34 results about "Intrusion tolerance" patented technology

The invention relates to a reconfigurable scalable intrusion-tolerant network that is interposed between a service requesting client and a protected server to minimize the impact of intrusive events. The apparatus may include a proxy server for receiving the requests from a client and forwarding them to a protected server. Acceptance monitors receive the response from a protected server and apply one or more acceptance tests. A ballot monitor receives the result of the acceptance tests and determines a response to the client. The network may also include an intrusion sensor to detect threats to the network and a reconfigurer to alter the network forwarding scheme. Reconfiguration may include isolating network elements, creating parallel paths, implementing redundant operations, or assessing the validity of responses.

Disclosed is a self-cleansing intrusion tolerance-domain name systems system comprising at least three DNS servers, at least four storage systems accessible by the DNS servers, a communications link, a message transfer mechanism, and a self-cleansing mechanism. The storage systems include at least three online storage systems and at least one offline storage system. The communications link can connect the DNS servers with the storage systems, as well as connect the DNS servers with a local area network, which can connect the DNS servers with an external network. The message transfer mechanism can rotate the DNS servers into a plurality of roles, including a primary role, a secondary role, a designated role, and a self-cleansing role. The self-cleansing mechanism can be used to perform the self-cleansing role.

An intrusion tolerant communication network and related methods is provided that places emphasis on continuity of operation and provides for an attack-survivable communication network whose network devices collectively accomplish the specified networking intent even under attack and despite active intrusions. The present invention defines methods for network intrusion tolerance in terms of the various state transitions that maximize the overall effectiveness of an intrusion tolerant communication network.

The embodiment of the present invention relates to a virtual method and virtual device based on operating system layer. Through intercepting the invoking request of system resource at system invocation layer, the host path of the system resource is redirected to the corresponding path under the directory of virtual machine; the virtualization based on operating system layer may be realized. As no support of hardware abstract layer is needed, it can meet the demand of failure tolerance and intrusion tolerance system and is characterized by small occupation of system resource, high flexibility and short startup delay.

The invention discloses a self-curing J2EE application server for intrusion tolerance and a self-curing method thereof. The application server comprises an intrusion tolerance functional unit, a self-curing functional unit, a secure group communication system and a base platform for the J2EE application server, wherein the self-curing functional unit is used for receiving output results of the intrusion tolerance functional unit and the secure group communication system to carry out self-curing treatment, provides self-curing function support for the base platform for the J2EE application server and comprises a detection component, a management component and an execution component; the detection component detects intrusion and failure and submits results to the management component; the management component analyzes the detection results and gives and sends a curing scheme to the execution component; and the execution component cures the application server according to the curing scheme. On the basis of the intrusion tolerance method, the self-curing method is additionally provided with reactive recovery and periodic recovery, further improves the reliability and the survivability of the J2EE application server and can be applied to the field of network security.

The invention discloses a method for realizing an IP credible route based on fault tolerance and intrusion tolerance, comprising the following steps: (1) when a data packet is transmitted to a node, the node is taken as a transmitting node which selects a receiving node to deliver the data packet, and then the receiving node carries out detection through trust detection and a trust extension route table; if the detection fails, the data packet delivery fails and step (2) is carried out; if the detection succeeds, the receiving node receives the data packet and a route is established successfully; and (2) routing recovery for the data packet which can not be delivered successfully is carried out. The realization process of the IP route is safe and credible; when a network encounters vicious attacks or breaks down, communication can be recovered quickly on the premise of minimum resource consumption; moreover, the method can eliminate damages to a network route caused by decrial attacks, two-faced behavior attacks, intermittent attacks and node failures, and has better fault-tolerant and intrusion-tolerant capability.

The invention discloses a two-stage fault tolerant and intrusion tolerant routing mechanism for an IP network based on trust. The mechanism is divided into two stages: the first stage is routing discovery, namely, a plurality of credible paths are discovered; the second stage is optimal path selection, namely, the optimal path for routing is selected from the discovered paths. In the first stage, the mechanism utilizes a trust relationship appraisal method of blending multiplication and addition and effectively improves the fault tolerant and intrusion tolerant performance of an IP network router. In the second stage, users always use the optimal router for communication by a path grading strategy, thus effectively avoiding various attacks to the paths. In addition, the invention also describes a definition, measurement, updating and an obtaining method of a trust value with fault tolerant and intrusion tolerant performance in detail.

A digital certificate issuing system with intrusion tolerance ability and the issuing method thereof are disclosed. The system comprises an offline secret key distributor, at least one online task distributor, k online secret share calculators and m online secret share combiners. And the method includes: splitting a private key into multiple first sub-secret-keys and multiple second sub-secret-keys, wherein the multiple first sub-secret-keys are divided into k groups, and the private key is constructed by one second sub-secret-key and t first sub-secret-keys, the second sub-secret-key corresponds to the t first sub-secret-keys according to an equation combination representation including t items of j and i, j is sequence number of the group which has the first sub-secret-key, and i is number of the first sub-secret-key in the jth group, each of j in one equation combination representation is different, j, i, k, and t are positive integers, and t is less than k; calculating t first calculation results according to a certificate to be signed and the t first sub-secret-keys in the multiple first sub-secret-keys upon receiving the certificate to be signed; obtaining the second sub-secret-key corresponding to the t first sub-secret-keys according to the equation combination representation; calculating a second calculation result according to the second sub-secret-key obtained and the certificate to be signed; generating a digital signature according to the t first calculation results and the second calculation result; generating a digital certificate according to the digital signature and contents of the certificate to be signed.

The invention relates to a WSN (Wireless Sensor Network)-oriented lightweight intrusion detection method on the basis of the artificial immunization and a mobile agent, which comprises the following steps of: 1, establishing a lightweight intrusion detection model which is combined with the mobile agent, sharing information by cooperation of various role agents and completing replacement by adopting a mode of evoluting the agent by self-learning; 2, adopting an intrusion detection process of the immunity cooperation of T cells and B cells on the basis of the life cycle; and 3, realizing the self-updating capacity of an intrusion tolerance topological network of a WSN by gradually increasing novel nodes serving as renewable resources. The invention provides the WSN-oriented lightweight intrusion detection method on the basis of the artificial immunization and the mobile agent, which can be used for effectively preventing network information of the WSN from being maliciously tampered or preventing effective information from being lost due to intrusion.

The invention discloses an information asset protection method based on intrusion tolerance. The information asset protection method comprises the following steps: firstly detecting and monitoring core data and service states; by virtue of an evaluation model carried by a state evaluation module and a threshold value which is preset in a configuration file by a user, performing objective evaluation on the system state and uploading the objective evaluation result to a response and fault handling module of a system in the form of events by using the state evaluation module; and then according to the system state evaluation result, starting local fault isolation and system recovery reconstruction mechanisms so as to guarantee the confidentiality of core information assets. The information asset protection method has the beneficial effects that the intrusion tolerance is introduced into an individual host so as to provide basic functions such as auto-diagnosis, fault isolation, recovery reconstruction and safety communication for each system in a resource constraint environment.

The invention provides an industrial control system with intrusion tolerance and a security protection method. The method comprises N main control computers, a parsing switch and at least one controlled device. The main control computers are used for sending control instructions to the parsing switch; the parsing switch is used for sending the control instructions to the controlled device after receiving at least [(N-1) / 2] identical control instructions; and the controlled device is used for sending status data to the main control computers via the parsing switch, wherein N is an integer greater than or equal to 3, and [(N-1) / 2] is the integer part of (N-1) / 2. According to the embodiments of the invention, the parsing switch compares the control instructions received from the multiple main control computers, and only when the parsing switch receives at least [(N-1) / 2] identical control instructions, the parsing switch sends the control instructions to the controlled device. Thus, malicious control instructions cannot be sent to the controlled device even if the main control computers are intruded, and the network security of the industrial control system is improved.

The present invention relates to an SDN controller end system based on an intrusion tolerance and a safety communication method. The system comprises an SDN controller group, a switch and at least one pre-proxy between the SDN controller group and the switch. The pre-proxy is responsible for sending the Openflow request message emitted by the switch to multiple SDN controllers in the SDN controller group, extracting the flow rule in the Openflow reply message emitted by each SDN controller, comparing the extracted flow rule, and forwarding a correct Openflow reply message to the switch if a comparison result satisfies a preset intrusion tolerance policy. According to the SDN controller end system and the safety communication method, the availability and reliability of the SDN controllers can be improved, and a security guarantee is provided for an SDN network.

The invention provides a wireless sensor network tolerance system based on tree topology. The system comprises an intrusion detecting subsystem, a safety management center and an attacking feature matching bank. The intrusion detecting subsystem can judge a network abnormal situation through node flow and energy analysis, and by arranging threshold value warning, results are uploaded to the safety management center at the same time. For the wireless sensor network abnormal situation, attack matching can be carried out through the attacking feature matching bank, meanwhile, corresponding processing is carried out according to attack types, and network lifetime is prolonged. For attacked backbone nodes in a network, a redundant node rousing strategy is used, redundant nodes are roused to take over current attacked nodes, and network normal operation is kept. For attacked member nodes in the network, an isolation burying strategy is used, node ID is recorded, and using by attacking nodes is avoided.

According to the cloud workflow implementation method with intrusion tolerance, the executive programs corresponding to the tasks in the workflow are deployed in the containers respectively, and thenthe containers are transplanted to the virtual machines with the different operating systems, so that the cloud system intrusion tolerance capability can be effectively improved. Furthermore, the subtask results executed by the plurality of virtual machines are judged; calculating the confidence coefficient of the sub-task result generated within the preset time; therefore, the reliability and credibility of the execution of the current subtask are determined, whether the selection result is submitted to the next subtask or the execution subtask of the virtual machine is reset is determined, the reliability and credibility of the output result are ensured through the mutual judgment and verification of the generation results of the plurality of virtual machines, and the invasion toleranceof the cloud system can be truly improved. In addition, the invention provides a system applying the cloud workflow implementation method with intrusion tolerance, and the purpose and the effect of the implementation method are achieved.

The present invention discloses a performance feedback intrusion tolerance protocol (PFITP). The protocol is suitable for a wireless sensor network, and mainly comprises a performance feedback mechanism, a network performance estimation, abnormal node marking, cluster-head reselection, and node authentication. The protocol can estimate the network QoS performance, mark the abnormal nodes, select reliable nodes as the cluster head, ensure that the wireless sensor network can resist to common hostile attack and provide a good network performance.

The invention relates to a multi-path safety topology control method with intrusion tolerance capacity, which comprises the steps of: cluster head selection, i.e., determining an optimal cluster number according to an initialization parameter, calculating cluster head election probabilities and cluster head competition radii, and determining cluster head nodes; clustering, i.e., selecting to add non-cluster-head nodes into an optimal cluster according to residual energy and node distance information of a cluster head which sends out an invitation; routing establishment, i.e., enabling a sourcenode to establish a single hop of single path by adopting direct communication or establish multiple hops of paths by adopting an indirect communication mode according to different transmission distances with target nodes, and storing routing information; and data transmission, i.e., enabling the source node to carry out patch transmission on data to the target nodes according to the establishedpath by combining (k, n) threshold secret sharing scheme. According to the invention, in a case that a malicious node exists in a network and a data transmission path is damaged, normal transmission of the data can be ensured so as to achieve effects of balancing energy consumption and prolonging the life cycle of the network.

The invention provides application level intrusion tolerance system and method. The application level intrusion tolerance system comprises a boundary judging unit, an application unit and an application system module which are sequentially connected. The application level intrusion tolerance method includes steps of (1) access distribution and analysis; (2) application system virtualization; and (3) convergence and backspacing of application behaviors. By virtualizing the application into multiple virtual applications, and by means of the intrusion tolerance method, the problem about how to guarantee availability of application system software when network intrusion occurs is solved.

The present invention generally relates to network-attack-resilient intrusion-tolerant Supervisory Control and Data Acquisition (SCADA) systems. Some implementations utilize redundant, proactively-recovery-configured servers at multiple centers communally executing a replication protocol. Some implementations, in addition to control centers, include data centers, which participate in the replication protocol, except that they may not be capable of controlling remote units such as Remote Terminal Units (RTUs).

The invention provides a threshold-based homomorphic encryption privacy protection device and method, and the method comprises the following steps: dividing privacy data into a plurality of data segment groups according to different secrecy levels according to a pre-constructed statement secrecy level division model; performing independent encryption processing on each data segment group; in response to an instruction for acquiring the private data, acquiring verification data corresponding to each data segment group; verifying the obtained verification data; acquiring intrusion attribute characteristic data in a verification process of the verification data in real time; calculating an intrusion risk value based on the intrusion attribute data; and comparing the intrusion risk value with a preset intrusion tolerance limit value, if the intrusion risk value is greater than the preset intrusion tolerance limit value, forbidding to acquire the data of the data segment group, otherwise, allowing to acquire the data of the data segment group. According to the method, the security of the privacy data is improved, and the privacy data is prevented from being stolen by an intruder.

The invention discloses a self-curing J2EE application server for intrusion tolerance and a self-curing method thereof. The application server comprises an intrusion tolerance functional unit, a self-curing functional unit, a secure group communication system and a base platform for the J2EE application server, wherein the self-curing functional unit is used for receiving output results of the intrusion tolerance functional unit and the secure group communication system to carry out self-curing treatment, provides self-curing function support for the base platform for the J2EE application server and comprises a detection component, a management component and an execution component; the detection component detects intrusion and failure and submits results to the management component; the management component analyzes the detection results and gives and sends a curing scheme to the execution component; and the execution component cures the application server according to the curing scheme. On the basis of the intrusion tolerance method, the self-curing method is additionally provided with reactive recovery and periodic recovery, further improves the reliability and the survivabilityof the J2EE application server and can be applied to the field of network security.

The invention relates to the technical field of data processing methods, in particular to a data security processing method, which processes data through an encryption authentication module and an internal tolerance module. Data security processing is realized through the encryption authentication module and the internal tolerance module, and an encryption authentication function is realized through the encryption unit, the decryption unit and the authentication unit of the encryption authentication module, so that the integrity, confidentiality and security of data are ensured, and the validity and authenticity of a data source are ensured at the same time; in addition, errors in the data transmission process are tolerated through the internal tolerance module, and external intrusion tolerance of a database is achieved.

The invention discloses a multi-agent network intrusion tolerance capability assessment method based on simulated annealing algorithm. The simulated annealing technology is applied to the field of network intrusion tolerance capability assessment, and meanwhile, three alternative states are introduced when a network robustness calculation subset pair is updated on the basis of a traditional simulated annealing method, so that the subset pair has higher sampling randomness. The method has the advantage that the problem that large-scale multi-agent network intrusion tolerance capability assessment cannot be solved due to NP difficulty is solved.