CN115085971A - Pseudo-shutdown-restart service detection processing method - Google Patents
Pseudo-shutdown-restart service detection processing method Download PDFInfo
- Publication number
- CN115085971A CN115085971A CN202210468584.XA CN202210468584A CN115085971A CN 115085971 A CN115085971 A CN 115085971A CN 202210468584 A CN202210468584 A CN 202210468584A CN 115085971 A CN115085971 A CN 115085971A
- Authority
- CN
- China
- Prior art keywords
- restart
- instruction
- arbitrator
- time
- receives
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 90
- 238000003672 processing method Methods 0.000 title claims abstract description 10
- 238000000034 method Methods 0.000 claims abstract description 43
- 238000012790 confirmation Methods 0.000 claims abstract description 40
- 230000002159 abnormal effect Effects 0.000 claims description 14
- 230000000903 blocking effect Effects 0.000 claims description 3
- 238000004140 cleaning Methods 0.000 description 2
- 238000006467 substitution reaction Methods 0.000 description 2
- 230000007123 defense Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Debugging And Monitoring (AREA)
- Retry When Errors Occur (AREA)
Abstract
The invention provides a pseudo-shutdown-restart service detection processing method, which comprises the following steps: sending the restart instruction to the arbitrator when detecting that the executive body receives the restart instruction at any time; the arbitrator takes the 2t time length as a waiting detection process, each waiting detection process starts when the arbitrator receives a first restart instruction and reaches the 2t time, and then the arbitrator enters the next waiting detection process; in each time range waiting for the detection process, if the arbitrator only receives a restart instruction sent by one execution body, the arbitrator replies a restart confirmation instruction to the execution body; the executive body restarts the executive body system according to the received restart confirmation instruction; within the time range of each waiting detection process, if the resolver receives restart instructions sent by a plurality of execution bodies, the resolver replies a restart confirmation instruction to the execution body of the first restart instruction first, and then replies a restart confirmation instruction to the execution body of the restart instruction in the corresponding sequence after delaying t time each time according to the sequence of the received restart instruction.
Description
Technical Field
The invention relates to the field of mimicry defense, in particular to a mimicry shutdown-restart service detection processing method.
Background
The mimicry system generally provides services to the outside through a plurality of heterogeneous executives, and then detects whether the executives are threatened by the outside by means of a arbitration mechanism. However, when the heterogeneous executive body has a "halt-restart" event, the heterogeneous executive body often cannot send a arbitration message to the arbitrator through the application program, and the arbitrator cannot detect whether the system receives an abnormal threat. When all the heterogeneous executors in the mimicry system are in a 'halt-restart' state, the mimicry system can generate a condition that the external service cannot be provided. Therefore, how to detect the occurrence of the 'halt-restart' event of the mimicry system and quickly eliminate the collective downtime event of the heterogeneous executors has important significance for improving the stability of the mimicry system in the extreme state.
Disclosure of Invention
In order to solve the above problem, it is necessary to provide a pseudo-stop-and-restart service detection processing method.
The invention provides a pseudo-shutdown-restart service detection processing method in a first aspect, which is characterized by comprising the following steps:
when detecting that the executive body receives a restart instruction at any time, sending the restart instruction to the resolver;
the arbitrator takes a 2t time length as a waiting detection process, and each waiting detection process starts when the arbitrator receives a first restart instruction; when the time of 2t is up, the arbitrator finishes the flows to be detected; wherein t is the time required for executing the restart of the system;
within the time range of each waiting detection process, if the arbitrator only receives a restart instruction sent by one executive body, the arbitrator replies a restart confirmation instruction to the executive body after finishing the waiting detection processes; the executive body restarts the executive body system according to the received restart confirmation instruction;
within the time range of each waiting detection process, if the resolver receives restart instructions sent by a plurality of execution bodies, the resolver replies a restart confirmation instruction to the execution body of the first restart instruction first, and then replies a restart confirmation instruction to the execution body of the restart instruction in the corresponding sequence after delaying t time each time according to the sequence of the received restart instruction.
The invention provides a mimicry system with halt-restart service detection processing, which comprises an input agent, execution bodies, a resolver, a scheduler, a restart instruction detection authenticator and a restart instruction executor, wherein the restart instruction detection authenticator and the restart instruction executor are arranged on each execution body;
the restarting instruction detection authenticator is used for detecting whether the executive body receives a restarting instruction or not and sending the restarting instruction to be detected to the resolver;
the arbitrator takes a 2t time length as a waiting detection process, and each waiting detection process starts when the arbitrator receives a first restart instruction; when the time of 2t is up, the arbitrator finishes the flows to be detected; wherein t is the time required for executing the restart of the system;
within the time range of each waiting detection process, if the arbitrator only receives the restart instruction sent by the restart instruction detection authenticator of a certain executive body, the arbitrator replies a restart confirmation instruction to the restart instruction detection authenticator of the executive body after finishing the processes to be detected;
within the time range of each waiting detection process, if the resolver receives restart instructions sent by restart instruction detection authenticators of a plurality of executors, a restart confirmation instruction is replied to the restart instruction detection authenticator of the executor of the first restart instruction, and then a restart confirmation instruction is replied to the restart instruction detection authenticator of the executor of the restart instruction of the corresponding sequence after delaying t time each time according to the sequence of the received restart instruction;
and the restart instruction detection authenticator sends a restart instruction to the restart instruction executor after receiving the restart confirmation instruction to restart the execution system.
The invention introduces the restarting instruction detection authenticator into the executive body, the restarting instruction is sent to the arbitrator, and the arbitrator returns the restarting confirmation instruction to control the restarting sequence of the executive body, thereby achieving the purpose of verifying the legality of the restarting instruction and avoiding the occurrence of the group downtime event of the executive body; meanwhile, a restart event detector is hung on an executive body to detect a restart event caused by application program bugs or a system memory command executive body, and a flow recorder and a flow interceptor which are input into a proxy are used for intercepting restart attacks aiming at the application program, so that the problems that the executive body is down completely and service cannot be recovered are solved to a certain extent.
Additional aspects and advantages of the invention will be set forth in part in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention.
Drawings
The above and/or additional aspects and advantages of the present invention will become apparent and readily appreciated from the following description of the embodiments, taken in conjunction with the accompanying drawings of which:
fig. 1 shows a block diagram of the system architecture of the present invention.
Detailed Description
In order that the above objects, features and advantages of the present invention can be more clearly understood, a more particular description of the invention will be rendered by reference to the appended drawings. It should be noted that the embodiments and features of the embodiments of the present application may be combined with each other without conflict.
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present invention, however, the present invention may be practiced in other ways than those specifically described herein, and therefore the scope of the present invention is not limited by the specific embodiments disclosed below.
Example 1
As shown in fig. 1, the present invention provides a pseudo-shutdown-restart service detection processing method, which includes the following steps:
when detecting that the executive body receives a restart instruction at any time, sending the restart instruction to the resolver;
the arbitrator takes a 2t time length as a waiting detection process, and each waiting detection process starts when the arbitrator receives a first restart instruction; when the time of 2t is up, the arbitrator finishes the flows to be detected; wherein t is the time required for executing the restart of the system;
within the time range of each waiting detection process, if the arbitrator only receives a restart instruction sent by one executive body, the arbitrator replies a restart confirmation instruction to the executive body after finishing the waiting detection processes; the executive body restarts the executive body system according to the received restart confirmation instruction;
within the time range of each waiting detection process, if the arbitrator receives the restart instructions sent by a plurality of execution bodies, a restart confirmation instruction is replied to the execution body of the first restart instruction, and then a restart confirmation instruction is replied to the execution body of the restart instruction in the corresponding sequence after delaying t time each time according to the sequence of the received restart instruction.
In other application instances, it is also detected whether an execution system reboot event occurs and the arbitrator is notified; after the arbitrator receives the restart detection signal, if the execution body system restart event is judged to occur within the time t of the restart confirmation instruction reply, the signal is not processed; otherwise, reporting the abnormal downtime event of the scheduler.
In other application examples, after the scheduler receives the abnormal downtime event, the scheduler notifies the input agent to carry out traffic interception, and then schedules a new execution body to be online.
Example 2
As shown in fig. 1, the present embodiment provides a mimicry system with a shutdown-restart service detection process, which includes an input agent, an execution body, a resolver, a scheduler, a restart instruction detection authenticator and a restart instruction executor, where the restart instruction detection authenticator and the restart instruction executor are disposed on each execution body;
the restarting instruction detection authenticator is used for detecting whether the executive body receives a restarting instruction or not and sending the restarting instruction to be detected to the resolver;
the arbitrator takes a 2t time length as a waiting detection process, and each waiting detection process starts when the arbitrator receives a first restart instruction; when the time of 2t is up, the arbitrator finishes the flows to be detected; wherein t is the time required for executing the restart of the system;
within the time range of each waiting detection process, if the arbitrator only receives the restart instruction sent by the restart instruction detection authenticator of a certain executive body, the arbitrator replies a restart confirmation instruction to the restart instruction detection authenticator of the executive body after finishing the processes to be detected;
within the time range of each waiting detection process, if the resolver receives restart instructions sent by restart instruction detection authenticators of a plurality of executors, a restart confirmation instruction is replied to the restart instruction detection authenticator of the executor of the first restart instruction, and then a restart confirmation instruction is replied to the restart instruction detection authenticator of the executor of the restart instruction of the corresponding sequence after delaying t time each time according to the sequence of the received restart instruction;
and the restart instruction detection authenticator sends a restart instruction to the restart instruction executor after receiving the restart confirmation instruction to restart the execution system.
In other application examples, a restart event detector is also included; the restart event detector detects whether the execution body system restart event occurs in a plug-in mode, and sends a restart detection signal to the resolver after the occurrence of the system restart event is detected; when the arbitrator receives the restart detection signal, if the system restart event is judged to occur within the time t of the restart confirmation instruction reply, the signal is not processed; otherwise, reporting the abnormal downtime event of the scheduler mimicry system.
In other application examples, the input agent sets a traffic recorder and a traffic interceptor; after the scheduler receives the abnormal downtime event, the flow interceptor of the input agent is notified to block all external flows; then, data recorded in the time period when the abnormal downtime event occurs in the flow recorder are taken out, the source IP address in the data message in the time period is extracted, the flow interceptor finally issues the blocking rule again according to the source IP address, and flow interception is carried out according to the source IP; and after receiving the abnormal downtime event, the scheduler also schedules a new execution body online.
The method and the device for recovering the service of the invention solve the problems that all the executors are down and the service cannot be recovered by taking a scene that three executors simultaneously receive the restart instruction as an example.
The executive body 1, the executive body 2 and the executive body 3 receive the restart instruction at the same time within the time range t, and the restart instruction detection authenticator sends the restart instruction to the resolver.
The arbitrator receives the restart instruction sent by the executive 1 at the time of t0, receives the restart instruction sent by the executive 2 at the time of t0+ t1, and receives the restart instruction sent by the executive 3 at the time of t0+ t 2; wherein t is t2-t0 and is not more than t;
the arbitrator replies a restart confirmation instruction to the executive body 1 at first, and the time for sending the restart confirmation instruction is t0+ t 4; after waiting for t time, replying a restart confirmation signal to the execution body 2, wherein the time for sending the restart confirmation signal is t0+ t4+ t; the time for sending the restart confirmation signal to the execution block 3 is t0+ t4+2 t; after receiving the restart confirmation signal, the restart instruction detection authenticator of each execution body informs the restart instruction executor to perform the restart operation of the execution body system;
meanwhile, the plug-in restart event detector detects the execution body system restart event and sends a restart detection signal to the arbitrator. The arbitrator receives the restart detection signal of the executive body 1 in the range of [ t0+ t4, t0+ t4+ t ], and does not process the restart detection signal; the arbitrator receives the restart detection signal of the executive body 2 in the range of [ t0+ t4+ t, t0+ t4+2t ], and does not process the restart detection signal; the arbitrator receives the restart detection signal of the executive body 3 in the range of [ t0+ t4+2t, t0+ t4+3t ], and does not process the restart detection signal;
if the arbitrator continues to receive the restart detection signals of the executive 1, the executive 2 and the executive 3 within the time period ranges of t0+ t4+ t, t0+ t4+2t and t0+ t4+2t, the executors are continuously attacked by the restart instruction; the resolver no longer sends a restart confirmation reply signal to the execution entity, and the resolver notifies the scheduler of the occurrence of a restart instruction attack event (abnormal downtime event). At this time, the scheduler sequentially performs a cleaning offline operation on the executors, and maintains normal services for the new executors online.
The invention is explained how to detect the 'halt-restart' event of a mimicry system and quickly eliminate the collective downtime event of the executors by taking the application programs of three executors or the system memory bug execution restart scene as an example.
When the restart event detector finds that the execution system is restarted, and the restart operation is not caused by a restart instruction, the restart should be a restart attack initiated by external traffic aiming at an application program or a system memory bug.
In engineering practice, applications tend to be homogeneous, and thus the restart vulnerability presented by an application is present on all executives. When the executor 1, the executor 2 and the executor 3 are restarted simultaneously, the arbitrator receives a signal sent by the restart event detector of the executor 1 at the time t0, receives a signal sent by the restart event detector of the executor 2 at the time t0+ t2, and receives a signal sent by the restart event detector of the executor 2 at the time t0+ t3, wherein t2 is not more than t, and t3 is not more than t, so that the simulated system cannot provide normal service to the outside, and is in a downtime state.
And the arbitrator is used for informing the scheduler of the downtime event when detecting that the mimicry system is in the downtime state. The scheduler notifies the input agents that the attack time of the downed event is the [ t0, t0+ t3] time period. After the input agent receives the downtime event, all external traffic is blocked by the traffic interceptor firstly. And then, taking out data recorded in a time period of the flow recorder [ t0-t, t0+ t3], extracting a source IP address in the data message of the time period, issuing a blocking rule again by the flow interceptor according to the source IP address, and intercepting the flow according to the source IP. Meanwhile, the dispatcher sequentially carries out offline cleaning operation on the executive bodies and re-accesses the new executive bodies.
The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and all the changes or substitutions should be covered within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the appended claims.
Claims (6)
1. A pseudo-shutdown-restart service detection processing method, comprising the steps of:
when detecting that the executive body receives a restart instruction at any time, sending the restart instruction to the resolver;
the arbitrator takes a 2t time length as a waiting detection process, and each waiting detection process starts when the arbitrator receives a first restart instruction; when the time of 2t is up, the arbitrator finishes the flows to be detected; wherein t is the time required for executing the restart of the system;
within the time range of each waiting detection process, if the arbitrator only receives a restart instruction sent by one executive body, the arbitrator replies a restart confirmation instruction to the executive body after finishing the waiting detection processes; the executive body restarts the executive body system according to the received restart confirmation instruction;
within the time range of each waiting detection process, if the resolver receives restart instructions sent by a plurality of execution bodies, the resolver replies a restart confirmation instruction to the execution body of the first restart instruction first, and then replies a restart confirmation instruction to the execution body of the restart instruction in the corresponding sequence after delaying t time each time according to the sequence of the received restart instruction.
2. The pseudo halt-restart service detection processing method according to claim 1, further comprising: detecting whether an executive system restart event occurs and notifying an arbitrator;
after the arbitrator receives the restart detection signal, if the execution body system restart event is judged to occur within the time t of the restart confirmation instruction reply, the signal is not processed; otherwise, reporting the abnormal downtime event of the scheduler.
3. The pseudo-stop-and-restart service detection processing method according to claim 2, wherein: and after receiving the abnormal downtime event, the scheduler informs an input agent to carry out traffic interception and then schedules a new execution body to be online.
4. A mimicry system with a shutdown-restart service detection process, comprising an input agent, an executable, a resolver, and a scheduler, characterized in that: the system also comprises a restart instruction detection authenticator and a restart instruction executor which are arranged on each execution body;
the restarting instruction detection authenticator is used for detecting whether the executive body receives a restarting instruction or not and sending the restarting instruction to be detected to the resolver;
the arbitrator takes a 2t time length as a waiting detection process, and each waiting detection process starts when the arbitrator receives a first restart instruction; when the time of 2t is up, the arbitrator finishes the flows to be detected; wherein t is the time required for executing the restart of the system;
within the time range of each waiting detection process, if the arbitrator only receives the restart instruction sent by the restart instruction detection authenticator of a certain executive body, the arbitrator replies a restart confirmation instruction to the restart instruction detection authenticator of the executive body after finishing the processes to be detected;
within the time range of each waiting detection process, if the resolver receives restart instructions sent by restart instruction detection authenticators of a plurality of executors, a restart confirmation instruction is replied to the restart instruction detection authenticator of the executor of the first restart instruction, and then a restart confirmation instruction is replied to the restart instruction detection authenticator of the executor of the restart instruction of the corresponding sequence after delaying t time each time according to the sequence of the received restart instruction;
and the restarting instruction detection authenticator sends a restarting instruction to the restarting instruction executor after receiving the restarting confirmation instruction, and the execution body system is restarted.
5. The mimicry system with shutdown-restart service detection process of claim 4, wherein: a restart event detector;
the restarting event detector detects whether a restarting event of the executive body system occurs to the executive body in a plug-in mode, and sends a restarting detection signal to the arbitrator after the occurrence of the restarting event of the system is detected;
when the arbitrator receives the restart detection signal, if the system restart event is judged to occur within the time t of the restart confirmation instruction reply, the signal is not processed; otherwise, reporting the abnormal downtime event of the scheduler mimicry system.
6. The mimicry system with shutdown-restart service detection process of claim 5, wherein: the input agent sets a flow recorder and a flow interceptor;
after the scheduler receives the abnormal downtime event, the flow interceptor of the input agent is notified to block all external flows; then, data recorded in the time period when the abnormal downtime event occurs in the flow recorder are taken out, the source IP address in the data message in the time period is extracted, the flow interceptor finally issues the blocking rule again according to the source IP address, and flow interception is carried out according to the source IP;
and after receiving the abnormal downtime event, the scheduler also schedules a new execution body online.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210468584.XA CN115085971B (en) | 2022-04-30 | 2022-04-30 | Mimicry shutdown-restart service detection processing method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210468584.XA CN115085971B (en) | 2022-04-30 | 2022-04-30 | Mimicry shutdown-restart service detection processing method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115085971A true CN115085971A (en) | 2022-09-20 |
| CN115085971B CN115085971B (en) | 2023-11-17 |
Family
ID=83248167
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210468584.XA Active CN115085971B (en) | 2022-04-30 | 2022-04-30 | Mimicry shutdown-restart service detection processing method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115085971B (en) |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102387069A (en) * | 2011-10-08 | 2012-03-21 | 华为技术有限公司 | Method and system for connecting clients with server and clients as well as server |
| CN105306458A (en) * | 2015-10-08 | 2016-02-03 | 北京星网锐捷网络技术有限公司 | Authentication method and device based on network access security (NAS) equipment |
| CN111858165A (en) * | 2020-07-06 | 2020-10-30 | 河南信大网御科技有限公司 | Rapid recovery method, system and framework for heterogeneous executer |
| CN112162866A (en) * | 2020-08-31 | 2021-01-01 | 中国人民解放军战略支援部队信息工程大学 | Heterogeneous executive program synchronization method and device based on relative time |
| CN112242923A (en) * | 2020-09-15 | 2021-01-19 | 中国人民解放军战略支援部队信息工程大学 | System and method for realizing unified data management network function based on mimicry defense |
| CN113315755A (en) * | 2021-04-27 | 2021-08-27 | 华东计算技术研究所(中国电子科技集团公司第三十二研究所) | Mimicry decision system and method based on strategy |
| CN113678494A (en) * | 2019-02-19 | 2021-11-19 | 智慧天空网络有限公司 | Method and device for providing network experience testing |
| CN113665631A (en) * | 2021-07-20 | 2021-11-19 | 交控科技股份有限公司 | Remote restarting method and device for interlocking host equipment |
| CN114363048A (en) * | 2021-12-31 | 2022-04-15 | 河南信大网御科技有限公司 | Mimicry unknown threat discovery system |
-
2022
- 2022-04-30 CN CN202210468584.XA patent/CN115085971B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102387069A (en) * | 2011-10-08 | 2012-03-21 | 华为技术有限公司 | Method and system for connecting clients with server and clients as well as server |
| CN105306458A (en) * | 2015-10-08 | 2016-02-03 | 北京星网锐捷网络技术有限公司 | Authentication method and device based on network access security (NAS) equipment |
| CN113678494A (en) * | 2019-02-19 | 2021-11-19 | 智慧天空网络有限公司 | Method and device for providing network experience testing |
| CN111858165A (en) * | 2020-07-06 | 2020-10-30 | 河南信大网御科技有限公司 | Rapid recovery method, system and framework for heterogeneous executer |
| CN112162866A (en) * | 2020-08-31 | 2021-01-01 | 中国人民解放军战略支援部队信息工程大学 | Heterogeneous executive program synchronization method and device based on relative time |
| CN112242923A (en) * | 2020-09-15 | 2021-01-19 | 中国人民解放军战略支援部队信息工程大学 | System and method for realizing unified data management network function based on mimicry defense |
| CN113315755A (en) * | 2021-04-27 | 2021-08-27 | 华东计算技术研究所(中国电子科技集团公司第三十二研究所) | Mimicry decision system and method based on strategy |
| CN113665631A (en) * | 2021-07-20 | 2021-11-19 | 交控科技股份有限公司 | Remote restarting method and device for interlocking host equipment |
| CN114363048A (en) * | 2021-12-31 | 2022-04-15 | 河南信大网御科技有限公司 | Mimicry unknown threat discovery system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115085971B (en) | 2023-11-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106991324B (en) | Malicious code tracking and identifying method based on memory protection type monitoring | |
| RU2487405C1 (en) | System and method for correcting antivirus records | |
| CN105408911A (en) | Hardware and software execution profiling | |
| US10503909B2 (en) | System and method for vulnerability remediation verification | |
| CN104391777B (en) | Cloud platform and its operation and monitoring method and device based on (SuSE) Linux OS | |
| CN109074448B (en) | Detection of a deviation of a safety state of a computing device from a nominal safety state | |
| CN111078453A (en) | Method and device for automatically fusing and recovering micro-service, computer equipment and storage medium | |
| EP3188442A1 (en) | Detection, prevention, and/or mitigation of dos attacks in publish/subscribe infrastructure | |
| CN111859391A (en) | Trusted execution body, mimicry escape rapid identification method and mimicry defense architecture | |
| US6519712B1 (en) | Independent checkpointing method using a memory checkpoint on a distributed system | |
| US11055416B2 (en) | Detecting vulnerabilities in applications during execution | |
| JP2019066995A (en) | System capable of selectively switching between secure mode and non-secure mode | |
| CN110851294B (en) | Method and device for remedying program running crash | |
| CN109828945B (en) | Service message processing method and system | |
| CN106201753A (en) | A kind of based on the processing method of PCIE mistake in linux and system | |
| KR102020994B1 (en) | Method and apparatus for fault injection test | |
| CN115085971A (en) | Pseudo-shutdown-restart service detection processing method | |
| KR102213676B1 (en) | Terminal apparatus for autosar system with arithmetic operation supervision function and arithmetic operation supervision method of autosar system | |
| US20180268020A1 (en) | Transaction processing system and transaction control method | |
| CN115314289A (en) | Attacked executor identifying method, output voter, equipment and storage medium | |
| CN106598770B (en) | Native layer exception reporting processing method and device in Android system | |
| JP2009151440A (en) | Program hang-up detection method and computer device adopting the same method | |
| CN102521089A (en) | Hardware equipment error detection method | |
| CN116108440B (en) | Processing method, device, equipment and medium for injecting industrial control key software | |
| KR101938415B1 (en) | System and Method for Anomaly Detection |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |