CN110912876A - Mimicry defense system, method and medium for information system - Google Patents
Mimicry defense system, method and medium for information system Download PDFInfo
- Publication number
- CN110912876A CN110912876A CN201911089086.9A CN201911089086A CN110912876A CN 110912876 A CN110912876 A CN 110912876A CN 201911089086 A CN201911089086 A CN 201911089086A CN 110912876 A CN110912876 A CN 110912876A
- Authority
- CN
- China
- Prior art keywords
- mimicry
- request
- module
- information system
- execution module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000007123 defense Effects 0.000 title claims abstract description 41
- 238000000034 method Methods 0.000 title claims description 16
- 230000004044 response Effects 0.000 claims abstract description 25
- 238000006317 isomerization reaction Methods 0.000 claims description 9
- 230000002159 abnormal effect Effects 0.000 claims description 7
- 238000012544 monitoring process Methods 0.000 claims description 3
- 238000004140 cleaning Methods 0.000 claims description 2
- 238000012217 deletion Methods 0.000 claims description 2
- 230000037430 deletion Effects 0.000 claims description 2
- 238000003745 diagnosis Methods 0.000 claims description 2
- 238000011084 recovery Methods 0.000 claims description 2
- 238000004590 computer program Methods 0.000 claims 1
- 238000004364 calculation method Methods 0.000 description 4
- 238000002347 injection Methods 0.000 description 4
- 239000007924 injection Substances 0.000 description 4
- 238000001514 detection method Methods 0.000 description 3
- 230000000694 effects Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 238000004088 simulation Methods 0.000 description 3
- 230000003068 static effect Effects 0.000 description 3
- 230000006399 behavior Effects 0.000 description 2
- 238000011156 evaluation Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004422 calculation algorithm Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000005315 distribution function Methods 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 230000002085 persistent effect Effects 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention provides a mimicry defense system facing an information system, which comprises: a request distribution module: receiving a request sent by an information system user, distributing the request to the mimicry execution module, and forwarding a response result of the voted mimicry execution module to the information system user; a mimicry execution module: responding the request to obtain a response result; an external voting module: carrying out consistency voting on the response result from the mimicry execution module; the management service module: and managing and scheduling the mimicry execution module. The invention realizes the heterogeneous maximization of the mimicry execution module by the dynamic scheduling of the mimicry execution module by the management service; and completing the entrance-level security protection executed on the service request by a traditional defense means, and completing the result-level security protection by external voting. The entrance-level and result-level security protection can isolate most attack means, and active defense is realized.
Description
Technical Field
The invention relates to the technical field of network security, in particular to a mimicry defense system, a method and a medium for an information system. In particular to a mimicry defense general system for an information system developed by a non-script language.
Background
Software and hardware systems have a plurality of holes and preset backdoors, so that the software and hardware systems face a greater security threat. Attack behaviors such as Trojan horse and botnet, mobile internet malicious programs, security holes, webpage tampering and the like can cause core data of an information system to be stolen, tampered or damaged, and even cause the function of the system to be abnormal or terminated.
Nowadays, security defense aiming at an information system mostly belongs to static defense, such as traditional security protection means of intrusion detection, intrusion prevention, intrusion tolerance and the like. Static defense is based on protection of the information system, is independent of the information system, and cannot be combined with the system itself. Therefore, the defense effect is poor when the attack of the backdoor of unknown bugs and the diversified Advanced Persistent Threat (APT) are faced, and the existing static defense of the fixed mode cannot resist the complicated and diversified network attack and threat.
The existing active defense is based on the combined defense of a physical layer, a network layer and an application layer, the safety protection of the physical layer is realized by monitoring the physical environment, the safety protection of the network layer is realized by technologies such as host intrusion defense, intrusion defense strategies and application firewall, and the safety protection of the application layer is realized by technologies such as access control, middleware privacy protection and resource control. The active defense method has a strong and satisfactory linkage effect on a novel network attack mode, and cannot resist complex and variable system bugs and backdoors.
In view of the above-mentioned drawbacks of the prior art, the technical problems to be solved by the present invention are as follows:
1. the invention provides a universal active defense framework of an information system aiming at unknown backdoors and bugs existing in various software and hardware components and modules in B/S and C/S architecture information systems developed by Java and C/C + + languages.
2. The invention has active defense capability to the vulnerabilities of utilizing the CPU, the operating system and the web service and the attack behaviors of tampering the webpage, trojan horse, SQL injection and the like initiated by the backdoor.
3. The invention realizes the active security defense of the information system and the operation automation of the mimicry information system.
Patent document (application No. 201811136830.1) discloses a mimicry defense method, device and system, wherein the method comprises the following steps: under the condition of receiving a first access request, performing isomerization compilation on an application program accessed by the first access request by using at least two first heterogeneous elements to obtain at least two result application programs; any one heterogeneous element obtains a result application program; copying and distributing the access request to at least two preset application servers; the application server is used for running a corresponding result application program based on the access request; one result application corresponds to one application server; when receiving abnormal operation information sent by an application server, carrying out anti-attack processing; the abnormal operation information is used for indicating that a malicious attack script exists in the first access request. By the embodiment of the application, whether the access request comprises the abnormal attack script or not can be judged, and when the abnormal attack script is judged to exist, the anti-attack processing is carried out; thereby preventing the cloud server from being attacked.
The technical points are compared:
1. a module: the system of the invention is divided into 4 parts: request distribution, external voting, management service and mimicry execution module.
2. Object: the use object of the invention is the security defense facing the loophole and the backdoor of the information system.
3. Isomerization: the mimicry execution module realizes isomerism based on a basic layer, an application supporting layer and an application layer.
4. Management: the invention provides unified resource scheduling and management for the execution modules.
Patent document CN110287706A (application number: 201910565307.9) discloses a security risk detection system and method for a mimicry defense system, which includes: node mark and layering module, system risk value calculation module and whole security evaluation module, wherein: the node marking and layering module is connected with the system risk value calculation module and transmits marking and layered node set information, the system risk value calculation module is connected with the system risk value calculation module and transmits system risk value information in a single time window, and the overall safety evaluation module is connected with the outside and transmits final system safety detection result information.
Disclosure of Invention
In view of the defects in the prior art, the present invention aims to provide a mimicry defense system, method and medium for information system.
The mimicry defense system facing the information system provided by the invention comprises:
a request distribution module: receiving a request sent by an information system user, distributing the request to the mimicry execution module, and forwarding a response result of the voted mimicry execution module to the information system user;
a mimicry execution module: responding the request to obtain a response result;
an external voting module: carrying out consistency voting on the response result from the mimicry execution module;
the management service module: and managing and scheduling the mimicry execution module.
Preferably, the sending mode of the request comprises a client and a browser.
Preferably, the request distribution module includes: after receiving the request, the known threats in the request are washed and filtered in advance.
Preferably, the number of the mimicry execution modules is more than or equal to 3.
Preferably, the external voting module comprises: when the response results are consistent, returning a consistent response result; and when the response results are inconsistent or the mimicry execution module is abnormal, calling the management service module to reschedule the mimicry execution module.
Preferably, the management service module includes:
management of a mimicry application, comprising: creation, deployment and deletion;
management of the mimicry resources, including creation and rescheduling of the mimicry execution module;
mimicry security management, including situational awareness, diagnosis, cleaning and recovery of security threats;
and monitoring the mimicry execution module.
Preferably, the mimicry execution module is an actual execution environment of the information system and is monitored and managed by the management service module.
Preferably, the mimicry execution module performs isomerization according to actual requirements, including:
base layer: an operating system, a CPU, a cloud container;
applying a support layer: a Web container;
an application layer: and (3) isomerization of the source code of the application program.
The mimicry defense method for the information system comprises the following steps:
a request distribution step: receiving a request sent by an information system user, entering an execution step, and forwarding a response result after voting to the information system user;
the execution steps are as follows: responding the request to obtain a response result;
an external voting step: carrying out consistency voting on the response result;
and (3) managing service steps: managing and scheduling execution steps.
Compared with the prior art, the invention has the following beneficial effects:
1. the heterogeneous maximization of the mimicry execution module is realized by dynamically scheduling the mimicry execution module through the management service;
2. the isomerous isolation part among the mimicry execution modules aims at backdoor and vulnerability attacks of a specific system;
3. and completing the entrance-level security protection executed on the service request by a traditional defense means, and completing the result-level security protection by external voting. The entrance-level and result-level security protection can isolate most attack means, and active defense is realized.
Drawings
Other features, objects and advantages of the invention will become more apparent upon reading of the detailed description of non-limiting embodiments with reference to the following drawings:
FIG. 1 is a diagram of a generic system framework for mimicry defense.
Detailed Description
The present invention will be described in detail with reference to specific examples. The following examples will assist those skilled in the art in further understanding the invention, but are not intended to limit the invention in any way. It should be noted that it would be obvious to those skilled in the art that various changes and modifications can be made without departing from the spirit of the invention. All falling within the scope of the present invention.
As shown in fig. 1, the request distribution module receives a service request from a client and distributes the service request to the mimicry executive, the mimicry executive executes the service request to obtain a service request response, and the external voting module votes the service request response and returns a voting result to the client; and the service management module monitors and manages the mimicry executive body.
According to the mimicry defense method facing the information system, the basic environment of the isomerization mimicry executive body is constructed, and the isomerization of the running environment is realized on a CPU, an operating system and a web container.
The method comprises the steps of realizing a service distribution function by modifying a Nginx reverse Proxy service, realizing isomerization of service requests, forwarding of the service requests, calling of external voting services and returning external voting results to a client (or a browser) by modifying a Nginx main request-sub request mechanism and a Proxy reverse Proxy mechanism.
And the external voting service compares the data objects given by the n executors by adopting a consistency check algorithm based on a mimicry voting strategy, and considers that the request is legal when two thirds of the data objects are the same as the majority of the data objects.
The management service realizes the management of each server resource based on MySQL and Redis database technologies. SQL injection attack is carried out on 3 mimicry executives running web application, HTTP head parameters are utilized for attack, due to the self isomerism of the isomerism executives, the SQL injection attack only takes effect on 1 of the mimicry executives, after three-out-of-two consistency voting, SQL injection attack data are filtered, and the final service request response is not influenced.
The simulation defense general system is proved to be capable of defending attacks based on backdoor loopholes of a software and hardware system for the management of the simulation executive body and the distribution and voting of service requests, so that the correct service request response returned to a client (or a browser) is guaranteed, and the simulation security defense of an information system is realized.
Those skilled in the art will appreciate that, in addition to implementing the systems, apparatus, and various modules thereof provided by the present invention in purely computer readable program code, the same procedures can be implemented entirely by logically programming method steps such that the systems, apparatus, and various modules thereof are provided in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers and the like. Therefore, the system, the device and the modules thereof provided by the present invention can be considered as a hardware component, and the modules included in the system, the device and the modules thereof for implementing various programs can also be considered as structures in the hardware component; modules for performing various functions may also be considered to be both software programs for performing the methods and structures within hardware components.
The foregoing description of specific embodiments of the present invention has been presented. It is to be understood that the present invention is not limited to the specific embodiments described above, and that various changes or modifications may be made by one skilled in the art within the scope of the appended claims without departing from the spirit of the invention. The embodiments and features of the embodiments of the present application may be combined with each other arbitrarily without conflict.
Claims (10)
1. An information system-oriented mimicry defense system, comprising:
a request distribution module: receiving a request sent by an information system user, distributing the request to the mimicry execution module, and forwarding a response result of the voted mimicry execution module to the information system user;
a mimicry execution module: responding the request to obtain a response result;
an external voting module: carrying out consistency voting on the response result from the mimicry execution module;
the management service module: and managing and scheduling the mimicry execution module.
2. The information-system-oriented mimicry defense system of claim 1, wherein the request is sent in a manner comprising a client and a browser.
3. The information system-oriented mimicry defense system of claim 1, wherein the request distribution module comprises: after receiving the request, the known threats in the request are washed and filtered in advance.
4. The information system-oriented mimicry defense system according to claim 1, wherein the number of the mimicry execution modules is greater than or equal to 3.
5. The information system-oriented mimicry defense system of claim 1, wherein the external voting module comprises: when the response results are consistent, returning a consistent response result; and when the response results are inconsistent or the mimicry execution module is abnormal, calling the management service module to reschedule the mimicry execution module.
6. The information system-oriented mimicry defense system of claim 1, wherein the management service module comprises:
management of a mimicry application, comprising: creation, deployment and deletion;
management of the mimicry resources, including creation and rescheduling of the mimicry execution module;
mimicry security management, including situational awareness, diagnosis, cleaning and recovery of security threats;
and monitoring the mimicry execution module.
7. The information system-oriented mimicry defense system according to claim 1, wherein the mimicry execution module is an actual execution environment of the information system, and is monitored and managed by the management service module.
8. The information system-oriented mimicry defense system according to claim 1, wherein the mimicry execution module performs isomerization according to actual requirements, comprising:
base layer: an operating system, a CPU, a cloud container;
applying a support layer: a Web container;
an application layer: and (3) isomerization of the source code of the application program.
9. An information system-oriented mimicry defense method is characterized by comprising the following steps:
a request distribution step: receiving a request sent by an information system user, entering an execution step, and forwarding a response result after voting to the information system user;
the execution steps are as follows: responding the request to obtain a response result;
an external voting step: carrying out consistency voting on the response result;
and (3) managing service steps: managing and scheduling execution steps.
10. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the steps of the method as claimed in claim 9.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911089086.9A CN110912876A (en) | 2019-11-08 | 2019-11-08 | Mimicry defense system, method and medium for information system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911089086.9A CN110912876A (en) | 2019-11-08 | 2019-11-08 | Mimicry defense system, method and medium for information system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN110912876A true CN110912876A (en) | 2020-03-24 |
Family
ID=69817022
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201911089086.9A Pending CN110912876A (en) | 2019-11-08 | 2019-11-08 | Mimicry defense system, method and medium for information system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110912876A (en) |
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111478970A (en) * | 2020-04-13 | 2020-07-31 | 国网福建省电力有限公司 | Power grid Web application mimicry defense system |
CN111624869A (en) * | 2020-04-25 | 2020-09-04 | 中国人民解放军战略支援部队信息工程大学 | Method and system for automatically sensing attack behavior and Ethernet switch |
CN111641590A (en) * | 2020-04-30 | 2020-09-08 | 河南信大网御科技有限公司 | Mimicry terminal simulator, terminal device mimicry realization method and storage medium |
CN111783080A (en) * | 2020-07-09 | 2020-10-16 | 郑州昂视信息科技有限公司 | Active protection method and system for application program |
CN111884996A (en) * | 2020-06-12 | 2020-11-03 | 中国人民解放军战略支援部队信息工程大学 | Mimicry switch arbitration system and method based on credibility measurement |
CN111913834A (en) * | 2020-07-09 | 2020-11-10 | 上海红阵信息科技有限公司 | Mimicry integrated processing system and method for biological characteristic task |
CN112181433A (en) * | 2020-10-16 | 2021-01-05 | 华东计算技术研究所(中国电子科技集团公司第三十二研究所) | Method and system for compiling, running and managing mimic multimode mixed execution body |
CN112235269A (en) * | 2020-09-29 | 2021-01-15 | 中国人民解放军战略支援部队信息工程大学 | Mimicry bracket implementation device and method in distributed mode |
CN112367290A (en) * | 2020-09-11 | 2021-02-12 | 浙江大学 | Endogenous safe WAF construction method |
CN112491803A (en) * | 2020-11-03 | 2021-03-12 | 浙江大学 | Method for judging executive in mimicry WAF |
CN113285865A (en) * | 2021-04-25 | 2021-08-20 | 华东计算技术研究所(中国电子科技集团公司第三十二研究所) | Modular mimicry mailbox system |
CN113282661A (en) * | 2021-05-31 | 2021-08-20 | 河南信大网御科技有限公司 | Heterogeneous execution body trusted configuration synchronization method and system |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107346272A (en) * | 2017-06-01 | 2017-11-14 | 上海红阵信息科技有限公司 | The determination method and apparatus of dynamic heterogeneous redundant system |
CN107454082A (en) * | 2017-08-07 | 2017-12-08 | 中国人民解放军信息工程大学 | Secure cloud service construction method and device based on mimicry defence |
US20180075243A1 (en) * | 2016-09-13 | 2018-03-15 | The Mitre Corporation | System and method for modeling and analyzing the impact of cyber-security events on cyber-physical systems |
US10440048B1 (en) * | 2018-11-05 | 2019-10-08 | Peking University Shenzhen Graduate School | Anti-attacking modelling for CMD systems based on GSPN and Martingale theory |
-
2019
- 2019-11-08 CN CN201911089086.9A patent/CN110912876A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20180075243A1 (en) * | 2016-09-13 | 2018-03-15 | The Mitre Corporation | System and method for modeling and analyzing the impact of cyber-security events on cyber-physical systems |
CN107346272A (en) * | 2017-06-01 | 2017-11-14 | 上海红阵信息科技有限公司 | The determination method and apparatus of dynamic heterogeneous redundant system |
CN107454082A (en) * | 2017-08-07 | 2017-12-08 | 中国人民解放军信息工程大学 | Secure cloud service construction method and device based on mimicry defence |
US10440048B1 (en) * | 2018-11-05 | 2019-10-08 | Peking University Shenzhen Graduate School | Anti-attacking modelling for CMD systems based on GSPN and Martingale theory |
Non-Patent Citations (2)
Title |
---|
仝青: ""拟态防御Web服务器设计与实现"", 《万方》 * |
张铮: ""web服务器拟态防御原理验证系统测试与分析"", 《万方》 * |
Cited By (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111478970A (en) * | 2020-04-13 | 2020-07-31 | 国网福建省电力有限公司 | Power grid Web application mimicry defense system |
CN111624869A (en) * | 2020-04-25 | 2020-09-04 | 中国人民解放军战略支援部队信息工程大学 | Method and system for automatically sensing attack behavior and Ethernet switch |
CN111641590A (en) * | 2020-04-30 | 2020-09-08 | 河南信大网御科技有限公司 | Mimicry terminal simulator, terminal device mimicry realization method and storage medium |
CN111884996A (en) * | 2020-06-12 | 2020-11-03 | 中国人民解放军战略支援部队信息工程大学 | Mimicry switch arbitration system and method based on credibility measurement |
CN111783080A (en) * | 2020-07-09 | 2020-10-16 | 郑州昂视信息科技有限公司 | Active protection method and system for application program |
CN111913834A (en) * | 2020-07-09 | 2020-11-10 | 上海红阵信息科技有限公司 | Mimicry integrated processing system and method for biological characteristic task |
CN112367290A (en) * | 2020-09-11 | 2021-02-12 | 浙江大学 | Endogenous safe WAF construction method |
CN112235269B (en) * | 2020-09-29 | 2022-06-21 | 中国人民解放军战略支援部队信息工程大学 | Mimicry bracket implementation device and method in distributed mode |
CN112235269A (en) * | 2020-09-29 | 2021-01-15 | 中国人民解放军战略支援部队信息工程大学 | Mimicry bracket implementation device and method in distributed mode |
CN112181433A (en) * | 2020-10-16 | 2021-01-05 | 华东计算技术研究所(中国电子科技集团公司第三十二研究所) | Method and system for compiling, running and managing mimic multimode mixed execution body |
CN112181433B (en) * | 2020-10-16 | 2023-09-26 | 华东计算技术研究所(中国电子科技集团公司第三十二研究所) | Compiling, running and managing method and system of mimicry multimode mixed execution body |
CN112491803A (en) * | 2020-11-03 | 2021-03-12 | 浙江大学 | Method for judging executive in mimicry WAF |
CN113285865A (en) * | 2021-04-25 | 2021-08-20 | 华东计算技术研究所(中国电子科技集团公司第三十二研究所) | Modular mimicry mailbox system |
CN113285865B (en) * | 2021-04-25 | 2022-03-18 | 华东计算技术研究所(中国电子科技集团公司第三十二研究所) | Modular mimicry mailbox system |
CN113282661A (en) * | 2021-05-31 | 2021-08-20 | 河南信大网御科技有限公司 | Heterogeneous execution body trusted configuration synchronization method and system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110912876A (en) | Mimicry defense system, method and medium for information system | |
US11245702B2 (en) | Security vulnerability assessment for users of a cloud computing environment | |
US20200120112A1 (en) | Techniques for detecting known vulnerabilities in serverless functions as a service (faas) platform | |
US10382491B2 (en) | Continuous security delivery fabric | |
Yuan et al. | A systematic survey of self-protecting software systems | |
EP3511824A1 (en) | Method and system of providing artifacts in a cloud computing environment | |
US10565378B1 (en) | Exploit of privilege detection framework | |
US10148693B2 (en) | Exploit detection system | |
US8776180B2 (en) | Systems and methods for using reputation scores in network services and transactions to calculate security risks to computer systems and platforms | |
US8756594B2 (en) | Reactive anti-tampering system for protected services in an enterprise computing system | |
US11750642B1 (en) | Automated threat modeling using machine-readable threat models | |
Armando et al. | Securing the" bring your own device" paradigm | |
US20130246685A1 (en) | System and method for passive threat detection using virtual memory inspection | |
US11997124B2 (en) | Out-of-band management security analysis and monitoring | |
US20210026969A1 (en) | Detection and prevention of malicious script attacks using behavioral analysis of run-time script execution events | |
US11706251B2 (en) | Simulating user interactions for malware analysis | |
US11750634B1 (en) | Threat detection model development for network-based systems | |
WO2021121382A1 (en) | Security management of an autonomous vehicle | |
Wong et al. | Threat modeling and security analysis of containers: A survey | |
US20230275916A1 (en) | Detecting malicious activity on an endpoint based on real-time system events | |
Abdullah et al. | File integrity monitor scheduling based on file security level classification | |
US12095807B1 (en) | System and method for generating cybersecurity remediation in computing environments | |
US20240259396A1 (en) | Monitoring and remediation of security drift events in a public cloud network | |
US20240250997A1 (en) | Enforcing security policies and attestation on edge infrastructure | |
Wu et al. | Examples of mimic defense application |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200324 |
|
RJ01 | Rejection of invention patent application after publication |