engine and obtaining a stack calling log and byte-like code information of a called program in a Web server application program; determining the risk level of the called program according to a preset detection rule, the stack calling log and the byte-like code information; and according to a preset searching and killing strategy and the risk level, determining that the called program contains a class file without the file Trojan horse, and searching and killing the class file without the file Trojan horse. According to the method and the device, automatic detection, searching and killing without file Trojan can be realized, and safe operation of the Web application is protected.

The invention discloses a method and a circuit for credible design of an integrated circuit design process. The method comprises the following steps: acquiring a gate-level netlist of an integrated circuit; wherein the integrated circuit gate-level netlist comprises process deviation information; acquiring a to-be-tested path in the integrated circuit; configuring the to-be-measured path into a ring oscillator; adding a gate-level netlist of an on-chip detection circuit in the gate-level netlist of the integrated circuit to complete the layout design of a new circuit; performing first dynamicsimulation on the new circuit to obtain a frequency threshold range of the ring oscillator; and performing credible design verification on the new circuit by utilizing the detection circuit accordingto the frequency threshold range. According to the credible design method provided by the invention, the influence of the Trojan horse on the side channel information is directly reflected on the pathdelay, so that the process of modeling the Trojan horse is omitted, and the test difficulty is reduced; and meanwhile, the detection circuit is simple in structure and easy to integrate into an integrated circuit design process, so that the measurement accuracy is ensured.

The invention belongs to the technical field of database privacy query, and discloses a sequence rearrangement-based quantum database privacy query method with better user privacy performance. A database owner Bob sends a quantum sequence to a user Alice; for each received particle, the Alice measures the particle by selecting and using Z base according to a probability eta, or by selecting and using X base according to a probability 1-eta; the Alice rearranges a particle sequence and then sends rearranged particles to the Bob; and meanwhile, the Alice tells the Bob about the measurement baseselected and used for the particle in each position after sequence rearrangement and a measurement result. Through a quantum database privacy query protocol proposed by the method, the user privacy performance better than cheat sensitivity can be obtained; and Trojan horse attack can be resisted in the absence of a wavelength filter and a photon number distributor with an auxiliary monitoring detector.

The invention discloses a hardware Trojan horse detection method based on Adaboost. The method comprises steps of defining the gate-level structure features of hardware Trojan horses, calibrating thepositions of all hardware Trojan horses in a netlist and the Trojan horse feature vectors of gate-level elements, building a training and testing data set, and building and training an Adaboost hardware Trojan horse detection model according to the data set. When the error rate of the model is lower than a set threshold value, the model can be used for detecting hardware Trojan horses in the circuit netlist to be detected.

The invention relates to a mining Trojan horse detection method and device, an electronic device and a storage medium, and the method comprises the steps: obtaining a to-be-detected binary file; converting the binary file into a grey-scale map by using a B2M algorithm; inputting the grey-scale map into a completely trained CNN convolutional neural network model for matching; and determining whether the binary file is a mining Trojan file or not according to a matching result. The mining Trojan horse detection method and device solve the problem of how to solve the problem of large memory occupation on the terminal device for detecting the mining Trojan horse by the neural network application, and can quickly and effectively detect the mining Trojan horse on the premise of occupying littlestorage space.

The embodiment of the invention provides a webshell detection method and device, a medium and equipment, and the method comprises the steps: recognizing the dynamic characteristics of a to-be-detected file, and generating an abstract syntax tree of the to-be-detected file after the grammatical analysis and lexical analysis of the to-be-detected file; recording nodes with dynamic characteristics in the abstract syntax tree, and detecting whether the nodes with the dynamic characteristics have stain variables or not through Trojan horse analysis; determining that the to-be-detected file has a risk in response to the fact that the node with the dynamic characteristic has the stain variable; and determining that the to-be-detected file is safe in response to the fact that the node with the dynamic characteristic does not have the stain variable. According to the method, the dynamic characteristics of the to-be-detected file are taken as core characteristics, and the dynamic and static analysis technology is matched, so that the detection accuracy and the response efficiency of the webshell are improved.

The invention discloses a computer credible authentication system, method and equipment and a readable storage medium, and a trusted computing technology is incorporated into the overall security of the system. The credible PC based on the platform can guarantee the integrity of software and hardware in the use process of the PC, an attacker cannot reach an attack directory by means of refreshing an ROM, replacing accessories, replacing an operating system, implanting Trojan horses and the like, and the credible PC always runs in a safe and credible environment. According to the invention, the software and hardware environment of the trusted PC equipment can be ensured to be always in a safe and trusted state from starting of bottom hardware to starting of an operating system to running of actual software and the like, unauthorized software, illegal programs, Trojan viruses and the like cannot be installed in the system and cannot be executed, and the safety of an office environment can be effectively ensured. The credible computing has outstanding superiority and strong defense capability for network attack weapons and attack modes.

The invention discloses a system chip hardware Trojan horse detection method and system based on differential amplification controllability. The detection method comprises the following steps of S1, obtaining a gate-level netlist of a to-be-detected circuit; s2, acquiring the controllability of the signal combination of the circuit to be tested; s3, classifying the signals of which the combined controllability is greater than a threshold value into Trojan signals; s4, calculating the differential amplification controllability of the residual signals; s5, carrying out kmeans clustering on the differential amplification controllability of the residual signals; and S6, dividing the kmeans clustering result into a normal signal and a Trojan signal to be output. According to the method, the gate-level netlist is analyzed, and all Trojans inserted before chip manufacturing can be detected theoretically; the combined controllability of the signals in the circuit is analyzed, the controllability of differential amplification is calculated and utilized, the testability of the signals can be reflected, the static overturning probability of the signals can also be reflected, the concealment characteristic of Trojan horses can be better reflected, and a good detection effect is achieved.

The invention discloses a mining Trojan horse detection method and device, relates to the technical field of network security, and aims to effectively detect whether a mining Trojan horse program is implanted into terminal equipment. The method comprises the following steps: receiving user behavior logs uploaded by a plurality of clients; matching each command line with a preset rule so as to extract keywords contained in each command line from each command line; performing statistical processing on the plurality of keywords to determine high-risk keywords; when a to-be-detected user behaviorlog is received, matching a plurality of to-be-detected command lines contained in the to-be-detected user behavior log with a preset rule so as to extract to-be-detected keywords contained in each to-be-detected command line from each to-be-detected command line; when it is judged that the to-be-detected keyword is the high-risk keyword, determining the to-be-detected command line where the to-be-detected keyword is located as a mining Trojan horse command line. The method and the device are suitable for the process of detecting whether the mining Trojan horse program is implanted into the terminal equipment.

The invention relates to the technical field of network security and discloses a DNS-based Trojan horse virus detection method. The method comprises a data packet acquisition and integration module, aDNS session recombination module, a random forest classification training module, a DNS tunnel Trojan horse traffic monitoring module and a user management interface. The Trojan horse virus detectionmethod based on the DNS comprises steps that the first sample information is acquired, and the first sample information comprises the domain name information of the DNS and flow behaviors of the DNS;a characteristic value of the first sample information is extracted; weighted summation is conducted on feature values to obtain a score value; the DNS suspicious model is established according to the score value, so that weighted summation is performed on the feature value, the DNS suspicious model is established according to the score value after the score value is obtained, and the DNS suspicious model can be used for subsequent suspicious judgment on DNS information, namely, multi-dimensional recognition is performed on the feature value, so many problems such as misinformation generatedby a conventional algorithm are reduced; and DNS information detection and identification accuracy is improved.

A method for data security reading includes steps of: receiving a hardware instruction; analyzing said hardware instruction; if said hardware instruction is a reading instruction, obtaining the source address in the reading instruction; searching a mapping bitmap and modifying the reading address in the reading instruction according to the data of the mapping bitmap, wherein the mapping bitmap is used to indicate whether the data stored in a local storage address is dumped to said security storage device; transmitting the modified reading instruction to a hardware layer. An apparatus for data security reading includes a receiving unit, an instruction analyzing unit, an instruction modifying unit and a transmitting unit. The Trojan horse or malicious tools cannot store or transmit the acquired information even if the secret information has been obtained, so that the data always exists in controllable security range.