30 results about "Sality" patented technology

Coordinated SYN denial of service (CSDoS) attacks are reduced or eliminated by a process that instructs a layer 4-7 switch to divert a small fraction of SYN packets destined to a server S to a web guard processor. The web guard processor acts as a termination point in the connection with the one or more clients from which the packets originated, and upon the establishment of a first TCP connection with a legitimate client, opens a new TCP connection to the server and transfers the data between these two connections. It also monitors the number of timed-out connections to each client. When a CSDoS attack is in progress, the number of the forged attack packets and hence the number of timed-out connections increases significantly. If this number exceeds a predetermined threshold amount, the web guard processor declares that this server is under attack. It then reprograms the switch to divert all traffic (i.e. SYN packets) destined to this server to the web guard processor, or to delete all SYN packets to the server in question. If the number of timed-out connections increases, it can also inform other web guard processor arrangements, and / or try to find the real originating hosts for the forged packets. In either event, the server is thus shielded from, and does not feel the effects of, the DoS attack. Alternatively, a simpler approach is to arrange layer 4-7 switches to forward SYN packets to respective “null-cache” TCP proxies that each are arranged to operate without an associated cache, and therefore be inexpensive to install and operate. These null-cache TCP proxies, when subject to a CSDoS attack, will not successfully establish a TCP connection with a malicious host, due to the nature of the attack itself. Accordingly, no connections will be made from the null-cache TCP proxies to the server under attack, and the server will be protected.

This disclosure describes a technique to determine whether a client computing device accessing an API is masquerading its device type (i.e., pretending to be a device that it is not). To this end, and according to this disclosure, the client performs certain processing requested by the server to reveal its actual processing capabilities and thereby its true device type, whereupon—once the server learns the true nature of the client device—it can take appropriate actions to mitigate or prevent further damage. To this end, during the API transaction the server returns information to the client device that causes the client device to perform certain computations or actions. The resulting activity is captured on the client computing and then transmitted back to the server, which then analyzes the data to inform its decision about the true client device type. Thus, when the server detects the true client device type (as opposed to the device type that the device is masquerading to be), it can take appropriate action to defend the site.

The invention discloses an openwhisk serviceless framework migration method for microservice applications, which utilizes the exprima syntax parsing tool of Node.js language to generate abstract syntax tree nodes, and extracts key information from them to generate function call graphs. Communication diagram and judgment of the nature of microservice submodules, and try to divide stateful microservice modules to maximize automatic migration. Parse project source code files, project package files, configuration files, etc. from the level of abstract syntax tree, which is simple and efficient. At present, there is no similar technical solution, and the emergence of the present invention will help developers to improve the migration efficiency of applications to the serverless computing platform.

The invention belongs to the technical field of malicious software detection, and discloses a mixed detection method, system and device for multiple malicious software with privacy protection. The third party generates a public-private key pair according to the homomorphic encryption algorithm, and publishes the public key; the client collects the behavior data of the user group using the software, conducts preliminary calculations, encrypts with the third-party public key, adds it to the generated random number, and uploads the result to Server: The server uses the reputation evaluation algorithm to encrypt data according to the uploaded user group, utilizes the homomorphic nature and interacts with the third party to decrypt, completes the calculation of different software reputation values, and determines the software detection sequence according to the software reputation value; Call the API usage data obtained by the decompiled software APK from the client in order, and perform static detection on the software according to the static learning model. Public key, using homomorphic properties and dynamic learning model for real-time detection.

The invention discloses a recordable and traceable block chain security deletion method, the process is: create a block with arbitrary data according to the requirements of different applications; the block contains fields that record the nature of the block, and the identification Divided into: original block, deleted block, modified block; deleted block and modified block also contain pointers to other blocks, which are used to connect the original block, deleted block and modified block; When deleting, the user creates a deleted block with a deleted block identifier. The deleted block contains a pointer to the original block that needs to be deleted, indicating that the deleted block deletes the original block; the rest of the data is the same as the original block The user data is completely consistent; after the deletion is completed, the block needs to be modified. The modification process is as follows: the user creates a modified block with a modification identifier, and the modification points to the deleted block. The rest of the data is the same as or different from the original block. At the same time, the original block information is saved for the undo deletion process; otherwise, the modification is completed.

The invention discloses a privacy protection set intersection calculation method and system based on polynomial representation. According to the intersection calculation method provided by the invention, two participants (a caller B and a responder A) contain the sets of the own attributes and are not acquired by the other party, and the two participants obtain a set intersection through secure multi-party calculation, so that the common attributes of the two parties are acquired. The method specifically comprises the following steps that firstly, a participant and a participant initialize; apolynomial formed by combining the calling party with the random number encrypts the attribute set of the calling party and sends the encrypted attribute set to the responder A; the responder A receives a polynomial formed by the data information and the random numbers, encrypts the data of the two parties of the participant again and sends the data to the responder A; and an intersection set is obtaind through the calculation of two secure parties. The privacy protection set intersection calculation method based on polynomial representation can be used for the multi-party data security communication by utilizing the properties of the polynomial, so that the technical effect of improving the cracking difficulty and safety is achieved.

The present invention relates to a method for identifying node properties based on a distributed system, comprising the following steps: treating participants who apply for resources or provide resources in the distributed system as nodes; the nodes include good faith nodes and Sybil nodes (malicious nodes) and pending nodes; if there is a record of providing resources or obtaining resources between nodes, it is considered to form a connection edge; when the pending node sends out a resource application as the applicant, it is assumed that the participant that receives the resource application and provides resources is a bona fide node. In the random routing, the characteristics of the applicant node and the provider node are respectively extracted, and the nature of the pending node that sends out the resource application is identified accordingly, so as to decide whether to provide resources to it. The invention can effectively identify Sybil nodes, so as to resist Sybil attacks.

The present invention relates to a method for identifying node properties based on a distributed system, comprising the following steps: treating participants who apply for resources or provide resources in the distributed system as nodes; the nodes include good faith nodes and Sybil nodes (malicious nodes) and pending nodes; if there is a record of providing resources or obtaining resources between nodes, it is considered to form a connection edge; when the pending node sends out a resource application as the applicant, it is assumed that the participant that receives the resource application and provides resources is a bona fide node. In the random routing, the characteristics of the applicant node are extracted, and based on this, the nature of the pending node that sends out the resource application is identified, so as to decide whether to provide resources to it. The invention can effectively identify Sybil nodes, so as to resist Sybil attacks.

The invention relates to a parallel parsing method for SCD files of an intelligent substation. A master-slave parsing mechanism is adopted, the main thread extracts the structure of the SCD file, and the slave threads parse the names and properties of labels. The main thread and the slave thread are in a serial relationship; the main thread and the main thread, and the slave thread and the slave thread are in a parallel relationship. Start five types of main threads in parallel according to the SCD file structure, mark the first-level label position of the SCD file, and save the label position information; count the number of first-level label positions, and start the same number of slave threads to analyze the first-level label and the labels it contains The name and nature of the analysis result of each slave thread is stored in a tree structure, and a type subtree is established, and each subtree is integrated into a complete main tree according to the SCD file structure; the parsing process uses a parallel hash algorithm to realize the tree structure Quick Search. The invention adopts the parallel multi-thread technology to greatly reduce the analysis time of the SCD file and improve the result query efficiency.