35 results about "Attack response" patented technology

A system and method for detecting and identifying intruders in a computer network environment by providing a network traffic evaluation and simulation module at the interface between a protected network and external traffic source. The evaluation and simulation module identifies suspected intruders by observing intrusion pattern behavior and then presents a simulated network to the intruder. The simulated network appears to offer the intruder valuable information and provides the intruder with the appearance of success in breaking down the layers of the simulated network to keep the intruder engaged in the intrusion effort while information is gathered to trace and identify the source of the intrusion. Intrusion attempts are identified and categorized in an intrusion analysis module. The network traffic evaluation and simulated network may be provided as a self contained physical module that does not require modification of existing network software.

A system for computer system security using file system access pattern heuristics is provided. The system includes access patterns to establish nominal read and write frequencies to a file system using heuristics, dynamic policies, and a policy manager. The policy manager monitors accesses to the file system to determine read and write access frequencies to the file system. The policy manager also compares the read and write access frequencies to the access patterns, and determines whether the read and write access frequencies exceed the access patterns per the dynamic policies. The policy manager further identifies an attack on the file system in response to exceeding the dynamic policies, where the identified attack is associated with a communication path to the file system. The policy manager additionally modifies an aspect of access via the communication path in accordance with the attack response in the dynamic policies to mitigate the attack.

The invention relates to an indirect distributed denial of service attack defense method and an indirect distributed denial of service attack defense system based on a Web agency. A behavior characteristic of a proxy-to-server network flow is described by extracting the space-time local property of the proxy-to-server network flow; the interference of a small-probability large value on an available signal is restrained by a nonlinear mapping function; a normal behavior model of the proxy-to-server network is constructed through a hidden semi-markov model (HsMM); normal degree estimation, namely long-time behavior estimation and short-time behavior estimation, under different time scales is performed by using behavior indexes acquired by the model; as to an abnormal behavior sequence (HTTP request sequence), an attack response is implemented by adopting a soft control method; and the basis of the soft control represents an HsMM model parameter and a structure index which are used for performing a normal behavior. The parameter for describing the proxy-to-server network is the space-time local property which is irrelevant to the change of the Web content on a target server; and the detection property of the method is the nature property based on the agent network flow and irrelevant to the size of the attack flow. By the method, the attack response can be realized before the resources of the target server are used by the attack flow, so that early detection can be realized effectively.

In one example aspect, a computerized method of automatically detecting and blocking at least one attack on an application includes the step of modifying instructions of the application to include at least one sensor. The at least one sensor generates a set of events related to detecting an attack on the application or a computing system implementing the application. The method includes the step of reviewing, from within the application, the set of events generated by the at least one sensor. The method includes the step of detecting a presence of at least one attack on the application based on the review of the set of events. The method includes the step of invoking an attack response action.

The invention discloses a network attack result detection method and system. The network attack result detection method comprises the following steps: extracting to-be-contrasted features from networkdata of a target host; contrasting the to-be-contrasted features with more than one attack response rules, wherein the attack response rules are formed according to the first response data, and the first response data is used for responding to a successful attack request by the attacked host; and if the to-be-contrasted features are matched with the attack response rules, judging that the targethost suffers from successful network attack. Through the network attack result detection method and system disclosed by the invention, the successful network attack can be precisely identified, thereby providing effective network attack information for the network administrator.

The invention discloses a network attack identification method and system. The network attack identification method comprises the steps of detecting whether a target host bears a network attack or not; extracting a to-be-compared feature from network data corresponding to the network attack if the target host bears the network attack; comparing the to-be-compared feature with more than one attackresponse rules, wherein the attack response rules are formed according to first response data, and the first response data is used for an attacked host to respond to a successful attack request; and judging that the network attack is successful if the to-be-compared feature matches the attack response rule. According to the network attack identification method and system provided by the invention,the successful network attack can be precisely identified, and the effective network attack information is provided for a network manager.

The invention discloses an SQL injection vulnerability detection method and device for a REST API, and the method comprises the steps: injecting a detection vector that is easy to trigger a SQL syntaxerror into a to-be-detected API list to form a first API attack request, and then using a SQL error information regular matching expression to detect whether a first API attack response has a SQL syntax error or not; injecting two API response content comparison detection vectors according to the type of an API parameter if no SQL syntax error is detected, obtaining a second API attack response,a third API attack response and an API normal response to perform the comparison therebetween, detecting whether the relationship between the second API attack response, the third API attack responseand the API normal response meets a default SQL injection vulnerability condition and obtaining a detection result. Therefore, the detection vector that is easy to trigger the SQL syntax error and a vector for the API response content comparison detection are injected into the to-be-detected RESTful API, thereby detecting the mode of the corresponding API response, and achieving the effective detection of the SQL injection vulnerability of the RESTful API.

The invention provides an intrusion detection method and detection equipment, and the method comprises the steps: building a detection model which comprises a capture layer, a network protocol layer, a detection layer and a response layer; the capture layer is used for capturing a data packet; the network protocol layer is used for performing protocol analysis on the captured data packet to obtain an analysis result; the detection layer is used for determining whether the captured data packet is an attack event or not according to the analysis result; the response layer is used for performing attack response when the detection layer judges that the captured data packet is an attack event; and performing intrusion detection on the network data by using the detection model. Through the method, whether the data packet contains the attack event or not can be judged through protocol analysis of the data packet.

An input audio signal is detected to provide a fast time constant control signal which is clamped for immediate response when the input signal drops below a threshold level and filtered to provide a modified control signal with a slow time constant. As the modified control signal level decreases toward the control signal level, a time constant differential control signal decreases and slows the rate of change of the decreasing modified control signal which, as it nears the control signal level, reverts to a slow response. The resulting control signal has an exponential release response which can be applied to an audio dynamics processor. The time constant differential control signal may also be detected to provide an inverted output when it is significantly less than the modified control signal so as to result in the control signal also having an exponential attack response to be applied to the processor.

The invention discloses an active defense DDOS system based on an SDWAN. The system comprises a cloud service platform; an SDWAN controller; an attack monitoring module is used for collecting attack data in a public network; an attack data analysis module is used for extracting attack features in the attack data; a DDOS attack defense module interacts attack characteristics through a plurality of SDWAN controllers and matches corresponding defense strategies; an attack response defense module is used for pre-formulating a defense strategy; when the attack monitoring module detects that a user is attacked, attack data is sent to an attack data analysis module for attack feature extraction, and a corresponding defense strategy is matched according to attack features in the cloud service platform through data interaction of the multiple SDWAN controllers so as to defend a previous attack event; Meanwhile, a pre-formulated defense strategy corresponding to a virtual feature approximate to the attack feature in the attack response defense module is called for active defense. According to the active defense DDOS system based on the SDWAN, the defense efficiency is relatively high when a DDOS attack event occurs.