CN104363136A - Security gateway device testing method and device - Google Patents
Security gateway device testing method and device Download PDFInfo
- Publication number
- CN104363136A CN104363136A CN201410642913.3A CN201410642913A CN104363136A CN 104363136 A CN104363136 A CN 104363136A CN 201410642913 A CN201410642913 A CN 201410642913A CN 104363136 A CN104363136 A CN 104363136A
- Authority
- CN
- China
- Prior art keywords
- test
- data
- equipment under
- under test
- application layer
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a security gateway device testing method and device. The method comprises a starting step, a testing step, an acquisition step and a comparison step. In the starting step, the testing step and the acquisition step are executed on the conditions that the virus defense function of a tested device is started and not started respectively; in the testing step, the tested device is tested through test data; in the acquisition step, application layer handling capacity data and resource occupancy rate data of the tested device are acquired when the test data are used for testing; in the comparison step, the application layer handling capacity data and the resource occupancy rate data acquired when the virus defense function of the tested device is started are compared with the application layer handling capacity data and the resource occupancy rate data acquired when the virus defense function of the tested device is not started to obtain a test result. By means of the security gateway device testing method and device, the problem that the resource use data of a security gateway device with the virus defense function started can not be acquired in the prior art is solved, and the effect of accurately acquiring the resource occupancy rate data of the tested device with the virus defense function started is achieved.
Description
Technical field
The present invention relates to internet arena, in particular to a kind of method of testing and device of security gateway equipment.
Background technology
Along with variation and the vertical deepening development of internet, applications technology, Network Security Vulnerabilities and institute's problems faced thereof highlight all the more, the traditional security gateway equipment only with single firewall functionality, also by current composite several functions composite type safety gateway substitute.Existing security gateway series products, in single hardware device, except retaining basic firewall functionality, the functions such as virus defense, intrusion detection and intrusion prevention are also merged, by the protection aspect of network, by two to three layers, be increased to four to seven layers, for trusted network provides a comprehensive efficient public security system.
At present, for the performance test of the virus defense subsystem in security gateway, different application layer protocols, can adopt different performance index to evaluate and test.Wherein, main protocol comprises http protocol, File Transfer Protocol, smtp protocol, POP3 agreement.Performance index based on http protocol comprise: application layer protocol throughput, newly-built connection/number of concurrent; Performance index based on File Transfer Protocol comprise: application layer protocol throughput, newly-built connection/number of concurrent; Performance index based on smtp protocol comprise: application layer protocol throughput, newly-built linking number, mail treatment speed; Performance index based on POP3 agreement comprise: application layer protocol throughput, newly-built linking number, mail treatment speed.
The performance testing index of above-mentioned virus defense system, it is the important evidence weighing the security gateway performance after enabling virus defense function, but there is the deficiency of following two aspects in performance test methods of the prior art: 1), the application layer test load of different agreement all adopts reference data, data file size and type single, the throughput performance data under different loads cannot be obtained; 2) data in the consumption of tolerance virus defense subsystem own resources, are lacked.
For the problem that cannot obtain security gateway equipment in prior art and enable the resource usage data of virus defense function, at present effective solution is not yet proposed.
Summary of the invention
For the problem that cannot obtain security gateway equipment in correlation technique and enable the resource usage data of virus defense function, at present effective solution is not yet proposed, for this reason, main purpose of the present invention is the method for testing and the device that provide a kind of security gateway equipment, to solve the problem.
To achieve these goals, according to an aspect of the present invention, provide a kind of method of testing of security gateway equipment, the method comprises: enable step: respectively when enabling the virus defense function with not enabled equipment under test, performs testing procedure and obtaining step: testing procedure: use test data are tested equipment under test; Obtaining step: the application layer throughput data and the resources occupation rate data that obtain the equipment under test when use test data test; Comparison step: the application layer throughput data obtained when enabling the virus defense function of equipment under test and resources occupation rate data and the application layer throughput data obtained when the virus defense function of not enabled equipment under test and resources occupation rate data being compared, obtaining test result.
Further, use test data are carried out test to equipment under test and are comprised: when the virus defense function of not enabled equipment under test, use the first test data to test equipment under test; When enabling the virus defense function of equipment under test, the first test data is used to test equipment under test.
Further, when enabling the virus defense function of equipment under test, after use first test data is tested equipment under test, method of testing also comprises: use at least two the second test datas to test equipment under test, wherein, the data length of the data length of the second test data or type and the first test data or type different; Wherein, if use multiple second test data to test equipment under test, data length or the type of each the second test data are different.
Further, the application layer throughput data and the resources occupation rate data that obtain the equipment under test when use test data test comprise: the maximum throughput obtaining the equipment under test when use test data test, and be applied a layer throughput data; Determine the resources occupation rate of equipment under test during corresponding maximum throughput, obtain resources occupation rate data; Export application layer throughput data and resources occupation rate data.
Further, after obtaining test result, method of testing also comprises: judge whether equipment under test supports the application layer protocol except current application layer protocol; If the application layer protocol of equipment under test support except current application layer protocol, load and replace the application layer protocol except current application layer protocol, returning execution and enable step.
To achieve these goals, according to a further aspect in the invention, provide a kind of testing apparatus of security gateway equipment, this device comprises: enable module: for respectively when enabling the virus defense function with not enabled equipment under test, performs test module and the step performed by acquisition module; Test module: equipment under test is tested for use test data; Acquisition module: for obtaining application layer throughput data and the resources occupation rate data of the equipment under test when use test data test; Comparison module: for the application layer throughput data obtained when enabling the virus defense function of equipment under test and resources occupation rate data and the application layer throughput data obtained when the virus defense function of not enabled equipment under test and resources occupation rate data being compared, obtain test result.
Further, test module comprises: the first test submodule, for when the virus defense function of not enabled equipment under test, uses the first test data to test equipment under test; Second test submodule, for when enabling the virus defense function of equipment under test, uses the first test data to test equipment under test.
Further, test module also comprises: the 3rd test submodule, and for using at least two the second test datas to test equipment under test, wherein, data length or the type of the data length of the second test data or type and the first test data are different; Wherein, if use multiple second test data to test equipment under test, data length or the type of each the second test data are different.
Further, acquisition module comprises: obtain submodule, and for obtaining the maximum throughput of the equipment under test when use test data test, be applied a layer throughput data; Determination module, during for determining corresponding maximum throughput, the resources occupation rate of equipment under test, obtains resources occupation rate data; Output module, for exporting application layer throughput data and resources occupation rate data.
Further, testing apparatus also comprises: judge module, for after obtaining test result, judges whether equipment under test supports the application layer protocol except current application layer protocol; Return module, if for the application layer protocol of equipment under test support except current application layer protocol, load and replace the application layer protocol except current application layer protocol, return the processing method performing and enable module.
Adopt the embodiment of the present invention, enabling the virus defense function with not enabled equipment under test respectively, the first test data is used to test it, and the application layer throughput data obtained in test process and resources occupation rate data, then compare and enable and the application layer throughput data of equipment under test during not enabled virus defense function and resources occupation rate data, the data of the resources occupation rate of equipment under test when enabling virus defense function can be obtained, use these data can obtain the performance test results of equipment under test more accurately, reduce the granularity of performance test, expand the coverage rate of performance test, measure foundation for performance evaluating provides more comprehensively and objectively.By the present invention, solve in prior art and cannot obtain the problem that security gateway equipment enables the resource usage data of virus defense function, achieve the effect that Obtaining Accurate equipment under test enables the resources occupation rate data of virus defense function.
Accompanying drawing explanation
Accompanying drawing described herein is used to provide a further understanding of the present invention, and form a application's part, schematic description and description of the present invention, for explaining the present invention, does not form inappropriate limitation of the present invention.In the accompanying drawings:
Fig. 1 is the flow chart of the method for testing of security gateway equipment according to the embodiment of the present invention;
Fig. 2 is the flow chart of the method for testing of a kind of optional security gateway equipment according to the embodiment of the present invention;
Fig. 3 is the flow chart of the method for testing according to the optional security gateway equipment of the another kind of the embodiment of the present invention; And
Fig. 4 is the schematic diagram of the testing apparatus of security gateway equipment according to the embodiment of the present invention.
Embodiment
The present invention program is understood better in order to make those skilled in the art person, below in conjunction with the accompanying drawing in the embodiment of the present invention, technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is only the embodiment of a part of the present invention, instead of whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, should belong to the scope of protection of the invention.
It should be noted that, term " first ", " second " etc. in specification of the present invention and claims and above-mentioned accompanying drawing are for distinguishing similar object, and need not be used for describing specific order or precedence.Should be appreciated that the data used like this can be exchanged in the appropriate case, so as embodiments of the invention described herein can with except here diagram or describe those except order implement.In addition, term " comprises " and " having " and their any distortion, intention is to cover not exclusive comprising, such as, contain those steps or unit that the process of series of steps or unit, method, system, product or equipment is not necessarily limited to clearly list, but can comprise clearly do not list or for intrinsic other step of these processes, method, product or equipment or unit.
Fig. 1 is the flow chart of the method for testing of security gateway equipment according to the embodiment of the present invention, and the method comprises the steps: as shown in Figure 1
Step S102, enables step: respectively when enabling the virus defense function with not enabled equipment under test, performs testing procedure and obtaining step.
Step S104, testing procedure: use test data are tested equipment under test.
Step S106, obtaining step: the application layer throughput data and the resources occupation rate data that obtain the equipment under test when use test data test.
Step S108, comparison step: the application layer throughput data obtained when enabling the virus defense function of equipment under test and resources occupation rate data and the application layer throughput data obtained when the virus defense function of not enabled equipment under test and resources occupation rate data being compared, obtaining test result.
Adopt the embodiment of the present invention, enabling the virus defense function with not enabled equipment under test respectively, the first test data is used to test it, and the application layer throughput data obtained in test process and resources occupation rate data, then compare and enable and the application layer throughput data of equipment under test during not enabled virus defense function and resources occupation rate data, the data of the resources occupation rate of equipment under test when enabling virus defense function can be obtained, use these data can obtain the performance test results of equipment under test more accurately, reduce the granularity of performance test, expand the coverage rate of performance test, measure foundation for performance evaluating provides more comprehensively and objectively.By the present invention, solve in prior art and cannot obtain the problem that security gateway equipment enables the resource usage data of virus defense function, achieve the effect that Obtaining Accurate equipment under test enables the resources occupation rate data of virus defense function.
According to the abovementioned embodiments of the present invention, use test data are carried out test to equipment under test and can be comprised: when the virus defense function of not enabled equipment under test, use the first test data to test equipment under test; When enabling the virus defense function of equipment under test, the first test data is used to test equipment under test.
Further, when enabling the virus defense function of equipment under test, after use first test data is tested equipment under test, method of testing can also comprise: use at least two the second test datas to test equipment under test, wherein, the data length of the data length of the second test data or type and the first test data or type different; Wherein, if use multiple second test data to test equipment under test, data length or the type of each the second test data are different.
In the above-described embodiments, use the second different test datas to test equipment under test, thus the application layer throughput data of equipment under test under different loads can be obtained.Pass through above-described embodiment, not only distinguish the throughput performance index under application layer different loads, also embodied the performance data of resource occupation aspect, reduce the granularity of performance test, expand the coverage rate of performance test, measure foundation for performance evaluating provides more comprehensively and objectively.
Particularly, the data length of the second test data can be 1/2nd, 1/4th, 1/16th or 2 times of the first test data; The type of the first test data is generally non-PE type, and the type of the second test data is generally PE type.
According to the abovementioned embodiments of the present invention, the application layer throughput data and the resources occupation rate data that obtain the equipment under test when use test data test can comprise: the maximum throughput obtaining the equipment under test when use test data test, and be applied a layer throughput data; Determine the resources occupation rate of equipment under test during corresponding maximum throughput, obtain resources occupation rate data; Export application layer throughput data and resources occupation rate data.
Particularly, as shown in Figure 2, above-described embodiment can be realized by following step:
Step S202: when enable or not enabled virus defense function, enable resource occupation test macro, and application layer testing throughput enabled to equipment under test.
Step S204: the maximum throughput of test equipment under test under the different loads of application layer protocol.
Particularly, the test data of different length or type can be used to test equipment under test, obtain equipment under test and obtain maximum throughput under different loads.
Step S206: statistical analysis throughput numerical value, exports maximum throughput data.
Step S208: the every resources occupation rate data of test equipment under test under corresponding throughput.
Step S210: statistical analysis resource occupation rate score, exports resources occupation rate data.
At above-described embodiment, respectively when enabling/not enabling the virus defense function in equipment under test, run resource occupation test macro, monitoring sampling is carried out to the resource data of equipment under test, load application layer protocol test data, the application layer throughput of test equipment under test under this load; Test terminates, and can draw the throughput performance data after statistical analysis, and the equipment under test resources occupation rate data under corresponding throughput.
In the above embodiment of the present invention, can when testing equipment under test, call instruction row reads resource data automatically, to obtain the resources occupation rate data of a certain sampled point.
According to the abovementioned embodiments of the present invention, method of testing as above all can be used to test each application layer protocol, particularly, after each current application layer protocol being carried out to test and obtaining test result, method of testing can also comprise: judge whether equipment under test supports the application layer protocol except current application layer protocol; If the application layer protocol of equipment under test support except current application layer protocol, load and replace the application layer protocol except current application layer protocol, returning execution and enable step.
Introduce the present invention in detail below in conjunction with accompanying drawing 3, as shown in Figure 3, the above embodiment of the present invention can realize as follows:
Step S301: when not enabling the virus defense function in equipment under test, the maximum throughput of test equipment under test under application layer protocol baseline load and device resource occupancy.
Particularly, do not enable the virus defense function in equipment under test, run resource occupation test macro, monitoring sampling is carried out to the resource data of equipment under test, first test data Data0 of load application layer protocol 1, the application layer throughput of test equipment under test under baseline load; Test terminates, and draws the throughput performance data TP-Data0 after statistical analysis, and equipment under test resources occupation rate data RU-Data0 when throughput is TP-Data0.
Wherein, the first test data is benchmark test data.
Step S302: when enabling the virus defense function in equipment under test, the maximum throughput of test equipment under test under application layer protocol baseline load and device resource occupancy.
Particularly, enable the virus defense function in equipment under test, run resource occupation test macro, monitoring sampling is carried out to equipment under test resource data, first test data Data1 of load application layer protocol 1, the application layer throughput of test equipment under test under baseline load; Test terminates, and draws the throughput performance data TP-Data1 after statistical analysis, and equipment under test resources occupation rate data RU-Data1 when throughput is TP-Data1.First test data Data1 is above-mentioned benchmark test data.
Wherein, data length, the type of the first test data Data0 and the first test data Data1 are identical, and alternatively, Data0 and Data1 is identical test data.
Step S303: when enabling the virus defense function in equipment under test, the maximum throughput of test equipment under test under application layer protocol load 1 and device resource occupancy.
Particularly, enable the virus defense function in equipment under test, run resource occupation test macro, monitoring sampling is carried out to equipment under test resource data, second test data Data2 of load application layer protocol 1, second test data Data2 size is 2 times of the first test data Data1, and type is identical with DATA1, the application layer throughput of test equipment under test under the second test data Data2 load; Test terminates, and draws the throughput performance data TP-Data2 after statistical analysis, and equipment under test resources occupation rate data RU-Data2 when throughput is TP-Data2.
Step S304: when enabling the virus defense function in equipment under test, the maximum throughput of test equipment under test under application layer protocol load 2 and device resource occupancy.
Particularly, enable the virus defense function in equipment under test, run resource occupation test macro, monitoring sampling is carried out to equipment under test resource data, second test data Data3 of load application layer protocol 1, second test data Data3 size is identical with the first test data Data1, and type is different, the application layer throughput of test equipment under test under the second test data Data3 load; Test terminates, and draws the throughput performance data TP-Data3 after statistical analysis, and equipment under test resources occupation rate data RU-Data3 when throughput is TP-Data3.
Step S305: judge whether equipment under test supports the application layer protocol except current application layer protocol.
If the application layer protocol of equipment under test support except current application layer protocol, perform step S306; If equipment under test does not support other application layer protocols except current application layer protocol, perform step S307: the above-mentioned test data of comparative analysis, assessment equipment under test performance, and virus defense its on the impact of its performance.
Step S306: load and replace the application layer protocol except current application layer protocol, and return execution step S301.
Particularly, change the application layer protocol that virus defense is supported, repeat step S301 to step S304, draw throughput performance data and the resource occupation data of corresponding agreement.For often kind of agreement, the data of comparison step S301 and step S302, then the data of comparison step S302, step S303 and step S304 respectively, make assessment to the virus defense system performance in equipment under test.
By the above embodiment of the present invention, when not enabling virus defense function, the equipment under test throughput performance under test benchmark load and device resource occupancy performance; When enabling virus defense function, the test data of different length or type is used to test equipment under test: when starting virus defense function, the equipment under test throughput performance under test benchmark load and device resource occupancy performance; When enabling virus defense function, the equipment under test throughput performance of test data length 2 doubly under baseline load, data type are identical with baseline load and device resource occupancy performance; When enabling virus defense function, test data length is identical from baseline load, data type different with baseline load under equipment under test throughput performance and device resource occupancy performance; Contrast 1,2 group of performance data (namely step S301 and step S302 obtains data), contrast 2,3,4 groups of performance datas (data that namely above-mentioned step S302, step S303 and step S304 obtain), the throughput performance of assessment equipment under test and resource occupation performance, assessment virus defense function is on the impact of equipment performance, under assessment different loads, virus defense function is on the impact of equipment performance.
It should be noted that, can perform in the computer system of such as one group of computer executable instructions in the step shown in the flow chart of accompanying drawing, and, although show logical order in flow charts, but in some cases, can be different from the step shown or described by order execution herein.
Fig. 4 is the schematic diagram of the testing apparatus of security gateway equipment according to the embodiment of the present invention.As shown in Figure 4, this testing apparatus can comprise: enable module 10: for respectively when enabling the virus defense function with not enabled equipment under test, performs test module and the step performed by acquisition module; Test module 30: equipment under test is tested for use test data; Acquisition module 50: for obtaining application layer throughput data and the resources occupation rate data of the equipment under test when use test data test; Comparison module 70: obtain test result for the application layer throughput data obtained when enabling the virus defense function of equipment under test and resources occupation rate data being compared with the application layer throughput data obtained when the virus defense function of not enabled equipment under test and resources occupation rate data.
Application layer throughput data between different loads and resources occupation rate data also for when all enabling the virus defense function of equipment under test, compare by the comparison module in above-described embodiment.
Adopt the embodiment of the present invention, the virus defense function with not enabled equipment under test is being enabled respectively by enabling module, test module uses the first test data to test it, and by the application layer throughput data in acquisition module acquisition test process and resources occupation rate data, comparison module compares to be enabled and the application layer throughput data of equipment under test during not enabled virus defense function and resources occupation rate data, the data of the resources occupation rate of equipment under test when enabling virus defense function can be obtained, use these data can obtain the performance test results of equipment under test more accurately, reduce the granularity of performance test, expand the coverage rate of performance test, measure foundation for performance evaluating provides more comprehensively and objectively.By the present invention, solve in prior art and cannot obtain the problem that security gateway equipment enables the resource usage data of virus defense function, achieve the effect that Obtaining Accurate equipment under test enables the resources occupation rate data of virus defense function.
According to the abovementioned embodiments of the present invention, test module can comprise: the first test submodule, for when the virus defense function of not enabled equipment under test, uses the first test data to test equipment under test; Second test submodule, for when enabling the virus defense function of equipment under test, uses the first test data to test equipment under test.
Further, test module can also comprise: the 3rd test submodule, for using at least two the second test datas to test equipment under test, wherein, the data length of the data length of the second test data or type and the first test data or type different; Wherein, if use multiple second test data to test equipment under test, data length or the type of each the second test data are different.
In the above-described embodiments, use the second different test datas to test equipment under test, thus the application layer throughput data of equipment under test under different loads can be obtained.Pass through above-described embodiment, not only distinguish the throughput performance index under application layer different loads, also embodied the performance data of resource occupation aspect, reduce the granularity of performance test, expand the coverage rate of performance test, measure foundation for performance evaluating provides more comprehensively and objectively.
Particularly, the data length of the second test data can be the first test data, 1/2nd, 1/4th, 1/16th or 2 times; First test data type is generally non-PE type, and the second test data type is generally PE type.
According to the abovementioned embodiments of the present invention, acquisition module can comprise: obtain submodule, and for obtaining the maximum throughput of the equipment under test when use test data test, be applied a layer throughput data; Determination module, during for determining corresponding maximum throughput, the resources occupation rate of equipment under test, obtains resources occupation rate data; Output module, for exporting application layer throughput data and resources occupation rate data.
Particularly, respectively when enabling/not enabling the virus defense function in equipment under test, run resource occupation test macro, monitoring sampling is carried out to the resource data of equipment under test, load application layer protocol test data, the application layer throughput of test equipment under test under this load; Test terminates, and can draw the throughput performance data after statistical analysis, and the equipment under test resources occupation rate data under corresponding throughput.
In the above embodiment of the present invention, can when testing equipment under test, call instruction row reads resource data automatically, to obtain the resources occupation rate data of a certain sampled point.
Need to further illustrate, testing apparatus can also comprise: judge module, for after obtaining test result, judges whether equipment under test supports the application layer protocol except current application layer protocol; Return module, if for the application layer protocol of equipment under test support except current application layer protocol, load and replace the application layer protocol except current application layer protocol, returning execution and enable module.
By the above embodiment of the present invention, when not enabling virus defense function, the equipment under test throughput performance under test benchmark load and device resource occupancy performance; When enabling virus defense function, the test data of different length or type is used to test equipment under test: when enabling virus defense function, the equipment under test throughput performance under test benchmark load and device resource occupancy performance; When enabling virus defense function, the equipment under test throughput performance of test data length 2 doubly under baseline load, data type are identical with baseline load and device resource occupancy performance; When enabling virus defense function, test data length is identical with baseline load, the equipment under test throughput performance under data type is different from baseline load and device resource occupancy performance; Contrast 1,2 group of performance data (data that the step S301 namely in Fig. 3 and step S302 obtains), contrast 2,3,4 groups of performance datas (data that the step S302 namely in Fig. 3, step S303 and step S304 obtain), the throughput performance of assessment equipment under test and resource occupation performance, assessment virus defense function is on the impact of equipment performance, under assessment different loads, virus defense function is on the impact of equipment performance.
The modules provided in the present embodiment is identical with the using method that the corresponding step of embodiment of the method provides, application scenarios also can be identical.It is noted, of course, that the scheme that above-mentioned module relates to can be not limited to content in above-described embodiment one and scene, and above-mentioned module may operate in terminal or mobile terminal, can pass through software or hardware implementing.
As can be seen from the above description, present invention achieves following technique effect:
Adopt the embodiment of the present invention, the virus defense function with not enabled equipment under test is being enabled respectively by enabling module, test module uses the first test data to test it, and by the application layer throughput data in acquisition module acquisition test process and resources occupation rate data, comparison module compares to be enabled and the application layer throughput data of equipment under test during not enabled virus defense function and resources occupation rate data, the data of the resources occupation rate of equipment under test when enabling virus defense function can be obtained, use these data can obtain the performance test results of equipment under test more accurately, reduce the granularity of performance test, expand the coverage rate of performance test, measure foundation for performance evaluating provides more comprehensively and objectively.By the present invention, solve in prior art and cannot obtain the problem that security gateway equipment enables the resource usage data of virus defense function, achieve the effect that Obtaining Accurate equipment under test enables the resources occupation rate data of virus defense function.
Obviously, those skilled in the art should be understood that, above-mentioned of the present invention each module or each step can realize with general calculation element, they can concentrate on single calculation element, or be distributed on network that multiple calculation element forms, alternatively, they can realize with the executable program code of calculation element, thus, they can be stored and be performed by calculation element in the storage device, or they are made into each integrated circuit modules respectively, or the multiple module in them or step are made into single integrated circuit module to realize.Like this, the present invention is not restricted to any specific hardware and software combination.
The foregoing is only the preferred embodiments of the present invention, be not limited to the present invention, for a person skilled in the art, the present invention can have various modifications and variations.Within the spirit and principles in the present invention all, any amendment done, equivalent replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (10)
1. a method of testing for security gateway equipment, is characterized in that, comprising:
Enabling step: respectively when enabling the virus defense function with not enabled equipment under test, performing testing procedure and obtaining step:
Described testing procedure: use test data are tested described equipment under test;
Described obtaining step: the application layer throughput data and the resources occupation rate data that obtain the described equipment under test when using the test of described test data;
Comparison step: the application layer throughput data obtained when enabling the virus defense function of described equipment under test and resources occupation rate data and the application layer throughput data obtained when the virus defense function of equipment under test described in not enabled and resources occupation rate data being compared, obtaining test result.
2. method of testing according to claim 1, is characterized in that, use test data are carried out test to described equipment under test and comprised:
When the virus defense function of equipment under test described in not enabled, the first test data is used to test described equipment under test;
When enabling the virus defense function of described equipment under test, described first test data is used to test described equipment under test.
3. method of testing according to claim 2, is characterized in that, when enabling the virus defense function of described equipment under test, after described first test data of use is tested described equipment under test, described method of testing also comprises:
Use at least two the second test datas to test described equipment under test, wherein, data length or the type of the data length of described second test data or type and described first test data are different;
Wherein, if use multiple described second test data to test described equipment under test, data length or the type of the second test data described in each are different.
4. method of testing according to claim 1, is characterized in that, the application layer throughput data and the resources occupation rate data that obtain the described equipment under test when using the test of described test data comprise:
Obtaining the maximum throughput of the described equipment under test when using the test of described test data, obtaining described application layer throughput data;
Determine the resources occupation rate of described equipment under test during corresponding described maximum throughput, obtain described resources occupation rate data;
Export described application layer throughput data and described resources occupation rate data.
5. method of testing as claimed in any of claims 1 to 4, is characterized in that, after obtaining described test result, described method of testing also comprises:
Judge whether described equipment under test supports the application layer protocol except current application layer protocol;
If the application layer protocol of described equipment under test support except current application layer protocol, load and replace described application layer protocol except current application layer protocol, returning described in execution and enable step.
6. a testing apparatus for security gateway equipment, is characterized in that, comprising:
Enabling module: for respectively when enabling the virus defense function with not enabled equipment under test, performing test module and the step performed by acquisition module;
Described test module: described equipment under test is tested for use test data;
Described acquisition module: for obtaining application layer throughput data and the resources occupation rate data of the described equipment under test when using the test of described test data;
Comparison module: for the application layer throughput data obtained when enabling the virus defense function of described equipment under test and resources occupation rate data and the application layer throughput data obtained when the virus defense function of equipment under test described in not enabled and resources occupation rate data being compared, obtain test result.
7. testing apparatus according to claim 6, is characterized in that, described test module comprises:
First test submodule, for when the virus defense function of equipment under test described in not enabled, uses the first test data to test described equipment under test;
Second test submodule, for when enabling the virus defense function of described equipment under test, uses described first test data to test described equipment under test.
8. testing apparatus according to claim 7, is characterized in that, described test module also comprises:
3rd test submodule, for using at least two the second test datas to test described equipment under test, wherein, data length or the type of the data length of described second test data or type and described first test data are different;
Wherein, if use multiple described second test data to test described equipment under test, data length or the type of the second test data described in each are different.
9. testing apparatus according to claim 6, is characterized in that, described acquisition module comprises:
Obtaining submodule, for obtaining the maximum throughput of the described equipment under test when using the test of described test data, obtaining described application layer throughput data;
Determination module, during for determining corresponding described maximum throughput, the resources occupation rate of described equipment under test, obtains described resources occupation rate data;
Output module, for exporting described application layer throughput data and described resources occupation rate data.
10. according to the testing apparatus in claim 6 to 9 described in any one, it is characterized in that, described testing apparatus also comprises:
Judge module, for after obtaining described test result, judges whether described equipment under test supports the application layer protocol except current application layer protocol;
Return module, if for the application layer protocol of described equipment under test support except current application layer protocol, load and replace described application layer protocol except current application layer protocol, returning the processing method of enabling module described in execution.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410642913.3A CN104363136A (en) | 2014-11-07 | 2014-11-07 | Security gateway device testing method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410642913.3A CN104363136A (en) | 2014-11-07 | 2014-11-07 | Security gateway device testing method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104363136A true CN104363136A (en) | 2015-02-18 |
Family
ID=52530363
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410642913.3A Pending CN104363136A (en) | 2014-11-07 | 2014-11-07 | Security gateway device testing method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104363136A (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101399786A (en) * | 2007-09-29 | 2009-04-01 | 华为技术有限公司 | Method, apparatus and system for network safe transmission |
| CN101707601A (en) * | 2009-11-23 | 2010-05-12 | 成都市华为赛门铁克科技有限公司 | Invasion defence detection method and device and gateway equipment |
| CN101877710A (en) * | 2010-07-13 | 2010-11-03 | 成都市华为赛门铁克科技有限公司 | Proxy gateway anti-virus implement method, pre-sorter and proxy gateway |
| CN101902348A (en) * | 2009-05-25 | 2010-12-01 | 北京启明星辰信息技术股份有限公司 | Network security system and system load automatic adjusting method thereof |
| CN101909067A (en) * | 2010-08-26 | 2010-12-08 | 北京天融信科技有限公司 | Antivirus method and system for secure gateway cluster |
| CN102970186A (en) * | 2012-12-03 | 2013-03-13 | 网神信息技术(北京)股份有限公司 | Equipment performance detection method and equipment performance detection device |
-
2014
- 2014-11-07 CN CN201410642913.3A patent/CN104363136A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101399786A (en) * | 2007-09-29 | 2009-04-01 | 华为技术有限公司 | Method, apparatus and system for network safe transmission |
| CN101902348A (en) * | 2009-05-25 | 2010-12-01 | 北京启明星辰信息技术股份有限公司 | Network security system and system load automatic adjusting method thereof |
| CN101707601A (en) * | 2009-11-23 | 2010-05-12 | 成都市华为赛门铁克科技有限公司 | Invasion defence detection method and device and gateway equipment |
| CN101877710A (en) * | 2010-07-13 | 2010-11-03 | 成都市华为赛门铁克科技有限公司 | Proxy gateway anti-virus implement method, pre-sorter and proxy gateway |
| CN101909067A (en) * | 2010-08-26 | 2010-12-08 | 北京天融信科技有限公司 | Antivirus method and system for secure gateway cluster |
| CN102970186A (en) * | 2012-12-03 | 2013-03-13 | 网神信息技术(北京)股份有限公司 | Equipment performance detection method and equipment performance detection device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10873594B2 (en) | Test system and method for identifying security vulnerabilities of a device under test | |
| EP3780702A1 (en) | Method and device for monitoring network data | |
| US10257216B2 (en) | Method and system for obtaining and analyzing forensic data in a distributed computer infrastructure | |
| CN104391979B (en) | Network malice reptile recognition methods and device | |
| CN104853379B (en) | A kind of quality of wireless network appraisal procedure and device | |
| CN105991587B (en) | A kind of intrusion detection method and system | |
| CN105357195A (en) | Unauthorized web access vulnerability detecting method and device | |
| CN110474786B (en) | Method and device for analyzing VoLTE network fault reason based on random forest | |
| CN103067218A (en) | High speed network data package content analysis device | |
| CN104411016A (en) | Network access system and method for wireless router | |
| CN104091122A (en) | Detection system of malicious data in mobile internet | |
| RU133954U1 (en) | NETWORK SECURITY DEVICE | |
| CN104283732A (en) | Network testing method, network testing data collection method, network testing device and network testing system | |
| CN112671724B (en) | Terminal security detection analysis method, device, equipment and readable storage medium | |
| CN105721406A (en) | Method and device for obtaining IP black list | |
| CN102185788A (en) | Method and system for searching vice accounts on basis of temporary mailbox | |
| CN105468981A (en) | Vulnerability identification technology-based plugin safety scanning device and scanning method | |
| CN104519069A (en) | Method and device for intercepting resource requests | |
| CN105471770B (en) | A kind of message processing method and device based on multi-core processor | |
| CN105050103B (en) | A kind of recognition methods of signaling process and device | |
| CN107995650B (en) | Method and device for acquiring neighbor cell identifier | |
| US11496502B2 (en) | Method and apparatus for generating attack string | |
| CN104363136A (en) | Security gateway device testing method and device | |
| CN103902441A (en) | Method and device for carrying out testing processing on mobile web application | |
| CN115396142A (en) | Information access method and device based on zero trust, computer equipment and medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20150218 |
|
| RJ01 | Rejection of invention patent application after publication |