CN102970186A - Equipment performance detection method and equipment performance detection device - Google Patents
Equipment performance detection method and equipment performance detection device Download PDFInfo
- Publication number
- CN102970186A CN102970186A CN2012105111942A CN201210511194A CN102970186A CN 102970186 A CN102970186 A CN 102970186A CN 2012105111942 A CN2012105111942 A CN 2012105111942A CN 201210511194 A CN201210511194 A CN 201210511194A CN 102970186 A CN102970186 A CN 102970186A
- Authority
- CN
- China
- Prior art keywords
- tested
- performance index
- equipment
- maximum performance
- state
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses an equipment performance detection method and an equipment performance detection method device. According to the method, equipment to be tested, which starts a firewall, is tested, the first maximum performance index of the equipment to be tested is obtained; equipment to be tested under using status is tested, a second maximum performance index is obtained; the using status includes: the firewall starting status and the invade defense starting status, or the firewall starting status and the virus defense starting status, or the firewall starting status, the invade defense starting status and the virus defense starting status; and the equipment performance is assessed according to the changing rate of the first maximum performance index and the second maximum performance index. According to the technical scheme provided by the invention, the equipment performance detection method can be used in combination with the testing method in relevant techniques to provide the index parameter which can intuitively reflect the performance of unified threat management product for a user.
Description
Technical field
The present invention relates to the communications field, in particular to a kind of method for testing performance and device of equipment.
Background technology
In September, 2004, Internet data center (IDC) proposes the concept of " UTM (Unified Threat Management; referred to as UTM) " for the first time, be about to anti-virus, intrusion detection and firewall security equipment and incorporate the new classification of UTM into, this concept has caused the extensive attention of industry, and has promoted the birth of the market segments take integrated safety equipment as representative.The UTM that is proposed by IDC refers to the equipment with special purpose that is comprised of hardware, software and networking technology, and it mainly provides one or more safety function, multiple security feature is integrated in the hardware device, to consist of the management platform of a standard.Can find out that from above-mentioned definition IDC had both proposed the concrete form of UTM product, had contained again more far-reaching logical categories.Assign to from the first half of definition, the products such as the multifunctional safe gateway that numerous security firms propose, Unified Security Gateway, integrated safe equipment can be incorporated into the category of UTM product; And assign to from latter half of, the concept of UTM also embodies in information industry through after the years development, to integral body understanding and the profound understanding of security system.The basic function that UTM equipment possesses can comprise: network firewall, network invasion monitoring, network intrusion prevention and gateway anti-virus.
At present, standard for UTM product benchmark performance test foundation mainly comprises following two kinds, be respectively: for the RFC2544 of transmission control protocol/procotol (TCP/IP) layer 2-3 with for the RFC3511 of TCP/IP4-7 layer, wherein, the RFC2544 standard can comprise: throughput, time-delay, packet loss, back-to-back, the test event such as system is recovered and reset; The RFC3511 standard can comprise: TCP throughput, concurrent TCP linking number, maximum TCP connect the test events such as disposal ability, ip fragmentation disposal ability and time-delay of setting up speed, maximum TCP Connection Release speed, diamagnetic disk operating system (DOS) attack, HTTP(Hypertext Transport Protocol) transmission rate, maximum HTTP transmission rate, invalid data stream.And the UTM performance test under the Reality simulation environment mainly comprises: the forwarding performance test under application protocol testing throughput, the dos attack condition, the newly-built connecting test under certain loading condition etc.The performance index of main reference when these testing standards have all become the UTM product purchasing.
Yet there is following defective usually in the method for testing in the correlation technique:
The data traffic content of defective one, test is too simple.Above-mentioned UTM product test method is identical with the firewall product performance test methods, and because anti-virus, intrusion detection and firewall security equipment incorporate the new classification of UTM into, so the reference performance index of testing under the simple unlatching firewall state can't embody the actual performance of UTM;
Defective two, test result can't prove that can tested UTM product finish its safety guarantee task under the desired value that tests out.
The most basic function of UTM product is exactly to detect and blocking-up attack and virus on the basis of fire compartment wall, and on this basis, the assurance normal discharge can be transmitted fast.But the method for testing in the correlation technique just uses the external performance of similar Black-box Testing means display device to embody.So test result can't embody the most basic function of UTM product, also just lost reference value.
Summary of the invention
The invention provides a kind of method for testing performance and device of equipment, can't reflect exactly the problem of the performance of UTM product to solve at least detection method in the correlation technique.
A kind of method for testing performance of equipment is provided according to an aspect of the present invention.
Method for testing performance according to equipment of the present invention comprises: to only opening the testing equipment to be tested of fire compartment wall, obtain the first maximum performance index of equipment to be tested; To being in the testing equipment to be tested of use state, obtain the second maximum performance index of equipment to be tested, wherein, the use state comprises: open firewall state, open the intrusion prevention state, perhaps, open firewall state, open the virus defense state, perhaps, open firewall state, open the intrusion prevention state and open the virus defense state; Treat the performance of testing equipment assesses according to the rate of change of the first maximum performance index and the second maximum performance index.
Preferably, when the first maximum performance index and the second maximum performance index were throughput and/or delay value, to being in the testing equipment to be tested of use state, the second maximum performance index that obtain equipment to be tested comprised: it is long to choose default bag; According to long definite the second maximum performance index of default bag.
Preferably, according to the long dichotomy that adopts of default bag throughput is tested definite the second maximum performance index.
Preferably, according to the long store-and-forward mode that adopts of default bag delay value is tested definite the second maximum performance index.
Preferably, when the first maximum performance index and the second maximum performance index are the application layer throughput, to being in the testing equipment to be tested of use state, the the second maximum performance index that obtain equipment to be tested comprise: attack sample and/or Virus Sample to adding in the test of the equipment to be tested that is in the use state, calculate the recall rate of attacking sample and/or Virus Sample; When the recall rate of attacking sample and/or Virus Sample remains unchanged, obtain the second maximum performance index.
A kind of device for detecting performance of equipment is provided according to a further aspect in the invention.
Device for detecting performance according to equipment of the present invention comprises: the first test module, be used for only opening the testing equipment to be tested of fire compartment wall, and obtain the first maximum performance index of equipment to be tested; The second test module, be used for being in the testing equipment to be tested of use state, obtain the second maximum performance index of equipment to be tested, wherein, the use state comprises: open firewall state, open the intrusion prevention state, perhaps, open firewall state, open the virus defense state, perhaps, open firewall state, unlatching intrusion prevention state and unlatching virus defense state; Evaluation module is assessed for the performance for the treatment of testing equipment according to the rate of change of the first maximum performance index and the second maximum performance index.
Preferably, the second test module comprises: choose the unit, be used for choosing default bag and growing when the first maximum performance index and the second maximum performance index are throughput and/or delay value; Determining unit is used for determining the second maximum performance index according to default bag length.
Preferably, determining unit is used for adopting dichotomy that throughput is tested according to default bag length and determines the second maximum performance index.
Preferably, determining unit is used for adopting store-and-forward mode that delay value is tested according to default bag length and determines the second maximum performance index.
Preferably, the second test module comprises: computing unit, be used for when the first maximum performance index and the second maximum performance index are the application layer throughput, attack sample and/or Virus Sample to adding in the test of the equipment to be tested that is in the use state, calculate the recall rate of attacking sample and/or Virus Sample; Acquiring unit is used for obtaining the second maximum performance index when the recall rate of attacking sample and/or Virus Sample remains unchanged.
By the present invention, first to only opening the testing equipment to be tested of fire compartment wall, to obtain the first maximum performance index of equipment to be tested; Again to being in the testing equipment to be tested of use state, to obtain the second maximum performance index of equipment to be tested, wherein, above-mentioned use state can comprise: open firewall state, open the intrusion prevention state, perhaps, open firewall state, open the virus defense state, perhaps, open firewall state, open the intrusion prevention state and open the virus defense state; Treat the performance of testing equipment assesses according to the rate of change of the first maximum performance index and the second maximum performance index, solved the problem that the detection method in the correlation technique can't reflect the performance of UTM product exactly, and then provide a kind of performance test methods of UTM product, its can with correlation technique in the method for testing use that mutually combines, the index parameter that reflects more intuitively the UTM properties of product is provided for the user.
Description of drawings
Accompanying drawing described herein is used to provide a further understanding of the present invention, consists of the application's a part, and illustrative examples of the present invention and explanation thereof are used for explaining the present invention, do not consist of improper restriction of the present invention.In the accompanying drawings:
Fig. 1 is the flow chart according to the method for testing performance of the equipment of the embodiment of the invention;
Fig. 2 is the network topology schematic diagram that detects of reference performance according to the preferred embodiment of the invention;
Fig. 3 is the flow chart that detects of reference performance according to the preferred embodiment of the invention;
Fig. 4 is the network topology schematic diagram of according to the preferred embodiment of the invention true environment Performance Detection;
Fig. 5 is the flow chart of true environment method for testing performance according to the preferred embodiment of the invention;
Fig. 6 is the structured flowchart according to the device for detecting performance of the equipment of the embodiment of the invention; And
Fig. 7 is the structured flowchart of the device for detecting performance of equipment according to the preferred embodiment of the invention.
Embodiment
Hereinafter also describe in conjunction with the embodiments the present invention in detail with reference to accompanying drawing.Need to prove that in the situation of not conflicting, embodiment and the feature among the embodiment among the application can make up mutually.
Fig. 1 is the flow chart according to the method for testing performance of the equipment of the embodiment of the invention.As shown in Figure 1, the method can comprise following treatment step:
Step S102: to only opening the testing equipment to be tested of fire compartment wall, obtain the first maximum performance index of equipment to be tested;
Step S104: to being in the testing equipment to be tested of use state, obtain the second maximum performance index of equipment to be tested, wherein, the use state comprises: open firewall state, open the intrusion prevention state, perhaps, open firewall state, open the virus defense state, perhaps, open firewall state, open the intrusion prevention state and open the virus defense state;
Step S106: the performance for the treatment of testing equipment according to the rate of change of the first maximum performance index and the second maximum performance index is assessed.
In the correlation technique, existing detection method can't reflect the performance of UTM product exactly.Adopt method as shown in Figure 1, first to only opening the testing equipment to be tested of fire compartment wall, to obtain the first maximum performance index of equipment to be tested; Again to being in the testing equipment to be tested of use state, to obtain the second maximum performance index of equipment to be tested, wherein, it is one of following that above-mentioned use state can comprise: open firewall state, open the intrusion prevention state; Open firewall state, open the virus defense state; Open firewall state, open the intrusion prevention state and open the virus defense state; Treat the performance of testing equipment assesses according to the rate of change of the first maximum performance index and the second maximum performance index, solved the problem that the detection method in the correlation technique can't reflect the performance of UTM product exactly, and then provide a kind of performance test methods of UTM product, its can with correlation technique in the method for testing use that mutually combines, the index parameter that reflects more intuitively the UTM properties of product is provided for the user.
Need to prove, can comprise following two parts about the performance test methods of UTM product: (1) reference performance detects; (2) true environment Performance Detection.In technical scheme provided by the invention, the test index in the reference performance detection method can comprise: throughput, delay value and newly-built connection speed; The true environment detection method can comprise: attack sample and/or Virus Sample recall rate and the application layer throughput of equipment to be tested when network keeps recall rate.
Preferably, in step S104, when the first maximum performance index and the second maximum performance index were throughput and/or delay value, to being in the testing equipment to be tested of use state, the second maximum performance index that obtain equipment to be tested can comprise following operation:
Step S1: it is long to choose default bag;
Step S2: according to long definite the second maximum performance index of default bag.
In a preferred embodiment, throughput refers to do not having in the situation of LOF, the maximum rate that equipment to be tested can be accepted, the result of throughput with " bps " or " byte per second " expression; Delay value refers to the throughput of known equipment to be tested under certain frame length, send the frame of this length to equipment to be tested with the corresponding transmission rate of the throughput of length-specific frame, and at a certain frame subscript clock stamp of porch, after device transmission to be tested, the also mark time stamp in the exit, difference between two time stamps is delay value, and delay value is with " millisecond or delicate " expression.
In preferred implementation process, adopt dichotomy that throughput is tested according to default bag length and determine the second maximum performance index.
In a preferred embodiment, can adopt dichotomy to realize the throughput test, concrete method of testing is as follows: initial rate is set as 100%, if the number of frames of the frame that sends and reception is unequal, then uses 50% speed to continue test; If the frame that send this moment equates with the number of frames of reception, then re-use 75% speed and test, by that analogy.
In preferred implementation process, adopt store-and-forward mode that delay value is tested according to default bag length and determine the second maximum performance index.
In a preferred embodiment, the method for testing of delay value can comprise: bit is transmitted and two kinds of account forms of storage forwarding:
Mode one, bit pass-through mode can comprise: the used time interval was counted delay value when the 1st bit arrival of porch incoming frame equipment under test was exported to the 1st bit of exit output frame;
Mode two, store-and-forward mode can comprise: the used time interval was counted delay value when last 1 bit arrival of porch incoming frame equipment under test was exported to the 1st bit that exports output frame;
In the preferred embodiment, adopt the account form of storage forwarding.
Below in conjunction with Fig. 2 and preferred implementation shown in Figure 3 above-mentioned preferred implementation process is further described.
Fig. 2 is the network topology schematic diagram that detects of reference performance according to the preferred embodiment of the invention.Connect as shown in Figure 2 equipment to be tested, detect respectively equipment to be tested at throughput and the delay value only opened under firewall policy and " fire compartment wall+intrusion prevention+antivirus policy " full-gear, and according to test result calculations handle up rate of descent and delay value amplitude of variation.
Under the bi-directional full-duplex pattern, the docking port of two UTM device A to be measured and B is tested respectively at throughput and the delay value only opened under firewall policy and " fire compartment wall+intrusion prevention+antivirus policy " full-gear.This test adopts respectively 64,512, the 1518 standard bags that define among totally three kinds of RFC2544 long, and records the delay value of equipment to be tested when optimum throughput.Test result is as shown in Table 1 and Table 2:
Table 1
By the test data in the table 1 as can be known, device A to be tested is in decline that the throughput under " fire compartment wall+intrusion prevention+antivirus policy " full-gear and delay value have certain amplitude: the rate of descent of handling up under the standard bag 64,512 is long is respectively 45%, 38%; The time-delay growth rate was respectively 35%, 36%, 27% under standard bag 64,512,1518 was long;
Table 2
By the test data in the table 2 as can be known, equipment B to be tested is in decline that the throughput under " fire compartment wall+intrusion prevention+antivirus policy " full-gear and delay value have certain amplitude: the rate of descent of handling up under the standard bag 64,512 is long is respectively 38%, 37%; The time-delay growth rate was respectively 12%, 27%, 16% under standard bag 64,512,1518 was long.
According to above-mentioned data results, equipment B to be tested all is lower than device A to be tested in throughput and the delay value amplitude of variation of only opening under firewall policy and " fire compartment wall+intrusion prevention+antivirus policy " full-gear.
In the preferred embodiment, according to connection shown in Figure 2 equipment to be tested, detect respectively equipment to be tested at the newly-built connection speed of only opening under firewall policy and " fire compartment wall+intrusion prevention+antivirus policy " full-gear, and according to the rate of descent of the newly-built connection speed of test result calculations.
Newly-built connection speed refers to that equipment to be tested receives the processing speed of user's request in application layer; This index is higher, and user's handling property is just stronger, and the experience that it is directly connected to the user is the performance index of WEB2.0 epoch network security product most critical, and test result represents with " linking number/second ".
In the preferred embodiment, the method of testing of newly-built connection speed can select the HTTP1.1 protocol version to connect, by initiating three-way handshake, the size of the GET page is the test file of 1byte and uses the RST mode to close connection request, tests the newly-built connection speed of equipment to be tested.Can adopt above-mentioned method of testing to investigate UTM device A to be measured and B at the newly-built connection speed of only opening under firewall policy and " fire compartment wall+intrusion prevention+antivirus policy " full-gear.Test result is shown in table 3 and table 4:
Table 3
| Firewall policy | 6.2 ten thousand/second |
| Fire compartment wall+intrusion prevention+antivirus policy | 2.8 ten thousand/second |
By the test data in the table 3 as can be known, device A to be tested is 55% at the rate of descent of only opening the newly-built connection speed under firewall policy and " fire compartment wall+intrusion prevention+antivirus policy " full-gear;
Table 4
| Firewall policy | 60,000/second |
| Fire compartment wall+intrusion prevention+antivirus policy | 3.2 ten thousand/second |
By the test data in the table 4 as can be known, equipment B to be tested is 47% at the rate of descent of only opening the newly-built connection speed under firewall policy and " fire compartment wall+intrusion prevention+antivirus policy " full-gear;
According to above-mentioned data results, equipment B to be tested is lower than device A to be tested in the amplitude of variation of only opening the newly-built connection speed under firewall policy and " fire compartment wall+intrusion prevention+antivirus policy " full-gear.
Fig. 3 is the flow chart that detects of reference performance according to the preferred embodiment of the invention.As shown in Figure 3, this flow process can comprise following treatment step:
Step S302: detect respectively equipment to be tested and closing/opening throughput and delay value under attack defending and the anti-virus state, and according to test result calculations throughput rate of descent and delay value amplitude of variation;
Step S304: detect respectively equipment to be tested and closing/opening newly-built connection speed under attack defending and the anti-virus state, and according to the newly-built connection speed rate of descent of test result calculations;
Step S306: the size of the throughput rate of descent by more above-mentioned a plurality of UTM equipment to be tested, delay value amplitude of variation, newly-built connection speed rate of descent, the overall performance of assessment UTM equipment.
Need to prove that in the certain situation of throughput and newly-built connection speed, throughput descends, newly-built connection speed descends and the delay value amplitude of variation all changes less equipment to be tested and has the ability that multiple security feature is integrated.
Preferably, in step S104, when the first maximum performance index and the second maximum performance index were the application layer throughput, to being in the testing equipment to be tested of use state, the second maximum performance index that obtain equipment to be tested can may further comprise the steps:
Step S3: attack sample and/or Virus Sample to adding in the test of the equipment to be tested that is in the use state, calculate the recall rate of attacking sample and/or Virus Sample;
Step S4: when the recall rate of attacking sample and/or Virus Sample remains unchanged, obtain the second maximum performance index.
Below in conjunction with Fig. 4 and preferred implementation shown in Figure 5 above-mentioned preferred implementation process is further described.
Fig. 4 is the network topology schematic diagram of according to the preferred embodiment of the invention true environment Performance Detection.Connect as shown in Figure 4 equipment to be tested, at first, test respectively each equipment to be tested in the theoretical maximum application layer throughput of only opening under the firewall policy state.
Need to prove that the application layer throughput is different from the computational methods of 2 layers of throughput that this area is mentioned usually, its reason is that 2 layers of throughput are that whole 2 layer data frames are calculated, and can comprise: all bit number on the link; And the application layer throughput is only calculated valid data, does not consider in valid data for the packet that retransmits.
In the preferred embodiment, the method of testing of application layer throughput can select the HTTP1.1 protocol version to connect, by initiating three-way handshake, the GET page-size is the test file of 512KB and uses the FIN mode to close connection request, tests the application layer throughput of equipment to be tested.
Secondly, test respectively each equipment to be tested under " fire compartment wall+intrusion prevention+antivirus policy " full-gear attack and the recall rate of Virus Sample; Attack and Virus Sample recall rate refer to use the attack of prepackage and Virus Sample storehouse to carry out the message playback, and calculate the performance index that are compared to of detected attack and viral load and Sample Storehouse quantity, and test result represents with " percentage ";
Then, testing respectively each equipment to be tested transmits to add in the application layer traffic under " fire compartment wall+intrusion prevention+antivirus policy " full-gear and attacks and Virus Sample;
At last, to attack and the Virus Sample recall rate does not become precondition, dynamically adjust the flow number of device forwards application layer to be tested, read equipment practical application layer throughput to be tested, and according to the rate of descent of test result calculations application layer throughput;
In the preferred embodiment, can adopt above-mentioned method of testing to investigate UTM device A to be measured and B and only open firewall policy and " fire compartment wall+intrusion prevention+antivirus policy " standard-sized sheet have powerful connections application layer throughput, attack and Virus Sample recall rate under the attack stream state.Test result is shown in table 5 and table 6:
Table 5
By the test data in the table 5 as can be known, device A to be tested is 51% only opening the have powerful connections rate of descent of the application layer throughput under the attack stream state of firewall policy and " fire compartment wall+intrusion prevention+antivirus policy " standard-sized sheet, attacking the sample recall rate is 75%, and the Virus Sample recall rate is 91%;
Table 6
By the test data in the table 6 as can be known, equipment B to be tested is 41% only opening the have powerful connections rate of descent of the application layer throughput under the attack stream state of firewall policy and " fire compartment wall+intrusion prevention+antivirus policy " standard-sized sheet, attacking the sample recall rate is 77%, and the Virus Sample recall rate is 89%.
According to above-mentioned data results, equipment B to be tested is lower than device A to be tested only opening the application layer throughput amplitude of variation that firewall policy and " fire compartment wall+intrusion prevention+antivirus policy " standard-sized sheet have powerful connections under the attack stream state, attack and the Virus Sample recall rate of slight difference.
Fig. 5 is the flow chart of true environment method for testing performance according to the preferred embodiment of the invention.As shown in Figure 5, this flow process can may further comprise the steps:
Step S502: detect equipment to be tested not opening the theoretical maximum application layer throughput of using pure HTTP flow rate test equipment to be tested under attack defending and the anti-virus state, be designated as initial value X;
Step S504: detect and use same attack Sample Storehouse and Virus Sample library test equipment to be tested to attacking the recall rate of sample and Virus Sample under the state of opening of device attack defending to be tested and anti-virus, be designated as reference point S and A;
Step S506: suppose that it successfully is first condition that equipment to be tested is all transmitted pure application layer traffic, and suppose that equipment to be tested still is that S and A are second condition to the recall rate of attacking sample and Virus Sample, judge whether first condition and second condition satisfy simultaneously; If so, then forward step S510 to; Otherwise, forward step S508 to;
Step S508: subdue pure application-level flow numberical value of quantity, until satisfy simultaneously above-mentioned first condition and second condition;
Step S510: read the actual value X1 that satisfies first condition and second condition, and computing application layer throughput rate of descent, by the overall performance of the size assessment UTM equipment of rate of descent relatively.
Need to prove that attacking in the certain situation of sample and Virus Sample recall rate, the equipment to be tested that application layer throughput fall is less has the ability of preferably multiple security feature being integrated.
In above preferred embodiment provided by the present invention, by handle up rate of descent and attack sample and the size of Virus Sample recall rate is carried out relatively the two performance of comprehensive assessment of throughput rate of descent, delay value amplitude of variation, newly-built connection speed rate of descent, the application layer of more above-mentioned a plurality of UTM equipment to be tested.The conclusion that finally draws is: the multiple security feature integration ability of equipment B to be tested is apparently higher than device A to be tested.
Fig. 6 is the structured flowchart according to the device for detecting performance of the equipment of the embodiment of the invention.As shown in Figure 6, the device for detecting performance of this equipment can comprise: the first test module 10, be used for only opening the testing equipment to be tested of fire compartment wall, and obtain the first maximum performance index of equipment to be tested; The second test module 20, be used for being in the testing equipment to be tested of use state, obtain the second maximum performance index of equipment to be tested, wherein, the use state comprises: open firewall state, open the intrusion prevention state, perhaps, open firewall state, open the virus defense state, perhaps, open firewall state, unlatching intrusion prevention state and unlatching virus defense state; Evaluation module 30 is assessed for the performance for the treatment of testing equipment according to the rate of change of the first maximum performance index and the second maximum performance index.
Adopt device as shown in Figure 6, solved the problem that the detection method in the correlation technique can't reflect the performance of UTM product exactly, and then provide a kind of performance test methods of UTM product, its can with correlation technique in the method for testing use that mutually combines, the index parameter that reflects more intuitively the UTM properties of product is provided for the user.
Preferably, as shown in Figure 7, above-mentioned the second test module 20 can comprise: choose unit 200, be used for choosing default bag and growing when the first maximum performance index and the second maximum performance index are throughput and/or delay value; Determining unit 202 is used for determining the second maximum performance index according to default bag length.
Preferably, above-mentioned determining unit 202 is used for adopting dichotomy that throughput is tested according to default bag length and determines the second maximum performance index.
Preferably, above-mentioned determining unit 202 is used for adopting store-and-forward mode that delay value is tested according to default bag length and determines the second maximum performance index.
Preferably, as shown in Figure 7, above-mentioned the second test module 20 can comprise: computing unit 204, be used for when the first maximum performance index and the second maximum performance index are the application layer throughput, attack sample and/or Virus Sample to adding in the test of the equipment to be tested that is in the use state, calculate the recall rate of attacking sample and/or Virus Sample; Acquiring unit 206 is used for obtaining the second maximum performance index when the recall rate of attacking sample and/or Virus Sample remains unchanged.
From above description, can find out, above-described embodiment realized following technique effect (need to prove that these effects are effects that some preferred embodiment can reach): solved the problem that the detection method in the correlation technique can't reflect the performance of UTM product exactly, and then provide a kind of performance test methods of UTM product, its can with correlation technique in the method for testing use that mutually combines, the index parameter that reflects more intuitively the UTM properties of product is provided for the user.
Obviously, those skilled in the art should be understood that, above-mentioned each module of the present invention or each step can realize with general calculation element, they can concentrate on the single calculation element, perhaps be distributed on the network that a plurality of calculation elements form, alternatively, they can be realized with the executable program code of calculation element, thereby, they can be stored in the storage device and be carried out by calculation element, and in some cases, can carry out step shown or that describe with the order that is different from herein, perhaps they are made into respectively each integrated circuit modules, perhaps a plurality of modules in them or step are made into the single integrated circuit module and realize.Like this, the present invention is not restricted to any specific hardware and software combination.
The above is the preferred embodiments of the present invention only, is not limited to the present invention, and for a person skilled in the art, the present invention can have various modifications and variations.Within the spirit and principles in the present invention all, any modification of doing, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (10)
1. the method for testing performance of an equipment is characterized in that, comprising:
To only opening the testing equipment to be tested of fire compartment wall, obtain the first maximum performance index of described equipment to be tested;
To being in the testing equipment described to be tested of use state, obtain the second maximum performance index of described equipment to be tested, wherein, described use state comprises: open firewall state, open the intrusion prevention state, perhaps, described unlatching firewall state, unlatching virus defense state, perhaps, described unlatching firewall state, described unlatching intrusion prevention state and described unlatching virus defense state;
Rate of change according to the described first maximum performance index and described the second maximum performance index is assessed the performance of described equipment to be tested.
2. method according to claim 1, it is characterized in that, when the described first maximum performance index and the described second maximum performance index are throughput and/or delay value, to being in the testing equipment described to be tested of described use state, the described second maximum performance index that obtain described equipment to be tested comprise:
It is long to choose default bag;
According to long definite the described second maximum performance index of described default bag.
3. method according to claim 2 is characterized in that, according to the long dichotomy that adopts of described default bag described throughput is tested definite the described second maximum performance index.
4. method according to claim 2 is characterized in that, according to the long store-and-forward mode that adopts of described default bag described delay value is tested definite the described second maximum performance index.
5. method according to claim 1, it is characterized in that, when the described first maximum performance index and the described second maximum performance index are the application layer throughput, to being in the testing equipment described to be tested of described use state, the described second maximum performance index that obtain described equipment to be tested comprise:
Attack sample and/or Virus Sample to adding in the test of the described equipment to be tested that is in described use state, calculate the recall rate of described attack sample and/or described Virus Sample;
When the recall rate of described attack sample and/or described Virus Sample remains unchanged, obtain the described second maximum performance index.
6. the device for detecting performance of an equipment is characterized in that, comprising:
The first test module is used for only opening the testing equipment to be tested of fire compartment wall, obtains the first maximum performance index of described equipment to be tested;
The second test module, be used for being in the testing equipment described to be tested of use state, obtain the second maximum performance index of described equipment to be tested, wherein, described use state comprises: opens firewall state, opens the intrusion prevention state, perhaps, described unlatching firewall state, unlatching virus defense state, perhaps, described unlatching firewall state, described unlatching intrusion prevention state and described unlatching virus defense state;
Evaluation module is used for according to the rate of change of the described first maximum performance index and described the second maximum performance index the performance of described equipment to be tested being assessed.
7. device according to claim 6 is characterized in that, described the second test module comprises:
Choose the unit, be used for when the described first maximum performance index and the described second maximum performance index are throughput and/or delay value, choose default bag and growing;
Determining unit is used for according to long definite the described second maximum performance index of described default bag.
8. device according to claim 7 is characterized in that, described determining unit is used for according to the long dichotomy that adopts of described default bag described throughput being tested definite the described second maximum performance index.
9. device according to claim 7 is characterized in that, described determining unit is used for according to the long store-and-forward mode that adopts of described default bag described delay value being tested definite the described second maximum performance index.
10. device according to claim 6 is characterized in that, described the second test module comprises:
Computing unit, be used for when the described first maximum performance index and the described second maximum performance index are the application layer throughput, attack sample and/or Virus Sample to adding in the test of the described equipment to be tested that is in described use state, calculate the recall rate of described attack sample and/or described Virus Sample;
Acquiring unit is used for obtaining the described second maximum performance index when the recall rate of described attack sample and/or described Virus Sample remains unchanged.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210511194.2A CN102970186B (en) | 2012-12-03 | 2012-12-03 | The method for testing performance and device of equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210511194.2A CN102970186B (en) | 2012-12-03 | 2012-12-03 | The method for testing performance and device of equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102970186A true CN102970186A (en) | 2013-03-13 |
| CN102970186B CN102970186B (en) | 2019-01-25 |
Family
ID=47800077
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210511194.2A Active CN102970186B (en) | 2012-12-03 | 2012-12-03 | The method for testing performance and device of equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102970186B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104363136A (en) * | 2014-11-07 | 2015-02-18 | 网神信息技术(北京)股份有限公司 | Security gateway device testing method and device |
| CN109120483A (en) * | 2018-10-30 | 2019-01-01 | 杭州迪普科技股份有限公司 | A kind of firewall box performance test methods and device |
| CN109150649A (en) * | 2018-06-07 | 2019-01-04 | 武汉思普崚技术有限公司 | Network performance test method and system |
| CN110213135A (en) * | 2019-06-12 | 2019-09-06 | 武汉通威电子有限公司 | A kind of fire wall performance test method and device |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101227289A (en) * | 2008-02-02 | 2008-07-23 | 华为技术有限公司 | Uniform intimidation managing device and loading method of intimidation defense module |
| CN101707608A (en) * | 2009-11-27 | 2010-05-12 | 成都市华为赛门铁克科技有限公司 | Method and device for automatically testing application layer protocol |
| CN102082707A (en) * | 2010-12-24 | 2011-06-01 | 汉柏科技有限公司 | Parallel processing performance test method for multinuclear firewall |
| CN102255910A (en) * | 2011-07-11 | 2011-11-23 | 北京天融信科技有限公司 | Method and device for testing performance of intrusion prevention product |
| US20110307950A1 (en) * | 2010-06-09 | 2011-12-15 | Sonicwall, Inc. | Net-Based Email Filtering |
-
2012
- 2012-12-03 CN CN201210511194.2A patent/CN102970186B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101227289A (en) * | 2008-02-02 | 2008-07-23 | 华为技术有限公司 | Uniform intimidation managing device and loading method of intimidation defense module |
| CN101707608A (en) * | 2009-11-27 | 2010-05-12 | 成都市华为赛门铁克科技有限公司 | Method and device for automatically testing application layer protocol |
| US20110307950A1 (en) * | 2010-06-09 | 2011-12-15 | Sonicwall, Inc. | Net-Based Email Filtering |
| CN102082707A (en) * | 2010-12-24 | 2011-06-01 | 汉柏科技有限公司 | Parallel processing performance test method for multinuclear firewall |
| CN102255910A (en) * | 2011-07-11 | 2011-11-23 | 北京天融信科技有限公司 | Method and device for testing performance of intrusion prevention product |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104363136A (en) * | 2014-11-07 | 2015-02-18 | 网神信息技术(北京)股份有限公司 | Security gateway device testing method and device |
| CN109150649A (en) * | 2018-06-07 | 2019-01-04 | 武汉思普崚技术有限公司 | Network performance test method and system |
| CN109150649B (en) * | 2018-06-07 | 2021-04-23 | 武汉思普崚技术有限公司 | Network performance test method and system |
| CN109120483A (en) * | 2018-10-30 | 2019-01-01 | 杭州迪普科技股份有限公司 | A kind of firewall box performance test methods and device |
| CN109120483B (en) * | 2018-10-30 | 2020-08-04 | 杭州迪普科技股份有限公司 | Firewall equipment performance test method and device |
| CN110213135A (en) * | 2019-06-12 | 2019-09-06 | 武汉通威电子有限公司 | A kind of fire wall performance test method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102970186B (en) | 2019-01-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101980506B (en) | Flow characteristic analysis-based distributed intrusion detection method | |
| CN104067280B (en) | System and method for detecting malicious commands and control passage | |
| CN108063765B (en) | SDN system suitable for solving network security | |
| CN108183886B (en) | Safety enhancement equipment for safety gateway of rail transit signal system | |
| US20040111531A1 (en) | Method and system for reducing the rate of infection of a communications network by a software worm | |
| CN102082707B (en) | Parallel processing performance test method for multinuclear firewall | |
| CN101465855B (en) | Method and system for filtrating synchronous extensive aggression | |
| CN102255910B (en) | Method and device for testing performance of intrusion prevention product | |
| CN109660539A (en) | It falls device identification method, device, electronic equipment and storage medium | |
| KR20050081439A (en) | System of network security and working method thereof | |
| CN103746885A (en) | Test system and test method oriented to next-generation firewall | |
| JP5673805B2 (en) | Network device, communication system, abnormal traffic detection method and program | |
| CN104734916B (en) | A kind of high-efficiency multi-stage anomalous traffic detection method based on Transmission Control Protocol | |
| CN105323259B (en) | A kind of method and apparatus preventing synchronous packet attack | |
| CN101001242A (en) | Method of network equipment invaded detection | |
| CN105592044B (en) | Message aggression detection method and device | |
| JP2004172871A (en) | Concentrator preventing virus spread and program for the same | |
| CN110166480A (en) | A kind of analysis method and device of data packet | |
| CN102970186A (en) | Equipment performance detection method and equipment performance detection device | |
| CN106411863A (en) | Virtualization platform for processing network traffic of virtual switches in real time | |
| CN104125213A (en) | Distributed denial of service DDOS attack resisting method and device for firewall | |
| CN107864110A (en) | Botnet main control end detection method and device | |
| CN101873324A (en) | Method for passing through firewall | |
| Bala et al. | Quality based Bottom-up-Detection and Prevention Techniques for DDOS in MANET | |
| KR101240311B1 (en) | Network packet intrusion detection system and method based by linux |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| EXSB | Decision made by sipo to initiate substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address |
Address after: 2nd Floor, Building 1, Yard 26, Xizhimenwai South Road, Xicheng District, Beijing, 100032 Patentee after: Qianxin Wangshen information technology (Beijing) Co.,Ltd. Patentee after: Legendsec Technology (Beijing) Co.,Ltd. Address before: 100085 1st floor, Section II, No.7 Kaifa Road, Shangdi Information Industry base, Haidian District, Beijing Patentee before: LEGENDSEC INFORMATION TECHNOLOGY (BEIJING) Inc. Patentee before: Legendsec Technology (Beijing) Co.,Ltd. |
|
| CP03 | Change of name, title or address |