254 results about "Spoofing attack" patented technology

A method and apparatus are disclosed for analyzing the operation of one or more network gateways, such as firewalls or routers, that perform a packet filtering function in a network environment. Given a user query, the disclosed firewall analysis tool simulates the behavior of the various firewalls, taking into account the topology of the network environment, and determines which portions of the services or machines specified in the original query would manage to reach from the source to the destination. The relevant packet-filtering configuration files are collected and an internal representation of the implied security policy is derived. A graph data structure is used to represent the network topology. A gateway-zone graph permits the firewall analysis tool to determine where given packets will travel in the network, and which gateways will be encountered along those paths. In this manner, the firewall analysis tool can evaluate a query object against each rule-base object, for each gateway node in the gateway-zone graph that is encountered along each path between the source and destination. A graphical user interface is provided for receiving queries, such as whether one or more given services are permitted between one or more given machines, and providing results. A spoofing attack can be simulated by allowing the user to specify where packets are to be injected into the network, which may not be the true location of the source host-group.

A system and method for detecting global positioning system (GPS) spoofing attacks includes collecting GPS readings along with inertial navigational system (INS) readings as a ground truth, and sequentially testing the GPS readings and INS readings through the use of a sequential probability ratio testing (SPRT) process.

The various embodiments of the present invention include techniques for securing the use of data deduplication activities occurring in a source-deduplicating storage management system. These techniques are intended to prevent fake data backup, target data contamination, and data spoofing attacks initiated by a source. In one embodiment, one technique includes limiting chunk querying to authorized users. Another technique provides detection of attacks and unauthorized access to keys within the target system. Additional techniques include the combination of validating the existence of data from the source by validating the data chunk, validating a data sample of the data chunk, or validating a hash value of the data chunk. A further embodiment involves the use of policies to provide authorization levels for chunk sharing and linking within the target. These techniques separately and in combination provide a comprehensive strategy to avoid unauthorized access to data within the target storage system.

Detection for pharming attacks and specifically for changes in name-to-IP resolutions on a computer system using rules is described. The DNS settings and the Hosts file on a computer system are monitored and their modification information is saved as a part of the historical data over time. When an IP address is determined for a host name, various rules are applied to the IP address in connection with the saved historical data, such that each rule produces a score based on various criteria. Different rules may have different weights assigned to their scores. The scores of all the rules are summed up to produce a final score. If the final score is above a predefined value, then there is a suspicious change in the IP address, and an alert is sent. Otherwise, the host name and the IP address are saved as a part of the historical data.

This invention is a system, method, and apparatus for detecting compromise of IP devices that make up an IP-based network. One embodiment is a method for detecting and alerting on the following conditions: (1) Denial of Service Attack; (2) Unauthorized Usage Attack (for an IP camera, unauthorized person seeing a camera image); and (3) Spoofing Attack (for an IP camera, unauthorized person seeing substitute images). A survey of services running on the IP device, historical benchmark data, and traceroute information may be used to detect a possible Denial of Service Attack. A detailed log analysis and a passive DNS compromise system may be used to detect a possible unauthorized usage. Finally, a fingerprint (a hash of device configuration data) may be used as a private key to detect a possible spoofing attack. The present invention may be used to help mitigate intrusions and vulnerabilities in IP networks.

HTTP requests initiated from a web browser of a client computer system are proxied prior to release to a router, such as a home router. HTTP requests identifying a referrer URL corresponding to routable, public IP address and a target URL corresponding to a non-routable, private IP address are determined to be indicative of a drive-by pharming attack, and are blocked from sending to the router. HTTP requests not identifying a referrer URL corresponding to a routable, public IP address and a target URL corresponding to a non-routable, private IP address, the HTTP request are not determined to be indicative of a drive-by pharming attack, and are released for sending to the router. In some embodiments, an HTTP response received in response to a released HTTP request is proxied prior to release to the web browser. An HTTP response having content of type text / html or script is modified as indicated to prevent malicious activity and released to the web browser.

The invention provides a security control method of an event-driven network control system under a multi-network attack. Considering the network transmission security problem, a random network spoofing attack, a replay attack and a DoS attack are sequentially introduced, and a system closed-loop model under the multi-network attack is established. Further considering the constraint of the limitednetwork bandwidth, an event trigger mechanism is introduced to screen and release sampling data meeting a preset event trigger condition to the network for transmission, thereby establishing a new switching system model on the basis of the system closed-loop model. Based on a switching system model, a Lyapunov stability theory is utilized to obtain a sufficiency condition for enabling the system to meet the stability of a mean square index, and a group of linear matrix inequalities is solved to obtain the gain of the state feedback controller. Compared with an existing controller design method, safe and stable operation of the network control system under the influence of multi-network attacks is guaranteed, meanwhile, the data transmission frequency is reduced, and limited network bandwidth resources are saved.

The invention discloses a deception voice detection method based on a deep neural network. The method comprises the following steps: A, training and building a deception voice detection model based onthe deep neural network according to voice data, with the known authenticity, of a user, wherein the deception voice detection model has network parameters; and B, performing classification judgmenton test voices to be tested in the trained deception voice detection model with the network parameters so as to judge whether the test voices are real voices or deceptive voices. The method has the following advantages: novel unknown voice synthesis, voice conversion, record playback and other deceptive attacks are supported.

A storage area network resistant to spoofing attack has several nodes each having a port, and storage area network interconnect interconnecting the ports. Each port is provided with a hash function generator for providing and verifying an authentication code for frames transmitted over the storage area network, and a key table for providing a key to the hash function generator. The authentication code is generated by applying a hash function to the key and to at least an address portion of each frame. In each node, the key is selected from that node's key table according to address information of the frame.

This invention is a system, method, and apparatus for detecting compromise of IP devices that make up an IP-based network. One embodiment is a method for detecting and alerting on the following conditions: (1) Denial of Service Attack; (2) Unauthorized Usage Attack (for an IP camera, unauthorized person seeing a camera image); and (3) Spoofing Attack (for an IP camera, unauthorized person seeing substitute images). A survey of services running on the IP device, historical benchmark data, and traceroute information may be used to detect a possible Denial of Service Attack. A detailed log analysis and a passive DNS compromise system may be used to detect a possible unauthorized usage. Finally, a fingerprint (a hash of device configuration data) may be used as a private key to detect a possible spoofing attack. The present invention may be used to help mitigate intrusions and vulnerabilities in IP networks.

The invention relates to a deception recognizing method and device of a face image. The method includes: acquiring the face image to be recognized; utilizing a trained first neural network to extractlocal features of the face in the face image to acquire a local feature value of the face image; utilizing a trained second neural network to extract depth features of the face in the face image to acquire a depth feature value of the face image; fusing the local feature value and the depth feature value to acquire a fusion value of the face image; comparing the fusion value with a threshold value, and judging a deception recognizing result of the face image according to a comparison result. The deception recognizing method is high in recognizing accuracy and robustness and capable of dealingwith various image deception attacks.

Disclosed is a technique that can provide one or more countermeasures against spoofers. A direction from which a spoofing attack occurs is identified. A beamformer can control an antenna pattern of a CRPA to null out signals from that direction, which can assist a GNSS receiver to avoid error induced by the spoofing attack. Further, after two or more observations, the location of the spoofer can be identified.