32results about How to "Reduce the probability of being attacked" patented technology

The invention is applicable to the field of image encryption, and provides an image encryption method based on a composite chaotic system and an image processing device. The method comprises the following steps of taking Sine mapping, Tent mapping and Logistic mapping as seed mapping, and generating a composite chaotic system by utilizing a cascade operation and a nonlinear combination expansion chaotic range; generating a chaotic sequence by using a composite chaotic system to pre-encrypt the plaintext image, and generating a pre-encrypted image; and obtaining a reference image, combining thepre-encrypted image with the reference image, and generating a visually meaningful ciphertext image by using a discrete wavelet transform (DWT) algorithm. The method provided by the invention has a wider chaotic range and the more complex chaotic behaviors, and the encryption performance is improved. In addition, due to the fact that the visually significant ciphertext image is generated, the attack probability is reduced, the selected plaintext attack and the exhaustion attack can be resisted, and the encryption performance is better.

The invention discloses a DNP3 protocol fuzzy test method based on a sequence generative adversarial network. The DNP3 protocol fuzzy test method comprises the following steps: 1, constructing a DNP3protocol sample database; 2, preprocessing DNP3 protocol sample data; 3, carrying out data variation on the preprocessed DNP3 protocol sample; 4, generating a primary test case; 5, comparing the similarity of the test cases to remove redundancy; 6, carrying out seed test case variation; 7, performing a DNP3 protocol fuzzy test; 8, carrying out vulnerability verification; and 9, debugging and monitoring the abnormal test case. According to the method, the sequence generative adversarial network is utilized to generate the high-pass-rate test case; the redundancy of the test cases is reduced through a screening algorithm taking case similarity as an index; a random variation strategy is introduced to perform test case variation, so that the test case diversity and the vulnerability discoveryprobability are improved; by analyzing the stack frame information of the program when the vulnerability occurs, the cause of the vulnerability is found and recorded, so that the attack probability of the industrial control system is reduced, and the security of the industrial control system is improved.

The invention discloses an attack identification method, which comprises the following steps of: counting attack times according to a preset time period to obtain each target attack time; obtaining atarget attack threshold corresponding to each target attack frequency; judging whether a target attack frequency exceeding a corresponding target attack threshold value exists or not; and if so, determining the attack of the target attack times exceeding the corresponding target attack threshold as an abnormal attack. By applying the attack identification method provided by the invention, the accuracy of abnormal attack identification is improved, the probability that the system is attacked is reduced, and the system security is improved. The invention also discloses an attack identification device, apparatus and a storage medium, which have corresponding technical effects.

The invention provides an access security control method and system. The method includes: sending a service request to a server by a terminal, and obtaining an identity identification number and an equipment address of the current equipment according to received service response; respectively encrypting the identity identification number and the equipment address, and then sending the same to theserver; carrying out matching with pre-stored data according to the identity identification number and the equipment address; and responding to the service request of the terminal by the server when matching is successful. Therefore, a security factor of security access control is increased, probability of being attacked is lowered, and network operation costs are saved.

The invention discloses a mobile CA node electing method based on an MD5 hash information abstract. The method includes the steps that MD5 hash information abstract calculation is performed on certificate demand files generated by applied nodes, and demand data are obtained; each node of all the nodes is elected as a CA node according to integer data and the received demand data, wherein the integer data are obtained after data composed of the generated random number, the IP address and the MAC address are calculated through the MD5 hash information abstract; due to the fact that the key factor for determining the CA node lies in the certificate demand files generated by the applied nodes and the random number generated by the node in the Ad-hoc network, for the same applied node, a CA node electing result obtained each time differs from other results, and for the different applied nodes, the CA node electing results are different. Thus, the CA nodes are effectively prevented from providing a certificate service for a long time and the energy consumption of the CA nodes is reduced. Meanwhile, the probability of attacking the CA nodes is greatly reduced.

The invention discloses a domestic TCM based dynamic measurement method. Paging measurement is performed on a program sector of a process through a TCM safe module; a kernel module instantly warns a user and pauses program execution when measurement is abnormal; the user makes a his own selection if program execution is resorted or stopped according to warning information. Compared with the prior art, the domestic TCM based dynamic measurement method can effectively improve the safe performance of a file, decrease the probability that the file is attacked, monitors a personal terminal in real time, decrease safety risk, is high in practicability, and is easy to promote.

The present invention provides a modular and building block type digital array radar system. The system comprises a plurality of building block type digital active transceiver sub-modules and a data fusion server. The building block type digital active transceiver sub-modules are respectively mounted on a preset antenna array-plane framework and are respectively connected with the data fusion server. Each building block type digital active transceiver sub-module is composed of an antenna radiation module in card-inserting type connection with a comprehensive backboard, a digital T / R module, a digital beam forming unit, an optical power divider and an array-plane monitoring network module, wherein the antenna radiation module, the digital T / R module, the digital beam forming unit and the optical power splitter are sequentially in communication connection. The optical power splitter is connected with the data fusion server. The array-plane monitoring network module is respectively connected with the digital T / R module and the data fusion server. The modular and building block type digital array radar system has the advantage of multi-angle viewing angle and can effectively resist the main-lobe interference. A distributed arrangement receiving station is passive and can effectively reduce the radar intercepted probability and the radar attacked probability.

The invention provides a network data protection method for privacy leakage and a corresponding firewall. The method comprises the following steps: detecting identified privacy data, determining whether privacy-related equipment borne by the data supports the category of the privacy data or not, analyzing the transmission intention of a user, and if the related privacy-related equipment does not support the category of the transmitted privacy data, determining that the privacy is leaked; introducing the technical means of resource security dynamic layering, removing the privacy-related equipment with privacy leakage from the corresponding security layer. The security layers can be dynamically adjusted in real time according to the state of physical equipment. A technical means of dynamically adjusting the attribute domain is introduced, so that the attacked probability is reduced, and the service data of different users can be better protected.

The invention discloses a DNP3 protocol fuzzy testing method based on a sequence generation confrontation network, comprising the steps of: 1. constructing a DNP3 protocol sample database; 2. preprocessing the DNP3 protocol sample data; 3. mutating the preprocessed DNP3 protocol sample data; 4. Generate primary test cases; 5. Test case similarity comparison to remove redundancy; 6. Seed test case variation; 7. DNP3 protocol fuzz testing; 8. Vulnerability verification; 9. Abnormal test case debugging and monitoring. The invention utilizes the sequence generation confrontation network to generate test cases with a high pass rate; reduces the redundancy of test cases through a screening algorithm using the similarity of use cases as an index; introduces a random mutation strategy to mutate test cases, and improves the diversity of test cases and the probability of loophole discovery ; By analyzing the stack frame information of the program when the vulnerability occurs, find and record the cause of the vulnerability, thereby reducing the probability of the industrial control system being attacked and improving the security of the industrial control system.

The invention discloses a unified security management system and an identity authentication method. The system comprises a security management portal and a security management center, the security management center further comprises a centralized authentication service, a remote user dialing authentication service, a program account interface and a one-time password service; the remote user dialing authentication service is used for forwarding an authentication request of a host to the centralized authentication service for centralized authentication; and the program account interface and the one-time password service are used for distributing one-time access passwords for the application programs when the application programs log in the host, and the one-time password service is further used for providing the one-time access passwords for the centralized authentication service for identity authentication. Therefore, according to the scheme of the invention, based on the transformed 4A system, the security of the host can be improved, the software complexity is reduced, the user information leakage is effectively prevented, and the possibility that a password is cracked is avoided.

The present invention provides a security management method and system for centralized network data, which defines designated network resources as physical security layer, network intermediate security layer, service security layer and main control node, and defines the protection system as physical security layer, network The four parts of the middle security layer, the business security layer and the main control node realize the one-to-one correspondence between the composition of the protection system and the specified network layer. Not only can the security layer be dynamically adjusted in real time according to the state of the physical device, but also the size of the attribute domain can be dynamically adjusted to avoid excessive concentration of physical devices and reduce the probability of being attacked. The technical means of attribute encryption is introduced to encrypt the transmitted data to better protect the business data of different users.

Embodiments of the present disclosure provide a connection control method, device, electronic device, and readable storage medium. The method includes: forwarding an initialization message from the MRCP client to the MRCP server; receiving a response message returned by the MRCP server for the initialization message, The first connection parameter of the MRCP server is carried in the response message; the first connection parameter in the response message is modified to the second connection parameter corresponding to the second proxy server; the modified response message is forwarded to the MRCP client, so that the MRCP The client establishes a control session connection with the second proxy server according to the second connection parameter in the modified response message; sends the first connection parameter to the second proxy server, so that the second proxy server, according to the first connection parameter, Establish a control session connection with the MRCP server. The embodiments of the present disclosure can improve the network security of the MRCP server.

The present invention provides a method and system for managing network nodes in an Internet of Things environment, defining designated network resources and systems as five parts: a first-level node layer, a second-level node layer, a network transmission layer, a business layer, and a master control node, and Using two-level network management, it is easy to expand to multi-level management, saving a lot of node addresses. Not only can the security layer be dynamically adjusted in real time according to the status of the first-level nodes, but also the size of the attribute domain can be dynamically adjusted to avoid excessive concentration of the second-level nodes and reduce the probability of being attacked. The technical means of attribute encryption is introduced to encrypt the transmitted data to better protect the business data of different users.

The invention provides a network data protection method for privacy leakage and a corresponding firewall. The method comprises the following steps: detecting identified privacy data, determining whether privacy-related equipment borne by the data supports the category of the privacy data or not, analyzing the transmission intention of a user, and if the related privacy-related equipment does not support the category of the transmitted privacy data, determining that the privacy is leaked; introducing the technical means of resource security dynamic layering, removing the privacy-related equipment with privacy leakage from the corresponding security layer. The security layers can be dynamically adjusted in real time according to the state of physical equipment. A technical means of dynamically adjusting the attribute domain is introduced, so that the attacked probability is reduced, and the service data of different users can be better protected.

The present invention relates to an information distribution method of mobile terminal; in the process of mutual authentication between a mobile terminal and a network server, the mobile terminal sends the relevant information code of the mobile terminal to an authentication server; after the authentication succeeds, a session key is established; the authentication server sends the relevant information code of the mobile terminal to the network server; according to the relevant information code of the mobile terminal, the network server completes the operation of information distribution and returns operating results to the authentication server; the authentication server informs the mobile terminal of the authentication and the information distribution results. With the method of the present invention, the information distribution is embedded to the AKA process, reduces the communication cost and can reduce omissions and errors of information distribution by the network server as possible; the present invention can use the session key consulted in the authentication process to encrypt distributed information and reduces the probability of being attacked. The key consulted in theAKA process has safe protection on data distribution and improves the safe performance.