CN111901348A - Method and system for active network threat awareness and mimicry defense - Google Patents
Method and system for active network threat awareness and mimicry defense Download PDFInfo
- Publication number
- CN111901348A CN111901348A CN202010745389.8A CN202010745389A CN111901348A CN 111901348 A CN111901348 A CN 111901348A CN 202010745389 A CN202010745389 A CN 202010745389A CN 111901348 A CN111901348 A CN 111901348A
- Authority
- CN
- China
- Prior art keywords
- mimicry
- access
- threat
- flow
- service
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention belongs to the technical field of network security, in particular to a method and a system for active network threat perception and mimicry defense. The invention has low cost, high safety and high automation degree, adopts a non-injection data marking mode, does not influence the running service, can sense unknown risks, and can realize active risk research and judgment and a total station mimicry active defense system.
Description
Technical Field
The invention relates to the technical field of network security, in particular to a method and a system for active network threat perception and mimicry defense.
Background
There is currently a "unknown threat" or referred to as an uncertain threat in the cyber space. Such threats are typically based on vulnerabilities in the software and hardware components of the information system, or deliberate implantation of software and hardware backdoors in the industry chain of the global era to implement human attacks. With the current technological level and cognitive ability of human beings, scientific judgment without vulnerabilities and backdoors cannot be made on a given complex information system from a theoretical level, and design defects cannot be thoroughly avoided or backdoors can not be completely avoided from an engineering level, so that attacks implemented based on the unknown vulnerabilities of a defensive party or virus trojans and the like become the largest security threat of a network space.
The existing defense system of the network space is precise defense based on threat characteristic perception. On the premise of 'known risk' or 'known unknown risk', the method needs support of priori knowledge of attack sources, attack characteristics, attack ways, attack behaviors and the like, belongs to 'acquired immunity' in a defense mechanism, and generally needs an encryption or authentication function as 'bottom line defense'. Obviously, vulnerability exists in defense systems and mechanisms when dealing with unknown attacks based on unknown vulnerabilities backdoors or virus trojans and the like. Particularly in an ecological environment where the credibility of the software and hardware of the system cannot be ensured, almost no real-time and efficient countermeasures are provided except 'sheep death and touch-up' for uncertain threats, and the encryption authentication link or function cannot be absolutely guaranteed not to be deliberately bypassed or short-circuited.
In addition, the staticity, similarity and certainty of the existing information system architecture also provide a lot of convenience for attackers in target identification, defensive behavior detection, attack technology test perfection, attack effect evaluation and the like. Meanwhile, most information systems use a single processing space resource sharing operation mechanism, and an intruder can realize expected operation through the resource sharing mechanism as long as entering the space, which is one of important basic conditions of a plurality of network attack theories, including breaking through a side channel attack principle used by a physical isolation network. Therefore, key problems such as certainty of an information system architecture and mechanism, vulnerability of a passive defense system, lack of an active immune mechanism and the like jointly form a maximum safe black hole in a network space;
compared with the prior art and similar patent technologies with higher similarity, such as the active sensing method for security threats based on honeypot defense with the publication number of CN108446557B and the technical implementation steps described in the right claims of a website structure mimicry method for protecting web application security with the publication number of CN104951711B, the two patents with higher similarity both adopt passive mimicry defense systems, and have the following disadvantages: two existing technical means do not have initial attack information integration research and judgment, a real system cannot be hidden in the face of unknown risks, a real service system site is required to be used as a simulation object when a honeypot or a mimicry fake system is used for repackaging, deceptive repackaging cannot be effectively carried out in the face of unknown risks, and the safety effect is low. The second disadvantage is that: in the two prior arts, the identity of the visitor is marked by inserting the URL into the request data, and the marked identity information matches with known risks and features, so that integration and study and judgment of attack information cannot be achieved, and more people are required to participate in judgment according to personal experience. It has three disadvantages: the existing defense systems all show safety defense in practical application, but are more prone to passive defense and seriously depend on experience. Further provides a method and a system for active network threat perception and mimicry defense.
Disclosure of Invention
The method and the system for active network threat perception and mimicry defense provided by the invention solve the problem of low security of the existing network space.
In order to achieve the purpose, the invention adopts the following technical scheme:
the method and the system for active network threat perception and mimicry defense comprise flow collection and analysis, active threat perception, a full stack mimicry engine and blocking treatment, wherein the flow collection and analysis comprises the following steps: adopting full-flow service analysis, marking hxy data requests of all server repackages, automatically inputting a service asset management list and forming a service label, performing graded verification and input according to rule definition, access frequency, service flow position, data flow content and service remarks, fundamentally avoiding unknown service stealing and running behavior, enhancing service flow safety management, copying all flow quantities to an intranet to a mimicry server, performing automatic asset statistics by the mimicry server according to the intranet repackaging condition, and determining whether to perform mimicry processing on the access according to comparison between an accessed target and the asset, wherein the active threat perception is as follows: the system is internally provided with a threat characteristic library and a perception module, matching is carried out according to threat behaviors in flow, threat alarm is carried out on access meeting conditions, meanwhile, the perception module carries out prejudgment according to the access behaviors of users, marks users with sniffing behaviors, such as users scanning directories without normal sites and the like, the access with sniffing behavior marks is bound with preset matching rules of threat characteristics to realize comprehensive research and judgment, and the full-stack mimicry engine: the system classifies all accessed flows according to self-statistical asset data, one type is marked as real access flow, the other type is marked as false access flow, the real access flow system is monitored and hidden without performing mimicry defense processing, the false access flow system performs automatic mimicry simulation data reply according to a built-in container service site and related configuration, except a simulation site and a process of a built-in container, the system simultaneously supports quote of a ready-made similar site to perform mimicry simulation reply, an attacker is confused about an attack target, attack cost is increased, attack behaviors are delayed, and the blocking disposal capacity is as follows: according to the comprehensive research and judgment result of active sensing, the attack source IP is blocked by combining a disposal module of the system and a preset disposal plan, and whether the simulated deception is started for the attack IP after the attack source IP is blocked according to the system setting or not is supported.
The active network threat awareness and mimicry defense method comprises the following steps:
s1, white listing the important client IP;
s2, analyzing the access flow by the system, and automatically collecting the normal service assets of the internal network;
s3, determining whether the initiated access target is a normal service, where the method includes the following two steps:
s3.1, if the assets are judged to be normal, the system hides the system, carries out access statistics and behavior perception, and simultaneously matches all accesses with a threat feature library, wherein the method comprises the following two steps:
s3.11, judging that the matched access system which accords with the threat characteristic and has sniffing behavior is treated by combining with a preset threat treatment condition;
s3.12, judging that the matching does not have access of threat characteristics, and not performing access intervention by the system;
and S3.2, if the assets are judged to be abnormal assets, performing mimicry simulation defense treatment.
The invention has the beneficial effects that: the invention adopts containerized deployment, so that the resource and cost investment is low, and the availability is higher; the method adopts an active defense mode, has the active sensing capability of unknown risks, does not depend on the known leak library, risk library and feature library, and can identify the unknown risks without manual participation; the invention adopts a non-injection data marking mode, which can not affect the running service; the method adopts a full stack mimicry defense mechanism, completely simulates existing or virtual server requests, and performs 100% simulation data response on data requests with unknown risks without depending on real existing service system data; the invention uses different containers to open different mimicry services to perform mimicry response through a containerization mimicry mechanism; the invention has an automatic IP plugging mechanism based on rule management, and can automatically select plugging equipment, automatically generate scripts, automatically issue the scripts and automatically verify the scripts. The method adopts a total-station service mimicry mechanism, does not need to insert URL (uniform resource locator) to identify the identity of the visitor in the risk identification stage, randomly opens a redundant port and randomly generates a simulation data response request in the mimicry process, obtains an attack intention by adopting the deceptive packet-returning delayed aggressivity of the simulation data and organizes network risk intrusion through a blocking function.
Drawings
Fig. 1 is a flowchart illustrating steps of a method for active cyber-threat awareness and mimicry defense according to the present invention.
Fig. 2 is a schematic structural diagram of a dynamic heterogeneous redundancy structure in the active network threat awareness and mimicry defense method and system according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments.
Referring to fig. 1-2, the method and system for active network threat awareness and mimicry defense includes flow collection and analysis, active threat awareness, a full stack mimicry engine and blocking disposal;
and flow acquisition and analysis: adopting full-flow service analysis, marking hxy data requests of all server repackages, automatically inputting a service asset management list and forming a service label, performing graded verification and input according to rule definition, access frequency, service flow position, data flow content and service remarks, fundamentally avoiding unknown service running-in behavior, enhancing service flow safety management, copying all flow quantities leading to an intranet to a mimicry server, performing automatic asset statistics by the mimicry server according to the intranet repackaging condition, and comparing an accessed target with the asset to determine whether to perform mimicry processing on the access;
the active threat awareness: the system is internally provided with a threat characteristic library and a perception module, matching is carried out according to threat behaviors in flow, threat alarm is carried out on access meeting conditions, meanwhile, the perception module carries out prejudgment according to the access behaviors of users, marks users with sniffing behaviors, such as users scanning directories without normal sites and the like, and binds the access with sniffing behavior marks with preset matching rules of threat characteristics to realize comprehensive research and judgment;
the full stack mimicry engine: the system classifies all accessed flows according to self-counted asset data, one type is marked as real access flow, the other type is marked as false access flow, the real access flow system is monitored and hidden without performing mimicry defense processing, the false access flow system is subjected to automatic mimicry simulation data reply according to a built-in container service site and related configuration, except a simulation site and a process of a built-in container, the system simultaneously supports quote of a ready-made similar site for mimicry simulation reply, an attacker is confused about the cognition of an attack target, the attack cost is increased, and the attack behavior is delayed;
the occlusion handling capacity: according to the comprehensive research and judgment result of active sensing, the attack source IP is blocked by combining a disposal module of the system and a preset disposal plan, and whether the simulated deception is started for the attack IP after the attack source IP is blocked according to the system setting or not is supported.
The active network threat awareness and mimicry defense method comprises the following steps:
s1, white listing the important client IP;
s2, analyzing the access flow by the system, and automatically collecting the normal service assets of the internal network;
s3, determining whether the initiated access target is a normal service, where the method includes the following two steps:
s3.1, if the assets are judged to be normal, the system hides the system, carries out access statistics and behavior perception, and simultaneously matches all accesses with a threat feature library, wherein the method comprises the following two steps:
s3.11, judging that the matched access system which accords with the threat characteristic and has sniffing behavior is treated by combining with a preset threat treatment condition;
s3.12, judging that the matching does not have access of threat characteristics, and not performing access intervention by the system;
and S3.2, if the assets are judged to be abnormal assets, performing mimicry simulation defense treatment.
Example (b): the mimicry defense is an active defense behavior, as the thought is applied to the network space security field, the mimicry defense can effectively inhibit the rear door of a bug and the Trojan horse virus, greatly changes the current game rules of 'checking the bug and blocking the door, killing virus and the Trojan horse, killing sheep and reinforcing' and explores a new path which is self-controllable, safe and credible for solving the network space security problem, the mimicry defense is based on the mature heterogeneous redundancy reliability technical architecture, by introducing a multi-dimensional dynamic reconstruction mechanism based on a mimicry camouflage strategy and establishing a dynamic heterogeneous redundancy system structure, the conversion of a network information system from similarity and static to heterogeneity and dynamic is realized, an endogenous safety effect for effectively resisting unknown threats such as a vulnerability backdoor and the like is formed, therefore, the network information system has the endogenous safety capability of generalized robust control on the premise of not depending on the prior knowledge or behavior characteristics of the attack. The invention adopts containerized deployment, so that the resource and cost investment is low, and the availability is higher; the method adopts an active defense mode, has the active sensing capability of unknown risks, does not depend on the known leak library, risk library and feature library, and can identify the unknown risks without manual participation; the invention adopts a non-injection data marking mode, which can not affect the running service; the method adopts a full stack mimicry defense mechanism, completely simulates existing or virtual server requests, and performs 100% simulation data response on data requests with unknown risks without depending on real existing service system data; the invention uses different containers to open different mimicry services to perform mimicry response through a containerization mimicry mechanism; the invention has an automatic IP plugging mechanism based on rule management, can automatically select plugging equipment, automatically generate a script, automatically issue the script and automatically verify the script, adopts a total station service mimicry mechanism, does not need to insert URL (uniform resource locator) to identify the identity of an accessor in a risk identification stage, randomly opens a redundant port and randomly generates a simulation data response request in the mimicry process, adopts a simulation data deception packet-returning delayed aggressive behavior to obtain an aggressive intention and can organize network risk intrusion through a plugging function.
In the description of the present invention, it is to be understood that the terms "center", "longitudinal", "lateral", "length", "width", "thickness", "upper", "lower", "front", "rear", "left", "right", "vertical", "horizontal", "top", "bottom", "inner", "outer", "clockwise", "counterclockwise", and the like, indicate orientations and positional relationships based on those shown in the drawings, and are used only for convenience of description and simplicity of description, and do not indicate or imply that the equipment or element being referred to must have a particular orientation, be constructed and operated in a particular orientation, and thus, should not be considered as limiting the present invention.
Furthermore, the terms "first", "second" and "first" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include one or more of that feature. In the description of the present invention, "a plurality" means two or more unless specifically defined otherwise.
The above description is only for the preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art should be considered to be within the technical scope of the present invention, and the technical solutions and the inventive concepts thereof according to the present invention should be equivalent or changed within the scope of the present invention.
Claims (2)
1. The system for active network threat perception and mimicry defense is characterized by comprising flow acquisition and analysis, active threat perception, a full stack mimicry engine and blocking treatment;
and flow acquisition and analysis: adopting full-flow service analysis, marking hxy data requests of all server repackages, automatically inputting a service asset management list and forming a service label, performing graded verification and input according to rule definition, access frequency, service flow position, data flow content and service remarks, fundamentally avoiding unknown service running-in behavior, enhancing service flow safety management, copying all flow quantities leading to an intranet to a mimicry server, performing automatic asset statistics by the mimicry server according to the intranet repackaging condition, and comparing an accessed target with the asset to determine whether to perform mimicry processing on the access;
the active threat awareness: the system is internally provided with a threat characteristic library and a perception module, matching is carried out according to threat behaviors in flow, threat alarm is carried out on access meeting conditions, meanwhile, the perception module carries out prejudgment according to the access behaviors of users, marks users with sniffing behaviors, such as users scanning directories without normal sites and the like, and binds the access with sniffing behavior marks with preset matching rules of threat characteristics to realize comprehensive research and judgment;
the full stack mimicry engine: the system classifies all accessed flows according to self-counted asset data, one type is marked as real access flow, the other type is marked as false access flow, the real access flow system is monitored and hidden without performing mimicry defense processing, the false access flow system is subjected to automatic mimicry simulation data reply according to a built-in container service site and related configuration, except a simulation site and a process of a built-in container, the system simultaneously supports quote of a ready-made similar site for mimicry simulation reply, an attacker is confused about the cognition of an attack target, the attack cost is increased, and the attack behavior is delayed;
the occlusion handling capacity: according to the comprehensive research and judgment result of active sensing, the attack source IP is blocked by combining a disposal module of the system and a preset disposal plan, and whether the simulated deception is started for the attack IP after the attack source IP is blocked according to the system setting or not is supported.
2. The active network threat awareness and mimicry defense method is characterized by comprising the following steps of:
s1, white listing the important client IP;
s2, analyzing the access flow by the system, and automatically collecting the normal service assets of the internal network;
s3, determining whether the initiated access target is a normal service, where the method includes the following two steps:
s3.1, if the assets are judged to be normal, the system hides the system, carries out access statistics and behavior perception, and simultaneously matches all accesses with a threat feature library, wherein the method comprises the following two steps:
s3.11, judging that the matched access system which accords with the threat characteristic and has sniffing behavior is treated by combining with a preset threat treatment condition;
s3.12, judging that the matching does not have access of threat characteristics, and not performing access intervention by the system;
and S3.2, if the assets are judged to be abnormal assets, performing mimicry simulation defense treatment.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010745389.8A CN111901348A (en) | 2020-07-29 | 2020-07-29 | Method and system for active network threat awareness and mimicry defense |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010745389.8A CN111901348A (en) | 2020-07-29 | 2020-07-29 | Method and system for active network threat awareness and mimicry defense |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111901348A true CN111901348A (en) | 2020-11-06 |
Family
ID=73182456
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010745389.8A Pending CN111901348A (en) | 2020-07-29 | 2020-07-29 | Method and system for active network threat awareness and mimicry defense |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111901348A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112532635A (en) * | 2020-12-01 | 2021-03-19 | 郑州昂视信息科技有限公司 | Security verification method and device of mimicry defense equipment |
| CN112769851A (en) * | 2021-01-19 | 2021-05-07 | 汉纳森(厦门)数据股份有限公司 | Mimicry defense system based on Internet of vehicles |
| CN115225415A (en) * | 2022-09-21 | 2022-10-21 | 南京华盾电力信息安全测评有限公司 | Password application platform for new energy centralized control system and monitoring and early warning method |
| CN117081862A (en) * | 2023-10-16 | 2023-11-17 | 北京安天网络安全技术有限公司 | Local area network security defense method and device, electronic equipment and storage medium |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2014066500A1 (en) * | 2012-10-23 | 2014-05-01 | Hassell Suzanne P | Cyber analysis modeling evaluation for operations (cameo) simulation system |
| CN103905451A (en) * | 2014-04-03 | 2014-07-02 | 国家电网公司 | System and method for trapping network attack of embedded device of smart power grid |
| CN105610813A (en) * | 2015-12-28 | 2016-05-25 | 中国人民解放军信息工程大学 | Mobile communication inter-network honeypot system and method |
| CN106506435A (en) * | 2015-09-08 | 2017-03-15 | 中国电信股份有限公司 | For detecting method and the firewall system of network attack |
| CN107277025A (en) * | 2017-06-28 | 2017-10-20 | 维沃移动通信有限公司 | A kind of Secure Network Assecc method, mobile terminal and computer-readable recording medium |
| CN107707576A (en) * | 2017-11-28 | 2018-02-16 | 深信服科技股份有限公司 | A kind of network defense method and system based on Honeypot Techniques |
| CN109088901A (en) * | 2018-10-31 | 2018-12-25 | 杭州默安科技有限公司 | Deception defence method and system based on SDN building dynamic network |
| CN110505206A (en) * | 2019-07-19 | 2019-11-26 | 广东电网有限责任公司信息中心 | A kind of internet threat monitoring defence method based on dynamic joint defence |
| CN110958262A (en) * | 2019-12-15 | 2020-04-03 | 国网山东省电力公司电力科学研究院 | Ubiquitous Internet of things safety protection gateway system, method and deployment architecture in power industry |
-
2020
- 2020-07-29 CN CN202010745389.8A patent/CN111901348A/en active Pending
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2014066500A1 (en) * | 2012-10-23 | 2014-05-01 | Hassell Suzanne P | Cyber analysis modeling evaluation for operations (cameo) simulation system |
| CN103905451A (en) * | 2014-04-03 | 2014-07-02 | 国家电网公司 | System and method for trapping network attack of embedded device of smart power grid |
| CN106506435A (en) * | 2015-09-08 | 2017-03-15 | 中国电信股份有限公司 | For detecting method and the firewall system of network attack |
| CN105610813A (en) * | 2015-12-28 | 2016-05-25 | 中国人民解放军信息工程大学 | Mobile communication inter-network honeypot system and method |
| CN107277025A (en) * | 2017-06-28 | 2017-10-20 | 维沃移动通信有限公司 | A kind of Secure Network Assecc method, mobile terminal and computer-readable recording medium |
| CN107707576A (en) * | 2017-11-28 | 2018-02-16 | 深信服科技股份有限公司 | A kind of network defense method and system based on Honeypot Techniques |
| CN109088901A (en) * | 2018-10-31 | 2018-12-25 | 杭州默安科技有限公司 | Deception defence method and system based on SDN building dynamic network |
| CN110505206A (en) * | 2019-07-19 | 2019-11-26 | 广东电网有限责任公司信息中心 | A kind of internet threat monitoring defence method based on dynamic joint defence |
| CN110958262A (en) * | 2019-12-15 | 2020-04-03 | 国网山东省电力公司电力科学研究院 | Ubiquitous Internet of things safety protection gateway system, method and deployment architecture in power industry |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112532635A (en) * | 2020-12-01 | 2021-03-19 | 郑州昂视信息科技有限公司 | Security verification method and device of mimicry defense equipment |
| CN112532635B (en) * | 2020-12-01 | 2023-04-18 | 郑州昂视信息科技有限公司 | Security verification method and device of mimicry defense equipment |
| CN112769851A (en) * | 2021-01-19 | 2021-05-07 | 汉纳森(厦门)数据股份有限公司 | Mimicry defense system based on Internet of vehicles |
| CN115225415A (en) * | 2022-09-21 | 2022-10-21 | 南京华盾电力信息安全测评有限公司 | Password application platform for new energy centralized control system and monitoring and early warning method |
| CN117081862A (en) * | 2023-10-16 | 2023-11-17 | 北京安天网络安全技术有限公司 | Local area network security defense method and device, electronic equipment and storage medium |
| CN117081862B (en) * | 2023-10-16 | 2024-01-26 | 北京安天网络安全技术有限公司 | Local area network security defense method and device, electronic equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111901348A (en) | Method and system for active network threat awareness and mimicry defense | |
| Zhang et al. | User intention-based traffic dependence analysis for anomaly detection | |
| CN116545650B (en) | Network dynamic defense method | |
| Raghuvanshi et al. | Internet of Things: Security vulnerabilities and countermeasures | |
| CN113411297A (en) | Situation awareness defense method and system based on attribute access control | |
| CN115225315A (en) | Network white list management and control scheme based on Android system | |
| CN114928462A (en) | Web safety protection method based on user behavior recognition | |
| CN113660222A (en) | Situation awareness defense method and system based on mandatory access control | |
| Adeleke | Intrusion detection: issues, problems and solutions | |
| CN111314370B (en) | Method and device for detecting service vulnerability attack behavior | |
| CN117527297A (en) | Domain name based network security detection system | |
| CN115378643B (en) | Network attack defense method and system based on honey points | |
| Thankachan et al. | A survey and vital analysis of various state of the art solutions for web application security | |
| Zhao et al. | Network security model based on active defense and passive defense hybrid strategy | |
| CN115694928A (en) | Cloud honeypot of whole-ship computing environment, attack event perception and behavior analysis method | |
| Sijan et al. | A review on e-banking security in Bangladesh: An empirical study | |
| CN105912945A (en) | Safety reinforcing device and operation method of operating system | |
| Orucho et al. | Security threats affecting user-data on transit in mobile banking applications: A review | |
| CN112000953A (en) | Big data terminal safety protection system | |
| Suroso et al. | Cyber Security System With SIEM And Honeypot In Higher Education | |
| Rawal et al. | Hacking for Dummies | |
| Karakaya et al. | A Survey of Cyber-Threats for the Security of Institutions | |
| Banyal et al. | 7 Cyber Attack Analysis | |
| Kant | How Cyber Threat Intelligence (CTI) Ensures Cyber Resilience Using Artificial Intelligence and Machine Learning | |
| CN112637217B (en) | Active defense method and device of cloud computing system based on bait generation |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20201106 |
|
| RJ01 | Rejection of invention patent application after publication |