WO2022174509A1 - Procédé de conception de pare-feu - Google Patents

Procédé de conception de pare-feu Download PDF

Info

Publication number
WO2022174509A1
WO2022174509A1 PCT/CN2021/086347 CN2021086347W WO2022174509A1 WO 2022174509 A1 WO2022174509 A1 WO 2022174509A1 CN 2021086347 W CN2021086347 W CN 2021086347W WO 2022174509 A1 WO2022174509 A1 WO 2022174509A1
Authority
WO
WIPO (PCT)
Prior art keywords
module
data
network
firewall
security
Prior art date
Application number
PCT/CN2021/086347
Other languages
English (en)
Chinese (zh)
Inventor
黄策
Original Assignee
黄策
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 黄策 filed Critical 黄策
Publication of WO2022174509A1 publication Critical patent/WO2022174509A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Definitions

  • the present invention relates to a method for designing a firewall.
  • Firewalls are standard components that constitute a network application system today.
  • the firewall like the server, is a necessary standard component.
  • a firewall divides the network system of a network application system into an internal network and an external network.
  • Firewalls have become more and more powerful since their appearance, and more and more viruses can be resisted, but their basic architecture—hardware, operating system, and antivirus application system—has not changed. In the offensive and defensive battle of network security, this structure is exhausted. Although the firewall can defend against more and more viruses, the security protection function it should play is getting weaker and smaller.
  • ransomware winning bids The winning bidders have gradually shifted from attacking personal computers to extorting individuals, and gradually turning to attacking the network systems of enterprises and organizations, and extorting legal persons.
  • the amount of extortion has increased from less than 1 Bitcoin ( That is, hundreds to thousands of dollars) up to now, it is often tens of millions or even tens of millions of euros, and many winning bidders eventually have to pay a lot of extortion money.
  • the present invention provides a new method for designing a firewall.
  • the described method is divided into the following design blocks:
  • Design block 1 Design two functional modules, they are the transceiver module (module 1) connected to the external network to complete the data receiving/transmitting function and the processing module (module 2) connected to the internal network to complete the data processing function.
  • the two modules are connected by a data channel.
  • Design block 2 Design two data processing business processes according to the transmission direction of the data flow.
  • the two data processing business processes are: the data input business process (process 1) of data flow from the external network to the internal network;
  • Design block 3 Design the number of data channels between module 1 and module 2 and the technical solution for data communication according to the needs of security protection and data flow input/output business processes;
  • Design block 4 According to the needs of security protection and the needs of data flow input/output business processes, design the number of data channels connecting module 1 to the external network and the technical solution for data communication;
  • Design block 5 According to the needs of security protection and the needs of data flow input/output business process, design the number of data channels connecting module 2 to the intranet and the technical scheme of data communication used.
  • the described module 2 has two basic types: simple module 2-1 and simple module 2-2.
  • the technical feature of the simple module 2-1 is that it consists of a CPU and a RAM independently managed by the CPU, the CPU runs in a non-operating system environment, and has two data channels.
  • the technical feature of the simple module 2-2 is that it consists of a CPU and a RAM independently managed by the CPU, the CPU runs in a non-operating system environment, and has at least three data channels.
  • Mode 1 A matrix of simple modules 2 composed of two or more simple modules 2 in series and/or parallel. If there is a simple type module 2-2 in the module 2 matrix, all the data channels of the simple type module 2-2 have at least one data channel, which is not connected to the external network or the internal network.
  • Mode 2 A data processing terminal matrix consisting of two or more simple modules 2 and one or more information terminals with operating systems.
  • the simple module 2 is located between the information terminal containing the operating system and the external network or the internal network, so that any one of all the information terminals containing the operating system in the matrix is connected to the internal network or external network.
  • the network has no directly connected data channel.
  • the described data input business process (process 1) is composed of two sub-business processes distributed on module 1 and module 2 respectively:
  • Process 1-1 Module 1 receives data input from the external network, and transmits the received data to Module 2 through the data channel between Module 1 and Module 2.
  • Process 1-2 Module 2 processes the received data, and the processed data is either discarded or sent to the intranet.
  • process 2 The described data output business process (process 2) is composed of two sub-business processes distributed on module 1 and module 2 respectively:
  • Process 2-1 Module 2 receives the data from the intranet and processes the received data. The processed data is either discarded or transmitted to module 1 through the data channel between module 1 and module 2.
  • Process 2-2 Module 1 sends the received data to the external network.
  • Process 1 and Process 2 includes, but is not limited to, data insertion, deletion, splitting, reorganization, verification, verification, encryption, and decryption for security purposes.
  • the data channel between module 1 and module 2 includes but is not limited to a parallel data bus and a serial data bus.
  • module 1 In order to achieve the best security purpose of safe data transmission between the firewalls designed by the method, several preferred design principles of module 1 are:
  • Module 1 has at least two connection data channels with the external network. In principle, the more data channels there are between module 1 and the external network, the higher the engineering cost for the attacker to obtain/intercept the transmitted data, and the stronger the confidentiality of data transmission. The better the firewall's effect on the security protection of transmitted data is.
  • module 1 has more than two connection data channels with the external network, at least two different communication methods are used.
  • a data channel adopts a data channel of the mobile Internet
  • a channel adopts a short message channel or a voice channel.
  • the Beidou SMS channel is the best secure data channel that can be obtained.
  • module 1 has more than two connection data channels with the external network, it is preferred to lease the communication lines of different communication operators. For example, for a firewall with two fixed network data channels, the fixed network lines of China Mobile and China Unicom are leased respectively. In this way, for network security attackers, whether they want to intercept communication data or conduct man-in-the-middle attacks, they must simultaneously invade the network lines of mobile and China Unicom, and accurately find these two communication lines, which undoubtedly increases the attack of the attacker. difficulty.
  • the present invention is a brand-new firewall design method. Compared with the traditional firewall, the firewall designed by this method has the following advantages:
  • the traditional firewall can only provide limited security protection for the server side of the network application system. For network security owners, due to the budget constraints of network security project construction, it is impossible to provide the entire network security protection with the same security strength.
  • the firewall designed by the method can provide the whole network security protection covering the whole network and the same security level for any network application system, for the server end and the user end.
  • the traditional firewall cannot effectively cut the intranet. This makes any data terminal on the intranet an injection point for attacking viruses.
  • the firewall designed by the method can effectively cut the intranet and provide security protection of different security levels for each sub-net after the cut. This makes the single-point injection of viruses under the traditional firewall, and the security attacks on the entire network become a thing of the past. This makes the popular "micro-network" security concept in the past two years a real feasible technical solution.
  • the traditional firewall does not have a clear and definite security boundary between the internal network and the external network due to the inevitable security loopholes in the operating system and anti-virus application system.
  • the firewall designed by the method makes a clear and definite security boundary between the internal network and the external network. Any virus that invades module 1 and the intranet can see data black holes that cannot be invaded or detected one by one. A virus that invades the intranet cannot transmit even one bit of data to the extranet without the help of insiders.
  • the firewall designed by the method can adopt the data security detection strategy of unique verification for the data entering and leaving the firewall. This completely gets rid of the exhaustive detection method used by traditional firewalls and the natural dependence on large storage power and large computing power. Therefore, the cost of the firewall is greatly reduced, and the miniaturization and miniaturization of the firewall designed according to the method are technically possible.
  • Figure 1 Schematic diagram of the network system structure of traditional firewall protection.
  • Figure 2 A schematic diagram of the structure of the network application system protected by the new firewall under the method.
  • Figure 3 Schematic diagram of the structure of the simple module 2-1.
  • Figure 4 Schematic diagram of the structure of the simple module 2-2.
  • Figure 5 A schematic diagram of a new firewall structure with one internal network connection channel and two external network connection channels
  • Figure 6 Schematic diagram of a new firewall structure with one internal network connection channel and one external network connection channel
  • Figure 7 A schematic diagram of a new firewall structure that provides security protection for servers.
  • Figure 8 A schematic diagram of the structure of an IoT terminal based on mobile Internet things
  • Figure 9 A schematic diagram of a new firewall structure that provides security protection for unattended IoT terminals.
  • Figure 10 Schematic diagram of a new firewall architecture that provides security for manned IoT terminals
  • FIG. 1 is a schematic diagram of a network system structure for traditional firewall protection.
  • the firewall divides the entire network system into two parts: the internal network and the external network.
  • the security loopholes in the firewall operating system there is no clear and clear boundary between the external network and the internal network.
  • FIG. 2 is a schematic structural diagram of a network application system protected by a new firewall under the method.
  • the figure shows: 1) The new firewall 1 effectively divides the internal network and the external network. 2) The new firewall 2 effectively separates the server from the intranet. 3) The new firewall 3 and the new firewall n respectively provide security protection for the external network terminal 1 and the external network terminal n.
  • the described design method provides a feasible technical solution for realizing the security of "micro-network”.
  • the owner of network security For the owner of network security, he can ask Zhang San's team to build his firewall system version 1.0, and then ask Li Si's team to review the new firewall 2 without changing the communication data format between the firewall 2's intranet and the server. Make a makeover. In this way, the trust risk of Zhang San's team can be completely avoided. At the same time, because the Li Si team cannot fully understand the data structure of the entire firewall, the trust risk to the Li Si team can also be effectively shielded. After the upgrade is completed, the network security owner can ensure that the new firewall 2 will not be invaded as long as the installation site of the firewall 2 is free from outsiders.
  • Figure 3 and Figure 4 are schematic diagrams of the structures of the simple module 2-1 and the simple module 2-2, respectively.
  • 3 is a schematic structural diagram of a simple module 2-2 with three data channels.
  • FIG. 5 is a schematic structural diagram of a new firewall with one internal network connection channel and two external network connection channels.
  • the module 2 is a simple module 2 matrix composed of a simple module 2-1 and a simple module 2-2 with four data channels according to the mode 1.
  • CPU1 is connected to a keyboard. This keyboard is used to input working parameters to CPU1 and CPU2.
  • the module 2 matrix shown in FIG. 5 is the simplest module 2 matrix connected by way 1.
  • the network security owner uses the described method 1 to form a more complex and efficient module 2 matrix.
  • FIG. 6 is a schematic structural diagram of a new firewall with one intranet connection channel and one extranet connection channel.
  • module 1 is composed of two simple modules 2-1 sandwiching a computer (that is, connected according to mode 2). This structure ensures that there is no direct data channel between the computer and the external network and the internal network. Thus, the security loopholes in the operating system and application system that must exist on the computer are guaranteed to be effectively isolated from the external network and the internal network.
  • the module 2 matrix shown in FIG. 6 is the simplest module 2 matrix connected by way 2.
  • Network security owners use the described method 2 to form a more complex and efficient module 2 matrix.
  • the structure shown in Figure 5 and Figure 6 enables network security owners; 1) It effectively shields all the connections between the security loopholes in the operating system and application system on all intranet and extranet network devices, which can effectively resist the Cyber attacks that exploit these security holes. 2) Effectively shield the trust loopholes of the firewall development team.
  • network security owners choose a firewall development team, they only need to consider the development capabilities of the team and whether they can match the development needs of the firewall, but not the trust of the firewall development team at all.
  • Considering the trust of the firewall development team is the first priority when choosing to build a security protection system with the old firewall as the core security component.
  • FIG. 7 is a schematic structural diagram of a new firewall that provides security protection for servers.
  • the firewall shown in the figure has one internal network data channel, four external network data channels, and one firewall control channel.
  • the No. 3 module 2 with the mobile network communication module as the communication component provides two data channels: a mobile data channel (that is, a so-called traffic channel) and a short message channel.
  • the keyboard is a firewall control channel. Authorized personnel input working parameters to the new firewall through the keyboard, the data transmitted from inside and outside to the external network, and the data transmitted from the external network to the internal network.
  • All network attacks are based on the use of security loopholes in the network system to intercept the communication data between networks as the starting point of the attack. In other words, effectively preventing the interception of communication data can effectively prevent network attacks initiated by exploiting security holes in the operating system and application system.
  • the multiple data channels of the new firewall can easily defeat all current network attacks that intercept data. Take the simplest two data channels (using the data channels of No. 1 module 1 and No. 2 module 1) as an example. As long as the network security owner connects the No. 1 module 1 to the network operated by the A network operator, and the No. 2 module 1 to the network operated by the B network operator, all current attack schemes for intercepting data can be abolished.
  • artificial data channels and China's Beidou SMS data channel can basically be considered as absolutely safe data channels. Especially the Beidou SMS data channel, I believe that no commercial organization dares to attack it, even if it is to intercept the attack.
  • the detection strategy adopted by the current firewall is the exhaustive method. When performing data inspection, the firewall needs to exclude all possible virus characteristics before releasing the detected data. However, in the process of engineering implementation, this strategy naturally brings two security vulnerabilities:
  • Vulnerability 1 The data detection performed by the firewall on the data entering and leaving the firewall must be completed within a certain limited time, so the implementation of the security policy of exhaustive detection requires the support of strong computing power and storage power.
  • the acquisition of large computing power and large storage power requires the support of network security owners with a strong construction budget for their network security projects. In fact, no strong budget can support the endless computing and storage needs.
  • the limited budget determines that only limited computing power and storage power can be used as the basis for the construction of the entire network security project. This makes any network security project with the current firewall as the core component, at the beginning of its construction, a gold swallower with security loopholes. With the passage of time, security loopholes will continue to be discovered, and it is inevitable to swallow a large amount of network security construction budget.
  • the demand for powerful computing power and storage power makes the miniaturization and miniaturization of firewalls lack a technical basis. Therefore, the security defense concept of "micro-network", which has been popularized in the past two years, only stays in the field of technical discussion
  • the new firewall adopts a unique data inspection strategy. Only data that meets the unique data inspection characteristics can pass through the new firewall.
  • This technical feature makes: 1) The demand for computing power and storage power of the new firewall is greatly reduced, which can be reduced by one ten thousandth or one hundred thousandth of the current firewall. This allows network security owners to completely free themselves from the constraints of network security project budgets and install new firewalls wherever they want. As a result, the security and defense concept of "micro-network", which began to be hotly hyped two years ago, has become a reality with technical and financial support. 2) The construction of the new firewall naturally gets rid of the "trust" dependence of network security owners on the firewall construction team. This technically guarantees the establishment of a "zero trust” network security mechanism.
  • FIG. 8 is a schematic structural diagram of an Internet of Things terminal based on mobile Internet things. This structure is suitable for expressing all IoT terminals.
  • the Internet of Things is an application pool recognized by the industry as the next generation of various popular network applications. But what is frustrating is that the existing network security technology is completely unable to support the expectations of future Internet of Things applications for network security. Because with the existing network security attack technology, any IoT application system built with the existing network security technology can be broken in minutes. Such an attack is not a question of whether the attacker is technically "feasible” or “infeasible”, but the issue of the attacker's "profit” and “loss” in the financial statement. However, looking forward to the security technology of future solutions based on the technical basis of the existing network security technology, the result is still depressing. The Energy Infrastructure Security Act, considered and passed by the U.S. Senate on June 28, 2019, fully illustrates this point.
  • FIG 9 is a schematic structural diagram of a new firewall that provides security protection for unattended IoT terminals.
  • the CPU 1 and its connected RAM and the mobile network communication module 2 constitute the new firewall of the present invention.
  • the number one problem they face is not the problem of whether the attack technology is up or not, but how to ensure that the Aggressive behavior is a "profit" problem on the financial statement.
  • FIG 10 is a schematic structural diagram of a new firewall that provides security protection for manned IoT terminals.
  • the CPU1, the RAM and the keyboard connected to it constitute the new firewall described in the present invention.
  • the working parameters required by the new firewall are input to CPU1 by the on-duty personnel through the keyboard.
  • Firewalls between servers or firewalls between subnets in the intranet are Firewalls between servers or firewalls between subnets in the intranet.
  • the new firewall with the structure of Figure 7 can constitute a firewall between servers, no matter whether the connection between these servers is through the internal network or the external network.
  • the five data channels between the two new firewalls are sufficient to meet the security needs of most high-strength data transmissions against interception.
  • the extremely low engineering cost (the firewall with the structure in Figure 7, the minimum is the money of a computer of 3-4 thousand yuan), makes it possible to perform arbitrary sub-intranet segmentation on the intranet.
  • the firewall with the structure in Figure 7 the minimum is the money of a computer of 3-4 thousand yuan
  • Take a company's intranet with a scale of 1,000 employees as an example 20 new firewalls with the structure of Figure 7, and the total budget is only 100,000 yuan. And these 20 new firewalls are enough to form at least three security lines, and the core IT equipment, such as the server of core data, and the office computers of important departments and employees, are protected from air tightness.
  • the budget of 100,000 yuan it is difficult to build a secure network system that can satisfy the head office with thousands of people.
  • the network security owner can use the method described in the patent "A Data Packaging Method" (Patent Application No.: 2019102326268) to package the data that penetrates the firewall with the structure of Figure 7. .
  • the data packaged according to the method passes through CPU2, CPU3, and CPU4 in FIG. 7, any malicious code injected into the communication data by piercing the communication protocol through any technical means at present and in the future can be found.
  • This security feature complies with the security requirements specification in Dengbao 2.0 that the communication port of the IoT terminal should be able to resist malicious code injection attacks.
  • the IoT terminal shown in FIG. 9 and the firewall shown in FIG. 7 constitute the unattended IoT application system under the protection of the firewall according to the present invention.
  • the firewall on the terminal side of the Internet of Things can be constructed using the "xxx8x8k64x" single-chip microcomputer of "xx technology” and the cheapest GSM module (as long as it can send and receive short messages).
  • the BOM cost of the entire firewall is 3.x yuan for the single-chip microcomputer, and no more than 25 yuan for the GSM module.
  • the BOM cost of a new firewall is less than 30,000 yuan, and there is no budget pressure at all.
  • the xxx8x8k64x microcontroller has 51 cores, and other technical parameters are: 64K Flash program memory, 8K on-chip extended SRAM, and 4 standard serial ports. These parameters can meet the needs of most IoT terminals to build firewalls.
  • the IoT terminal shown in FIG. 10 and the firewall shown in FIG. 7 constitute a manned IoT application system under the protection of the security mechanism of the present invention.
  • the firewall on the terminal side of the Internet of Things can use the "xxx8x8k64x" single-chip microcomputer of "xx technology".
  • the cost of the BOM table of the entire firewall is 3.x yuan for the single-chip computer, and no more than 25 yuan for the keyboard and monitor.
  • the BOM cost of the firewall is less than 30,000 yuan, and there is no budget pressure at all.
  • the attended IoT terminal in this embodiment fully complies with the technical requirements for security defense required by the Energy Infrastructure Security Act, which was deliberated and passed by the U.S. Senate on June 28, 2019.
  • any network security owner is faced with two difficult choices: 1): How much network security project budget should be arranged in a network application system? Too few, the application system is equivalent to "streaking"? Too many, and not enough budget to support. 2)
  • the firewall design method of the present invention can effectively solve the network security owners, especially the network security owners in the early stage of entrepreneurship, who face the tight budget and the "trust" dependence on the network security construction team in the early stage of entrepreneurship.
  • the firewall with the structure shown in Figure 5 (with a budget of less than 500 yuan) or Figure 6 (with a budget of less than 2-3,000 yuan) can be used.
  • the firewall of its initial verification system As the firewall of its initial verification system.
  • the system is stable and the number of terminals increases, consider adopting the firewall with the structure shown in Figure 7 (budget 4, 5,000 to tens of thousands) as an upgrade to the verification structure shown in Figure 5 or 6.
  • the upgrades include but are not limited to: expanding the CPU1 into CPU1-1, CPU1-2, ... CPU1-n in the structure of FIG.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

La présente demande concerne un nouveau procédé de conception d'un pare-feu. Ledit procédé consiste à : concevoir un module émetteur-récepteur de données 1 qui est connecté à un réseau externe et accomplit une fonction d'envoi/réception de données, et un module de traitement de données 2 qui est connecté à un réseau interne et accomplit une fonction de traitement de données ; concevoir, selon un sens de transmission d'un flux de données, un flux de service d'entrée de données dans lequel le flux de données est transmis du réseau externe au réseau interne et un flux de service de sortie de données dans lequel le flux de données est transmis du réseau interne au réseau externe ; et concevoir, selon les besoins de protection de sécurité et les besoins du flux de service d'entrée/sortie de flux de données, le nombre de canaux de données entre le module 1 et le module 2, entre le module 1 et le réseau externe, et entre le module 2 et le réseau interne, et une solution technique de communication de données à utiliser. Le pare-feu conçu à l'aide du procédé peut offrir une protection de sécurité de l'ensemble du réseau, séparer efficacement le réseau interne, et offrir une protection de sécurité de différents niveaux de sécurité pour des sous-réseaux internes après séparation.
PCT/CN2021/086347 2021-02-17 2021-04-12 Procédé de conception de pare-feu WO2022174509A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202110186294.1 2021-02-17
CN202110186294.1A CN112839058A (zh) 2021-02-17 2021-02-17 一种设计防火墙的方法

Publications (1)

Publication Number Publication Date
WO2022174509A1 true WO2022174509A1 (fr) 2022-08-25

Family

ID=75933639

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/086347 WO2022174509A1 (fr) 2021-02-17 2021-04-12 Procédé de conception de pare-feu

Country Status (2)

Country Link
CN (1) CN112839058A (fr)
WO (1) WO2022174509A1 (fr)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140258448A1 (en) * 2013-03-11 2014-09-11 Xerox Corporation Customer Vetted Device Status Communication System And Method
CN104363221A (zh) * 2014-11-10 2015-02-18 青岛微智慧信息有限公司 一种网络安全隔离文件传输控制方法
CN107070907A (zh) * 2017-03-31 2017-08-18 杭州通悟科技有限公司 内外网数据单向传输方法及系统
CN109032281A (zh) * 2018-08-28 2018-12-18 西安工业大学 一种即插即用无线网络防火墙装置
CN109729105A (zh) * 2019-03-26 2019-05-07 黄策 一种数据包装方法
CN111510436A (zh) * 2020-03-27 2020-08-07 黑龙江省网络空间研究中心 网络安全系统

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140258448A1 (en) * 2013-03-11 2014-09-11 Xerox Corporation Customer Vetted Device Status Communication System And Method
CN104363221A (zh) * 2014-11-10 2015-02-18 青岛微智慧信息有限公司 一种网络安全隔离文件传输控制方法
CN107070907A (zh) * 2017-03-31 2017-08-18 杭州通悟科技有限公司 内外网数据单向传输方法及系统
CN109032281A (zh) * 2018-08-28 2018-12-18 西安工业大学 一种即插即用无线网络防火墙装置
CN109729105A (zh) * 2019-03-26 2019-05-07 黄策 一种数据包装方法
CN111510436A (zh) * 2020-03-27 2020-08-07 黑龙江省网络空间研究中心 网络安全系统

Also Published As

Publication number Publication date
CN112839058A (zh) 2021-05-25

Similar Documents

Publication Publication Date Title
Adeyinka Internet attack methods and internet security technology
Mairh et al. Honeypot in network security: a survey
Abdalrahman et al. Defending against cyber-attacks on the internet of things
Ibrahim A Review on the Mechanism Mitigating and Eliminating Internet Crimes using Modern Technologies: Mitigating Internet crimes using modern technologies
Oberoi et al. SURVEY OF VARIOUS SECURITY ATTACKS IN CLOUDS BASED ENVIRONMENTS.
Gamundani et al. A review of new trends in cyber attacks: A zoom into distributed database systems
Biswal et al. Cyber‐crime prevention methodology
Basholli et al. Security in telecommunication networks and systems
Shah et al. Appraisal of the Most Prominent Attacks due to vulnerabilities in cloud computing
WO2022174509A1 (fr) Procédé de conception de pare-feu
Mahalaxmi et al. Blockchain Solutions for IoT Devices Against DDoS Attacks: A Review
Birleanu et al. Malicious and deliberate attacks and power system resiliency
Duffany Computer Security
Iftikhar et al. BOTNETs: A Network Security Issue
Singh et al. A hybrid model for cyberspace security
Vaezi et al. A Hundred Attacks in Distributed Systems
Veríssimo et al. Fundamental security concepts
Badih et al. A Blockchain and Defensive Deception Co-design for Webcam Spyware Detection
Kumar Cyber Security Issues and Challenges-A Review
Choi IoT (Internet of Things) based Solution Trend Identification and Analysis Research
Lokuge Security Concerns in Cloud Computing: A Review
Park A study about dynamic intelligent network security systems to decrease by malicious traffic
Singh et al. Intrusion detection system and its variations
Zhou et al. Research on computer network information security and protection strategy based on deep learning algorithm
Bhardwaj New Age Cyber Threat Mitigation for Cloud Computing Networks

Legal Events

Date Code Title Description
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21926226

Country of ref document: EP

Kind code of ref document: A1