CN110048868B - Scheduling method of operating system executive - Google Patents

Scheduling method of operating system executive Download PDF

Info

Publication number
CN110048868B
CN110048868B CN201810038727.7A CN201810038727A CN110048868B CN 110048868 B CN110048868 B CN 110048868B CN 201810038727 A CN201810038727 A CN 201810038727A CN 110048868 B CN110048868 B CN 110048868B
Authority
CN
China
Prior art keywords
executors
pool
network template
operating system
executable
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810038727.7A
Other languages
Chinese (zh)
Other versions
CN110048868A (en
Inventor
高明晋
沈茹婧
袁尧
石晶林
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Zhongke Jingshang Hypermedia Information Technology Co ltd
Original Assignee
Beijing Zhongke Jingshang Hypermedia Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Zhongke Jingshang Hypermedia Information Technology Co ltd filed Critical Beijing Zhongke Jingshang Hypermedia Information Technology Co ltd
Priority to CN201810038727.7A priority Critical patent/CN110048868B/en
Publication of CN110048868A publication Critical patent/CN110048868A/en
Application granted granted Critical
Publication of CN110048868B publication Critical patent/CN110048868B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/0813Configuration setting characterised by the conditions triggering a change of settings
    • H04L41/0816Configuration setting characterised by the conditions triggering a change of settings the condition being an adaptation, e.g. in response to network events
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/145Network analysis or design involving simulating, designing, planning or modelling of a network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic

Abstract

The invention provides a scheduling method of an operating system executive and a corresponding scheduling device. The scheduling method comprises the following steps: randomly selecting a plurality of executors from an executor pool related to a network template to form a to-be-selected executor pool, wherein the network template is used for characterizing an operating system; distributing corresponding executors for each port of the network template from the to-be-selected executors pool; determining a state of a corresponding executable allocated to each port of the network template. By the scheduling method, an attacker can obtain different information about the characteristics of the operating system, the audio and the video are confused, the attacker is difficult to predict the calling rule of the execution body, and the mimicry defense effect is achieved.

Description

Scheduling method of operating system executive
Technical Field
The invention relates to the technical field of computers, in particular to a scheduling method of an operating system executive.
Background
In the existing operating system, a defense system is an accurate defense based on known threats, and effective defense can be performed only on the basis of knowing attack sources, attack characteristics, attack behaviors and an attack mechanism. However, because an unknown bug or backdoor exists in the operating system, the existing security protection system can only continuously discover the bug and the backdoor, and then self-perfects through passive modes such as patching and antivirus, and cannot cope with the unknown threat. Moreover, the cyberspace information system architecture and defense are static, similar and deterministic in nature, meaning that system flaws are constantly exposed and vulnerable to attack.
Although some active defense methods exist in the prior art, such as typical non-similar redundancy architecture (DRS), a DRS-based system adds a plurality of independently developed, functionally equivalent heterogeneous devices into a fault-tolerant architecture with a multi-mode voting mechanism, and by comparing or detecting output vectors, it can tolerate handling of possible uncertain errors, i.e., uncertain failures caused by potential defects of software and hardware design and uncertain failures caused by physical mechanisms. The theoretical basis of the DRS is that the common-mode fault caused by common-mode design defects of independently developed devices or modules belongs to a small-probability event, so that the DRS framework has a good fault-tolerant property for uncertain faults. However, DRS-based systems are still static and deterministic, and an attacker can predict the defense behavior of the DRS system and therefore cannot directly cope with persistent and highly uncertain attacks such as Advanced Persistent Threats (APT). Moreover, once an attacker masters the defense behavior rule based on the DRS system, the attacker can effectively attack the DRS system. Once the attack is successful, its experience is repeatable. In addition, the existing DRS architecture is mainly applied to switches, and is not directed to an operating system, but is directed to an unknown vulnerability or an attack initiated by a backdoor, which is an uncertain threat to the operating system, and thus prediction cannot be performed through probability. In summary, once the resources and capabilities owned by an attacker can cover the static environment of the DRS architecture, an effective attack can be achieved.
Accordingly, there is a need for improvements in the art to provide effective security defense mechanisms for operating systems.
Disclosure of Invention
The present invention is directed to overcome the above-mentioned drawbacks of the prior art, and to provide a scheduling method for os executors.
According to a first aspect of the present invention, a method for scheduling an operating system executable is provided. The scheduling method comprises the following steps:
step 1: randomly selecting a plurality of executors from an executor pool related to a network template to form a to-be-selected executor pool, wherein the network template is used for characterizing an operating system;
step 2: distributing corresponding executors for each port of the network template from the to-be-selected executors pool;
and step 3: determining a state of a corresponding executable allocated to each port of the network template.
In one embodiment, the pool of candidate executors contains a number of executors equal to the number of available ports of the network template.
In one embodiment, in step 3, the status of the executable is randomly determined to be an idle state or a busy state.
In one embodiment, prior to step 1, the pool of executives associated with the network template is obtained by:
removing reserved executors from all executors of the operating system to form an original executer pool;
and deleting irrelevant executors from the original executors pool according to the operating system characteristics corresponding to the network template, thereby forming an executors pool relevant to the network template.
In one embodiment, the operating system comprises Windows, Linux, Vxworks, Android, UNIX, XENIX, Mac OS, RTOS, Netware, Windows NT.
According to a second aspect of the present invention, there is provided a scheduling apparatus of an operating system executor. The scheduling device includes:
a candidate executable pool generating unit, configured to randomly select multiple executors from an executable pool related to a network template to form a candidate executable pool, where the number of executors included in the candidate executable pool is equal to the number of ports of the network template, and the network template is used to characterize a feature of an operating system;
the executive scheduling unit is used for distributing corresponding executors for all ports of the network template from the to-be-selected executive pool;
and the executive body state determining unit is used for determining the state of the corresponding executive body allocated to each port of the network template.
In one embodiment, the pool of candidate executors contains a number of executors equal to the number of available ports of the network template.
In one embodiment, in the execution body status determination unit, the status of the execution body is randomly determined as an idle status or a busy status.
Compared with the prior art, the invention has the advantages that: by randomly scheduling the executive body of the network template for representing the characteristics of the operating system, the operating system presents higher uncertainty to an attacker, when the operating system is scanned at different time, the attacker obtains different information about the characteristics of the operating system, the audio and the video are mixed up, the attacker is difficult to predict the calling rule of the executive body, and thus the effect of mimicry defense is achieved.
Drawings
The invention is illustrated and described only by way of example and not by way of limitation in the scope of the invention as set forth in the following drawings, in which:
FIG. 1 illustrates a flow diagram of a method of scheduling operating system executors according to one embodiment of the present invention;
FIG. 2 illustrates a scheduling process of an operating system executor according to one embodiment of the invention;
FIG. 3 is a diagram of building state numbering rules for a pool of to-be-selected executors according to one embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions, design methods, and advantages of the present invention more apparent, the present invention will be further described in detail by specific embodiments with reference to the accompanying drawings. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
In one embodiment, the present invention provides a method for scheduling an operating system executor, which enables an operating system to present uncertain information to an attacker by allocating corresponding executors to ports of a network template and allocating states of the executors. In this context, network templates are used to reflect the characteristics of the operating system. In brief, the scheduling method of the os executor of the present invention includes a process of allocating an executor to each port of the network template and a process of allocating an executor state. Specifically, referring to fig. 1 and fig. 2, the scheduling method of the present invention includes the following steps:
step S110, determining an available original execution body pool.
Different operating systems have different characteristics, for example, Windows uses a file extension to identify the type of a file, Linux identifies its type according to the header content of the file, and in this context, the operating system is characterized by a network template (mimic template) which is composed of executables and can present information about the operating system characteristics.
In an operating system, there are many agents, e.g., HTTP80, TCP23, UDP80, ICMP2000, etc., each of which is a process, corresponding to a port, that protect the main process around it.
In the present invention, the case where the operating system contains a network template that reflects the characteristics of a particular operating system is discussed. By dynamically changing the network template, i.e. changing the state of the executors and executors corresponding to the network template, a certain operating system can be disguised as a feature of another operating system.
In this step, according to the characteristics of the operating system corresponding to the network template, some necessary ports and their services are determined, these ports are excluded from the subsequent port set to be allocated, and the executors required by these services are used as reserved executors, and do not participate in the executors scheduling process described below. After deleting the reserved executables from all the executables of the operating system, a subsequent available Original executable set or Original executable Pool (Original Agent Pool) is formed, i.e. the Original executable Pool may contain the corresponding executables of a certain operating system.
Operating systems herein include, but are not limited to, windows, Linux, Vxworks, Android, and the like.
Step S120, forming an execution body pool related to the network template based on the original execution body pool.
In this step, a corresponding or related executive pool of the network template is formed according to the operating system characteristics corresponding to the network template.
Specifically, in the case where one network template exists, irrelevant executors, that is, executors not required by the operating system feature corresponding to the network template, are deleted from the original execution entity pool, so as to obtain an execution entity pool related to the network template.
Step S130, randomly selecting a plurality of executors from the pool of executors related to the network template to form a pool of executors to be selected.
For a network template, the number of available ports of the network template can be set and is marked as M1The number of executors M in the pool of executors associated with the network template is usually greater than the number of ports M owned by the corresponding network template1. Randomly extracting M from the pool of executives associated with the network template1The executives form a candidate executor Pool (alternate Agent Pool) corresponding to the network template, that is, the number of executives contained in the candidate executor Pool is equal to the number of ports of the network template, and one port corresponds to one executor.
For a network template, the construction states of all the to-be-selected execution body pools are common:
M(M-1)…(M-M1+1) (1)
where M represents the number of executors in the pool of executors, M1Representing the port number of the network template.
In specific implementation, in order to determine the executors corresponding to the ports of the network template in each building state, the building states of the pool of executors to be selected are numbered, so as to determine the executors corresponding to the ports of the network template in each building state.
In one embodiment, assume that at time t, the execution body number corresponding to the mth port in the network template is E1,m(t), where (1, M) represents the mth port of the network template (where 1 is used to represent the number of the network template, and is always 1 in this embodiment because it only contains one network template), and M is 1,2, …, M1. Then, the vector composed of the execution block numbers corresponding to the ports at time t is represented as:
Figure BDA0001548815930000051
wherein E (t) represents a vector consisting of execution block numbers corresponding to the ports at time t, E1,m(t) represents the execution body number corresponding to the mth port of the network template at the time t, (1, M) represents the mth port of the network template, M is 1,2, …, M1
The above equation (2) is a Markov chain and has E (t) e { e | e1,m∈{1,2,…,M},e1,mTwo by two are different from each other), wherein,
Figure BDA0001548815930000052
is a state vector and each element represents the number of an executable.
The following describes a specific example of the numbering rule of the building state of the to-be-selected execution entity pool, and the following table 1 is taken as an example.
TABLE 1 example parameter Table
Description of parameters Parameter value
The number of executors M contained in the executors pool 8
Number of ports M of network template 1 3
As can be seen from table 1, the number M of executors included in the executor pool 1 corresponding to the network template (i.e., the executor pool obtained in the second step) is 8, and the network template has the number M of ports1Is 3. Marking 3 ports of the network template as port1, port2 and port3 respectively, and randomly selecting 3 executors from 8 executors to form an execution body pool to be selectedThere are 8 × 7 × 6 possible build states of the pool of executables to be selected.
Numbering all possible construction states of the to-be-selected execution body pool, wherein the numbering rule is as follows: all possible executables of port1 are numbered 1-8 (the executables included in the executor pool 1 are arranged in sequence); each executive number of the port1 corresponds to all possible executive numbers of the port2, namely, the executive numbers of the port1 are removed from 1-8, and the rest are arranged in sequence; each execution block number of port2 corresponds to all possible execution block numbers of port3, i.e., the execution block numbers of port1 and port2 are removed from 1-8, and the rest are arranged in order.
For example, see FIG. 3, which illustrates all build states and their number settings for all possible candidate executables pool 1 when the executables number of port1 is 1. Specifically, when the executive number of port1 is 1, all possible executive numbers of port2 are 2-8 with the executive number of port1 removed from 1-8, i.e., number 1 is removed, and thus, all possible executive numbers of port2 are 2-8, and similarly, for each executive number of port2, all possible executive numbers of port3 are 2-8 with the executive numbers of port1 and port2 removed from numbers 1-8, e.g., when the executive number of port2 is 7, the number of all possible executive numbers of port3 is 6, and the sequence numbers are 2-6 and 8, i.e., number 1 and number 7 are removed. In fig. 3, there are 42 (i.e., 7 × 6) total build states for one executable number of port1, and these build states may be numbered sequentially from 1 to 42. In this way, all 8 executables of port1 may be numbered sequentially, resulting in a total of 8 by 7 by 6 possible build states for the pool of executables to be selected.
Thus, according to the numbering rules described above, all build states for a network template may be sequentially numbered 1,2, …, M (M-1) … (M-M)1+1) and obtaining the corresponding execution body number of each port of the network template in each construction state.
Step S140, determining the status of each executable in the to-be-selected executable pool.
Each executor in the to-be-selected executor pool corresponds to two states: inactive (idle state) and active (busy state), indicated by 0 and 1, respectively.
Suppose that at time t, the agent corresponding to the mth port in the network template is in a state of D1,m(t)
Figure BDA0001548815930000061
Then
Figure BDA0001548815930000062
Is a Markov chain and has
D(t)∈{d}
Wherein the state vector
Figure BDA0001548815930000071
Each element in the total number of the elements is 0 or 1, and the total number is
Figure BDA0001548815930000072
All possible states can be numbered as:
Figure BDA0001548815930000073
the numbering rule of the state may be the same as that of the to-be-selected execution body pool building state, and is not described herein again.
Wherein D (t) represents a vector formed by the states of the executors corresponding to the ports at time t, D1,m(t) represents the state of the executable corresponding to the mth port of the network template at time t, M1Indicates the port number of the network template, (1, M) indicates the mth port of the network template, M is 1,2, …, M1
In the invention, the network template can present randomness to a large extent by randomly constructing the execution body pool to be selected and randomly selecting the execution body for the network template. This can be seen from two aspects:
firstly, the construction state of the to-be-selected execution body pool presents randomness.
Reference formula (2)To obtain E (t) from a state eiTransfer to another state ejTransition probability P ofijSuppose that:
1) at time t, if all the executors in the executor pool are in the idle state, the probabilities of occurrence of the build states of all the candidate executor pools are equal and independent from each other, that is:
Figure BDA0001548815930000074
Figure BDA0001548815930000075
at this time Et is a bernoulli process.
2) At the time t, if a certain executive is in a busy state, the executive does not participate in the reconstruction process of the pool state of the executive to be selected.
Based on the above assumptions, a transition probability P is obtainedijComprises the following steps:
Figure BDA0001548815930000076
wherein the content of the first and second substances,
Figure BDA0001548815930000077
n=1,2,…,M1,Bneach vector of which contains M1Element, th1… th, ynEach element is zero and the remaining elements are integers.
Figure BDA0001548815930000078
Figure BDA0001548815930000079
Is a vector whose elements are integers, denoted by eiAnd ejSubtracting the number of the port to obtain the number change of the corresponding executive body of each port, and if a certain port (1, y)k) The corresponding execution block number remains unchanged, then the position
Figure BDA00015488159300000710
Second, the state of the executable exhibits randomness.
With reference to equation (4), to obtain D (t) from a state diTransfer to another state djTransition probability Q ofijSuppose that:
1) at time t, if all executors in the executor pool are in idle state, the probabilities of all states occurring are equal and independent of each other, that is, the probabilities of all states occurring are:
Figure BDA0001548815930000081
in this case, D (t) is a Bernoulli process.
2) At time t, if an executable is in a busy state, the executable is always in a busy state at the next time.
Based on the above assumptions, we obtain:
Figure BDA0001548815930000082
the method of the invention can be applied to any electronic equipment with an operating system, such as computers, tablet computers, mobile phones and the like, so as to enhance the attack resistance.
It should be noted that, although the steps are described in a specific order, the steps are not necessarily performed in the specific order, and in fact, some of the steps may be performed concurrently or even in a changed order as long as the required functions are achieved.
The present invention may be a system, method and/or computer program product. The computer program product may include a computer-readable storage medium having computer-readable program instructions embodied therewith for causing a processor to implement various aspects of the present invention.
The computer readable storage medium may be a tangible device that retains and stores instructions for use by an instruction execution device. The computer readable storage medium may include, for example, but is not limited to, an electronic memory device, a magnetic memory device, an optical memory device, an electromagnetic memory device, a semiconductor memory device, or any suitable combination of the foregoing. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a Static Random Access Memory (SRAM), a portable compact disc read-only memory (CD-ROM), a Digital Versatile Disc (DVD), a memory stick, a floppy disk, a mechanical coding device, such as punch cards or in-groove projection structures having instructions stored thereon, and any suitable combination of the foregoing.
Having described embodiments of the present invention, the foregoing description is intended to be exemplary, not exhaustive, and not limited to the embodiments disclosed. Many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the described embodiments. The terminology used herein is chosen in order to best explain the principles of the embodiments, the practical application, or improvements made to the technology in the marketplace, or to enable others of ordinary skill in the art to understand the embodiments disclosed herein.

Claims (10)

1. A scheduling method of an operating system executive comprises the following steps:
step 1: randomly selecting a plurality of executors from an executor pool related to a network template to form a to-be-selected executor pool, wherein the network template is used for characterizing an operating system;
step 2: distributing corresponding executors for each port of the network template from the to-be-selected executors pool;
and step 3: determining a state of a corresponding executable allocated to each port of the network template.
2. The method according to claim 1, wherein in step 1, the pool of executors to be selected contains a number of executors equal to the number of available ports of the network template.
3. The method of claim 1, wherein in step 3, the status of the executable is randomly determined to be an idle or busy status.
4. The method of claim 1, wherein, prior to step 1, the pool of executables associated with a network template is obtained by:
removing reserved executors from all executors of the operating system to form an original executer pool;
and deleting irrelevant executors from the original executors pool according to the operating system characteristics corresponding to the network template, thereby forming an executors pool relevant to the network template.
5. The method of any of claims 1 to 4, wherein the operating system comprises windows, Linux, Vxworks, Android, UNIX, XENIX, Mac OS, RTOS, Netware.
6. An apparatus for scheduling an operating system executable, comprising:
a candidate executable pool generating unit, configured to randomly select multiple executors from an executable pool related to a network template to form a candidate executable pool, where the number of executors included in the candidate executable pool is equal to the number of ports of the network template, and the network template is used to characterize a feature of an operating system;
the executive scheduling unit is used for distributing corresponding executors for all ports of the network template from the to-be-selected executive pool;
and the executive body state determining unit is used for determining the state of the corresponding executive body allocated to each port of the network template.
7. The apparatus of claim 6, wherein the pool of candidate executors contains a number of executors equal to the number of available ports of the network template.
8. The apparatus according to claim 6 or 7, wherein in the execution body state determination unit, the state of the execution body is randomly determined as an idle state or a busy state.
9. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 5.
10. A computer device comprising a memory and a processor, on which memory a computer program is stored which is executable on the processor, characterized in that the steps of the method of any of claims 1 to 5 are implemented when the processor executes the program.
CN201810038727.7A 2018-01-16 2018-01-16 Scheduling method of operating system executive Active CN110048868B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810038727.7A CN110048868B (en) 2018-01-16 2018-01-16 Scheduling method of operating system executive

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810038727.7A CN110048868B (en) 2018-01-16 2018-01-16 Scheduling method of operating system executive

Publications (2)

Publication Number Publication Date
CN110048868A CN110048868A (en) 2019-07-23
CN110048868B true CN110048868B (en) 2022-03-01

Family

ID=67272881

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810038727.7A Active CN110048868B (en) 2018-01-16 2018-01-16 Scheduling method of operating system executive

Country Status (1)

Country Link
CN (1) CN110048868B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113114696B (en) * 2021-04-19 2022-12-09 北京天融信网络安全技术有限公司 Mimicry defense processing method, mimicry defense processing device, electronic equipment and medium

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106411937A (en) * 2016-11-15 2017-02-15 中国人民解放军信息工程大学 Mimicry defense architecture based zero-day attack detection, analysis and response system and method thereof
CN106982207A (en) * 2017-03-13 2017-07-25 中国人民解放军信息工程大学 A kind of method and system of dynamic dispatching network operating system

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8594323B2 (en) * 2004-09-21 2013-11-26 Rockstar Consortium Us Lp Method and apparatus for generating large numbers of encryption keys

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106411937A (en) * 2016-11-15 2017-02-15 中国人民解放军信息工程大学 Mimicry defense architecture based zero-day attack detection, analysis and response system and method thereof
CN106982207A (en) * 2017-03-13 2017-07-25 中国人民解放军信息工程大学 A kind of method and system of dynamic dispatching network operating system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
网络空间拟态防御研究;邬江兴;《信息安全学报》;20160430;全文 *

Also Published As

Publication number Publication date
CN110048868A (en) 2019-07-23

Similar Documents

Publication Publication Date Title
Rass et al. Defending against advanced persistent threats using game-theory
CN111552973B (en) Method and device for risk assessment of equipment, electronic equipment and medium
US20140137228A1 (en) Web application vulnerability scanning
Wang et al. Computing optimal monitoring strategy for detecting terrorist plots
CN109937564B (en) Method and apparatus for detecting fraudulent account usage in a distributed computing system
CN110048992B (en) Method for constructing dynamic heterogeneous redundant architecture
EP2629205A1 (en) Multi-entity test case execution workflow
CN110572409A (en) Industrial Internet security risk prediction method, device, equipment and storage medium
US11403372B2 (en) Systems, methods, and storage media for obfuscating a computer program by representing the control flow of the computer program as data
EP3172692A1 (en) Remedial action for release of threat data
Zegzhda et al. Using graph theory for cloud system security modeling
CN110048868B (en) Scheduling method of operating system executive
CN115486026A (en) Quantum computing machine learning of security threats
Sharifi et al. Availability challenge of cloud system under DDOS attack
US11777979B2 (en) System and method to perform automated red teaming in an organizational network
CN110046498B (en) Scheduling method of operating system executive
US20230300168A1 (en) Detecting malware infection path in a cloud computing environment utilizing a security graph
US20230208862A1 (en) Detecting malware infection path in a cloud computing environment utilizing a security graph
CN112910825A (en) Worm detection method and network equipment
US20230076391A1 (en) Scoring domains and ips using domain resolution data to identify malicious domains and ips
Cybenko et al. Overview of control and game theory in adaptive cyber defenses
US20170208018A1 (en) Methods and apparatuses for using exhaustible network resources
CN115021983B (en) Permeation path determining method and system based on absorption Markov chain
US20180260563A1 (en) Computer system for executing analysis program, and method of monitoring execution of analysis program
US10965693B2 (en) Method and system for detecting movement of malware and other potential threats

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant