325results about How to "Improve resistance to attack" patented technology

The invention discloses an industrial control network security protection method and an industrial control network security protection system. The method comprises the following steps that: aiming at an external network attack, a front host performs first layer data filter and access control on external network data; a security control host caches data through a common storage region, performs intrusion detection on the data, timely alarms illegal data and informs hosts on two sides; a rear host performs deep filter and access control on the data and causes the legal data to enter an internal network; aiming at an internal network attack, the rear host performs the first data filter and access control on internal network data; the security control host caches the data through the common storage region, performs the intrusion detection on the data, timely alarms the illegal data and informs the hosts on the two sides; and the front host performs the deep filter and access control on the data and causes the legal data to enter an external network. By the method and the system, the network security level of an industrial control system is increased, and the cost on investment, system transformation and management is reduced.

An embodiment of the invention provides a method, equipment and a system for authenticating identities. The method includes enabling a cloud terminal to transmit first secret key K1 to a host; enabling the host to acquire second secret keys K2 corresponding to virtual machines, acquiring first combined secret keys according to the secret keys K2 and the secret keys K1, generating first random numbers N1, encrypting the first random numbers N1 by the aid of the first combined secret keys and then transmitting the encrypted first random numbers N1 to the cloud terminal; enabling the cloud terminal to acquire second combined secret keys according to the secret keys K2 transmitted by the host and the secret keys K1 stored in the cloud terminal, decrypting the first random numbers N1 by the aid of the second combined secret keys, then encrypting the first random numbers N1 again, generating second random numbers N2, encrypting the second random numbers N2 by the aid of the second combined secret keys and transmitting the second random numbers N2 and the first random numbers N1 to the host; enabling the host to decrypt the first random numbers N1 by the aid of the first combined secret keys, and determining whether the cloud terminal is successfully authenticated or not according to the correctness of the first random numbers N1; enabling the host to decrypt the second random numbers N2 by the aid of the first combined secret keys again, decrypting the second random numbers N2 again and then transmitting the second random numbers N2 to the cloud terminal; enabling the cloud terminal to decrypt the second random numbers N2 by the aid of the second combined secret keys and determining whether the virtual machines are successfully authenticated or not according to the correctness of the second random numbers N2.

The invention discloses a safe positioning method for a wireless sensor; the safe positioning method adopts two safe positioning methods which are the malicious beacon detection based on the checkpoint and the malicious beacon detection algorithm based on the regional voting mechanism to solve the positioning safety problem of the sensor network nodes. The positioning method improves the anti-attack capability of the system through filtering the malicious beacons directly so that not only the known attacks can be defended, but also the unknown attacks can be defended; the corresponding defending measurement for every possible specific attack is avoided; the implementation of the safety strategy of the positioning system is simplified; the two detection methods are combined effectively to adjust the defending strategy automatically according to the attack types; the safe positioning is guaranteed and the computation cost is reduced effectively; the neighbor communication authentication technique based on the unidirectional key chain is adopted to avoid the support of other network safety protocols so that the storage cost of the sensor nodes is reduced; the neighbor communication authentication technique can be compatible and used together with the present wireless sensor network protocol; the safety target of the positioning system of the sensor network nodes is realized.

The invention relates to the technical field of network security, and especially relates to a dynamic generation and maintenance method of a heterogeneous cloud host. The method comprises the following steps: 1) a heterogeneous cloud host node whose isomerism is embodied by the diversified physical facilities, virtual machines and software; 2) a mirror image library management system comprising creating diversified virtual machines and software mirror images; 3) dynamic deployment of a heterogeneous virtual machines and software: when the virtual machine or the software is instantiated, generating virtual machines or software of different versions according to physical nodes and application attributes, and deploying the virtual machines or software on the physical nodes; 4) dynamic virtual machine migration mechanism: a development operation and maintenance unit performs security posture estimation on the current virtual machine and its operation environment, and performs initiative migration on the virtual machine according to a strategy; and 5) a dynamic virtual machine and software cleaning mechanism: cleaning the online virtual machines according to the security posture or periodically. By adoption of the method, the anti-attack ability of a cloud data center is improved, and higher security requirements of users and providers for cloud services and infrastructure are satisfied.

The invention discloses a compressive sensing-based adaptive video information hiding method, which is characterized by comprising the following steps of: a, framing a video file by using shot as a unit; b, taking the first frame of each shot as a key frame; c, establishing an image texture classification model to obtain a texture classification model mark of each key frame; d, determining a texture category of each key frame and determining whether the key frame is a texture region, or a smooth region or between the texture region and the smooth region; e, selecting an algorithm and determining insert depth; f, inserting secret information, i.e., inserting the secret information in a coefficient matrix; and g, synthesizing a video file. According to the video information hiding method, the secret information can be adaptively inserted under the condition that the entire video file is not required to be decompressed, so that the ornamental value of the video is not affected, and the method has the advantages of small amount of calculation, high information steganography efficiency, small influence on the video and good secret information safety. The method can be widely applied to various fields such as copyright authentication, pirate tracking and secure communication.

The invention discloses a memory controller for a system on chip (SOC) chip system and a method for implementing the memory controller. The memory controller comprises a bus interface module, a memory interface module connected with a nonvolatile memory, and a safety protection subunit module connected between the bus interface module and the memory interface module, wherein the safety protection subunit module comprises a plurality of safety protection subunits of which the safety attributes can be independently configured; each safety protection subunit is used for performing access protection on one safety memory space in the nonvolatile memory; and by setting different safety attributes of the safety protection subunits, each piece of main equipment on a bus has different access authority on each safety memory space. The memory controller can effectively protect the safety information of the nonvolatile memory and is particularly suitable for an SOC chip which is needed to divide a memory space into different blocks with different sizes and ensure that the access attributes of the blocks are different.

A method for detecting out user carrying on vicious IP scanning includes counting up all source IP address of received messages , finding out source IP address being occurred most frequently in statistic value , judging whether source IP address being occurred most frequently is IP address of user carrying in vicious IP scanning or not and controlling confirmed IP address of user carrying on vicious IP scanning .

The invention provides a method and a device for generating a three-dimensional dynamic verification code. The invention adopts a technical scheme which comprises the following steps: randomly generating the verification code and determining the position at which the verification code is displayed in a screen; generating a three-dimensional geometric primitive and judging whether the positions of the three-dimensional geometric primitive and the verification code information displayed in the screen are the same or not; if so, changing a designated changed attribute of the three-dimensional geometric primitive; otherwise not changing the designated changed attribute of the three-dimensional geometric primitive; and moving the designated changed attribute of the three-dimensional geometric primitive according to a motion trail to realize the three-dimensional dynamic verification code. In the invention, the content of the verification code is displayed by changing the attribute of the geometric primitive and each frame does not reveal the verification code information out, so that the traditional two-dimensional image verification code attack means cannot separate the content of the verification code from a single-frame image; and at the same time, because different motion trail of each geometric primitive is set by a special method, the identification and attack difficulties of the traditional technology tracing a moving object in a video are increased and anti-attack capability of the verification code finally is improved effectively.

The invention relates to the technical field of domain name systems, and discloses a blockchain-based domain name resolution data management method, system and storage system. The management method includes the following steps: collecting domain name data; generating a zone file of domain name resolution data corresponding to the domain name data; storing the zone file; comparing a value of the zone file with a target value in a blockchain database, and if the value is consistent with the target value, merging the zone file into the blockchain database. According to the scheme of the invention, the zone file of the domain name resolution data is generated, the domain name resolution data is stored and managed in the form of a blockchain, so that the domain name resolution data can be prevented from being tampered with, a decentralized domain name resolution data storage system based on a blockchain technology can be realized, and the anti-attack capability of a domain name system can be enhanced.

The invention provides a data encryption method. The data encryption method comprises the following steps that first data is acquired, wherein the first data is fingerprint data, identity card data, adigital cipher and / or MF card data; the first data is converted into hexadecimal coded second data; and the second data is subjected to a hardware encryption mechanism and a software encryption mechanism to acquire encrypted data. According to the data encryption method, by means of the process that the first data is acquired and converted into the hexadecimal coded second data, and then the second data is encrypted to acquire the encrypted data, the security of the data can be guaranteed.

The invention relates to a method for identifying DNS spoofing attack packet and detecting DNS spoofing attack. For a plurality of DSN response packets with identical quintuple (business identifier, source IP address, destination IP address, source port number, destination port number), the one which concurrently accords to the following four characteristics is a DNS spoofing packet: having only one acknowledge field, one IP address is inside the acknowledge field; the acknowledge field does not contain Cname type records; the TTL values corresponding to class A records in acknowledge packets are not reasonable; the acknowledge packets do not contain authorized fields or additional fields. When detecting the DNS spoofing attack, firstly all DNS packets between a client terminal and a domain name server are captured; and then each acknowledge packet is judged whether to be the DNS spoofing packet based on the method above. The method for identifying DNS spoofing attack packet and detecting DNS spoofing attack is able to effectively identify DNS spoofing packets and timely detect DNS spoofing attack, thus the method has a high practical value in increasing the anti-attack ability of DNS system as well as protecting DNS service system.

The invention provides a wavelet domain-based method for weighting a fractional differential image digital watermark, which mainly solves the problem that the high-frequency coefficient of an image undergoing wavelet decomposition is susceptible to extraneous noises and conventional image processing. The method comprises the implementation steps of: doing two different orders of differentials for a sinusoidal signal by utilizing a fractional order Cauchy formula; respectively carrying out discrete sampling and superposing by utilizing a given weight to generate a pseudorandom sequence and adding the pseudorandom sequence with a watermark pixel value to realize watermark scrambling; carrying out two-stage decomposition on a carrier image by utilizing a Haar wavelet and embedding the scrambled watermark information in the carrier image through the exchanged and decomposed high-frequency coefficient; and through comparing the high-frequency coefficient undergoing the two-stage decomposition by utilizing the Haar wavelet, extracting the scrambled watermark and subtracting the pseudorandom sequence to realize watermark recovery. The method provided by the invention has the advantages of strong anti-attack ability and good safety of the image, and can be applied to copyright protection, restriction of illegally spreading audiovisual products, individual privacy protection, identification hiding and high-tech crime prevention.