CN112769851A - Mimicry defense system based on Internet of vehicles - Google Patents
Mimicry defense system based on Internet of vehicles Download PDFInfo
- Publication number
- CN112769851A CN112769851A CN202110070404.8A CN202110070404A CN112769851A CN 112769851 A CN112769851 A CN 112769851A CN 202110070404 A CN202110070404 A CN 202110070404A CN 112769851 A CN112769851 A CN 112769851A
- Authority
- CN
- China
- Prior art keywords
- attack
- vehicle
- monitoring
- data
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000007123 defense Effects 0.000 title claims abstract description 24
- 230000006399 behavior Effects 0.000 claims abstract description 33
- 238000012544 monitoring process Methods 0.000 claims description 49
- 238000000034 method Methods 0.000 claims description 27
- 230000008569 process Effects 0.000 claims description 24
- 238000002347 injection Methods 0.000 claims description 23
- 239000007924 injection Substances 0.000 claims description 23
- 230000002159 abnormal effect Effects 0.000 claims description 15
- 230000000903 blocking effect Effects 0.000 claims description 12
- 230000006855 networking Effects 0.000 claims description 9
- 235000014510 cooky Nutrition 0.000 claims description 6
- 238000000605 extraction Methods 0.000 claims description 5
- 238000013499 data model Methods 0.000 claims description 4
- 238000009434 installation Methods 0.000 claims description 4
- 238000013475 authorization Methods 0.000 claims description 3
- 238000005516 engineering process Methods 0.000 description 5
- 239000003795 chemical substances by application Substances 0.000 description 2
- 238000003860 storage Methods 0.000 description 2
- 230000026676 system process Effects 0.000 description 2
- 238000013473 artificial intelligence Methods 0.000 description 1
- 230000015556 catabolic process Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000005520 cutting process Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000008260 defense mechanism Effects 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000009826 distribution Methods 0.000 description 1
- 238000011156 evaluation Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000002513 implantation Methods 0.000 description 1
- 238000005457 optimization Methods 0.000 description 1
- 238000007781 pre-processing Methods 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 239000000243 solution Substances 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0263—Rule management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
Abstract
The invention discloses a mimicry defense system based on the Internet of vehicles, which comprises a data acquisition end, a distributor, a vehicle-mounted end safety rule generator, a server end safety rule generator and a summary analyzer. The system disclosed by the invention is based on a mimicry defense architecture, and is used for carrying out unified summary voting on threat attack behaviors of the vehicle-mounted end and the server end to form consistency output, so that the attack behaviors are trapped in consistency confusion, the vehicle-mounted end and the vehicle-mounted server end are effectively protected, and the overall safety of the Internet of vehicles is improved.
Description
Technical Field
The invention relates to the technical field of Internet of vehicles, in particular to a mimicry defense system based on the Internet of vehicles.
Background
With the popularization and evolution of the mobile internet, technologies such as big data, artificial intelligence, sensors and the like are applied to the traffic field on a large scale, and the intelligent internet automobile becomes the mainstream trend and direction of future development of the automobile industry. The Internet of vehicles, as a part of the Internet, also faces various complex information security threats, and the situation threatens the security of lives and properties of people all the time. Therefore, the application and research of the car networking defense system are essential to people. Most of the traditional defense systems use static architectures, which cannot effectively resist the continuous detection and attack of attackers, and a new security defense mechanism needs to be explored.
Disclosure of Invention
In order to solve the problems, the invention provides a mimicry defense system based on the Internet of vehicles.
The invention adopts the following technical scheme:
a mimicry defense system based on the Internet of vehicles comprises a data acquisition end, a distributor, a vehicle-mounted end safety rule generator, a server end safety rule generator and a summary analyzer;
the data acquisition end is used for acquiring data information of the vehicle networking system and reporting the data information to the summarizing distributor in real time;
the distributor is used for distinguishing the data reported by the data acquisition end and respectively sending the data to the vehicle-mounted end safety rule generator and the server safety end rule generator for rule matching;
the vehicle-mounted end safety rule generator is used for generating a vehicle-mounted end safety monitoring rule, identifying a suspected threat file, a suspected threat operation behavior, an abnormal system performance index and an unknown threat, and summarizing results to the summarizing analyzer;
the server-side safety rule generator is used for generating a server-side safety monitoring rule, identifying threat attack behaviors from Web and summarizing results to the summarizing analyzer;
the summary analyzer is used for collecting and adjudging the threat behaviors in a unified mode, meanwhile, active defense behaviors are adopted according to precautionary measures, and a mode for dealing with the threat behaviors is generated randomly.
Further, the data information of the car networking system comprises abnormal collapse, SQL injection attack, Cookie injection attack, debugging attack, command injection attack, terminal information acquisition, cross-site scripting attack, information leakage, network flow monitoring, crawler resistance, agent monitoring, IP black and white list, Hook attack, coding mode identification bypassed by a Web application firewall, malicious program detection, performance monitoring and self-defined blocking attack.
Furthermore, the data acquisition end comprises a system security threat data acquisition unit, a system abnormal performance index acquisition unit and an equipment fingerprint identification acquisition unit.
Further, the system security threat data acquisition unit is used for monitoring external port attack, local extraction, system library tampering, flow, process injection, process debugging, local cache file tampering, malicious program scanning, man-in-the-middle attack and equipment information tampering.
Furthermore, the system abnormal performance index acquisition unit is used for acquiring process resource information, hardware load information and system load information.
Further, the device fingerprint identification collecting unit is used for collecting hardware information for identifying the unique fingerprint of the device.
Further, the vehicle-mounted terminal safety monitoring rule comprises: the method comprises the following steps of process injection monitoring, process debugging monitoring, installation directory cache file tampering, malicious program scanning, port scanning, local authorization monitoring, system library tampering and crash information acquisition.
Further, the server-side security monitoring rule includes: SQL injection, Cookie attack, command injection, cross-site scripting attack, crawler resistance, information leakage, IP/URL black and white list, CC (chat-lenticollapsar) attack, upload vulnerability, webscan attack and custom blocking attack.
The cloud wind control early warning center receives the data of the summary analyzer, carries out risk behavior modeling according to the data, forms a data model, and executes early warning and blocking strategies according to safety requirements.
After adopting the technical scheme, compared with the background technology, the invention has the following advantages:
the system disclosed by the invention is based on a mimicry defense architecture, integrates the aspects of vehicle-mounted end safety monitoring, vehicle-mounted server safety monitoring, defense and the like, uniformly distributes the threat attack behaviors of the vehicle-mounted end and the server end, guides the suspected threat behavior data of the vehicle-mounted end and the vehicle-mounted server end through a summary analyzer, ensures that the attack behaviors are trapped in a multi-beam safety container, ensures that the attack behaviors cannot find real attack targets, namely uniformly gathers and votes to form consistency output, ensures that the attack behaviors are trapped in consistency confusion, effectively forms protection on the vehicle-mounted end and the vehicle-mounted server end, and improves the overall safety of the vehicle networking.
Drawings
FIG. 1 is a schematic diagram of the system of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Examples
A mimicry defense system based on the Internet of vehicles is shown in figure 1 and comprises a data acquisition end, a distributor, a vehicle-mounted end safety rule generator, a server end safety rule generator and a summary analyzer;
the data acquisition end is used for acquiring data information of the vehicle networking system and reporting the data information to the summarizing distributor in real time;
the distributor is used for distinguishing the data reported by the data acquisition end and respectively sending the data to the vehicle-mounted end safety rule generator and the server safety end rule generator for rule matching;
the vehicle-mounted end safety rule generator is used for generating a vehicle-mounted end safety monitoring rule, identifying a suspected threat file, a suspected threat operation behavior, an abnormal system performance index and an unknown threat, and summarizing results to the summarizing analyzer;
the server-side safety rule generator is used for generating a server-side safety monitoring rule, identifying threat attack behaviors from Web and summarizing results to the summarizing analyzer;
the summary analyzer is used for collecting and adjudging the threat behaviors in a unified mode, meanwhile, active defense behaviors are adopted according to precautionary measures, and a mode for dealing with the threat behaviors is generated randomly.
The data information of the car networking system comprises abnormal collapse, SQL injection attack, Cookie injection attack, debugging attack, command injection attack, terminal information acquisition, cross-site scripting attack, information leakage, network flow monitoring, anti-crawler, proxy monitoring, IP black and white list, Hook attack, encoding mode identification bypassed by a Web application firewall, malicious program detection, performance monitoring and self-defined blocking attack.
The data acquisition end comprises a system security threat data acquisition unit, a system abnormal performance index acquisition unit and an equipment fingerprint identification acquisition unit. The three units are integrated by adopting a mode of SDK access and automatic combination of binary files, the problem that the information security field of the Internet of vehicles threatens data sources is solved, and a uniform standard interface is formed.
The system security threat data acquisition unit is used for monitoring external port attack, local extraction, system library tampering, flow, process injection, process debugging, local cache file tampering, malicious program scanning, man-in-the-middle attack and equipment information tampering.
The external attack of the monitoring port mainly monitors the security abnormal data of each pair of external interfaces of the vehicle-mounted end and the security open condition of the common port, and carries out security optimization according to the configuration strategy of the server end.
The monitoring local extraction mainly monitors the unauthorized behavior of the vehicle-mounted end program in real time, guarantees the software safety environment of the vehicle-mounted end, and controls the behavior of the local program according to the configuration strategy of the server end.
The tampering of the monitoring system library is to verify and monitor the memory hash of the vehicle-mounted end system library, so that the system library is prevented from being attacked by Hook, and the safety of the system library at the vehicle-mounted end is guaranteed.
The flow monitoring is to monitor the data flow of the vehicle-mounted end according to the flow safety configuration of the server end, and perform early warning and blocking after abnormal flow is found to be out of limit.
The monitoring process injection is to monitor the injection behavior of the program process of the vehicle-mounted end according to the safety configuration strategy of the vehicle-mounted server end, find the injected process in time and improve the safety level of the vehicle-mounted end.
The monitoring process debugging is to perform debugging prevention monitoring on the process of the vehicle-mounted end program according to the safety configuration strategy of the vehicle-mounted server end, so that the data safety of the vehicle-mounted end process is guaranteed.
The technology for monitoring the local cache file tampering is to perform safety monitoring on an installation directory of a vehicle-mounted IVI (android) program, discover the sign that the cache file of the program installation directory is modified by other users in time according to a safety strategy of a vehicle-mounted server, and perform early warning and blocking in time.
The malicious program scanning is to monitor the implantation of the malicious program of the vehicle-mounted end according to the identification characteristics provided by the malicious program library of the vehicle-mounted server, find and early warn in time and ensure the safety of the privacy data of the vehicle-mounted end user.
The man-in-the-middle attack monitoring method is used for monitoring the safety set by the vehicle-mounted end network agent and the authorized access of the three-party certificate, timely acting the certificate, timely cutting off the way of man-in-the-middle attack and guaranteeing the safety of the network communication pipeline on the side of the vehicle-mounted end.
The monitoring equipment information tampering is that the relevant hardware and system information of the vehicle-mounted end is converted according to the equipment fingerprint record information of the vehicle-mounted server end, and the vehicle-mounted end identification code is prevented from being tampered.
The system abnormal performance index acquisition unit is used for acquiring process resource information, hardware load information and system load information.
The acquisition process resource information is used for monitoring and acquiring resource occupation of a core application program process according to the running state of the vehicle-mounted end, and comprises file descriptor occupation, network resource occupation, storage space occupation, content dynamic distribution condition and function call stack abnormal information, so that data support is provided for the process behavior safety of the vehicle-mounted end.
The hardware load information collection is to collect and monitor the information and load condition of each hardware when the vehicle-mounted end runs according to the hardware load configuration of the vehicle-mounted server, and the information and load condition comprise IMEI, MAC, BT-MAC, USB interface serial number, equipment model, CPU instruction set, CPU occupancy rate, memory occupancy rate, storage occupancy rate, network flow total utilization rate and other information, thereby providing practical and effective data support for the vehicle-mounted end identification and the safety environment.
The method comprises the steps of collecting and monitoring system load information of a vehicle-mounted end, wherein the system load information comprises system process memory occupancy rate, application process memory occupancy rate, file descriptor use condition, file operation behavior collection and system process and application process breakdown information collection, data basis is provided for safety evaluation of the vehicle-mounted end system, and corresponding early warning and threat blocking strategies are formulated at the same time.
The equipment fingerprint identification acquisition unit is used for acquiring hardware information for identifying the unique fingerprint of the equipment, acquiring the unique identification code of the equipment and providing a feasible landing technology for the uniqueness marking theory of the equipment.
The vehicle-mounted terminal safety monitoring rule comprises the following steps: the method comprises the following steps of process injection monitoring, process debugging monitoring, installation directory cache file tampering, malicious program scanning, port scanning, local authorization monitoring, system library tampering and crash information acquisition.
The server side safety monitoring rule comprises the following steps: SQL injection, Cookie attack, command injection, cross-site scripting attack, crawler resistance, information leakage, IP/URL black and white list, CC (chat-lenticollapsar) attack, upload vulnerability, webscan attack and custom blocking attack.
The cloud wind control early warning center receives the data of the summary analyzer, carries out risk behavior modeling according to the data to form a data model, and executes early warning and blocking strategies according to safety requirements.
Through big data storage, after a plurality of suspected threat data are subjected to data preprocessing, data characteristic analysis, data characteristic extraction, suspected threat behavior path analysis, relevant information operation record, existing safety rule matching and other operations, a relevant mathematical formula is combined to form an input and output safety analysis data model.
According to the embodiment, unknown risks or uncertain threats caused by unknown vulnerabilities and backdoors in mimicry boundaries are dealt with through an innovative system architecture technology, and unknown security risks and uncertain threats in network spaces are dealt with by analyzing and matching rule characteristics through rule big data, so that consistency vulnerabilities and consistency output are achieved. The threat attack behaviors of the vehicle-mounted end and the server end are uniformly distributed, and are uniformly collected and voted through the collection analyzer to form consistency output, so that the attack behaviors are trapped in consistency confusion, and protection is effectively formed on the vehicle-mounted end and the vehicle-mounted server end.
The above description is only for the preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present invention are included in the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (9)
1. The utility model provides a mimicry defense system based on car networking which characterized in that: the system comprises a data acquisition end, a distributor, a vehicle-mounted end safety rule generator, a server end safety rule generator and a summary analyzer;
the data acquisition end is used for acquiring data information of the vehicle networking system and reporting the data information to the summarizing distributor in real time;
the distributor is used for distinguishing the data reported by the data acquisition end and respectively sending the data to the vehicle-mounted end safety rule generator and the server safety end rule generator for rule matching;
the vehicle-mounted end safety rule generator is used for generating a vehicle-mounted end safety monitoring rule, identifying a suspected threat file, a suspected threat operation behavior, an abnormal system performance index and an unknown threat, and summarizing results to the summarizing analyzer;
the server-side safety rule generator is used for generating a server-side safety monitoring rule, identifying threat attack behaviors from Web and summarizing results to the summarizing analyzer;
the summary analyzer is used for collecting and adjudging the threat behaviors in a unified mode, meanwhile, active defense behaviors are adopted according to precautionary measures, and a mode for dealing with the threat behaviors is generated randomly.
2. The mimicry defense system based on the internet of vehicles as claimed in claim 1, wherein: the data information of the car networking system comprises abnormal collapse, SQL injection attack, Cookie injection attack, debugging attack, command injection attack, terminal information acquisition, cross-site scripting attack, information leakage, network flow monitoring, anti-crawler, proxy monitoring, IP black and white list, Hook attack, encoding mode identification bypassed by a Web application firewall, malicious program detection, performance monitoring and self-defined blocking attack.
3. The mimicry defense system based on the internet of vehicles as claimed in claim 2, wherein: the data acquisition end comprises a system security threat data acquisition unit, a system abnormal performance index acquisition unit and an equipment fingerprint identification acquisition unit.
4. The mimicry defense system based on the internet of vehicles as claimed in claim 3, wherein: the system security threat data acquisition unit is used for monitoring external port attack, local extraction, system library tampering, flow, process injection, process debugging, local cache file tampering, malicious program scanning, man-in-the-middle attack and equipment information tampering.
5. The mimicry defense system based on the internet of vehicles as claimed in claim 4, wherein: the system abnormal performance index acquisition unit is used for acquiring process resource information, hardware load information and system load information.
6. The mimicry defense system based on the internet of vehicles as claimed in claim 5, wherein: the device fingerprint identification and acquisition unit is used for acquiring hardware information for identifying the unique fingerprint of the device.
7. The mimicry defense system based on the internet of vehicles as claimed in claim 6, wherein: the vehicle-mounted terminal safety monitoring rule comprises the following steps: the method comprises the following steps of process injection monitoring, process debugging monitoring, installation directory cache file tampering, malicious program scanning, port scanning, local authorization monitoring, system library tampering and crash information acquisition.
8. The mimicry defense system based on the internet of vehicles as claimed in claim 7, wherein: the server side safety monitoring rule comprises the following steps: SQL injection, Cookie attack, command injection, cross-site scripting attack, crawler resistance, information leakage, IP/URL black and white list, CC (chat-lenticollapsar) attack, upload vulnerability, webscan attack and custom blocking attack.
9. The mimicry defense system based on the internet of vehicles as claimed in claim 8, wherein: the cloud wind control early warning center receives the data of the summary analyzer, carries out risk behavior modeling according to the data to form a data model, and executes early warning and blocking strategies according to safety requirements.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110070404.8A CN112769851A (en) | 2021-01-19 | 2021-01-19 | Mimicry defense system based on Internet of vehicles |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110070404.8A CN112769851A (en) | 2021-01-19 | 2021-01-19 | Mimicry defense system based on Internet of vehicles |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112769851A true CN112769851A (en) | 2021-05-07 |
Family
ID=75703231
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110070404.8A Pending CN112769851A (en) | 2021-01-19 | 2021-01-19 | Mimicry defense system based on Internet of vehicles |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112769851A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114124520A (en) * | 2021-11-22 | 2022-03-01 | 浙江大学 | Multi-mode-based mimic WAF execution body implementation method |
| CN114531269A (en) * | 2021-12-31 | 2022-05-24 | 网络通信与安全紫金山实验室 | Tbox judging method and device |
| CN115102706A (en) * | 2022-04-27 | 2022-09-23 | 麦格纳斯太尔汽车技术(上海)有限公司 | HOST-IDS safety detection system and method for vehicle ECU |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107291538A (en) * | 2017-06-14 | 2017-10-24 | 中国人民解放军信息工程大学 | The mimicry cloud construction method of oriented mission and the method for scheduling task based on mimicry cloud, device, system |
| CN108768989A (en) * | 2018-05-18 | 2018-11-06 | 刘勇 | It is a kind of using the APT attack defense methods of mimicry technology, system |
| CN109467214A (en) * | 2018-11-20 | 2019-03-15 | 大连德联科技有限公司 | A kind of vehicle-mounted renewable resource mimicry reduction apparatus |
| CN110581852A (en) * | 2019-09-11 | 2019-12-17 | 河南信大网御科技有限公司 | Efficient mimicry defense system and method |
| US20200216027A1 (en) * | 2019-01-04 | 2020-07-09 | Byton North America Corporation | Detecting vehicle intrusion using command pattern models |
| CN111515970A (en) * | 2020-04-27 | 2020-08-11 | 腾讯科技(深圳)有限公司 | Interaction method, mimicry robot and related device |
| CN111901348A (en) * | 2020-07-29 | 2020-11-06 | 北京宏达隆和科技有限公司 | Method and system for active network threat awareness and mimicry defense |
-
2021
- 2021-01-19 CN CN202110070404.8A patent/CN112769851A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107291538A (en) * | 2017-06-14 | 2017-10-24 | 中国人民解放军信息工程大学 | The mimicry cloud construction method of oriented mission and the method for scheduling task based on mimicry cloud, device, system |
| CN108768989A (en) * | 2018-05-18 | 2018-11-06 | 刘勇 | It is a kind of using the APT attack defense methods of mimicry technology, system |
| CN109467214A (en) * | 2018-11-20 | 2019-03-15 | 大连德联科技有限公司 | A kind of vehicle-mounted renewable resource mimicry reduction apparatus |
| US20200216027A1 (en) * | 2019-01-04 | 2020-07-09 | Byton North America Corporation | Detecting vehicle intrusion using command pattern models |
| CN110581852A (en) * | 2019-09-11 | 2019-12-17 | 河南信大网御科技有限公司 | Efficient mimicry defense system and method |
| CN111515970A (en) * | 2020-04-27 | 2020-08-11 | 腾讯科技(深圳)有限公司 | Interaction method, mimicry robot and related device |
| CN111901348A (en) * | 2020-07-29 | 2020-11-06 | 北京宏达隆和科技有限公司 | Method and system for active network threat awareness and mimicry defense |
Non-Patent Citations (1)
| Title |
|---|
| 何意等: ""车联网拟态防御系统研究"", 《 信息安全研究》 * |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114124520A (en) * | 2021-11-22 | 2022-03-01 | 浙江大学 | Multi-mode-based mimic WAF execution body implementation method |
| CN114531269A (en) * | 2021-12-31 | 2022-05-24 | 网络通信与安全紫金山实验室 | Tbox judging method and device |
| CN114531269B (en) * | 2021-12-31 | 2023-11-14 | 网络通信与安全紫金山实验室 | Tbox judging method and device |
| CN115102706A (en) * | 2022-04-27 | 2022-09-23 | 麦格纳斯太尔汽车技术(上海)有限公司 | HOST-IDS safety detection system and method for vehicle ECU |
| CN115102706B (en) * | 2022-04-27 | 2023-10-20 | 麦格纳斯太尔汽车技术(上海)有限公司 | HOST-IDS safety detection system and method of vehicle ECU |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112769851A (en) | Mimicry defense system based on Internet of vehicles | |
| CN108931968B (en) | Network security protection system applied to industrial control system and protection method thereof | |
| CN112073389B (en) | Cloud host security situation awareness system, method, device and storage medium | |
| CN113660224B (en) | Situation awareness defense method, device and system based on network vulnerability scanning | |
| KR20070081362A (en) | Apparatus and method for using information of malicious application's behavior across devices | |
| CN114024704A (en) | Certificate distribution method in zero trust architecture | |
| KR102433928B1 (en) | System for Managing Cyber Security of Autonomous Ship | |
| CN113132318A (en) | Active defense method and system for information safety of power distribution automation system master station | |
| CN114666088A (en) | Method, device, equipment and medium for detecting industrial network data behavior information | |
| CN113411297A (en) | Situation awareness defense method and system based on attribute access control | |
| CN113411295A (en) | Role-based access control situation awareness defense method and system | |
| CN112600839A (en) | Method and device for constructing security threat association view based on Internet of vehicles platform | |
| CN115314286A (en) | Safety guarantee system | |
| Gnatyuk et al. | Studies on Cloud-based Cyber Incidents Detection and Identification in Critical Infrastructure. | |
| CN113660222A (en) | Situation awareness defense method and system based on mandatory access control | |
| Jia et al. | A framework for privacy information protection on Android | |
| CN112600828A (en) | Attack detection and protection method and device for power control system based on data message | |
| Kim et al. | A system for detection of abnormal behavior in BYOD based on web usage patterns | |
| CN110378120A (en) | Application programming interfaces attack detection method, device and readable storage medium storing program for executing | |
| KR20130033161A (en) | Intrusion detection system for cloud computing service | |
| CN113422776A (en) | Active defense method and system for information network security | |
| Pryshchepa et al. | Modern IT problems and ways to solve them | |
| CN116915500B (en) | Security detection method and system for access equipment | |
| CN109413114B (en) | Network intrusion prevention system | |
| CN113591112A (en) | Operation method and device of property management system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210507 |
|
| RJ01 | Rejection of invention patent application after publication |