CN103152341B - The network security situation awareness emulation mode that a kind of actual situation combines and system - Google Patents
The network security situation awareness emulation mode that a kind of actual situation combines and system Download PDFInfo
- Publication number
- CN103152341B CN103152341B CN201310066364.5A CN201310066364A CN103152341B CN 103152341 B CN103152341 B CN 103152341B CN 201310066364 A CN201310066364 A CN 201310066364A CN 103152341 B CN103152341 B CN 103152341B
- Authority
- CN
- China
- Prior art keywords
- network
- network security
- data
- real
- situation awareness
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The present invention relates to network safety filed, the invention discloses the network security situation awareness emulation mode that a kind of actual situation combines, the real system that the method is made up of some equipment in kind structure one, by real system with linked together by the virtual emulation network system of computer simulation, form the security postures perception artificial network that an actual situation combines, network attack equipment produces real network attack data flow, real network attack data flow is virtual network attack emulated data stream through data transaction Channel-shifted, and enter virtual network security situation awareness analogue system from the emulation mapping node that real network attack equipment is corresponding.The method is low for solving modeling efficiency in existing network security postures perception emulation, and accuracy is not high, and the problem of simulation result trust verification difficulty.
Description
Technical field
The present invention relates to technical field of network security, the present invention discloses network security situational awareness method and the system of the combination of a kind of actual situation.
Background technology
Network security situation awareness assesses in time whole network the present situation and reflect on the basis obtaining a large amount of network security data, and predict the variation tendency in network future.The Main way of current research how to process the network security data got and to be shown by whole network safety situation by visualization technique, and predict future network security postures.CERT NetSA(Network Situaltional Awareness Team) SiLK that develops is a traffic analysis tool, is used for analyzing large-scale network data.Make network analysis person can from a large amount of historical data fast finding relevant information, according to Query Result, network safety situation is assessed.National Key Laboratory is then from network topology structure, introduce the clustering method of graph-theoretical algorithm and data mining, a kind of safety situation evaluation method for distributed system is proposed, figure clustering algorithm is utilized to generate the cluster result of distributed system network connected graph, calculate topological integrity reference value, as the index weighing distributed system topology integrated degree, carry out the quantitative analysis of security postures.The appraisal procedure of a variety of network safety situation is also had in prior art, as the network security situation evaluating method of stratification, the pattra leaves department network model, Situation Awareness model etc. of relevance, like this.
Obtain above-mentioned any one network security situational awareness method must need to verify through a large amount of tests, to determine in the validity of the situation lower network security postures cognitive method of various different network attack and accuracy.The test method that prior art kind is commonly used comprises: (1) analytical method; (2) experimental technique; (3) emulation mode.All there is significant limitation in first two method.The validity of analytical method and accuracy by hypothesis restriction very greatly, when in the face of catenet, just cannot be described in detail system by some restricted hypothesis.The limitation of experimental technique is that cost is very high, reconfigure or shared resource be difficult to, use get up dumb.And emulation mode can make up the deficiency of first two method to a great extent.Emulation mode can the network model of design as required, and by relatively less time and expense awareness network various characteristics at different conditions, what obtain network research enriches effective data.
Thus existent technique kind adopts the emulation that virtual network emulates or abstract emulation mode realizes network security usually.This method reduces experimentation cost when carrying out network security research to a great extent, improves the efficiency of test.But the Simulation results of this method is very high to the degree of dependence of simulation modeling precision, and also more difficult to the checking of Simulation results confidence level.Current commercialization emulation high end software is abundanter for the simulation model library of communication network, but the model library of network-oriented security fields is also fewer, when carrying out the research in network security situation awareness, often need various procotol, the Details Of Agreement of security protocol carries out detailed analysis, study the result that various attack causes, carry out autonomous modeling, higher to the technical requirement of simulation modeling personnel, the cost of modeling is larger, and the checking of the confidence level of network security situation awareness Simulation results is also more difficult, be difficult to the evaluation requirement meeting network security situation awareness.
Summary of the invention
It is low that network security situational awareness method for prior art deposits modeling efficiency in simulations, the technical problem that modeling accuracy is not high, provides the network security situation awareness emulation mode that a kind of actual situation combines.The invention also discloses the system realizing the network security situation awareness emulation mode that this actual situation combines.
The invention discloses the network security situation awareness emulation mode that a kind of actual situation combines, it specifically comprises the following steps: step 1. builds virtual network security situation awareness analogue system and real network security situation awareness prototype system, and described network security situation awareness analogue system and network security situation awareness prototype system are by data transaction expanding channels; Described network security situation awareness prototype system comprises network attack equipment and Network Security Device; Step 2. is in virtual network security situation awareness analogue system, be respectively the emulation mapping node of network attack equipment and Network Security Device interpolation correspondence, real equipment in kind be mapped in one by one the particular location of virtual network security situation awareness analogue system; Step 3. network attack equipment produces real network attack data flow, real network attack data flow is virtual network attack emulated data stream through data transaction Channel-shifted, and enters virtual network security situation awareness analogue system from the emulation mapping node that real network attack equipment is corresponding; After virtual network attack emulated data stream flows through emulation mapping node corresponding to Network Security Device in analogue system, virtual network attack emulated data stream translation is become real network attack data flow by data transaction passage, and sends to the Network Security Device corresponding to emulation mapping node; The real Network Security Device of step 4. is according to responding after the real network attack data flow received and producing real network safety situation information flow, and real network safety situation information flow is converted into emulation mapping node corresponding from Network Security Device again after virtual emulated data stream through data transaction passage and enters virtual network security situation awareness analogue system; The virtual emulated data stream that the virtual network security situation awareness analogue system of step 5. returns according to step 4 and security postures sensing node simulation model, obtain the network safety situation under network attack.
Further, above-mentioned data transaction passage comprises the reality/dummy data ALT-CH alternate channel real network attack stream compression being changed to virtual emulated data stream, and virtual emulated data stream translation is become the void/real data ALT-CH alternate channel of real network attack data flow.
Further, the implementation procedure of above-mentioned reality/dummy data ALT-CH alternate channel specifically comprises the following steps: after 1.1. True Data bag enters reality/dummy data ALT-CH alternate channel, data capture module is intercepted and captured, and submits to data resolution module; 1.2. data resolution module is analyzed packet, analyzes its MAC Address, IP address, protocol type, protocol data; 1.3. the information consolidation in step 1.2 is formed security postures packet descriptor, and destroy True Data bag; 1.4. packet generation module is according to packet descriptor, generates corresponding emulated data bag, and is submitted to emulation mapping node corresponding in artificial network.
Further, the implementation procedure of above-mentioned void/real data ALT-CH alternate channel specifically comprises the following steps: 2.1 emulated data bags are intercepted and captured by data capture module, and submitted to data resolution module after entering void/real data ALT-CH alternate channel; 2.2. data resolution module is analyzed packet, analyzes its MAC Address, IP address, protocol type, protocol data; 2.3. the information consolidation in step 2.2 is formed security postures packet descriptor, and destroy emulated data bag; 2.4. packet generation module is according to packet descriptor, generates corresponding True Data bag, and is sent in real system by True Data bag.
Further, between above-mentioned network attack equipment and Network Security Device connected by switch or router between, different network attack equipment and between different Network Security Devices.
The invention also discloses the network security situation awareness analogue system that a kind of actual situation combines, it comprises virtual network security situation awareness analogue system and real network security situation awareness prototype system, and described network security situation awareness analogue system and network security situation awareness prototype system are by data transaction expanding channels; Described network security situation awareness prototype system comprises network attack equipment and Network Security Device; Described virtual network security situation awareness analogue system comprises mapping block, described mapping block is used for, for network attack equipment and Network Security Device add corresponding emulation mapping node, real equipment in kind being mapped in one by one the particular location of virtual network security situation awareness analogue system; Described network attack equipment produces real network attack data flow, real network attack data flow is virtual network attack emulated data stream through data transaction Channel-shifted, and enters virtual network security situation awareness analogue system from the emulation mapping node that real network attack equipment is corresponding; After virtual network attack emulated data stream flows through emulation mapping node corresponding to Network Security Device in analogue system, virtual network attack emulated data stream translation is become real network attack data flow by data transaction passage, and sends to the Network Security Device corresponding to emulation mapping node; Real Network Security Device is according to responding after the real network attack data flow received and producing real network safety situation information flow, and real network safety situation information flow is converted into emulation mapping node passback corresponding from Network Security Device again after virtual emulated data stream through data transaction passage and enters virtual network security situation awareness analogue system; Virtual network security situation awareness analogue system, according to the virtual emulated data stream of passback and security postures sensing node simulation model, obtains the network safety situation under network attack.
Beneficial effect of the present invention is: real prototype system and virtual analogue system are combined, the emulated data stream utilizing real network attack data flow and network safety situation inter-area traffic interarea to map carries out network security situation awareness emulation, save a large amount of human cost and time cost that spend when carrying out simulation modeling for Network Security Device, improve the accuracy of simulation modeling, ensure that the confidence level of Simulation results, extensively can promote the use of in network safety situation simulation study.
Accompanying drawing explanation
Fig. 1 is the structural representation of the network security situation awareness analogue system that actual situation combines.
Fig. 2 is data transaction passage realization flow figure.
Embodiment
Below in conjunction with Figure of description, describe the specific embodiment of the present invention in detail.
The structural representation of the network security situation awareness analogue system of actual situation combination as shown in Figure 1.Wherein virtual network security situation awareness analogue system can be realized by computer run simulation software, comprises various security postures sensing node simulation model in this simulation software.Network Security Device can be fire compartment wall, intrusion detection device, and it is realized by equipment in kind.Network attack equipment can be then the computer realizing attack.
The invention discloses the network security situation awareness emulation mode that a kind of actual situation combines, it specifically comprises the following steps: step 1. builds virtual network security situation awareness analogue system and real network security situation awareness prototype system, and described network security situation awareness analogue system and network security situation awareness prototype system are by data transaction expanding channels; Described network security situation awareness prototype system comprises network attack equipment and Network Security Device.Can be connected by switch or router, with mutual data transmission between its network attack equipment and Network Security Device, between different network attack equipment and between different Network Security Devices.Wherein conventional network attack equipment can be the remote computer or the other-end equipment that run dos attack instrument or wooden horse formula, for realizing various real network attack.Dos attack comprises WinNuke and causes system blue screen by sending OOB leak; Bonk causes system reboot by sending a large amount of UDP message bag forged; TearDrop causes the TCP/IP stack of system to collapse by the ip fragmentation of sending overlap; WinArp is wrapped on the other side's machine by a special data and produces a large amount of windows; Land causes system reboot to move by the request of the TCP based on SYN sending a large amount of forgery source IP; FluShot causes system to be solidified by sending specific IP bag; By sending a large amount of ICMP packets, Bloo causes that system is slack-off even solidifies; PIMP causes system blue screen even to restart by IGMP leak; Jolt, by a large amount of ICMP and UDP forged slowly even restarting of causing system to become etc. some dos attack modes arranged, realizes the attack to network.Wooden horse formula then can adopt and comprise BO2000 (BackOrifice), glacial epoch, NetSpy, GlacierKeyboardGhost, ExeBind or other any trojan horse programs to realize the attack to network.Above-mentioned network attack equipment can also be the attack pattern to network that other any technical staff easily expect, can have a variety of to the attack pattern of network, and testing crew also can according to the attack pattern to network needing to select oneself suitable of research.
Step 2. is in virtual network security situation awareness analogue system, be respectively the emulation mapping node of network attack equipment and Network Security Device interpolation correspondence, real equipment in kind be mapped in one by one the particular location of virtual network security situation awareness analogue system.Wherein network attack equipment can be remote computer or other-end, Network Security Device can be then fire compartment wall and/or intrusion detection device etc., be mapped in one by one by real equipment in kind in the particular location of virtual network security situation awareness analogue system, equipment and location address are one to one.
Step 3. network attack equipment produces real network attack data flow, real network attack data flow is virtual network attack emulated data stream through data transaction Channel-shifted, and enters virtual network security situation awareness analogue system from the emulation mapping node that real network attack equipment is corresponding; After virtual network attack emulated data stream flows through emulation mapping node corresponding to Network Security Device in analogue system, virtual network attack emulated data stream translation is become real network attack data flow by data transaction passage, and sends to the Network Security Device corresponding to emulation mapping node.As real network attack packet converts real network attack packet to virtual network attack emulated data bag through reality/dummy data ALT-CH alternate channel, and enter into network security situation awareness analogue system from the emulation mapping node producing network attack equipment.When virtual network attack emulated data bag flows through safety means in artificial network, after emulation mapping node as corresponding in intrusion detection device, data transaction passage converts virtual network attack emulated data bag to real network attack packet, and sends to corresponding intrusion detection device.Can be connected by switch or router, with mutual data transmission between its various different Network Security Device.
The real Network Security Device of step 4. is according to responding after the real network attack data flow received and producing real network safety situation information flow, and real network safety situation information flow is converted into emulation mapping node corresponding from Network Security Device again after virtual emulated data stream through data transaction passage and enters virtual network security situation awareness analogue system.After intrusion detection device receives real network attack data, can according to the threshold value of setting or the security postures of rule judgment current network, this can set as required, can be such as the setting etc. of threshold value.After judgement, real security postures information flow is converted into emulation mapping node corresponding to virtual emulated data Bao Zaicong intrusion detection device through data transaction passage to enter in virtual network security situation awareness analogue system.
The virtual emulated data stream that the virtual network security situation awareness analogue system of step 5. returns according to step 4 and security postures sensing node simulation model, obtain the network safety situation under network attack.In security postures sensing node model in step 5 and prior art the conventional pure virtual network simulation adopted with, do not repeat them here.
Pass through said method, real network attack equipment and Network Security Device are linked in virtual network security situation awareness analogue system, by real network attack equipment and Network Security Device, realize the simulation modeling process replaced various attack and Network Security Device, the manpower spent during to save simulation modeling and time, improve the accuracy of simulation modeling; Meanwhile, because the data flow in data flow in artificial network and real prototype system exists the relation mapped one by one, make the comparison of Simulation results confidence level easy.Real prototype system and virtual analogue system are combined, the emulated data stream utilizing real network attack data flow and network safety situation inter-area traffic interarea to map carries out network security situation awareness emulation, save a large amount of human cost and time cost that spend when carrying out simulation modeling for Network Security Device, improve the accuracy of simulation modeling, ensure that the confidence level of Simulation results, extensively can promote the use of in network safety situation simulation study.
Further, above-mentioned data transaction passage comprises the reality/dummy data ALT-CH alternate channel real network attack stream compression being changed to virtual emulated data stream, and virtual emulated data stream translation is become the void/real data ALT-CH alternate channel of real network attack data flow.Realized the combination of real network security situation awareness prototype system and virtual network security situation awareness analogue system by data transaction, reduce the modeling cost of system, improve the efficiency of system.
Data transaction passage realization flow figure as shown in Figure 2.
Further, the implementation procedure of above-mentioned reality/dummy data ALT-CH alternate channel specifically comprises the following steps: after 1.1. True Data bag enters reality/dummy data ALT-CH alternate channel, data capture module is intercepted and captured, and submits to data resolution module.1.2. data resolution module is analyzed packet, analyzes its MAC Address, IP address, protocol type, protocol data.1.3. the information consolidation in step 1.2 is formed security postures packet descriptor, and destroy True Data bag.1.4. packet generation module is according to packet descriptor, generates corresponding emulated data bag, and is submitted to emulation mapping node corresponding in artificial network.
Further, the implementation procedure of above-mentioned void/real data ALT-CH alternate channel specifically comprises the following steps: 2.1 emulated data bags are intercepted and captured by data capture module, and submitted to data resolution module after entering void/real data ALT-CH alternate channel.2.2. data resolution module is analyzed packet, analyzes its MAC Address, IP address, protocol type, protocol data.2.3. the information consolidation in step 2.2 is formed security postures packet descriptor, and destroy emulated data bag.2.4. packet generation module is according to packet descriptor, generates corresponding True Data bag, and is sent in real system by True Data bag.
The invention also discloses the network security situation awareness analogue system that actual situation combines, it comprises virtual network security situation awareness analogue system and real network security situation awareness prototype system, and described network security situation awareness analogue system and network security situation awareness prototype system are by data transaction expanding channels; Described network security situation awareness prototype system comprises network attack equipment and Network Security Device.Described virtual network security situation awareness analogue system comprises mapping block, described mapping block is used for, for network attack equipment and Network Security Device add corresponding emulation mapping node, real equipment in kind being mapped in one by one the particular location of virtual network security situation awareness analogue system.Described network attack equipment produces real network attack data flow, real network attack data flow is virtual network attack emulated data stream through data transaction Channel-shifted, and enters virtual network security situation awareness analogue system from the emulation mapping node that real network attack equipment is corresponding; After virtual network attack emulated data stream flows through emulation mapping node corresponding to Network Security Device in analogue system, virtual network attack emulated data stream translation is become real network attack data flow by data transaction passage, and sends to the Network Security Device corresponding to emulation mapping node.Real Network Security Device is according to responding after the real network attack data flow received and producing real network safety situation information flow, and real network safety situation information flow is converted into emulation mapping node passback corresponding from Network Security Device again after virtual emulated data stream through data transaction passage and enters virtual network security situation awareness analogue system.Virtual network security situation awareness analogue system, according to the virtual emulated data stream of passback and security postures sensing node simulation model, obtains the network safety situation under network attack.
Coefficient given in the above embodiments and parameter; be available to those skilled in the art to realize or use invention; invention does not limit only gets aforementioned disclosed numerical value; when not departing from the utility model thought of invention; those skilled in the art can make various modifications or adjustment to above-described embodiment; thus the protection range invented not limit by above-described embodiment, and should be the maximum magnitude meeting the inventive features that claims are mentioned.
Claims (6)
1. a network security situation awareness emulation mode for actual situation combination, it specifically comprises the following steps:
Step 1. builds virtual network security situation awareness analogue system and real network security situation awareness prototype system, and described network security situation awareness analogue system and network security situation awareness prototype system are by data transaction expanding channels; Described network security situation awareness prototype system comprises network attack equipment and Network Security Device;
Step 2. is in virtual network security situation awareness analogue system, be respectively the emulation mapping node of network attack equipment and Network Security Device interpolation correspondence, real equipment in kind be mapped in one by one the particular location of virtual network security situation awareness analogue system;
Step 3. network attack equipment produces real network attack data flow, real network attack data flow is virtual network attack emulated data stream through data transaction Channel-shifted, and enters virtual network security situation awareness analogue system from the emulation mapping node that real network attack equipment is corresponding; After virtual network attack emulated data stream flows through emulation mapping node corresponding to Network Security Device in analogue system, virtual network attack emulated data stream translation is become real network attack data flow by data transaction passage, and sends to the Network Security Device corresponding to emulation mapping node;
The real Network Security Device of step 4. is according to responding after the real network attack data flow received and producing real network safety situation information flow, and real network safety situation information flow is converted into emulation mapping node passback corresponding from Network Security Device again after virtual emulated data stream through data transaction passage and enters virtual network security situation awareness analogue system;
The virtual emulated data stream that the virtual network security situation awareness analogue system of step 5. returns according to step 4 and security postures sensing node simulation model, obtain the network safety situation under network attack.
2. the network security situation awareness emulation mode of actual situation combination as claimed in claim 1, it is characterized in that described data transaction passage comprises the reality/dummy data ALT-CH alternate channel real network attack stream compression being changed to virtual emulated data stream, and virtual emulated data stream translation is become the void/real data ALT-CH alternate channel of real network attack data flow.
3. the network security situation awareness emulation mode of actual situation combination as claimed in claim 2, it is characterized in that the implementation procedure of described reality/dummy data ALT-CH alternate channel specifically comprises the following steps: after 1.1. True Data bag enters reality/dummy data ALT-CH alternate channel, data capture module is intercepted and captured, and submits to data resolution module; 1.2. data resolution module is analyzed packet, analyzes its MAC Address, IP address, protocol type, protocol data; 1.3. the information consolidation in step 1.2 is formed security postures packet descriptor, and destroy True Data bag; 1.4. packet generation module is according to packet descriptor, generates corresponding emulated data bag, and is submitted to emulation mapping node corresponding in artificial network.
4. the network security situation awareness emulation mode of actual situation combination as claimed in claim 2, it is characterized in that the implementation procedure of described void/real data ALT-CH alternate channel specifically comprises the following steps: after 2.1 emulated data bags enter void/real data ALT-CH alternate channel, intercepted and captured by data capture module, and submitted to data resolution module; 2.2. data resolution module is analyzed packet, analyzes its MAC Address, IP address, protocol type, protocol data; 2.3. the information consolidation in step 2.2 is formed security postures packet descriptor, and destroy emulated data bag; 2.4. packet generation module is according to packet descriptor, generates corresponding True Data bag, and True Data bag is sent to the Network Security Device in real system.
5. the network security situation awareness emulation mode of actual situation combination as claimed in claim 1, is characterized in that being connected by switch or router between Network Security Devices between network attack equipment between described network attack equipment and Network Security Device, different and different.
6. the network security situation awareness analogue system of an actual situation combination, it comprises virtual network security situation awareness analogue system and real network security situation awareness prototype system, and described network security situation awareness analogue system and network security situation awareness prototype system are by data transaction expanding channels; Described network security situation awareness prototype system comprises network attack equipment and Network Security Device; Described virtual network security situation awareness analogue system comprises mapping block, described mapping block is used for, for network attack equipment and Network Security Device add corresponding emulation mapping node, real equipment in kind being mapped in one by one the particular location of virtual network security situation awareness analogue system; Described network attack equipment produces real network attack data flow, real network attack data flow is virtual network attack emulated data stream through data transaction Channel-shifted, and enters virtual network security situation awareness analogue system from the emulation mapping node that real network attack equipment is corresponding; After virtual network attack emulated data stream flows through emulation mapping node corresponding to Network Security Device in analogue system, virtual network attack emulated data stream translation is become real network attack data flow by data transaction passage, and sends to the Network Security Device corresponding to emulation mapping node; Real Network Security Device is according to responding after the real network attack data flow received and producing real network safety situation information flow, and real network safety situation information flow is converted into emulation mapping node passback corresponding from Network Security Device again after virtual emulated data stream through data transaction passage and enters virtual network security situation awareness analogue system; Virtual network security situation awareness analogue system, according to the virtual emulated data stream of passback and security postures sensing node simulation model, obtains the network safety situation under network attack.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310066364.5A CN103152341B (en) | 2013-03-04 | 2013-03-04 | The network security situation awareness emulation mode that a kind of actual situation combines and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310066364.5A CN103152341B (en) | 2013-03-04 | 2013-03-04 | The network security situation awareness emulation mode that a kind of actual situation combines and system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103152341A CN103152341A (en) | 2013-06-12 |
CN103152341B true CN103152341B (en) | 2015-08-12 |
Family
ID=48550204
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310066364.5A Active CN103152341B (en) | 2013-03-04 | 2013-03-04 | The network security situation awareness emulation mode that a kind of actual situation combines and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103152341B (en) |
Families Citing this family (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103618702B (en) * | 2013-11-14 | 2017-01-18 | 清华大学 | Social network information transmission situation awareness method and system |
CN104378350A (en) * | 2014-10-16 | 2015-02-25 | 江苏博智软件科技有限公司 | Network security situation awareness method based on hidden Markow model |
CN104735414B (en) * | 2015-03-25 | 2017-11-28 | 江苏物联网研究发展中心 | The Hardware In The Loop Simulation Method of facing video monitoring system |
CN105392155B (en) * | 2015-10-19 | 2018-11-20 | 中国人民解放军国防信息学院 | The method of actual situation Interworking GateWay and its realization emulation suitable for the emulation of mobile network system |
CN106953741B (en) * | 2017-01-25 | 2019-11-12 | 中国科学院信息工程研究所 | A kind of traffic playback method and system of network-oriented simulated environment |
CN111212092B (en) * | 2020-02-28 | 2022-06-14 | 太仓红码软件技术有限公司 | Network security firewall system based on virtual induction |
CN111865950B (en) * | 2020-07-09 | 2022-04-26 | 河南信大网御科技有限公司 | Mimicry network tester and testing method |
CN111970166B (en) * | 2020-07-31 | 2021-11-12 | 南京南瑞继保电气有限公司 | Test method, device, equipment, system and computer readable storage medium |
CN112073411B (en) * | 2020-09-07 | 2022-10-04 | 软通智慧信息技术有限公司 | Network security deduction method, device, equipment and storage medium |
-
2013
- 2013-03-04 CN CN201310066364.5A patent/CN103152341B/en active Active
Non-Patent Citations (2)
Title |
---|
网络安全态势感知模型研究;赖积保;《计算机研究与发展》;20061231;第43卷;全文 * |
网络态势感知中的指标体系研究;王娟;《计算机应用》;20070831;第27卷;全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN103152341A (en) | 2013-06-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103152341B (en) | The network security situation awareness emulation mode that a kind of actual situation combines and system | |
CN101399710B (en) | Detection method and system for protocol format exception | |
US11943249B2 (en) | Cyberspace coordinate system creation method and apparatus based on autonomous system | |
CN104811433B (en) | The distributed Internet of things system and implementation method of a kind of C/S frameworks | |
CN103684912B (en) | Sensor network safety testing method and system | |
CN103078769B (en) | A kind of system and method realizing equipment seamless access network simulator in kind | |
CN103150687A (en) | Electric network structure vulnerability real-time evaluation system | |
CN103901847A (en) | Printing machine remote fault monitoring system and method | |
CN103795723A (en) | Distributed type internet-of-things safety situation awareness method | |
CN104283897A (en) | Trojan horse communication feature fast extraction method based on clustering analysis of multiple data streams | |
Raj et al. | Simulation of VANET using ns-3 and SUMO | |
CN104079545A (en) | Method, device and system for extracting data package filtering rules | |
CN105721208A (en) | Intelligent substation process layer network modeling method based on OPNET | |
CN102331487A (en) | Device and method for automatically processing water quality monitoring data | |
CN106302412A (en) | A kind of intelligent checking system for the test of information system crushing resistance and detection method | |
CN104702598A (en) | Distributed network protocol security detection method for smart power grid | |
CN103501302A (en) | Method and system for automatically extracting worm features | |
KR101073402B1 (en) | Method for simulating and examining traffic and network traffic analysis system | |
CN106789275B (en) | Power transmission network security test system and method for electric power system | |
CN102413460A (en) | Wireless sensor network (WSN) protocol security test system | |
CN106209819A (en) | A kind of distributed appraisal procedure of Internet of Things security risk | |
CN109257384A (en) | Application layer ddos attack recognition methods based on access rhythm matrix | |
Huabing et al. | Real-time detection method for mobile network traffic anomalies considering user behavior security monitoring | |
KR102079028B1 (en) | Apparatus and method for generating simulated network traffic traces | |
CN114071529A (en) | Wireless network simulation method based on Exata and Docker |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant |