CN117675415A - Attack defense method, device, terminal equipment and storage medium - Google Patents
Attack defense method, device, terminal equipment and storage medium Download PDFInfo
- Publication number
- CN117675415A CN117675415A CN202410132758.4A CN202410132758A CN117675415A CN 117675415 A CN117675415 A CN 117675415A CN 202410132758 A CN202410132758 A CN 202410132758A CN 117675415 A CN117675415 A CN 117675415A
- Authority
- CN
- China
- Prior art keywords
- attack
- model
- prompt
- response
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 230000007123 defense Effects 0.000 title claims abstract description 97
- 238000000034 method Methods 0.000 title claims abstract description 63
- 230000004044 response Effects 0.000 claims abstract description 198
- 238000000605 extraction Methods 0.000 claims abstract description 141
- 238000002347 injection Methods 0.000 claims abstract description 98
- 239000007924 injection Substances 0.000 claims abstract description 98
- 238000001914 filtration Methods 0.000 claims description 27
- 230000008569 process Effects 0.000 description 12
- 239000000243 solution Substances 0.000 description 8
- 239000008186 active pharmaceutical agent Substances 0.000 description 7
- 230000006399 behavior Effects 0.000 description 7
- 238000012360 testing method Methods 0.000 description 5
- 238000004891 communication Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 238000013475 authorization Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 2
- 230000000295 complement effect Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000010801 machine learning Methods 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 238000012549 training Methods 0.000 description 2
- 238000013473 artificial intelligence Methods 0.000 description 1
- 238000013136 deep learning model Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000014759 maintenance of location Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012805 post-processing Methods 0.000 description 1
- 238000007781 pre-processing Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Landscapes
- Computer And Data Communications (AREA)
Abstract
The invention discloses an attack defense method, an attack defense device, terminal equipment and a storage medium, wherein the attack defense method, the attack defense device, the terminal equipment and the storage medium are used for receiving a user prompt text input by a user; generating a user prompt request according to the user prompt text, sending the user prompt request to a model end, and inputting the user prompt request into a preset generation type large model by the model end to carry out prompt response to obtain a model prompt response; receiving a model prompt response sent by the model end; based on a preset extraction information attack recognition rule, carrying out attack recognition according to the model prompt response, obtaining an extraction information attack recognition result, and taking corresponding defending measures according to the extraction information attack recognition result, wherein the extraction information attack recognition rule is obtained by carrying out rule generation based on the generation type large model. The method realizes the defense of the information injection attack extracted from the generated large model injection attack defense scene, and improves the accuracy of attack identification and the safety of the generated large model response.
Description
Technical Field
The present invention relates to the field of information security technologies, and in particular, to an attack defense method, an attack defense device, a terminal device, and a storage medium.
Background
With the development of artificial intelligence, the generative large model is used as a large branch of information security, and the application of the generative large model is also becoming wider, and a user can guide the model to generate specific responses or outputs by sending prompt requests to input provided to the generative large model.
Because the response mode of the generated large model, the used data, the available external APIs and tools and other information may contain sensitive information, an attacker may extract the information by specially-made instant injection attack, i.e. the malicious input is injected in real time in the model reasoning process, and the output result of the model is influenced, so that further attack and reconnaissance activities are performed.
However, in the current large model injection attack defense scenario, the word and phrase in the prompt or output sent by the user are usually subjected to grammar checking and filtering and noise is added when the model responds to defend, but the format and the phrase of the prompt sent by the user are not fixed, so that the user intention cannot be accurately identified, the false alarm rate of attack identification is high, and the method is not suitable for the application scenario of defending the injection attack of the extracted information type.
The foregoing is provided merely for the purpose of facilitating understanding of the technical solutions of the present invention and is not intended to represent an admission that the foregoing is prior art.
Disclosure of Invention
The main purpose of the application is to provide an attack defense method, an attack defense device, terminal equipment and a storage medium, aiming at realizing the defense of the extracted information injection attack in the generated large model injection attack defense scene.
In order to achieve the above objective, the present application provides an attack defense method, which is applied to a network, and includes the following steps:
receiving a user prompt text input by a user;
generating a user prompt request according to the user prompt text, sending the user prompt request to a model end, and inputting the user prompt request into a preset generation type large model by the model end to carry out prompt response to obtain a model prompt response;
receiving a model prompt response sent by the model end;
based on a preset extraction information attack recognition rule, carrying out attack recognition according to the model prompt response, obtaining an extraction information attack recognition result, and taking corresponding defending measures according to the extraction information attack recognition result, wherein the extraction information attack recognition rule is obtained by carrying out rule generation based on the generation type large model.
Optionally, the step of performing attack recognition according to the model prompt response based on the preset extraction information attack recognition rule to obtain an extraction information attack recognition result, and taking corresponding defensive measures according to the extraction information attack recognition result further includes:
Generating an extraction information attack identification parameter according to the model configuration parameter, the data attribute parameter and the tool configuration parameter in the generated large model;
and based on a preset recognition algorithm, generating rules according to the extracted information attack recognition parameters, and obtaining extracted information attack recognition rules.
Optionally, the step of performing attack recognition according to the model prompt response based on the preset extraction information attack recognition rule to obtain an extraction information attack recognition result, and taking corresponding defensive measures according to the extraction information attack recognition result includes:
analyzing a response message body of the model prompt response according to the interface response format of the model end to obtain response message body parameters;
based on the extracted information attack recognition rule, carrying out attack recognition on the response message body parameter to obtain an extracted information attack recognition result;
based on a preset defense strategy, corresponding defense measures are adopted according to the extracted information attack recognition result.
Optionally, the step of performing attack recognition on the response message body parameter based on the extracted information attack recognition rule to obtain an extracted information attack recognition result includes:
If the response message body parameter contains a model configuration parameter, obtaining that the extracted information attack identification result contains a model configuration injection attack;
if the response message body parameter contains a data attribute parameter, obtaining that the extracted information attack identification result contains a data attribute injection attack;
and if the response message body parameter contains the tool configuration parameter, obtaining the tool configuration injection attack contained in the extracted information attack identification result.
Optionally, the step of taking the corresponding defensive measure according to the extracted information attack recognition result based on the preset defensive strategy includes:
if the extracted information attack recognition result contains a model configuration injection attack, filtering model configuration information corresponding to the model configuration parameters, and limiting the model configuration access authority of the user so as to defend the model configuration injection attack;
if the extracted information attack identification result contains a data attribute injection attack, filtering data attribute information corresponding to the data attribute parameters to defend the data attribute injection attack;
and if the extracted information attack identification result contains the tool configuration injection attack, filtering tool configuration information corresponding to the tool configuration parameters, and limiting the tool configuration access right and the external interface access right of the user so as to defend the tool configuration injection attack.
Optionally, the attack defense method is applied to a model end, and includes the following steps:
receiving a user prompt request sent by a network side, wherein the user prompt request is generated according to a user prompt text input by a user after the network side receives the user prompt text;
inputting the user prompt request into a preset generation type large model to carry out prompt response, and obtaining a model prompt response;
and sending the model prompt response to the network terminal, carrying out attack recognition by the network terminal based on a preset extraction information attack recognition rule, obtaining an extraction information attack recognition result according to the model prompt response, and taking corresponding defending measures according to the extraction information attack recognition result, wherein the extraction information attack recognition rule is obtained by carrying out rule generation based on the generation type large model.
Optionally, the step of receiving the user prompt request sent by the network side further includes:
based on the extracted information attack recognition rule, carrying out attack recognition on a request message body of the user prompt request to obtain extracted information injection attack parameters;
and filtering the request message body according to the extracted information injection attack parameters so as to defend the injection attack corresponding to the extracted information injection attack parameters.
The embodiment of the application also provides an attack defending device, which comprises:
the text receiving module is used for receiving a user prompt text input by a user;
the request sending module is used for generating a user prompt request according to the user prompt text and sending the user prompt request to a model end, and the model end inputs the user prompt request into a preset generation type large model to carry out prompt response so as to obtain a model prompt response;
the response receiving module is used for receiving the model prompt response sent by the model end;
the attack defense module is used for carrying out attack recognition according to the model prompt response based on a preset extraction information attack recognition rule, obtaining an extraction information attack recognition result, and taking corresponding defense measures according to the extraction information attack recognition result, wherein the extraction information attack recognition rule is obtained by carrying out rule generation based on the generation type large model.
The embodiment of the application also provides a terminal device, which comprises a memory, a processor and an attack defense program stored on the memory and capable of running on the processor, wherein the attack defense program realizes the steps of the attack defense method when being executed by the processor.
The embodiment of the application also provides a computer readable storage medium, wherein the computer readable storage medium stores an attack defense program, and the attack defense program realizes the steps of the attack defense method when being executed by a processor.
The attack defense method, the attack defense device, the terminal equipment and the storage medium provided by the embodiment of the application receive the user prompt text input by the user; generating a user prompt request according to the user prompt text, sending the user prompt request to a model end, and inputting the user prompt request into a preset generation type large model by the model end to carry out prompt response to obtain a model prompt response; receiving a model prompt response sent by the model end; based on a preset extraction information attack recognition rule, carrying out attack recognition according to the model prompt response, obtaining an extraction information attack recognition result, and taking corresponding defending measures according to the extraction information attack recognition result, wherein the extraction information attack recognition rule is obtained by carrying out rule generation based on the generation type large model. According to the method and the system, the user prompt text input by the user is received through the network terminal, the user prompt request is generated according to the user prompt text and is sent to the model terminal, the model terminal inputs the user prompt request into the generated large model to prompt and answer, then the model prompt response obtained by prompting and answering is sent to the network terminal, the network terminal utilizes the extraction information attack recognition result and the model prompt response attack recognition to obtain the extraction information attack recognition result, and corresponding defending measures are adopted according to the extraction information attack recognition result, so that the defense of the extraction information injection attack in the generated large model injection attack defending scene is realized, and the accuracy of the extraction information attack recognition and the safety of the generated large model response are improved.
Drawings
Fig. 1 is a schematic diagram of functional modules of a terminal device to which an attack defense device of the present application belongs;
fig. 2 is a flowchart of a first exemplary embodiment of an attack defense method according to the present application;
FIG. 3 is a flow chart of a second exemplary embodiment of an attack defense method of the present application;
FIG. 4 is a flow chart of a third exemplary embodiment of an attack defense method of the present application;
fig. 5 is a flowchart of a fourth exemplary embodiment of the attack defense method of the present application.
The achievement of the objects, functional features and advantages of the present invention will be further described with reference to the accompanying drawings, in conjunction with the embodiments.
Detailed Description
It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
The main solutions of the embodiments of the present application are: receiving a user prompt text input by a user; generating a user prompt request according to the user prompt text, sending the user prompt request to a model end, and inputting the user prompt request into a preset generation type large model by the model end to carry out prompt response to obtain a model prompt response; receiving a model prompt response sent by the model end; based on a preset extraction information attack recognition rule, carrying out attack recognition according to the model prompt response, obtaining an extraction information attack recognition result, and taking corresponding defending measures according to the extraction information attack recognition result, wherein the extraction information attack recognition rule is obtained by carrying out rule generation based on the generation type large model. According to the method and the system, the user prompt text input by the user is received through the network terminal, the user prompt request is generated according to the user prompt text and is sent to the model terminal, the model terminal inputs the user prompt request into the generated large model to prompt and answer, then the model prompt response obtained by prompting and answering is sent to the network terminal, the network terminal utilizes the extraction information attack recognition result and the model prompt response attack recognition to obtain the extraction information attack recognition result, and corresponding defending measures are adopted according to the extraction information attack recognition result, so that the defense of the extraction information injection attack in the generated large model injection attack defending scene is realized, and the accuracy of the extraction information attack recognition and the safety of the generated large model response are improved.
According to the embodiment of the application, the related technical scheme is considered to defend through grammar checking and filtering of the prompt or the word and phrase in the output sent by the user and adding of noise when the model responds, and because the format and the term of the prompt sent by the user are not fixed, the intention of the user cannot be accurately identified, the false alarm rate of attack identification is high, and the application scenario of defending against the injection attack of the extracted information type is not suitable.
Based on the above, the embodiment of the application provides a solution, which realizes a defending method for implementing a rapid information extraction attack on a generated large model, improves the accuracy of identifying the extracted information attack and the safety of the generated large model response, and protects the system from the threat of the extracted information attack.
Specifically, referring to fig. 1, fig. 1 is a schematic functional block diagram of a terminal device to which an attack defense device of the present application belongs. The attack defense device may be a device independent of the terminal device, capable of performing attack defense, and may be carried on the terminal device in the form of hardware or software. The terminal equipment can be intelligent mobile equipment with an attack defense function such as a mobile phone and a tablet personal computer, and can also be fixed terminal equipment or a server with the attack defense function.
In this embodiment, the terminal device to which the attack defense apparatus belongs includes at least an output module 110, a processor 120, a memory 130, and a communication module 140.
The memory 130 stores an operating system and an attack defending program, and the attack defending device can store the received and processed data information in the memory 130; the output module 110 may be a display screen, a speaker, etc. The communication module 140 may include a WIFI module, a mobile communication module, a bluetooth module, and the like, and communicates with an external device or a server through the communication module 140.
Wherein the attack defense program in the memory 130, when executed by the processor, performs the steps of:
receiving a user prompt text input by a user;
generating a user prompt request according to the user prompt text, sending the user prompt request to a model end, and inputting the user prompt request into a preset generation type large model by the model end to carry out prompt response to obtain a model prompt response;
receiving a model prompt response sent by the model end;
based on a preset extraction information attack recognition rule, carrying out attack recognition according to the model prompt response, obtaining an extraction information attack recognition result, and taking corresponding defending measures according to the extraction information attack recognition result, wherein the extraction information attack recognition rule is obtained by carrying out rule generation based on the generation type large model.
Further, the attack defense program in the memory 130, when executed by the processor, also implements the steps of:
generating an extraction information attack identification parameter according to the model configuration parameter, the data attribute parameter and the tool configuration parameter in the generated large model;
and based on a preset recognition algorithm, generating rules according to the extracted information attack recognition parameters, and obtaining extracted information attack recognition rules.
Further, the attack defense program in the memory 130, when executed by the processor, also implements the steps of:
analyzing a response message body of the model prompt response according to the interface response format of the model end to obtain response message body parameters;
based on the extracted information attack recognition rule, carrying out attack recognition on the response message body parameter to obtain an extracted information attack recognition result;
based on a preset defense strategy, corresponding defense measures are adopted according to the extracted information attack recognition result.
Further, the attack defense program in the memory 130, when executed by the processor, also implements the steps of:
if the response message body parameter contains a model configuration parameter, obtaining that the extracted information attack identification result contains a model configuration injection attack;
If the response message body parameter contains a data attribute parameter, obtaining that the extracted information attack identification result contains a data attribute injection attack;
and if the response message body parameter contains the tool configuration parameter, obtaining the tool configuration injection attack contained in the extracted information attack identification result.
Further, the attack defense program in the memory 130, when executed by the processor, also implements the steps of:
if the extracted information attack recognition result contains a model configuration injection attack, filtering model configuration information corresponding to the model configuration parameters, and limiting the model configuration access authority of the user so as to defend the model configuration injection attack;
if the extracted information attack identification result contains a data attribute injection attack, filtering data attribute information corresponding to the data attribute parameters to defend the data attribute injection attack;
and if the extracted information attack identification result contains the tool configuration injection attack, filtering tool configuration information corresponding to the tool configuration parameters, and limiting the tool configuration access right and the external interface access right of the user so as to defend the tool configuration injection attack.
Further, the attack defense program in the memory 130, when executed by the processor, also implements the steps of:
receiving a user prompt request sent by a network side, wherein the user prompt request is generated according to a user prompt text input by a user after the network side receives the user prompt text;
inputting the user prompt request into a preset generation type large model to carry out prompt response, and obtaining a model prompt response;
and sending the model prompt response to the network terminal, carrying out attack recognition by the network terminal based on a preset extraction information attack recognition rule, obtaining an extraction information attack recognition result according to the model prompt response, and taking corresponding defending measures according to the extraction information attack recognition result, wherein the extraction information attack recognition rule is obtained by carrying out rule generation based on the generation type large model.
Further, the attack defense program in the memory 130, when executed by the processor, also implements the steps of:
based on the extracted information attack recognition rule, carrying out attack recognition on a request message body of the user prompt request to obtain extracted information injection attack parameters;
and filtering the request message body according to the extracted information injection attack parameters so as to defend the injection attack corresponding to the extracted information injection attack parameters.
According to the scheme, the user prompt text input by the user is received; generating a user prompt request according to the user prompt text, sending the user prompt request to a model end, and inputting the user prompt request into a preset generation type large model by the model end to carry out prompt response to obtain a model prompt response; receiving a model prompt response sent by the model end; based on a preset extraction information attack recognition rule, carrying out attack recognition according to the model prompt response, obtaining an extraction information attack recognition result, and taking corresponding defending measures according to the extraction information attack recognition result, wherein the extraction information attack recognition rule is obtained by carrying out rule generation based on the generation type large model. The network side receives a user prompt text input by a user, generates a user prompt request according to the user prompt text and sends the user prompt request to the model side, the model side sends a model prompt response obtained by prompting response to the network side after inputting the user prompt request into the generated big model for prompting response, the network side utilizes an extraction information attack recognition result and model prompt response attack recognition to obtain the extraction information attack recognition result, and corresponding defending measures are adopted according to the extraction information attack recognition result, so that the defense of the extraction information injection attack in the generated big model injection attack defending scene is realized, and the accuracy of the extraction information attack recognition and the safety of the generated big model response are improved.
Based on the above terminal device architecture, but not limited to the above architecture, the method embodiments of the present application are presented.
Referring to fig. 2, fig. 2 is a schematic flow chart of a first exemplary embodiment of the attack defense method of the present application. The attack defense method is applied to a network end and comprises the following steps:
step S10: user prompt text entered by a user is received.
The execution body of the method of the embodiment may be an attack defending device, or may be an attack defending terminal device or a server, and the embodiment uses the attack defending device as an example, and the attack defending device may be integrated on a terminal device with a data processing function.
And the network side receives the user prompt text input by the user. The user prompt text is the content of the user asking questions to the generated large model, and the user can input the text in various modes, such as text input, voice input and the like.
Step S20: generating a user prompt request according to the user prompt text, sending the user prompt request to a model end, and inputting the user prompt request into a preset generation type large model by the model end to carry out prompt response to obtain a model prompt response.
In order to transfer the user's question to a preset generation type big model so that the model can understand and generate a corresponding answer, the network side generates a user prompt request according to the received user prompt text, then sends the user prompt request to the model side, and after the model side receives the user prompt request sent by the network side, the user prompt request is input into the preset generation type big model to carry out prompt answer, so as to obtain the prompt response of the model. The user prompt request may include, in addition to the request parameter content of the user prompt text, such as a query string, a request header, a request body, etc. of the URL path, content of a dialogue history, an environment setting, etc. of the current dialogue of the user, and injection attack related parameters of the type of the extracted information to be identified, such as request parameters of sensitive data related information, model configuration information, and tool configuration information, where the parameters are objects mainly detected by an attacker.
Step S30: and receiving a model prompt response sent by the model terminal.
After the model end finishes prompting response, the network end receives the model prompting response sent by the model end. The model prompt response may include other relevant information, such as metadata information including request ID, request timestamp, model version number, etc., and response parameters of sensitive data relevant information, model configuration information and tool configuration information waiting for identification, besides the content of the processing result of the generated large model on the user prompt, that is, response body parameters such as answer or response text output by the model.
Step S40: based on a preset extraction information attack recognition rule, carrying out attack recognition according to the model prompt response, obtaining an extraction information attack recognition result, and taking corresponding defending measures according to the extraction information attack recognition result, wherein the extraction information attack recognition rule is obtained by carrying out rule generation based on the generation type large model.
The network end uses the preset extracted information attack recognition rule to carry out attack recognition on the received model prompt response, and adopts corresponding defending measures according to the attack recognition result. The extraction information attack recognition rule is generated based on the large generation type model, and the network side judges whether potential attack behaviors exist in the model prompt response according to the extraction information attack recognition rule.
More specifically, in a conversational system based on a generative large model, user prompt requests typically contain questions or instructions from the user, while model prompt responses are answers generated by the system based on the questions. The content of the user prompt request and the model prompt response is determined according to specific application scenes and requirements. The user prompt request is sent as input to the model side, which processes it to generate a model prompt response, which is then sent back to the network side. The user prompt request provides the user's question or request content, and the model prompt response is the answer or response that the model has processed the user prompt. The network terminal can further process the model prompt response after receiving the model prompt response, for example, performing operations such as attack recognition, defense and the like.
According to the scheme, the user prompt text input by the user is received; generating a user prompt request according to the user prompt text, sending the user prompt request to a model end, and inputting the user prompt request into a preset generation type large model by the model end to carry out prompt response to obtain a model prompt response; receiving a model prompt response sent by the model end; based on a preset extraction information attack recognition rule, carrying out attack recognition according to the model prompt response, obtaining an extraction information attack recognition result, and taking corresponding defending measures according to the extraction information attack recognition result, wherein the extraction information attack recognition rule is obtained by carrying out rule generation based on the generation type large model. According to the method and the system, the user prompt text input by the user is received through the network terminal, the user prompt request is generated according to the user prompt text and is sent to the model terminal, the model terminal inputs the user prompt request into the generated large model to prompt and answer, then the model prompt response obtained by prompting and answering is sent to the network terminal, the network terminal utilizes the extraction information attack recognition result and the model prompt response attack recognition to obtain the extraction information attack recognition result, and corresponding defending measures are adopted according to the extraction information attack recognition result, so that the defense of the extraction information injection attack in the generated large model injection attack defending scene is realized, and the accuracy of the extraction information attack recognition and the safety of the generated large model response are improved.
Referring to fig. 3, fig. 3 is a flowchart illustrating a second exemplary embodiment of the attack defense method according to the present invention.
Based on the first embodiment, a second embodiment of the present application is presented, which differs from the first embodiment in that:
in this embodiment, the step of performing attack recognition according to the model prompt response based on the preset extraction information attack recognition rule to obtain an extraction information attack recognition result, and taking corresponding defensive measures according to the extraction information attack recognition result further includes:
step S401: generating an extraction information attack identification parameter according to the model configuration parameter, the data attribute parameter and the tool configuration parameter in the generated large model;
step S402: and based on a preset recognition algorithm, generating rules according to the extracted information attack recognition parameters, and obtaining extracted information attack recognition rules.
Specifically, in order to generate the extraction information attack recognition rule required for attack recognition, first, parameters for extraction information attack recognition are obtained according to the model configuration parameters, the data attribute parameters related to the model and the tool configuration parameters called by the model in the large generation model. The extraction information attack identification parameters comprise, but are not limited to, three parameters for identifying the extraction information attack, namely a model configuration parameter of a generative large model, a model related data parameter and a tool configuration parameter of a model call. Configuration parameters of the model, including model type, model architecture, model training patterns, etc., may help identify situations where too simple or unsafe machine learning models are used. The data parameters related to the model include the formats of the input data and the output data, the modes of preprocessing and post-processing, and the like. The model calling tool configuration parameters comprise the configuration of a model calling interface, the setting of calling frequency limit, the authentication and encryption modes and the like.
And finally, based on a preset recognition algorithm, utilizing the extracted information attack parameters to generate rules, and obtaining the extracted information attack recognition rules. The extracted information attack recognition rule may be an attack recognition rule generated according to the extracted information attack parameter as a keyword of a recognition algorithm, and the extracted information attack recognition rule may also be an attack recognition rule generated according to the extracted information attack parameter as a keyword of a recognition algorithm, based on a specific text analysis technology, a machine learning algorithm, a deep learning model or the like, by analyzing normal and aggressive text samples in a training data set, different types of attack modes and features are learned, and accordingly, the corresponding attack recognition rule is generated. The system can be designed according to the characteristics, modes and contexts of the request message body or the response message body so as to accurately judge whether the model prompt response contains potential attack behaviors.
According to the scheme, the extracted information attack identification parameters are generated according to the preset model configuration parameters, the data attribute parameters and the tool configuration parameters; and based on a preset recognition algorithm, generating rules according to the extracted information attack recognition parameters, and obtaining extracted information attack recognition rules. The extraction information attack recognition rule can be utilized to help the network end recognition model to prompt whether potential attack exists in response, so that safety and reliability are enhanced.
Referring to fig. 4, fig. 4 is a flowchart illustrating a third exemplary embodiment of the attack defense method according to the present invention.
Based on the second embodiment, a third embodiment of the present application is presented, which differs from the second embodiment in that:
in this embodiment, the steps of performing attack recognition according to the model prompt response based on the preset extraction information attack recognition rule, obtaining an extraction information attack recognition result, and taking corresponding defensive measures according to the extraction information attack recognition result include:
step S403: analyzing a response message body of the model prompt response according to the interface response format of the model end to obtain response message body parameters;
step S404: based on the extracted information attack recognition rule, carrying out attack recognition on the response message body parameter to obtain an extracted information attack recognition result;
step S405: based on a preset defense strategy, corresponding defense measures are adopted according to the extracted information attack recognition result.
Specifically, firstly, after receiving a model prompt response sent by a model end, the network end analyzes a response message body according to an interface response format of the model end to obtain response message body parameters. The network end analyzes the interface response format of the model end to determine the format of the response message body, and analyzes the response message body to obtain specific parameters of the response message body.
And then, the network side carries out attack recognition on the response message body parameters based on the extraction information attack recognition rule to obtain an extraction information attack recognition result. The network side analyzes and judges the response message body parameters obtained by analysis by using a preset extraction information attack recognition rule to determine whether potential extraction information attack behaviors exist or not, and generates a corresponding recognition result.
And finally, the network side adopts corresponding defending measures according to the extracted information attack recognition result, and processes the information based on a preset defending strategy. The network side can take corresponding defending measures according to the result of the extracted information attack recognition and a preset defending strategy, such as intercepting malicious requests, recording attack information, triggering an alarm mechanism and the like.
Further, as an implementation manner, the step of performing attack recognition on the response message body parameter based on the extracted information attack recognition rule, and obtaining an extracted information attack recognition result includes:
step S4041: if the response message body parameter contains a model configuration parameter, obtaining that the extracted information attack identification result contains a model configuration injection attack;
Step S4042: if the response message body parameter contains a data attribute parameter, obtaining that the extracted information attack identification result contains a data attribute injection attack;
step S4043: and if the response message body parameter contains the tool configuration parameter, obtaining the tool configuration injection attack contained in the extracted information attack identification result.
Specifically, first, if the response message body parameter includes a model configuration parameter, the network end identifies a model configuration injection attack. The model configuration injection attack refers to the behavior of an attacker for injection attack by acquiring configuration parameters of a model, and whether the model configuration type of the extracted information attack exists or not can be judged by checking the legitimacy, access right, comparison and difference between the model configuration parameters and preset configuration.
Then, if the response message body parameter contains the data attribute parameter, the network end identifies the data attribute injection attack. The data attribute injection attack refers to the behavior of an attacker performing injection attack by acquiring data attribute parameters related to a model, and whether the extracted information attack of the data attribute type exists can be judged by verifying the validity of the data attribute parameters, the access right, checking the consistency with the expected data attribute and the like.
Finally, if the response message body parameter contains the configuration parameter of the model calling tool, the network end identifies the tool configuration injection attack. The tool configuration injection attack refers to the behavior of an attacker for injection attack by acquiring tool configuration parameters called by a model, and whether the extracted information attack of the tool configuration type exists can be judged by verifying the legitimacy of the tool configuration parameters, access rights, comparison of the tool configuration parameters with differences of preset configurations and the like. The extracted information attack identification parameters may include model configuration parameters of a generative large model, model-related data parameters, model-invoked tool configuration parameters, and the like.
Further, as an implementation manner, the step of taking the corresponding defensive measure according to the extracted information attack recognition result based on the preset defensive strategy includes:
step S4051: if the extracted information attack recognition result contains a model configuration injection attack, filtering model configuration information corresponding to the model configuration parameters, and limiting the model configuration access authority of the user so as to defend the model configuration injection attack;
step S4052: if the extracted information attack identification result contains a data attribute injection attack, filtering data attribute information corresponding to the data attribute parameters to defend the data attribute injection attack;
Step S4053: and if the extracted information attack identification result contains the tool configuration injection attack, filtering tool configuration information corresponding to the tool configuration parameters, and limiting the tool configuration access right and the external interface access right of the user so as to defend the tool configuration injection attack.
Specifically, firstly, if the extracted information attack recognition result includes a model configuration injection attack, the network side can take defensive measures such as filtering the model configuration information in the response message body and limiting the model configuration access right of the user. When the network side identifies the injection attack of the model configuration, the network side can prevent the injection attack of extracting the model configuration information by limiting the outward sending of the model configuration information and the access authority of the user to the model configuration.
Then, if the extracted information attack recognition result contains the data attribute injection attack, the network side can take defensive measures for filtering the data attribute information in the response message body. When the network side identifies the data attribute injection attack, the network side can conduct targeted defense by limiting the outward emission of the attribute information related to the model data, so that the injection attack of extracting the data related information is avoided.
Finally, if the extracted information attack recognition result contains tool configuration injection attack, the network side can take defensive measures such as filtering configuration information of a model calling tool in a response message body, limiting access rights of related configuration of the tool called by a user to the model, limiting access rights of an external interface and the like. When the network side identifies the injection attack of the tool configuration, the network side limits the outward sending of the tool configuration information and the targeted defense of the user on the access authority of the tool configuration, so that the injection attack of extracting the tool configuration information is avoided.
More specifically, the network side may be a network device deployed between an application program or a browser and a generative large model, such as a network firewall, and the process of accessing ChatGPT and obtaining ChatGPT response content by the application program is illustrated by taking a complementary interface provided by openai as an example:
the obtained extraction response is as follows:
{ "id": "cmpl-uqkvlQyYK7bGYrRHQ0eXlWi7", "object": "text_completion", "created": 1589478378, "model": "text-davinci-003", "choices": [ { "text": "\n\nThis is indeed a test", "index": 0, "logprobs": null, "finish_reason": "length" } ], "usage": { "prompt_tokens": 5, "completion_tokens": 7, "total_tokens": 12 } }
after sending the user prompt request, the complementary interface of openai returns a response in JSON format. The response contains the following information:
"id": the generated text completes the unique identifier of the task.
"object": the object type of the response is identified, here "text_completion".
"created": a timestamp of the text completion task is generated.
"model": the model designated for use, here "text-davinci-003", represents the model in the openai dialog API.
"choies": an array containing the generated text and other related information.
"text": the text content generated, here "\n\ nThis is indeed a test".
"index": index of the generated text in the candidate.
"logprobs": a log probability of the text is generated and can be used for further analysis.
"finish_reflection": the reason for completion of the text generation, here, "length", means that the specified maximum number of keys (encrypted character strings) is reached.
"usage": including usage information associated with the request.
"sample_tokens": token number for generating the prompt content of the text.
"completion_token": token number of the generated text.
"Total_tokens": total token number for generating text.
The text-davinci-003 is a designated model used in the response process, and an attacker can perform injection attack on defects and configuration of the designated model when extracting relevant configuration information of the designated model.
In addition, an attacker can attack through a rapid extraction information attack mode, and the system prompt can contain proprietary information, wherein the information determines the response mode of the generated large model, the used data and available external APIs and tools. Extraction of this information by a tailored just-in-time injection attack may be an important step of reconnaissance.
The method is characterized in that the method comprises the steps of fast extracting information attack, requiring response information, analyzing and scanning the content in a response message body, considering that the information is subjected to the fast information extraction attack if configuration information of a large model, used data related information and called tool information are involved, and implementing defensive measures such as log record, keyword filtering, response information discarding, evidence information retention and the like according to the configuration of a defensive strategy.
According to the scheme, the response message body of the model prompt response is analyzed according to the interface response format of the model end, and response message body parameters are obtained; based on the extracted information attack recognition rule, carrying out attack recognition on the response message body parameter to obtain an extracted information attack recognition result; based on a preset defense strategy, corresponding defense measures are adopted according to the extracted information attack recognition result. The method can help the network end to timely discover and cope with various extracted information attack behaviors, and ensure the safety of the model, the tool and related data.
Referring to fig. 5, fig. 5 is a flowchart illustrating a fourth exemplary embodiment of the attack defense method according to the present invention.
Based on the third embodiment, a fourth embodiment of the present application is presented, which differs from the fourth embodiment in that:
In this embodiment, the attack defense method is applied to a model end, and includes the following steps:
step S50: receiving a user prompt request sent by a network side, wherein the user prompt request is generated according to a user prompt text input by a user after the network side receives the user prompt text;
step S60: inputting the user prompt request into a preset generation type large model to carry out prompt response, and obtaining a model prompt response;
step S70: and sending the model prompt response to the network terminal, carrying out attack recognition by the network terminal based on a preset extraction information attack recognition rule, obtaining an extraction information attack recognition result according to the model prompt response, and taking corresponding defending measures according to the extraction information attack recognition result, wherein the extraction information attack recognition rule is obtained by carrying out rule generation based on the generation type large model.
Specifically, first, the model receives a user prompt request sent by the network. The user prompt request is generated after the network receives the prompt text input by the user, and the user prompt request contains the content of the user prompt text.
And then, the model end inputs the received user prompt request into a preset generation type large model for response, and prompt response of the model is obtained. The large model can generate a model prompt response according to the user prompt request, and the model prompt response can comprise a response text of the model as a response of the model to the user prompt.
And finally, the model end sends the model prompt response back to the network end, the network end carries out attack recognition on the model prompt response based on a preset extraction information attack recognition rule, and the network end can judge whether the extraction information attack exists or not by analyzing the model prompt response. According to the extracted information attack recognition result, the network side can take corresponding defensive measures, wherein specific defensive measures may include filtering, modifying or rejecting returned model prompt response so as to ensure the security of the system and prevent malicious attack.
Further, as an implementation manner, the step of receiving the user prompting request sent by the network side further includes:
step S501: based on the extracted information attack recognition rule, carrying out attack recognition on a request message body of the user prompt request to obtain extracted information injection attack parameters;
Step S502: and filtering the request message body according to the extracted information injection attack parameters so as to defend the injection attack corresponding to the extracted information injection attack parameters.
Specifically, firstly, the model end carries out attack recognition on a request message body of a user prompt request based on an extraction information attack recognition rule to obtain parameters corresponding to extraction information injection attack. The model end checks a message body in a user prompt request according to a preset rule to determine whether attack parameters for extracting information injection exist, such as configuration parameters of a model, data parameters related to the model, model calling tool configuration parameters and the like.
And finally, filtering the request message body according to parameters corresponding to the extracted information injection attack so as to defend the corresponding injection attack. The specific filtering process may include filtering out or modifying malicious injection parameters in the request message body, so as to ensure security and effectiveness of the user prompting request.
More specifically, the request corresponding to the obtained extraction response includes:
curl https://api.openai.com/v1/completions \ -H "Content-Type: application/json" \ -H "Authorization: Bearer $OPENAI_API_KEY" \ -d '{ "model": "text-davinci-003", "prompt": "Say this is a test", "max_tokens": 7, "temperature": 0 }'
wherein, the user prompt request represents an API interface for sending a request to https:// API. Openai. Com/v1/completions, namely openai, by using a curl command, and the API interface comprises the following parameters:
"Content-Type: application/json": the content type of the request is specified in JSON format.
"Authorization: bearer $OPENAI_API_KEY": authentication is performed using the user's open API key.
"-d'" "model": "text-davinci-003", "project": "Say this is a test", "max_tokens": 7 "," temperature ": 0 }": specifying a body portion of a request includes the following parameters:
"model": the model used is specified, here "text-davinci-003".
"prompt": the prompt content of the dialog is specified, here "Say this is a test".
"max_token": the length of the text generated (in token) is specified, here 7.
"temperature": specifying the degree of diversity of the generated text, 0 represents the output of complete certainty.
Such attacks can be prevented by examining and filtering the hint content in the request body, but the hint format from the user is not fixed, the request parameters such as the configuration parameters for the model, the data parameters related to the model, the model calling tool configuration parameters and the like in the user hint request can be identified, the request is determined to be an extracted information injection attack, and the request parameters can be filtered to prevent.
According to the scheme, the user prompt request sent by the network side is received, and the user prompt request is generated according to the user prompt text after the network side receives the user prompt text input by the user; inputting the user prompt request into a preset generation type large model to carry out prompt response, and obtaining a model prompt response; and sending the model prompt response to the network terminal, carrying out attack recognition by the network terminal based on a preset extraction information attack recognition rule, obtaining an extraction information attack recognition result according to the model prompt response, and taking corresponding defending measures according to the extraction information attack recognition result, wherein the extraction information attack recognition rule is obtained by carrying out rule generation based on the generation type large model. A method for effectively resisting injection attack is provided, and the system is protected from the threat of information extraction attack.
In addition, the embodiment of the application also provides an attack defending device, which comprises:
the text receiving module is used for receiving a user prompt text input by a user;
the request sending module is used for generating a user prompt request according to the user prompt text and sending the user prompt request to a model end, and the model end inputs the user prompt request into a preset generation type large model to carry out prompt response so as to obtain a model prompt response;
the response receiving module is used for receiving the model prompt response sent by the model end;
the attack defense module is used for carrying out attack recognition according to the model prompt response based on a preset extraction information attack recognition rule, obtaining an extraction information attack recognition result, and taking corresponding defense measures according to the extraction information attack recognition result, wherein the extraction information attack recognition rule is obtained by carrying out rule generation based on the generation type large model.
The principle and implementation process of attack defense are realized in this embodiment, please refer to the above embodiments, and are not repeated here.
In addition, the embodiment of the application also provides a terminal device, which comprises a memory, a processor and an attack defense program stored on the memory and capable of running on the processor, wherein the attack defense program realizes the steps of the attack defense method when being executed by the processor.
Because the present attack defending program is executed by the processor, all the technical solutions of all the foregoing embodiments are adopted, and therefore, at least all the beneficial effects brought by all the technical solutions of all the foregoing embodiments are not described in detail herein.
In addition, the embodiment of the application also provides a computer readable storage medium, wherein the computer readable storage medium stores an attack defense program, and the attack defense program realizes the steps of the attack defense method when being executed by a processor.
Because the present attack defending program is executed by the processor, all the technical solutions of all the foregoing embodiments are adopted, and therefore, at least all the beneficial effects brought by all the technical solutions of all the foregoing embodiments are not described in detail herein.
Compared with the prior art, the attack defense method, the attack defense device, the terminal equipment and the storage medium provided by the embodiment of the application are characterized in that the user prompt text input by the user is received; generating a user prompt request according to the user prompt text, sending the user prompt request to a model end, and inputting the user prompt request into a preset generation type large model by the model end to carry out prompt response to obtain a model prompt response; receiving a model prompt response sent by the model end; based on a preset extraction information attack recognition rule, carrying out attack recognition according to the model prompt response, obtaining an extraction information attack recognition result, and taking corresponding defending measures according to the extraction information attack recognition result, wherein the extraction information attack recognition rule is obtained by carrying out rule generation based on the generation type large model. According to the method and the system, the user prompt text input by the user is received through the network terminal, the user prompt request is generated according to the user prompt text and is sent to the model terminal, the model terminal inputs the user prompt request into the generated large model to prompt and answer, then the model prompt response obtained by prompting and answering is sent to the network terminal, the network terminal utilizes the extraction information attack recognition result and the model prompt response attack recognition to obtain the extraction information attack recognition result, and corresponding defending measures are adopted according to the extraction information attack recognition result, so that the defense of the extraction information injection attack in the generated large model injection attack defending scene is realized, and the accuracy of the extraction information attack recognition and the safety of the generated large model response are improved.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or system that comprises the element.
The foregoing embodiment numbers of the present invention are merely for the purpose of description, and do not represent the advantages or disadvantages of the embodiments.
From the above description of the embodiments, it will be clear to those skilled in the art that the above-described embodiment method may be implemented by means of software plus a necessary general hardware platform, but of course may also be implemented by means of hardware, but in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art in the form of a software product stored in a storage medium (e.g. ROM/RAM, magnetic disk, optical disk) as described above, comprising instructions for causing a terminal device (which may be a mobile phone, a computer, a server, or a network device, etc.) to perform the method according to the embodiments of the present invention.
The foregoing description is only of the preferred embodiments of the present invention, and is not intended to limit the scope of the invention, but rather is intended to cover any equivalents of the structures or equivalent processes disclosed herein or in the alternative, which may be employed directly or indirectly in other related arts.
Claims (10)
1. The attack defense method is characterized by being applied to a network side and comprising the following steps of:
receiving a user prompt text input by a user;
generating a user prompt request according to the user prompt text, sending the user prompt request to a model end, and inputting the user prompt request into a preset generation type large model by the model end to carry out prompt response to obtain a model prompt response;
receiving a model prompt response sent by the model end;
based on a preset extraction information attack recognition rule, carrying out attack recognition according to the model prompt response, obtaining an extraction information attack recognition result, and taking corresponding defending measures according to the extraction information attack recognition result, wherein the extraction information attack recognition rule is obtained by carrying out rule generation based on the generation type large model.
2. The attack defense method according to claim 1, wherein the steps of performing attack recognition according to the model prompt response based on a preset extraction information attack recognition rule, obtaining an extraction information attack recognition result, and taking corresponding defense measures according to the extraction information attack recognition result further comprise:
Generating an extraction information attack identification parameter according to the model configuration parameter, the data attribute parameter and the tool configuration parameter in the generated large model;
and based on a preset recognition algorithm, generating rules according to the extracted information attack recognition parameters, and obtaining extracted information attack recognition rules.
3. The attack defense method according to claim 1, wherein the steps of performing attack recognition according to the model prompt response based on a preset extraction information attack recognition rule, obtaining an extraction information attack recognition result, and taking corresponding defense measures according to the extraction information attack recognition result comprise:
analyzing a response message body of the model prompt response according to the interface response format of the model end to obtain response message body parameters;
based on the extracted information attack recognition rule, carrying out attack recognition on the response message body parameter to obtain an extracted information attack recognition result;
based on a preset defense strategy, corresponding defense measures are adopted according to the extracted information attack recognition result.
4. The attack defense method as set forth in claim 3, wherein the step of performing attack recognition on the response message body parameter based on the extracted information attack recognition rule, and obtaining the extracted information attack recognition result includes:
If the response message body parameter contains a model configuration parameter, obtaining that the extracted information attack identification result contains a model configuration injection attack;
if the response message body parameter contains a data attribute parameter, obtaining that the extracted information attack identification result contains a data attribute injection attack;
and if the response message body parameter contains the tool configuration parameter, obtaining the tool configuration injection attack contained in the extracted information attack identification result.
5. The attack defense method according to claim 4, wherein the step of taking corresponding defensive measures based on the extracted information attack recognition result based on a preset defensive strategy comprises:
if the extracted information attack recognition result contains a model configuration injection attack, filtering model configuration information corresponding to the model configuration parameters, and limiting the model configuration access authority of the user so as to defend the model configuration injection attack;
if the extracted information attack identification result contains a data attribute injection attack, filtering data attribute information corresponding to the data attribute parameters to defend the data attribute injection attack;
And if the extracted information attack identification result contains the tool configuration injection attack, filtering tool configuration information corresponding to the tool configuration parameters, and limiting the tool configuration access right and the external interface access right of the user so as to defend the tool configuration injection attack.
6. The attack defense method is characterized by being applied to a model end and comprising the following steps of:
receiving a user prompt request sent by a network side, wherein the user prompt request is generated according to a user prompt text input by a user after the network side receives the user prompt text;
inputting the user prompt request into a preset generation type large model to carry out prompt response, and obtaining a model prompt response;
and sending the model prompt response to the network terminal, carrying out attack recognition by the network terminal based on a preset extraction information attack recognition rule, obtaining an extraction information attack recognition result according to the model prompt response, and taking corresponding defending measures according to the extraction information attack recognition result, wherein the extraction information attack recognition rule is obtained by carrying out rule generation based on the generation type large model.
7. The attack defense method according to claim 6, wherein the step of receiving the user prompt request sent by the network side further comprises:
based on the extracted information attack recognition rule, carrying out attack recognition on a request message body of the user prompt request to obtain extracted information injection attack parameters;
and filtering the request message body according to the extracted information injection attack parameters so as to defend the injection attack corresponding to the extracted information injection attack parameters.
8. An attack defense apparatus, the apparatus comprising:
the text receiving module is used for receiving a user prompt text input by a user;
the request sending module is used for generating a user prompt request according to the user prompt text and sending the user prompt request to a model end, and the model end inputs the user prompt request into a preset generation type large model to carry out prompt response so as to obtain a model prompt response;
the response receiving module is used for receiving the model prompt response sent by the model end;
the attack defense module is used for carrying out attack recognition according to the model prompt response based on a preset extraction information attack recognition rule, obtaining an extraction information attack recognition result, and taking corresponding defense measures according to the extraction information attack recognition result, wherein the extraction information attack recognition rule is obtained by carrying out rule generation based on the generation type large model.
9. A terminal device, characterized in that the terminal device comprises: a memory, a processor and an attack defense program stored on the memory and executable on the processor, the attack defense program configured to implement the steps of the attack defense method according to any one of claims 1 to 7.
10. A storage medium having stored thereon an attack defense program which, when executed by a processor, implements the steps of the attack defense method according to any of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410132758.4A CN117675415B (en) | 2024-01-31 | 2024-01-31 | Attack defense method, device, terminal equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410132758.4A CN117675415B (en) | 2024-01-31 | 2024-01-31 | Attack defense method, device, terminal equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117675415A true CN117675415A (en) | 2024-03-08 |
| CN117675415B CN117675415B (en) | 2024-04-19 |
Family
ID=90071675
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202410132758.4A Active CN117675415B (en) | 2024-01-31 | 2024-01-31 | Attack defense method, device, terminal equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117675415B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103139165A (en) * | 2011-11-30 | 2013-06-05 | 中国民航大学 | Entity impersonation attack penetration testing method aiming at aircraft communication addressing and reporting system (ACARS) data chain |
| CN108683687A (en) * | 2018-06-29 | 2018-10-19 | 北京奇虎科技有限公司 | A kind of network attack identification method and system |
| CN112287125A (en) * | 2020-11-23 | 2021-01-29 | 深圳季连科技有限公司 | Knowledge graph construction method and system |
| CN112383546A (en) * | 2020-11-13 | 2021-02-19 | 腾讯科技(深圳)有限公司 | Method for processing network attack behavior, related device and storage medium |
| CN112822147A (en) * | 2019-11-18 | 2021-05-18 | 上海云盾信息技术有限公司 | Method, system and equipment for analyzing attack chain |
| US20210273953A1 (en) * | 2018-02-20 | 2021-09-02 | Darktrace Holdings Limited | ENDPOINT AGENT CLIENT SENSORS (cSENSORS) AND ASSOCIATED INFRASTRUCTURES FOR EXTENDING NETWORK VISIBILITY IN AN ARTIFICIAL INTELLIGENCE (AI) THREAT DEFENSE ENVIRONMENT |
-
2024
- 2024-01-31 CN CN202410132758.4A patent/CN117675415B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103139165A (en) * | 2011-11-30 | 2013-06-05 | 中国民航大学 | Entity impersonation attack penetration testing method aiming at aircraft communication addressing and reporting system (ACARS) data chain |
| US20210273953A1 (en) * | 2018-02-20 | 2021-09-02 | Darktrace Holdings Limited | ENDPOINT AGENT CLIENT SENSORS (cSENSORS) AND ASSOCIATED INFRASTRUCTURES FOR EXTENDING NETWORK VISIBILITY IN AN ARTIFICIAL INTELLIGENCE (AI) THREAT DEFENSE ENVIRONMENT |
| CN108683687A (en) * | 2018-06-29 | 2018-10-19 | 北京奇虎科技有限公司 | A kind of network attack identification method and system |
| CN112822147A (en) * | 2019-11-18 | 2021-05-18 | 上海云盾信息技术有限公司 | Method, system and equipment for analyzing attack chain |
| CN112383546A (en) * | 2020-11-13 | 2021-02-19 | 腾讯科技(深圳)有限公司 | Method for processing network attack behavior, related device and storage medium |
| CN112287125A (en) * | 2020-11-23 | 2021-01-29 | 深圳季连科技有限公司 | Knowledge graph construction method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117675415B (en) | 2024-04-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP2007522551A (en) | Multi-select challenge-response user authentication system and method | |
| CN109831459B (en) | Method, device, storage medium and terminal equipment for secure access | |
| CN111883140A (en) | Authentication method, device, equipment and medium based on knowledge graph and voiceprint recognition | |
| CN114553523A (en) | Attack detection method and device based on attack detection model, medium and equipment | |
| WO2020257393A1 (en) | Systems and methods for authentication and fraud detection | |
| CN108600162A (en) | User authen method and device, computing device and computer storage media | |
| CN117675415B (en) | Attack defense method, device, terminal equipment and storage medium | |
| CN115314268B (en) | Malicious encryption traffic detection method and system based on traffic fingerprint and behavior | |
| EP4123483A1 (en) | Method for confirming the identity of a user in a browsing session of an online service | |
| CN110795706B (en) | Hash-based verification method, equipment, storage medium and device | |
| CN105373743B (en) | The calling control method of input method process, call control system and terminal | |
| CN115346532A (en) | Optimization method of voiceprint recognition system, terminal device and storage medium | |
| CN112398793B (en) | Social engineering interaction method and device and storage medium | |
| CN117610026B (en) | Honey point vulnerability generation method based on large language model | |
| CN114257415B (en) | Network attack defending method, device, computer equipment and storage medium | |
| CN118041597A (en) | Password attack detection method, device, processing equipment and storage medium | |
| CN117951602A (en) | Application software identification method, device, terminal equipment and storage medium | |
| Selamat | Enhanced authentication for web-based security using keystroke dynamics | |
| WO2022085150A1 (en) | Attack scenario generation device, risk analysis device, method, and computer-readable medium | |
| CN116827669A (en) | Network attack defending method, terminal equipment and storage medium | |
| Sharma et al. | Audio-based CAPTCHA Verification to Secure Web Applications | |
| CN112839050A (en) | Intrusion detection method and system based on Internet of things | |
| Cushing | An In-Depth Analysis of Guesser Behaviour | |
| CN117176372A (en) | Data analysis method, device, equipment and storage medium based on security management platform | |
| EP3557839A1 (en) | Method for securing a computer system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |