CN104580157B - A kind of tactful validity intelligent verification method based on dynamic construction message technology - Google Patents

A kind of tactful validity intelligent verification method based on dynamic construction message technology Download PDF

Info

Publication number
CN104580157B
CN104580157B CN201410767686.7A CN201410767686A CN104580157B CN 104580157 B CN104580157 B CN 104580157B CN 201410767686 A CN201410767686 A CN 201410767686A CN 104580157 B CN104580157 B CN 104580157B
Authority
CN
China
Prior art keywords
msub
message
source
sample
mtd
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201410767686.7A
Other languages
Chinese (zh)
Other versions
CN104580157A (en
Inventor
王润高
王泽玉
郭丽娜
高景生
刘汝州
刘刚
孙宇
孙宝贵
石波
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
706th Institute Of No2 Research Institute Casic
Original Assignee
706th Institute Of No2 Research Institute Casic
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 706th Institute Of No2 Research Institute Casic filed Critical 706th Institute Of No2 Research Institute Casic
Priority to CN201410767686.7A priority Critical patent/CN104580157B/en
Publication of CN104580157A publication Critical patent/CN104580157A/en
Application granted granted Critical
Publication of CN104580157B publication Critical patent/CN104580157B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L1/00Arrangements for detecting or preventing errors in the information received
    • H04L1/12Arrangements for detecting or preventing errors in the information received by using return channel
    • H04L1/16Arrangements for detecting or preventing errors in the information received by using return channel in which the return channel carries supervisory signals, e.g. repetition request signals
    • H04L1/18Automatic repetition systems, e.g. Van Duuren systems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • H04L67/025Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications

Abstract

A kind of tactful validity intelligent verification method based on dynamic construction message technology belongs to technical field of network security.The mentality of designing of the present invention is that tactful validation verification program is made up of three parts, case management module, case operation module, validation verification module.Case management module is mainly responsible for generation checking case, and controls the operation of checking case;Case operation module is mainly responsible for dynamic construction message, packet sampling, and controls sending and receiving for message;Validation verification module is mainly analyzed according to case operation result, makes whether security strategy effectively judges.Tactful validation verification program is operated on the main frame of the more network interface cards of configuration, and case operation module controls different network interface cards to complete sending and receiving for message respectively.The present invention completes tactful validation verification, realizes security strategy validation verification from craft to automation, intelligentized transformation, effectively improve the accuracy and efficiency of tactful validation verification work by dynamic construction message.

Description

A kind of tactful validity intelligent verification method based on dynamic construction message technology
Technical field
The invention belongs to technical field of network security, is that one kind is based on analogue data packet technology, automation, intelligentized plan Slightly validity verification method.
Background technology
With the development of information technology, information turns into the critical asset of organization.Especially rapidly sent out in network technology Today of exhibition, the protection for information assets are increasingly taken seriously, and most organizations all can be in network boundary deployment secure Safeguard, corresponding security strategy is formulated to realize network safety prevention target.But whether the validity of security strategy accords with Close and be expected, then more depend on the technical merit of safe practice support personnel and professional personal integrity, how to realize security strategy The problem of validity automation, intelligentized checking turn into urgent need to resolve.
At present, the main method of determination strategy validity is still based on artificial judgment, is primarily present following 2 points of deficiencies:
Influenceed by factors such as technical merit, time, professional personal integrity, there is larger uncertain for validation verification result Property;
The efficiency of manual verification is low, in technical guarantee Personnel Resources' deficiency, can not meet need of work.
The content of the invention
The present invention is exactly to solve the above problems, and is proposed a kind of based on dynamic construction message technology, automation, intellectuality Tactful validation verification method.Set with reference to security strategy, validation verification case of generating strategy, pass through dynamic construction report Text, tactful validation verification is completed, realize security strategy validation verification from craft to automation, intelligentized transformation, effectively Improve the accuracy and efficiency of tactful validation verification work.
The mentality of designing of the present invention is that tactful validation verification program is made up of three parts, case management module, case fortune Row module, validation verification module.Case management module is mainly responsible for generation checking case, and controls the operation of checking case; Case operation module is mainly responsible for dynamic construction message, packet sampling, and controls sending and receiving for message;Validation verification mould Block is mainly analyzed according to case operation result, makes whether security strategy effectively judges.Tactful validation verification program Operate on the main frame of the more network interface cards of configuration, being connected by netting twine with the entrance and exit being devices under, (such as fire wall is set Standby interior network interface, outer network interface), case operation module controls different network interface cards to complete sending and receiving for message respectively.Concrete principle As indicated, it is as shown in Figure 2 specifically to perform flow.
The inventive method comprises the following steps that:
Step 1:Validation verification case is configured according to security strategy;
Step 2:Runtime verification case, message sample sampling is carried out, build message and be sent to and be verified equipment, receive report Text;
Step 3:According to the message sent and received, analysis strategy validation verification situation, make whether security strategy has The judgement of effect.
A kind of 1. tactful validity intelligent verification method based on dynamic construction message technology, it is characterised in that step is such as Under:
Step 1:Validation verification case is generated according to security strategy:
Case is established by case management module, the tuple for establishing checking case includes source address, destination address, source Port, destination interface, agreement, including the strategy for allowing and refusing;The running of control checking case, including run, suspend And stopping;
Step 2:Case operation module is called, carries out message sample sampling, message is built and is sent to and is verified equipment, connect Receive the message by being verified equipment;
(1) according to the checking case of generation, the sampling of message sample is completed;
The design of sample sampling algorithm is as follows:
(a) it is 10000-50000 to set maximum quantity M, M interval of giving out a contract for a project;
(b) sample drawn, ensure sample uniform fold by protocol type, source address, destination address, source port, destination The sample spaces of five filtering domain compositions of mouth, it is as follows to extract strategy:
As give out a contract for a project quantity Ms of the sample number n less than maximum, then all n samples are extracted, build message;
As give out a contract for a project quantity Ms of the sample number n more than maximum, then sample shift value is calculated according to following algorithm, according to deviant Sample drawn, build message;
If it is A after source IP address parsing1.B1.C1.D1‐A2.B2.C2.D2, total IP address number of MAX IP sections for this, λSourceFor source Address sampling step-length, mSourceFor the source messages sum of setting, λPurposeFor purpose address sampling step-length, mPurposeIt is total for the purpose message of setting Number, i.e., plan structure sum is (mSource*mPurpose) individual message;For ensure sample can uniform fold sample space, (m should be madeSource*mPurpose) Give out a contract for a project quantity M much larger than maximum, then carry out second of random sampling again, finally determine M message;
The Sample Maximal number for the sample space being made up of source address section is MAX, and calculation formula is (1);When IP address is with point When dividing decimal format expression, shaped like A.B.C.D, every value changes from 1 to 255 since lowest order D is 1, until arriving After 255, C enters position 1, by that analogy;So it can obtain calculating the formula for the IP sums that legal IP sections are included, i.e. formula (1);
Source address sampling step size computation formula is (2);
By step-length is calculated, A is taken1.B1.C1.D1For initial address, last position D1Successively plus step-length λSource, work as D1+nλSourceDeng When 255, in C1Position enters 1, works as C1When reaching 255, B1Position enters 1, works as B1When reaching 255, A1Position enters 1, A1When reaching 255, algorithm Terminate;The sample extracted is followed successively by A1.B1.C1.D1、A1.B1.C1.(D1Source)、A1.B1.C1.(D1+2λSource)、……、 A1.B1.C1.(D1+nλSource)、……、A2.B2.C2.D2
Similarly, the sampling step-length λ of destination address is calculatedPurpose, and and then the sample that is extracted;
By above step, according to the parameter value of setting, the message total of structure is mSource*mPurpose, when M is less than message total For mSource*mPurposeDouble sampling is taken, then randomly selects M message, for completing tactful validation verification;
(2) message is built;
(3) message is sent and received;After dynamic construction message, it is sent to and is devices under, and receives and be devices under sending out The message sent back;To ensure the accuracy of test, design data packet retransmission mechanism, when case operation module is found to greatest extent When thering is the message not receive, message will be retransmitted, until reaching the maximum number of retransmissions of setting;
Step 3:Validation verification module is effective according to the configuration of the message sent and received, and case, analysis strategy Property checking situation, be made whether effectively to judge.
Brief description of the drawings
Fig. 1 principle of the invention figures
Fig. 2 flow charts of the present invention
Embodiment
With reference to flow chart, embodiment is described in detail, it should be emphasised that, the description below is merely exemplary , the scope being not intended to be limiting of the invention and its application.The present invention combines puppy parc (TCP) and checking packet filtering rules Validity illustrates, but is equally applicable to other general or proprietary protocols.
Step 1:Validation verification case (case management module) is generated according to security strategy;
Case management module realizes the management and dispatching of whole verification process, and realizes the information exchange with user.Main work( Structure checking case, checking Row control, reception and the result etc. can be included.
(1) checking case is established.Case is established by case management module, the tuple for establishing checking case includes source Address, destination address, source port, destination interface, agreement, strategy (permission, refusal etc.) etc., address realm can be set as needed Put point-to-point, group to group, section to section.
(2) runtime verification case.The running of control checking case, including run, suspend and stop.
Step 2:Case operation module is called, carries out message sample sampling, message is built and is sent to and is verified equipment, connect Receive the message by being verified equipment.
Case operation module realizes that the sample of message in verification process is sampled, builds, sent and received, and sends and connect Receive Synchronization Control.
(1) according to the checking case of generation, the sampling of message sample is completed;
Message sample sampling algorithm is that the difficult point in the present invention is also emphasis, because building report fully according to the parameter of setting Text, often quantity is larger, and the verification process duration is longer, extracts a small amount of message again it cannot be guaranteed that the validity of sample.So The sample number of message, which should be ensured, can try one's best Covering samples space, to ensure the validity of checking, while take into account checking again Efficiency.Sample sampling algorithm design in the present invention is as follows:
(a) maximum is set to give out a contract for a project quantity M (based on experience value, interval 10000-50000, general value 20000);
(b) sample drawn, ensure sample uniform fold by protocol type, source address, destination address, source port, destination The sample spaces of five filtering domain compositions of mouth, it is as follows to extract strategy:
● sample number n is less than the maximum quantity M that gives out a contract for a project (by taking M values 20000 as an example), then extracts all n samples, builds Message;
● sample number n is more than the maximum quantity M that gives out a contract for a project, then sample shift value is calculated according to following algorithm, according to deviant Sample drawn, build message.
If it is A after source IP address parsing1.B1.C1.D1-A2.B2.C2.D2, total IP address number of MAX IP sections for this, λSourceFor source Address sampling step-length, mSourceIt is total (with m for the source messages of settingSourceExemplified by value 1000), λPurposeFor purpose address sampling step-length, mPurpose For setting purpose message total (with mPurposeExemplified by value 1000), i.e., plan structure sum is (mSource*mPurpose) individual message.To ensure Sample can uniform fold sample space, (m should be madeSource*mPurpose) give out a contract for a project quantity M much larger than maximum, then carry out again second it is random Sampling, finally determine M message.
The Sample Maximal number for the sample space being made up of source address section is MAX, and calculation formula is (1).When IP address is with point When dividing decimal format expression, shaped like A.B.C.D, every value changes from 1 to 255 since lowest order D is 1, until arriving After 255, C enters position 1, by that analogy.So it can obtain calculating the formula for the IP sums that legal IP sections are included, i.e. formula (1)。
Source address sampling step size computation formula is (2).
By step-length is calculated, A is taken1.B1.C1.D1For initial address, last position D1Successively plus step-length λSource, work as D1+nλSourceDeng When 255, in C1Position enters 1, works as C1When reaching 255, B1Position enters 1, works as B1When reaching 255, A1Position enters 1, A1When reaching 255, algorithm Terminate.The sample extracted is followed successively by A1.B1.C1.D1、A1.B1.C1.(D1Source)、A1.B1.C1.(D1+2λSource)、……、 A1.B1.C1.(D1+nλSource)、……、A2.B2.C2.D2
Similarly, the sampling step-length λ of destination address can also be calculatedPurpose, and and then extracted sample (present invention with mPurpose 1000) value is.
By above step, according to the parameter value of setting, the message total of structure is (mSource*mPurpose)=(1000*1000)= 1000000, due to (M=20000)<1000000, so taking double sampling, randomly selected again from 1000000 messages 20000 messages, for completing tactful validation verification.
(2) message is built.According to the sample number structure checking message extracted, with reference to each tuple letter set in checking case Breath, structure checking message.In order to ensure to send and receive the correct statistical analysis of message, message is also included in the message of structure The information such as sequence number and message total, it is stored in the data field portion of message;
(3) message is sent and received.After dynamic construction message, it is sent to and is devices under, and receives and be devices under sending out The message sent back.To ensure the accuracy of test, design data packet retransmission mechanism, when case operation module is found to greatest extent When thering is the message not receive, message will be retransmitted, until reaching the maximum number of retransmissions of setting (such as:Three times), feelings will be received afterwards Condition includes the result and judges scope.
Step 3:Validation verification module is effective according to the configuration of the message sent and received, and case, analysis strategy Property checking situation, be made whether effectively to judge.
The result example 1
(1) configuration verification case
Source address:192.168.1.1-192.168.1.2, source port:2000-2001, destination address:192.168.2.1- 192.168.2.2, destination interface:3000-3001, agreement:TCP, strategy:By source network interface card:Network interface card 1, purpose network interface card:Network interface card 2。
(2) firewall policy is set
Authentication policy:" source address:192.168.1.1, source port:Any, destination address:192.168.2.1, destination Mouthful:Any, agreement:TCP, strategy:Allow ";
Default policy:" source address:Any, source port:Any, destination address:Any, destination interface:Any, agreement:TCP, plan Slightly:Refusal ".
(4) message combination is built
The message combination that table 1 is built
Test serial number Agreement Source address Source port Destination address Destination interface
1 TCP 192.168.1.1 2000 192.168.2.1 3000
2 TCP 192.168.1.1 2000 192.168.2.1 3001
3 TCP 192.168.1.1 2000 192.168.2.2 3000
4 TCP 192.168.1.1 2000 192.168.2.2 3001
5 TCP 192.168.1.1 2001 192.168.2.1 3000
6 TCP 192.168.1.1 2001 192.168.2.1 3001
7 TCP 192.168.1.1 2001 192.168.2.2 3000
8 TCP 192.168.1.1 2001 192.168.2.2 3001
9 TCP 192.168.1.2 2000 192.168.2.1 3000
10 TCP 192.168.1.2 2000 192.168.2.1 3001
11 TCP 192.168.1.2 2000 192.168.2.2 3000
12 TCP 192.168.1.2 2000 192.168.2.2 3001
13 TCP 192.168.1.2 2001 192.168.2.1 3000
14 TCP 192.168.1.2 2001 192.168.2.1 3001
15 TCP 192.168.1.2 2001 192.168.2.2 3000
16 TCP 192.168.1.2 2001 192.168.2.2 3001
(5) the result
The result of table 2
As can be seen from the above table, source address 192.168.1.1 to destination address 192.168.2.1 TCP message checking is logical Cross, it is consistent with the expected results " permission " of firewall policy;The message of remaining combination is not by the expection with firewall policy As a result " refuse " consistent.Tactful validation verification program is then verified that the security strategy is effective, can effectively played according to the result Safety protection function., whereas if TCP message " source address 192.168.1.2, source port 2000, destination address 192.168.2.2, the result of destination interface 3000 " shows " passing through ", then illustrates that the strategy is not reaching to expected effect, The reason for possible is conflict etc. between firewall software failure or security strategy be present, prompts safe practice personnel further Maintenance changes equipment, or resets the operation such as security strategy, to ensure that equipment can normally play safety protection function.
The result example 2
(1) configuration verification case
Source address:192.16.0.5-192.16.25.5, source port:2000, destination address:192.16.0.5- 192.17.0.5, source port:3000, agreement:TCP, strategy:By source network interface card:Network interface card 1, purpose network interface card:Network interface card 2.
(2) firewall policy is set
Authentication policy:" source address:192.168.0.5, source port:Any, destination address:192.168.0.5, destination Mouthful:Any, agreement:TCP, strategy:Allow ";
Default policy:" source address:Any, source port:Any, destination address:Any, destination interface:Any, agreement:TCP, plan Slightly:Refusal ".
(4) message combination is built
Source address IP sums 6375, purpose IP sums 65025, structure message total are:414534375.
M=20000, m are setSource=1000, mPurpose=1000, calculate and understand:λSource=6, λPurpose=65, can through first step sampling 1000000 messages are drawn, in order to both improve verification efficiency, ensures checking validity again, carries out second of random sampling, extract 20000 messages, for tactful validation verification.
(5) verification efficiency compares
Sampled by first time, checking message amount is reduced to 1000000 by 414534375, by secondary sample, tests Card message amount is further decreased to 20000, and result of the test shows, the sampling algorithm designed using the present invention, makes verification efficiency About 90% is improved, and the validity of policy validation method proposed by the present invention can be ensured.

Claims (1)

  1. A kind of 1. tactful validity intelligent verification method based on dynamic construction message technology, it is characterised in that step is as follows:
    Step 1:Validation verification case is generated according to security strategy:
    Case is established by case management module, the tuple for establishing checking case includes source address, destination address, source Mouth, destination interface, agreement, including the strategy for allowing and refusing;Control checking case running, including run, suspend and Stop;
    Step 2:Case operation module is called, carries out message sample sampling, message is built and is sent to and is verified equipment, is received logical Cross the message for being verified equipment;
    (1) according to the checking case of generation, the sampling of message sample is completed;
    The design of sample sampling algorithm is as follows:
    (a) it is 10000-50000 to set maximum quantity M, M interval of giving out a contract for a project;
    (b) sample drawn, ensure sample uniform fold by protocol type, source address, destination address, source port, destination interface five The sample space of individual filtering domain composition, it is as follows to extract strategy:
    As give out a contract for a project quantity Ms of the sample number n less than maximum, then all n samples are extracted, build message;
    As give out a contract for a project quantity Ms of the sample number n more than maximum, then sample shift value is calculated according to following algorithm, extracted according to deviant Sample, build message;
    If it is A after source IP address parsing1.B1.C1.D1-A2.B2.C2.D2, total IP address number of MAX IP sections for this, λSourceFor source address Sampling step-length, mSourceFor the source messages sum of setting, λPurposeFor purpose address sampling step-length, mPurposeFor the purpose message total of setting, I.e. plan structure sum is (mSource*mPurpose) individual message;For ensure sample can uniform fold sample space, (m should be madeSource*mPurpose) remote Give out a contract for a project quantity M more than maximum, then carry out second of random sampling again, finally determine M message;
    The Sample Maximal number for the sample space being made up of source address section is MAX, and calculation formula is (1);When IP address to put minutes ten When system form represents, shaped like A.B.C.D, every value changes from 1 to 255 since lowest order D is 1, until to after 255, C enters position 1, by that analogy;So it can obtain calculating the formula for the IP sums that legal IP sections are included, i.e. formula (1);
    <mrow> <mi>M</mi> <mi>A</mi> <mi>X</mi> <mo>=</mo> <mfenced open = "[" close = "]"> <mtable> <mtr> <mtd> <msup> <mn>255</mn> <mn>3</mn> </msup> </mtd> <mtd> <msup> <mn>255</mn> <mn>2</mn> </msup> </mtd> <mtd> <mn>255</mn> </mtd> <mtd> <mn>1</mn> </mtd> </mtr> </mtable> </mfenced> <mo>&amp;times;</mo> <mfenced open = "[" close = "]"> <mtable> <mtr> <mtd> <mrow> <mo>|</mo> <msub> <mi>A</mi> <mn>2</mn> </msub> <mo>-</mo> <msub> <mi>A</mi> <mn>1</mn> </msub> <mo>|</mo> </mrow> </mtd> </mtr> <mtr> <mtd> <mrow> <mo>|</mo> <msub> <mi>B</mi> <mn>2</mn> </msub> <mo>-</mo> <msub> <mi>B</mi> <mn>1</mn> </msub> <mo>|</mo> </mrow> </mtd> </mtr> <mtr> <mtd> <mrow> <mo>|</mo> <msub> <mi>C</mi> <mn>2</mn> </msub> <mo>-</mo> <msub> <mi>C</mi> <mn>1</mn> </msub> <mo>|</mo> </mrow> </mtd> </mtr> <mtr> <mtd> <mrow> <mo>|</mo> <msub> <mi>D</mi> <mn>2</mn> </msub> <mo>-</mo> <msub> <mi>D</mi> <mn>1</mn> </msub> <mo>+</mo> <mn>1</mn> <mo>|</mo> </mrow> </mtd> </mtr> </mtable> </mfenced> <mo>=</mo> <msup> <mn>255</mn> <mn>3</mn> </msup> <mo>&amp;times;</mo> <mo>|</mo> <msub> <mi>A</mi> <mn>2</mn> </msub> <mo>-</mo> <msub> <mi>A</mi> <mn>1</mn> </msub> <mo>|</mo> <mo>+</mo> <msup> <mn>255</mn> <mn>2</mn> </msup> <mo>&amp;times;</mo> <mo>|</mo> <msub> <mi>B</mi> <mn>2</mn> </msub> <mo>-</mo> <msub> <mi>B</mi> <mn>1</mn> </msub> <mo>|</mo> <mo>+</mo> <mn>255</mn> <mo>&amp;times;</mo> <mo>|</mo> <msub> <mi>C</mi> <mn>2</mn> </msub> <mo>-</mo> <msub> <mi>C</mi> <mn>1</mn> </msub> <mo>|</mo> <mo>+</mo> <mo>|</mo> <msub> <mi>D</mi> <mn>2</mn> </msub> <mo>-</mo> <msub> <mi>D</mi> <mn>1</mn> </msub> <mo>+</mo> <mn>1</mn> <mo>|</mo> <mn>......</mn> <mrow> <mo>(</mo> <mn>1</mn> <mo>)</mo> </mrow> </mrow>
    Source address sampling step size computation formula is (2);
    By step-length is calculated, A is taken1.B1.C1.D1For initial address, last position D1Successively plus step-length λSource, work as D1+nλSourceEqual to 255 When, in C1Position enters 1, works as C1When reaching 255, B1Position enters 1, works as B1When reaching 255, A1Position enters 1, A1When reaching 255, algorithm terminates; The sample extracted is followed successively by A1.B1.C1.D1、A1.B1.C1.(D1Source)、A1.B1.C1.(D1+2λSource)、……、A1.B1.C1.(D1 +nλSource)、……、A2.B2.C2.D2
    Similarly, the sampling step-length λ of destination address is calculatedPurpose, and and then the sample that is extracted;
    By above step, according to the parameter value of setting, the message total of structure is mSource*mPurpose, when M less than message total is mSource* mPurposeDouble sampling is taken, then randomly selects M message, for completing tactful validation verification;
    (2) message is built;
    (3) message is sent and received;After dynamic construction message, it is sent to and is devices under, and receives and be devices under sending back The message come;To ensure the accuracy of test, design data packet retransmission mechanism, when case operation module finds there is report to greatest extent When Wen Wei is received, message will be retransmitted, until reaching the maximum number of retransmissions of setting;
    Step 3:Validation verification module is tested according to the configuration of the message sent and received, and case, analysis strategy validity Card situation, it is made whether effectively to judge.
CN201410767686.7A 2014-12-14 2014-12-14 A kind of tactful validity intelligent verification method based on dynamic construction message technology Active CN104580157B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410767686.7A CN104580157B (en) 2014-12-14 2014-12-14 A kind of tactful validity intelligent verification method based on dynamic construction message technology

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410767686.7A CN104580157B (en) 2014-12-14 2014-12-14 A kind of tactful validity intelligent verification method based on dynamic construction message technology

Publications (2)

Publication Number Publication Date
CN104580157A CN104580157A (en) 2015-04-29
CN104580157B true CN104580157B (en) 2017-12-12

Family

ID=53095338

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410767686.7A Active CN104580157B (en) 2014-12-14 2014-12-14 A kind of tactful validity intelligent verification method based on dynamic construction message technology

Country Status (1)

Country Link
CN (1) CN104580157B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108366040B (en) * 2017-01-26 2021-03-02 北京飞利信电子技术有限公司 Programmable firewall logic code detection method and device and electronic equipment
CN108494771B (en) * 2018-03-23 2021-04-23 平安科技(深圳)有限公司 Electronic device, firewall opening verification method and storage medium
CN109040044A (en) * 2018-07-25 2018-12-18 郑州云海信息技术有限公司 A kind of remote system safety regulation automatic verification method and system
CN109284612B (en) * 2018-09-20 2021-06-29 郑州云海信息技术有限公司 Automatic verification method and device for security rules of remote Windows operating system
CN109246159B (en) * 2018-11-27 2021-09-21 杭州迪普科技股份有限公司 Method and device for verifying security policy

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102402723A (en) * 2011-11-03 2012-04-04 北京谷安天下科技有限公司 Method and system for detecting security of information assets
CN102624696A (en) * 2011-12-27 2012-08-01 中国航天科工集团第二研究院七〇六所 Network security situation evaluation method
CN102638445A (en) * 2011-12-27 2012-08-15 中国航天科工集团第二研究院七〇六所 Feedback type multistep network attack intelligent detection method and feedback type multistep network attack intelligent detection device

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
IL154091A0 (en) * 2003-01-23 2003-07-31 A method and a system for unauthorized vehicle control

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102402723A (en) * 2011-11-03 2012-04-04 北京谷安天下科技有限公司 Method and system for detecting security of information assets
CN102624696A (en) * 2011-12-27 2012-08-01 中国航天科工集团第二研究院七〇六所 Network security situation evaluation method
CN102638445A (en) * 2011-12-27 2012-08-15 中国航天科工集团第二研究院七〇六所 Feedback type multistep network attack intelligent detection method and feedback type multistep network attack intelligent detection device

Also Published As

Publication number Publication date
CN104580157A (en) 2015-04-29

Similar Documents

Publication Publication Date Title
CN104580157B (en) A kind of tactful validity intelligent verification method based on dynamic construction message technology
CN103688489B (en) Method for strategy processing and network equipment
US7734754B2 (en) Reviewing effectiveness of communication rules system
CN107004090A (en) For determining the dangerous statistical analysis technique that the content based on file is brought
Isigonis et al. Risk governance of emerging technologies demonstrated in terms of its applicability to nanomaterials
Metere et al. Automated cryptographic analysis of the pedersen commitment scheme
CN103413202B (en) A kind of method of automatic collection mandate relation applied to O&M auditing system
CN104580225B (en) A kind of cloud platform security protection encryption device and method
Beck Performance-based fire engineering design and its application in Australia
Van Eijck et al. Epistemic verification of anonymity
Ma et al. Model checking based security policy verification and validation
CN104539600A (en) Industrial control firewall implementing method for supporting filtering IEC 104 protocol
Pudar et al. PENET: A practical method and tool for integrated modeling of security attacks and countermeasures
CN105006228A (en) Speech recognition method
Baroni et al. Computing with infinite argumentation frameworks: The case of AFRAs
Osofsky Climate change and crises of international law: possibilities for geographic reenvisioning
JP5128046B2 (en) Method for operating an elevator installation
Hadavi et al. Security requirements engineering; state of the art and research challenges
CN101520727A (en) Method and system for protecting key knowledge in software system design
CN106682490B (en) CFL artificial immunity computer model building method
Kähler et al. Constraint solving for contract-signing protocols
Summers The Usefulness of Law in Achieving Union Democracy
Melamud et al. 19 Lessons from the CTBTO negotiation processes
CN108366040A (en) A kind of logical code detection method, device and the electronic equipment of programmable fire wall
CN104378328B (en) A kind of safety access method and system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant