38results about How to "Improve attack defense capability" patented technology

A method for retransmitting message up-transmits buffer stored message to control plane when channels is not blocked by buffer storing message when channel used for up-transmitting message to control plane is blocked.

The invention discloses a safe application method and system of a machine learning model. The method includes steps such as front-end service model processing, prior information extraction, verification strategy analysis, back-end verification module processing, and fusion decision-making. The back-end verification and the front-end service machine learning service model of the present invention are relatively independent, and the anti-attack ability can be enhanced through the separation of module functions, and the application security of the machine learning model can be improved; the back-end verification supports the multi-dimensional back-end of inherent attributes and external information Verification, the verification method is more comprehensive and stricter, and is suitable for the definition of verification strategies for various types of machine learning tasks. For the processing results of the front-end service machine learning model, the influence coefficient of the main feature can be defined, and the verification strategy can be flexibly formulated according to the influence coefficient. It is suitable for application scenarios of various machine learning models, and has good flexibility and versatility.

The invention discloses a method and an apparatus for processing messages belonging to the communication field. The method comprises: receiving an internet group management protocol (IGMP) request message from a sender; reading a local recording frequency value of sending message from the sender; discarding the internet group management protocol request message when the frequency value is larger than a presetting frequency threshold. The apparatus comprises: a receiving module, a first reading module and a first discarding module. The invention enables an exchange not to have a plurality of IGMP messages by discarding IGMP messages larger than the frequency threshold, improves the anti-attack ability of the exchange, avoids the IGMP messages attack to the exchange, and protects the exchange. Moreover the invention also solves the problem that a multicast client attacks by frequently adding the IGMP messages between different cast groups or sending the IGMP messages when leaving through discarding the IGMP messages larger than the frequency threshold.

The invention relates to the technical field of internet of things communication safety, in particular to an internet of things mobile communication method and system, wherein the internet of things mobile communication method comprises the steps that a transfer center receives first encryption information; the transfer center decrypts the first encrypted information and integrity check accordingto a pre-stored first encryption key and a first integrity key to obtain plaintext information; the transfer center encrypts the obtained plaintext information according to a pre-stored second encryption key and a second integrity key to generate second encryption information; the transfer center sends the second encrypted information to a second mobile terminal. According to the embodiment of theinvention, a data transfer center is added without changing the original network structure, so that the transmission of the data and the voice over the wireless network and the backbone network is protected by ciphertext, the integrity checking is improved, the safety of data and voice is greatly improved, and the anti-attack capability is improved.

The invention provides an anti-attack MAC address learning method and device, and network equipment. The method comprises the following steps: when a forwarding chip of the network equipment receivesa message, analyzing a source MAC address and a target MAC address of the message; using the source MAC address and the target MAC address to search for MAC table items of the forwarding chip, whereinthe MAC table items comprise temporary MAC table items and formal MAC table items, and the aging time of the temporary MAC table items is shorter than the aging time of the formal MAC table items; ifmatching table items for the target MAC address are obtained in the temporary MAC table items through the searching, refreshing the matching table items as the formal MAC table items, and establishing the formal MAC table items for the source MAC address; and if the matching table items for the source MAC address and the target MAC address are not obtained in the temporary MAC table items throughthe searching, establishing the temporary MAC table items for the source MAC address. The method and device and the network equipment provided by the invention have the advantages that table item storage space in the equipment can be rapidly freed up, so that the anti-attack capability of the network equipment is improved.

The invention relates to a method for realizing decentralized distributed process guarding based on ad hoc network technology, including generating supermanagement identity and authority and guarding policy files through the creation module, and safely storing them in each guarding node, system process, and a It is a perpetual guard that does not require external intervention. Second, the process needs to be iteratively updated / added nodes; the super administrator externally intervenes, redeploys, and after the deployment is complete, after the super administrator intervention mode exits, start the perpetual guard; start mutual monitoring, Basic services for failover and takeover, message broadcasting, and communication. The present invention utilizes the original self-organizing network technology to construct a credible decentralized distributed process guardian system, which is used to avoid the problem of system process guardian ability failure caused by the guardian's own single point of failure; at the same time, it can protect the scope of Expand from a single machine to all hosts in the whole domain, and at the same time, improve the anti-attack capability of the entire guard system to ensure the credibility of the guard system itself.

The invention discloses a method and a device for verifying the integrity of security critical data of a program in the process of running. The method comprises the following steps: 1) indicating a security critical variable in the program, generating a security critical data set in the process of compiling, dividing a virtual address space of the program into a protected area and a non-protected area in the process of loading the program, loading the security critical data set to the protected area, and constructing an integrity verification tree for a virtual page of the protected area of the program; and 2) in the process of writing program data into a memory, updating a root verification value; and in the process of reading program data from the memory, generating a new root verification value, comparing the new root verification value with the original root verification value, if the two are equal, determining that the security critical data set is not tampered, otherwise, determining that the security critical data set is tampered. The device comprises a data integrity verification circuit, a root verification value storage module and a comparator. The method and the device disclosed by the invention have the advantages of high safety performance, strong attack prevention performance, small calculated amount, and less occupied storage space.

The disclosed method to protect VOIP gateway media channel comprises: deciding whether the received media flow source port number same as the negotiated number to endow the media flow with the highest PRI when the decision result is same; for media flow with different receive and transmit ports, dynamic managing its PRI to set higher PRI for following legal media flow and select the one with the highest PRI to send to DSP. This invention can avoid gateway being paralyzed or hacker vicious attack, and improves security and anti-interference of VOIP system.

The invention provides an attack prevention processing method and device. The attack prevention processing method comprises the steps of locally sending ACL (Access Control List) by a superior device based on an obtained MAC (Media Access Control) address of an attacking terminal; when the number of the ACL used by the superior device per se reaches a preset ACL threshold value and a subordinate device exists at the interface where an attack message is received, sending the MAC address of the attacking terminal to the subordinate device; and after the subordinate device receives the MAC address of the attacking terminal, sending the ACL at the interface where the MAC address of the attacking terminal is learned, and filtering the attack message sent by the attacking terminal. The attack prevention processing method and device can enhance the attack prevention capability of the network and can reduce resource consumption of a BRAS (Broadband Remote Access) device.

A method for raising network safety by utilizing message treatment includes placing message in buffer queue with relevant priority level and at channel between central processing unit and hardware retransmission plane separately according to priority level of message, carrying out treatment on message in buffer queue by central processing unit according to dispatch rule, carrying out treatment on message not required to be processed by control processing unit according to property of message and identifying those message according to specific rule for raising antiattack ability of network device.

A method for retransmitting message up-transmits buffer stored message to control plane when channels is not blocked by buffer storing message when channel used for up-transmitting message to control plane is blocked.

The present invention provides a safe interactive control method between an intelligent terminal and a server, comprising the following steps: S1: establishing a delivery control system with an intelligent terminal, a server, and a monitoring function module; S2: programming encrypted hardware data in the OTP of the intelligent terminal and other random data; when a smart terminal is turned on, first check whether the decrypted OTP data of the smart terminal matches the machine, and if it does not match, its functions are limited and only software updates are allowed; S3: when a smart terminal When the network service function of the network service function is legally activated by purchasing an activation code, the smart terminal processes the local hardware data and random data according to various encryption algorithms, and then submits them to the server together, and realizes safe interaction through monitoring the server and smart terminal. Experience selection, high degree of anti-cracking, high security and anti-attack capabilities, and automatic operation and maintenance capabilities and intelligent capabilities.

The invention relates to a circuit and method for preventing power consumption attack against a chip. The problem of power consumption attack is not solved fundamentally according to an existing method. The circuit comprises an NMOS switch, a charging capacitor, a filter resistor, a filter capacitor, a charging voltage comparator, a switching voltage comparator, a two-input AND gate and four divider resistors. When the chip is electrified, the switch is switched off, and an external power supply charges the capacitors. When the chip starts encryption and decryption operation, the switch is switched on, the inside of the chip is disconnected with the external power supply, and the circuit in the chip relies on the charging capacitor to be powered. After the electric quantity of the capacitor is reduced to a threshold, the chip stops operating temporarily, the switch is switched off, and the external power supply charges the capacitors. When the capacitors are fully charged, the switch is switched on, the inside of the chip is disconnected with the external power supply, and the circuit in the chip relies on the charging capacitor to go on working. According to the circuit and method for preventing power consumption attack against the chip, useful information contained in power consumption information is damaged, the chip protection capability is improved, and the circuit has a self active protection capability.