CN104580157B - A kind of tactful validity intelligent verification method based on dynamic construction message technology - Google Patents
A kind of tactful validity intelligent verification method based on dynamic construction message technology Download PDFInfo
- Publication number
- CN104580157B CN104580157B CN201410767686.7A CN201410767686A CN104580157B CN 104580157 B CN104580157 B CN 104580157B CN 201410767686 A CN201410767686 A CN 201410767686A CN 104580157 B CN104580157 B CN 104580157B
- Authority
- CN
- China
- Prior art keywords
- msub
- message
- source
- sample
- mtd
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L1/00—Arrangements for detecting or preventing errors in the information received
- H04L1/12—Arrangements for detecting or preventing errors in the information received by using return channel
- H04L1/16—Arrangements for detecting or preventing errors in the information received by using return channel in which the return channel carries supervisory signals, e.g. repetition request signals
- H04L1/18—Automatic repetition systems, e.g. Van Duuren systems
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
- H04L67/025—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications
Abstract
A kind of tactful validity intelligent verification method based on dynamic construction message technology belongs to technical field of network security.The mentality of designing of the present invention is that tactful validation verification program is made up of three parts, case management module, case operation module, validation verification module.Case management module is mainly responsible for generation checking case, and controls the operation of checking case;Case operation module is mainly responsible for dynamic construction message, packet sampling, and controls sending and receiving for message;Validation verification module is mainly analyzed according to case operation result, makes whether security strategy effectively judges.Tactful validation verification program is operated on the main frame of the more network interface cards of configuration, and case operation module controls different network interface cards to complete sending and receiving for message respectively.The present invention completes tactful validation verification, realizes security strategy validation verification from craft to automation, intelligentized transformation, effectively improve the accuracy and efficiency of tactful validation verification work by dynamic construction message.
Description
Technical field
The invention belongs to technical field of network security, is that one kind is based on analogue data packet technology, automation, intelligentized plan
Slightly validity verification method.
Background technology
With the development of information technology, information turns into the critical asset of organization.Especially rapidly sent out in network technology
Today of exhibition, the protection for information assets are increasingly taken seriously, and most organizations all can be in network boundary deployment secure
Safeguard, corresponding security strategy is formulated to realize network safety prevention target.But whether the validity of security strategy accords with
Close and be expected, then more depend on the technical merit of safe practice support personnel and professional personal integrity, how to realize security strategy
The problem of validity automation, intelligentized checking turn into urgent need to resolve.
At present, the main method of determination strategy validity is still based on artificial judgment, is primarily present following 2 points of deficiencies:
Influenceed by factors such as technical merit, time, professional personal integrity, there is larger uncertain for validation verification result
Property;
The efficiency of manual verification is low, in technical guarantee Personnel Resources' deficiency, can not meet need of work.
The content of the invention
The present invention is exactly to solve the above problems, and is proposed a kind of based on dynamic construction message technology, automation, intellectuality
Tactful validation verification method.Set with reference to security strategy, validation verification case of generating strategy, pass through dynamic construction report
Text, tactful validation verification is completed, realize security strategy validation verification from craft to automation, intelligentized transformation, effectively
Improve the accuracy and efficiency of tactful validation verification work.
The mentality of designing of the present invention is that tactful validation verification program is made up of three parts, case management module, case fortune
Row module, validation verification module.Case management module is mainly responsible for generation checking case, and controls the operation of checking case;
Case operation module is mainly responsible for dynamic construction message, packet sampling, and controls sending and receiving for message;Validation verification mould
Block is mainly analyzed according to case operation result, makes whether security strategy effectively judges.Tactful validation verification program
Operate on the main frame of the more network interface cards of configuration, being connected by netting twine with the entrance and exit being devices under, (such as fire wall is set
Standby interior network interface, outer network interface), case operation module controls different network interface cards to complete sending and receiving for message respectively.Concrete principle
As indicated, it is as shown in Figure 2 specifically to perform flow.
The inventive method comprises the following steps that:
Step 1:Validation verification case is configured according to security strategy;
Step 2:Runtime verification case, message sample sampling is carried out, build message and be sent to and be verified equipment, receive report
Text;
Step 3:According to the message sent and received, analysis strategy validation verification situation, make whether security strategy has
The judgement of effect.
A kind of 1. tactful validity intelligent verification method based on dynamic construction message technology, it is characterised in that step is such as
Under:
Step 1:Validation verification case is generated according to security strategy:
Case is established by case management module, the tuple for establishing checking case includes source address, destination address, source
Port, destination interface, agreement, including the strategy for allowing and refusing;The running of control checking case, including run, suspend
And stopping;
Step 2:Case operation module is called, carries out message sample sampling, message is built and is sent to and is verified equipment, connect
Receive the message by being verified equipment;
(1) according to the checking case of generation, the sampling of message sample is completed;
The design of sample sampling algorithm is as follows:
(a) it is 10000-50000 to set maximum quantity M, M interval of giving out a contract for a project;
(b) sample drawn, ensure sample uniform fold by protocol type, source address, destination address, source port, destination
The sample spaces of five filtering domain compositions of mouth, it is as follows to extract strategy:
As give out a contract for a project quantity Ms of the sample number n less than maximum, then all n samples are extracted, build message;
As give out a contract for a project quantity Ms of the sample number n more than maximum, then sample shift value is calculated according to following algorithm, according to deviant
Sample drawn, build message;
If it is A after source IP address parsing1.B1.C1.D1‐A2.B2.C2.D2, total IP address number of MAX IP sections for this, λSourceFor source
Address sampling step-length, mSourceFor the source messages sum of setting, λPurposeFor purpose address sampling step-length, mPurposeIt is total for the purpose message of setting
Number, i.e., plan structure sum is (mSource*mPurpose) individual message;For ensure sample can uniform fold sample space, (m should be madeSource*mPurpose)
Give out a contract for a project quantity M much larger than maximum, then carry out second of random sampling again, finally determine M message;
The Sample Maximal number for the sample space being made up of source address section is MAX, and calculation formula is (1);When IP address is with point
When dividing decimal format expression, shaped like A.B.C.D, every value changes from 1 to 255 since lowest order D is 1, until arriving
After 255, C enters position 1, by that analogy;So it can obtain calculating the formula for the IP sums that legal IP sections are included, i.e. formula
(1);
Source address sampling step size computation formula is (2);
By step-length is calculated, A is taken1.B1.C1.D1For initial address, last position D1Successively plus step-length λSource, work as D1+nλSourceDeng
When 255, in C1Position enters 1, works as C1When reaching 255, B1Position enters 1, works as B1When reaching 255, A1Position enters 1, A1When reaching 255, algorithm
Terminate;The sample extracted is followed successively by A1.B1.C1.D1、A1.B1.C1.(D1+λSource)、A1.B1.C1.(D1+2λSource)、……、
A1.B1.C1.(D1+nλSource)、……、A2.B2.C2.D2;
Similarly, the sampling step-length λ of destination address is calculatedPurpose, and and then the sample that is extracted;
By above step, according to the parameter value of setting, the message total of structure is mSource*mPurpose, when M is less than message total
For mSource*mPurposeDouble sampling is taken, then randomly selects M message, for completing tactful validation verification;
(2) message is built;
(3) message is sent and received;After dynamic construction message, it is sent to and is devices under, and receives and be devices under sending out
The message sent back;To ensure the accuracy of test, design data packet retransmission mechanism, when case operation module is found to greatest extent
When thering is the message not receive, message will be retransmitted, until reaching the maximum number of retransmissions of setting;
Step 3:Validation verification module is effective according to the configuration of the message sent and received, and case, analysis strategy
Property checking situation, be made whether effectively to judge.
Brief description of the drawings
Fig. 1 principle of the invention figures
Fig. 2 flow charts of the present invention
Embodiment
With reference to flow chart, embodiment is described in detail, it should be emphasised that, the description below is merely exemplary
, the scope being not intended to be limiting of the invention and its application.The present invention combines puppy parc (TCP) and checking packet filtering rules
Validity illustrates, but is equally applicable to other general or proprietary protocols.
Step 1:Validation verification case (case management module) is generated according to security strategy;
Case management module realizes the management and dispatching of whole verification process, and realizes the information exchange with user.Main work(
Structure checking case, checking Row control, reception and the result etc. can be included.
(1) checking case is established.Case is established by case management module, the tuple for establishing checking case includes source
Address, destination address, source port, destination interface, agreement, strategy (permission, refusal etc.) etc., address realm can be set as needed
Put point-to-point, group to group, section to section.
(2) runtime verification case.The running of control checking case, including run, suspend and stop.
Step 2:Case operation module is called, carries out message sample sampling, message is built and is sent to and is verified equipment, connect
Receive the message by being verified equipment.
Case operation module realizes that the sample of message in verification process is sampled, builds, sent and received, and sends and connect
Receive Synchronization Control.
(1) according to the checking case of generation, the sampling of message sample is completed;
Message sample sampling algorithm is that the difficult point in the present invention is also emphasis, because building report fully according to the parameter of setting
Text, often quantity is larger, and the verification process duration is longer, extracts a small amount of message again it cannot be guaranteed that the validity of sample.So
The sample number of message, which should be ensured, can try one's best Covering samples space, to ensure the validity of checking, while take into account checking again
Efficiency.Sample sampling algorithm design in the present invention is as follows:
(a) maximum is set to give out a contract for a project quantity M (based on experience value, interval 10000-50000, general value 20000);
(b) sample drawn, ensure sample uniform fold by protocol type, source address, destination address, source port, destination
The sample spaces of five filtering domain compositions of mouth, it is as follows to extract strategy:
● sample number n is less than the maximum quantity M that gives out a contract for a project (by taking M values 20000 as an example), then extracts all n samples, builds
Message;
● sample number n is more than the maximum quantity M that gives out a contract for a project, then sample shift value is calculated according to following algorithm, according to deviant
Sample drawn, build message.
If it is A after source IP address parsing1.B1.C1.D1-A2.B2.C2.D2, total IP address number of MAX IP sections for this, λSourceFor source
Address sampling step-length, mSourceIt is total (with m for the source messages of settingSourceExemplified by value 1000), λPurposeFor purpose address sampling step-length, mPurpose
For setting purpose message total (with mPurposeExemplified by value 1000), i.e., plan structure sum is (mSource*mPurpose) individual message.To ensure
Sample can uniform fold sample space, (m should be madeSource*mPurpose) give out a contract for a project quantity M much larger than maximum, then carry out again second it is random
Sampling, finally determine M message.
The Sample Maximal number for the sample space being made up of source address section is MAX, and calculation formula is (1).When IP address is with point
When dividing decimal format expression, shaped like A.B.C.D, every value changes from 1 to 255 since lowest order D is 1, until arriving
After 255, C enters position 1, by that analogy.So it can obtain calculating the formula for the IP sums that legal IP sections are included, i.e. formula
(1)。
Source address sampling step size computation formula is (2).
By step-length is calculated, A is taken1.B1.C1.D1For initial address, last position D1Successively plus step-length λSource, work as D1+nλSourceDeng
When 255, in C1Position enters 1, works as C1When reaching 255, B1Position enters 1, works as B1When reaching 255, A1Position enters 1, A1When reaching 255, algorithm
Terminate.The sample extracted is followed successively by A1.B1.C1.D1、A1.B1.C1.(D1+λSource)、A1.B1.C1.(D1+2λSource)、……、
A1.B1.C1.(D1+nλSource)、……、A2.B2.C2.D2。
Similarly, the sampling step-length λ of destination address can also be calculatedPurpose, and and then extracted sample (present invention with mPurpose
1000) value is.
By above step, according to the parameter value of setting, the message total of structure is (mSource*mPurpose)=(1000*1000)=
1000000, due to (M=20000)<1000000, so taking double sampling, randomly selected again from 1000000 messages
20000 messages, for completing tactful validation verification.
(2) message is built.According to the sample number structure checking message extracted, with reference to each tuple letter set in checking case
Breath, structure checking message.In order to ensure to send and receive the correct statistical analysis of message, message is also included in the message of structure
The information such as sequence number and message total, it is stored in the data field portion of message;
(3) message is sent and received.After dynamic construction message, it is sent to and is devices under, and receives and be devices under sending out
The message sent back.To ensure the accuracy of test, design data packet retransmission mechanism, when case operation module is found to greatest extent
When thering is the message not receive, message will be retransmitted, until reaching the maximum number of retransmissions of setting (such as:Three times), feelings will be received afterwards
Condition includes the result and judges scope.
Step 3:Validation verification module is effective according to the configuration of the message sent and received, and case, analysis strategy
Property checking situation, be made whether effectively to judge.
The result example 1
(1) configuration verification case
Source address:192.168.1.1-192.168.1.2, source port:2000-2001, destination address:192.168.2.1-
192.168.2.2, destination interface:3000-3001, agreement:TCP, strategy:By source network interface card:Network interface card 1, purpose network interface card:Network interface card
2。
(2) firewall policy is set
Authentication policy:" source address:192.168.1.1, source port:Any, destination address:192.168.2.1, destination
Mouthful:Any, agreement:TCP, strategy:Allow ";
Default policy:" source address:Any, source port:Any, destination address:Any, destination interface:Any, agreement:TCP, plan
Slightly:Refusal ".
(4) message combination is built
The message combination that table 1 is built
Test serial number | Agreement | Source address | Source port | Destination address | Destination interface |
1 | TCP | 192.168.1.1 | 2000 | 192.168.2.1 | 3000 |
2 | TCP | 192.168.1.1 | 2000 | 192.168.2.1 | 3001 |
3 | TCP | 192.168.1.1 | 2000 | 192.168.2.2 | 3000 |
4 | TCP | 192.168.1.1 | 2000 | 192.168.2.2 | 3001 |
5 | TCP | 192.168.1.1 | 2001 | 192.168.2.1 | 3000 |
6 | TCP | 192.168.1.1 | 2001 | 192.168.2.1 | 3001 |
7 | TCP | 192.168.1.1 | 2001 | 192.168.2.2 | 3000 |
8 | TCP | 192.168.1.1 | 2001 | 192.168.2.2 | 3001 |
9 | TCP | 192.168.1.2 | 2000 | 192.168.2.1 | 3000 |
10 | TCP | 192.168.1.2 | 2000 | 192.168.2.1 | 3001 |
11 | TCP | 192.168.1.2 | 2000 | 192.168.2.2 | 3000 |
12 | TCP | 192.168.1.2 | 2000 | 192.168.2.2 | 3001 |
13 | TCP | 192.168.1.2 | 2001 | 192.168.2.1 | 3000 |
14 | TCP | 192.168.1.2 | 2001 | 192.168.2.1 | 3001 |
15 | TCP | 192.168.1.2 | 2001 | 192.168.2.2 | 3000 |
16 | TCP | 192.168.1.2 | 2001 | 192.168.2.2 | 3001 |
(5) the result
The result of table 2
As can be seen from the above table, source address 192.168.1.1 to destination address 192.168.2.1 TCP message checking is logical
Cross, it is consistent with the expected results " permission " of firewall policy;The message of remaining combination is not by the expection with firewall policy
As a result " refuse " consistent.Tactful validation verification program is then verified that the security strategy is effective, can effectively played according to the result
Safety protection function., whereas if TCP message " source address 192.168.1.2, source port 2000, destination address
192.168.2.2, the result of destination interface 3000 " shows " passing through ", then illustrates that the strategy is not reaching to expected effect,
The reason for possible is conflict etc. between firewall software failure or security strategy be present, prompts safe practice personnel further
Maintenance changes equipment, or resets the operation such as security strategy, to ensure that equipment can normally play safety protection function.
The result example 2
(1) configuration verification case
Source address:192.16.0.5-192.16.25.5, source port:2000, destination address:192.16.0.5-
192.17.0.5, source port:3000, agreement:TCP, strategy:By source network interface card:Network interface card 1, purpose network interface card:Network interface card 2.
(2) firewall policy is set
Authentication policy:" source address:192.168.0.5, source port:Any, destination address:192.168.0.5, destination
Mouthful:Any, agreement:TCP, strategy:Allow ";
Default policy:" source address:Any, source port:Any, destination address:Any, destination interface:Any, agreement:TCP, plan
Slightly:Refusal ".
(4) message combination is built
Source address IP sums 6375, purpose IP sums 65025, structure message total are:414534375.
M=20000, m are setSource=1000, mPurpose=1000, calculate and understand:λSource=6, λPurpose=65, can through first step sampling
1000000 messages are drawn, in order to both improve verification efficiency, ensures checking validity again, carries out second of random sampling, extract
20000 messages, for tactful validation verification.
(5) verification efficiency compares
Sampled by first time, checking message amount is reduced to 1000000 by 414534375, by secondary sample, tests
Card message amount is further decreased to 20000, and result of the test shows, the sampling algorithm designed using the present invention, makes verification efficiency
About 90% is improved, and the validity of policy validation method proposed by the present invention can be ensured.
Claims (1)
- A kind of 1. tactful validity intelligent verification method based on dynamic construction message technology, it is characterised in that step is as follows:Step 1:Validation verification case is generated according to security strategy:Case is established by case management module, the tuple for establishing checking case includes source address, destination address, source Mouth, destination interface, agreement, including the strategy for allowing and refusing;Control checking case running, including run, suspend and Stop;Step 2:Case operation module is called, carries out message sample sampling, message is built and is sent to and is verified equipment, is received logical Cross the message for being verified equipment;(1) according to the checking case of generation, the sampling of message sample is completed;The design of sample sampling algorithm is as follows:(a) it is 10000-50000 to set maximum quantity M, M interval of giving out a contract for a project;(b) sample drawn, ensure sample uniform fold by protocol type, source address, destination address, source port, destination interface five The sample space of individual filtering domain composition, it is as follows to extract strategy:As give out a contract for a project quantity Ms of the sample number n less than maximum, then all n samples are extracted, build message;As give out a contract for a project quantity Ms of the sample number n more than maximum, then sample shift value is calculated according to following algorithm, extracted according to deviant Sample, build message;If it is A after source IP address parsing1.B1.C1.D1-A2.B2.C2.D2, total IP address number of MAX IP sections for this, λSourceFor source address Sampling step-length, mSourceFor the source messages sum of setting, λPurposeFor purpose address sampling step-length, mPurposeFor the purpose message total of setting, I.e. plan structure sum is (mSource*mPurpose) individual message;For ensure sample can uniform fold sample space, (m should be madeSource*mPurpose) remote Give out a contract for a project quantity M more than maximum, then carry out second of random sampling again, finally determine M message;The Sample Maximal number for the sample space being made up of source address section is MAX, and calculation formula is (1);When IP address to put minutes ten When system form represents, shaped like A.B.C.D, every value changes from 1 to 255 since lowest order D is 1, until to after 255, C enters position 1, by that analogy;So it can obtain calculating the formula for the IP sums that legal IP sections are included, i.e. formula (1);<mrow> <mi>M</mi> <mi>A</mi> <mi>X</mi> <mo>=</mo> <mfenced open = "[" close = "]"> <mtable> <mtr> <mtd> <msup> <mn>255</mn> <mn>3</mn> </msup> </mtd> <mtd> <msup> <mn>255</mn> <mn>2</mn> </msup> </mtd> <mtd> <mn>255</mn> </mtd> <mtd> <mn>1</mn> </mtd> </mtr> </mtable> </mfenced> <mo>&times;</mo> <mfenced open = "[" close = "]"> <mtable> <mtr> <mtd> <mrow> <mo>|</mo> <msub> <mi>A</mi> <mn>2</mn> </msub> <mo>-</mo> <msub> <mi>A</mi> <mn>1</mn> </msub> <mo>|</mo> </mrow> </mtd> </mtr> <mtr> <mtd> <mrow> <mo>|</mo> <msub> <mi>B</mi> <mn>2</mn> </msub> <mo>-</mo> <msub> <mi>B</mi> <mn>1</mn> </msub> <mo>|</mo> </mrow> </mtd> </mtr> <mtr> <mtd> <mrow> <mo>|</mo> <msub> <mi>C</mi> <mn>2</mn> </msub> <mo>-</mo> <msub> <mi>C</mi> <mn>1</mn> </msub> <mo>|</mo> </mrow> </mtd> </mtr> <mtr> <mtd> <mrow> <mo>|</mo> <msub> <mi>D</mi> <mn>2</mn> </msub> <mo>-</mo> <msub> <mi>D</mi> <mn>1</mn> </msub> <mo>+</mo> <mn>1</mn> <mo>|</mo> </mrow> </mtd> </mtr> </mtable> </mfenced> <mo>=</mo> <msup> <mn>255</mn> <mn>3</mn> </msup> <mo>&times;</mo> <mo>|</mo> <msub> <mi>A</mi> <mn>2</mn> </msub> <mo>-</mo> <msub> <mi>A</mi> <mn>1</mn> </msub> <mo>|</mo> <mo>+</mo> <msup> <mn>255</mn> <mn>2</mn> </msup> <mo>&times;</mo> <mo>|</mo> <msub> <mi>B</mi> <mn>2</mn> </msub> <mo>-</mo> <msub> <mi>B</mi> <mn>1</mn> </msub> <mo>|</mo> <mo>+</mo> <mn>255</mn> <mo>&times;</mo> <mo>|</mo> <msub> <mi>C</mi> <mn>2</mn> </msub> <mo>-</mo> <msub> <mi>C</mi> <mn>1</mn> </msub> <mo>|</mo> <mo>+</mo> <mo>|</mo> <msub> <mi>D</mi> <mn>2</mn> </msub> <mo>-</mo> <msub> <mi>D</mi> <mn>1</mn> </msub> <mo>+</mo> <mn>1</mn> <mo>|</mo> <mn>......</mn> <mrow> <mo>(</mo> <mn>1</mn> <mo>)</mo> </mrow> </mrow>Source address sampling step size computation formula is (2);By step-length is calculated, A is taken1.B1.C1.D1For initial address, last position D1Successively plus step-length λSource, work as D1+nλSourceEqual to 255 When, in C1Position enters 1, works as C1When reaching 255, B1Position enters 1, works as B1When reaching 255, A1Position enters 1, A1When reaching 255, algorithm terminates; The sample extracted is followed successively by A1.B1.C1.D1、A1.B1.C1.(D1+λSource)、A1.B1.C1.(D1+2λSource)、……、A1.B1.C1.(D1 +nλSource)、……、A2.B2.C2.D2;Similarly, the sampling step-length λ of destination address is calculatedPurpose, and and then the sample that is extracted;By above step, according to the parameter value of setting, the message total of structure is mSource*mPurpose, when M less than message total is mSource* mPurposeDouble sampling is taken, then randomly selects M message, for completing tactful validation verification;(2) message is built;(3) message is sent and received;After dynamic construction message, it is sent to and is devices under, and receives and be devices under sending back The message come;To ensure the accuracy of test, design data packet retransmission mechanism, when case operation module finds there is report to greatest extent When Wen Wei is received, message will be retransmitted, until reaching the maximum number of retransmissions of setting;Step 3:Validation verification module is tested according to the configuration of the message sent and received, and case, analysis strategy validity Card situation, it is made whether effectively to judge.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410767686.7A CN104580157B (en) | 2014-12-14 | 2014-12-14 | A kind of tactful validity intelligent verification method based on dynamic construction message technology |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410767686.7A CN104580157B (en) | 2014-12-14 | 2014-12-14 | A kind of tactful validity intelligent verification method based on dynamic construction message technology |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104580157A CN104580157A (en) | 2015-04-29 |
CN104580157B true CN104580157B (en) | 2017-12-12 |
Family
ID=53095338
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410767686.7A Active CN104580157B (en) | 2014-12-14 | 2014-12-14 | A kind of tactful validity intelligent verification method based on dynamic construction message technology |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104580157B (en) |
Families Citing this family (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108366040B (en) * | 2017-01-26 | 2021-03-02 | 北京飞利信电子技术有限公司 | Programmable firewall logic code detection method and device and electronic equipment |
CN108494771B (en) * | 2018-03-23 | 2021-04-23 | 平安科技(深圳)有限公司 | Electronic device, firewall opening verification method and storage medium |
CN109040044A (en) * | 2018-07-25 | 2018-12-18 | 郑州云海信息技术有限公司 | A kind of remote system safety regulation automatic verification method and system |
CN109284612B (en) * | 2018-09-20 | 2021-06-29 | 郑州云海信息技术有限公司 | Automatic verification method and device for security rules of remote Windows operating system |
CN109246159B (en) * | 2018-11-27 | 2021-09-21 | 杭州迪普科技股份有限公司 | Method and device for verifying security policy |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102402723A (en) * | 2011-11-03 | 2012-04-04 | 北京谷安天下科技有限公司 | Method and system for detecting security of information assets |
CN102624696A (en) * | 2011-12-27 | 2012-08-01 | 中国航天科工集团第二研究院七〇六所 | Network security situation evaluation method |
CN102638445A (en) * | 2011-12-27 | 2012-08-15 | 中国航天科工集团第二研究院七〇六所 | Feedback type multistep network attack intelligent detection method and feedback type multistep network attack intelligent detection device |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
IL154091A0 (en) * | 2003-01-23 | 2003-07-31 | A method and a system for unauthorized vehicle control |
-
2014
- 2014-12-14 CN CN201410767686.7A patent/CN104580157B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102402723A (en) * | 2011-11-03 | 2012-04-04 | 北京谷安天下科技有限公司 | Method and system for detecting security of information assets |
CN102624696A (en) * | 2011-12-27 | 2012-08-01 | 中国航天科工集团第二研究院七〇六所 | Network security situation evaluation method |
CN102638445A (en) * | 2011-12-27 | 2012-08-15 | 中国航天科工集团第二研究院七〇六所 | Feedback type multistep network attack intelligent detection method and feedback type multistep network attack intelligent detection device |
Also Published As
Publication number | Publication date |
---|---|
CN104580157A (en) | 2015-04-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104580157B (en) | A kind of tactful validity intelligent verification method based on dynamic construction message technology | |
CN103688489B (en) | Method for strategy processing and network equipment | |
US7734754B2 (en) | Reviewing effectiveness of communication rules system | |
CN107004090A (en) | For determining the dangerous statistical analysis technique that the content based on file is brought | |
Isigonis et al. | Risk governance of emerging technologies demonstrated in terms of its applicability to nanomaterials | |
Metere et al. | Automated cryptographic analysis of the pedersen commitment scheme | |
CN103413202B (en) | A kind of method of automatic collection mandate relation applied to O&M auditing system | |
CN104580225B (en) | A kind of cloud platform security protection encryption device and method | |
Beck | Performance-based fire engineering design and its application in Australia | |
Van Eijck et al. | Epistemic verification of anonymity | |
Ma et al. | Model checking based security policy verification and validation | |
CN104539600A (en) | Industrial control firewall implementing method for supporting filtering IEC 104 protocol | |
Pudar et al. | PENET: A practical method and tool for integrated modeling of security attacks and countermeasures | |
CN105006228A (en) | Speech recognition method | |
Baroni et al. | Computing with infinite argumentation frameworks: The case of AFRAs | |
Osofsky | Climate change and crises of international law: possibilities for geographic reenvisioning | |
JP5128046B2 (en) | Method for operating an elevator installation | |
Hadavi et al. | Security requirements engineering; state of the art and research challenges | |
CN101520727A (en) | Method and system for protecting key knowledge in software system design | |
CN106682490B (en) | CFL artificial immunity computer model building method | |
Kähler et al. | Constraint solving for contract-signing protocols | |
Summers | The Usefulness of Law in Achieving Union Democracy | |
Melamud et al. | 19 Lessons from the CTBTO negotiation processes | |
CN108366040A (en) | A kind of logical code detection method, device and the electronic equipment of programmable fire wall | |
CN104378328B (en) | A kind of safety access method and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |