In one embodiment a system, method, and related apparatus are described for a router which receives notice of a route including a hijacked prefix having a hijacked prefix netmask length, searches a set of routes with equal or shorter netmask lengths that cover the hijacked prefix in order to find at least one route which has no autonomous system (AS) in common with the particular route comprising the hijacked prefix, if a specific route is found with a netmask length equal to or shorter than the hijacked prefix netmask length, then the specific route which has been found is a determined alternative route, extracts the particular route comprising the hijacked prefix from the specific route if said specific route has a netmask length covering a larger address range than the hijacked prefix netmask length, inserts the determined alternative route in a routing table, and modifies attributes of the determined alternative route in the routing table according to the determined alternative route. Related systems, methods, and apparatus are also described.

The disclosure provides a backdoor attack method and apparatus for a malicious URL detection system. The backdoor attack method includes: obtaining original URL samples of backdoor URL samples to be generated; determining position information of separator slashes in each URL of the original URL samples, and obtaining a position number result by numbering the position information; determining a backdoor attack mode of the malicious URL detection system based on the position number result, and generating the backdoor URL samples corresponding to the original URL samples by using the backdoor attack mode; and constructing a training set based on a preset ratio of the backdoor URL samples, training a neural network model by using the training set, and testing an attack strength of the malicious URL detection system in the backdoor attack mode by using the trained neural network model to obtain a real-time attack success rate.

A computer-implemented method for detecting cache-poisoning attacks in networks using SDPs may include maintaining a cache of service information that identifies services provided by client devices connected to a network using an SDP. The method may also include detecting a cache-poisoning attack by (1) receiving, from a client device connected to the network, an SDP message related to a service allegedly provided via the network, (2) identifying, within the SDP message, an attribute of the service allegedly provided via the network, and then (3) determining that the client device is attempting to corrupt the cache of service information by determining that the identified attribute of the service suggests that the service is illegitimate. Finally, the method may include performing a security action to mitigate the cache-poisoning attack in response to detecting the cache-poisoning attack. Various other methods, systems, and computer-readable media are also disclosed.

Systems, methods, and computer-readable media for preventing man-in-the-middle attacks within network, without the need to maintain trusted/un-trusted port listings on each network device. The solutions disclosed herein leverage a host database which can be present on controllers, thereby providing a centralized database instead of a per-node DHCP binding database. Systems configured according to this disclosure (1) use a flood list only for ARP packets received from the controller 116; and (2) unicast ARP packets to the controller before communicating the packets to other VTEPs.

The present application describes a system and method for passively collecting DNS traffic data as that data is passed between a recursive DNS resolver and an authoritative DNS server. The information contained in the collected DNS traffic data is used to generate a virtual authoritative DNS server, or a zone associated with the authoritative DNS server, when it is determined that the authoritative DNS server has been compromised.

Client-less methods and systems destroy/break the predictive layout of, for example, a client computer memory. The methods and systems operate by injecting a library that manipulates the client computer memory during exploitation attempts.

Client-less methods and systems destroy/break the predictive layout of, for example, a client computer memory. The methods and systems operate by injecting a library that manipulates the client computer memory during exploitation attempts.

Methods and systems for managing an artificial intelligence (AI) model are disclosed. An AI model may be part of an evolving AI model pipeline, the processes of which may include obtaining training data from data sources used to update the AI model. An attacker may introduce poisoned training data via one or more of the data sources as a form of attack on the AI model. When the poisoned training data is identified, the poisoned training data may be compared to existing training data to determine the attacker's goal. Based on the attacker's goal, remedial actions may be performed that may update operation of pipeline. The updated operation of the pipeline may reduce the computational expense for remediating impact of the poisoned training data, and may reduce the likelihood of obtaining poisoned training data in the future.

Methods and systems for managing an artificial intelligence (AI) model are disclosed. An AI model may be part of an evolving AI model pipeline, the processes of which may include obtaining training data from data sources used to update the AI model. An attacker may introduce poisoned training data via one or more of the data sources as a form of attack on the AI model. When the poisoned training data is identified, the poisoned training data may be compared to existing training data to determine the attacker's goal. Based on the attacker's goal, remedial actions may be performed that may update operation of pipeline. The updated operation of the pipeline may reduce the computational expense for remediating impact of the poisoned training data, and may reduce the likelihood of obtaining poisoned training data in the future.

The disclosure provides a backdoor attack method and apparatus for a malicious URL detection system. The backdoor attack method includes: obtaining original URL samples of backdoor URL samples to be generated; determining position information of separator slashes in each URL of the original URL samples, and obtaining a position number result by numbering the position information; determining a backdoor attack mode of the malicious URL detection system based on the position number result, and generating the backdoor URL samples corresponding to the original URL samples by using the backdoor attack mode; and constructing a training set based on a preset ratio of the backdoor URL samples, training a neural network model by using the training set, and testing an attack strength of the malicious URL detection system in the backdoor attack mode by using the trained neural network model to obtain a real-time attack success rate.