CN106888209A - A kind of industry control bug excavation method based on protocol status figure extreme saturation - Google Patents
A kind of industry control bug excavation method based on protocol status figure extreme saturation Download PDFInfo
- Publication number
- CN106888209A CN106888209A CN201710120947.XA CN201710120947A CN106888209A CN 106888209 A CN106888209 A CN 106888209A CN 201710120947 A CN201710120947 A CN 201710120947A CN 106888209 A CN106888209 A CN 106888209A
- Authority
- CN
- China
- Prior art keywords
- packet
- protocol
- constraint
- target device
- protocol status
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
Abstract
The present invention relates to a kind of industry control bug excavation method based on protocol status figure extreme saturation.The method includes:1) network packet of target device is obtained, network packet pre-process is obtained packet set to be analyzed;2) treat the packet in analyze data bag set carry out piecemeal treatment obtain a large amount of protocol basis blocks;3) the state transfer incidence relation of the constraint link relation and data parlor in single packet between protocol basis block is extracted, and constructs protocol status figure based on this;4) protocol status figure is traveled through by depth-first fashion, generates and sends corresponding deformity packet;5) whether acquisition equipment survives, and writing POC scripts according to lopsided packet if target device collapses carries out validating vulnerability, so as to find security breaches present in target device.The present invention can effectively have found security breaches present in Internet of Things and industrial control system equipment, solve the problems, such as that traditional bug excavation method validity is poor.
Description
Technical field
The present invention relates to procotol safety, Internet of Things/industrial control system safety and safety test technical field, especially
It is related to a kind of safety loophole mining method based on protocol status figure extreme saturation.
Background technology
With Internet of Things, smart city, intelligent grid popularization, in recent years for Internet of Things and industrial control system equipment
Various assaults it is increasing, expose in Internet of Things and industrial control system equipment and there is substantial amounts of safety leakage
Hole.Be actively discovered security breaches present in Internet of Things and industrial control system equipment and carrying out repair become one it is important
Safety prevention measure.
Due to internet of things equipment and industrial control system equipment have closure, be difficult to debug, system real time is high, be difficult to
The features such as emulation, traditional bug excavation method, such as conversed analysis, semiology analysis, stain tracking etc. method be difficult obtain compared with
Good effect.In order to be able to effectively find security breaches present in Internet of Things and industrial control system equipment, it is necessary to a set of special
Door is for Internet of Things and the bug excavation system of industrial control system equipment.
The present invention proposes a kind of industry control bug excavation method based on protocol status figure extreme saturation, by long-range fuzz
Test to realize, be mainly used to effectively find security breaches present in Internet of Things and industrial control system equipment.Fuzz is tested
Also " fuzz testing " is, is a kind of excavation software security flaw, the Black-box Testing of inspection software robustness, it is by defeated to software
Enter illegal field, whether observation tested software is realized extremely.
The content of the invention
The problem that the present invention is solved is directed to the network communication protocol used in Internet of Things and industrial control system, proposes one
The industry control bug excavation method based on protocol status figure extreme saturation is planted, according to the constraint link between protocol basis block in packet
The state transfer incidence relation construction protocol status figure of relation and data parlor, long-range fuzz surveys are carried out based on protocol status figure
Examination, reaches the purpose for effectively finding safety defect present in Internet of Things and industrial control system equipment.
Technical proposal that the invention solves the above-mentioned problems is as follows:
A kind of industry control bug excavation method based on protocol status figure extreme saturation, obtains the network number of target device first
According to bag, network packet pre-process obtain packet set to be analyzed;Treat the packet in analyze data bag set
Carry out piecemeal treatment and obtain a large amount of protocol basis blocks, extract constraint link relation and many packets between basic blocks in single packet
Between state transfer incidence relation, and based on this construct protocol status figure;Protocol status figure is entered by depth-first fashion
Row traversal, generates and sends corresponding deformity packet to target device;Whether acquisition equipment survives simultaneously, if target sets
Standby collapse then can write POC (validating vulnerability) script according to lopsided packet carries out validating vulnerability so as to find to be deposited in target device
Security breaches;The transmission of duplication packet and the process of target survival detection, finish until protocol status figure is traveled through.
The specific steps of the above method include:
Step 1, is interacted by with target device, and the network data of target device is captured using Packet Sniffer
Bag;
Step 2, the network packet to capturing is pre-processed, and obtains packet set to be analyzed;
Step 3, using protocol automation analysis method, piecemeal treatment is carried out to the network packet in set, obtains big
The protocol basis block of amount;
Step 4, with reference to automated analysis and the mode of manual analysis, letter is carried out to the protocol basis block in network packet
Number association, obtains restriction relation, and the transfer relationship between network packet is associated, and obtains state transfer incidence relation;
Step 5, is associated with the state transfer between the constraint link relation and packet between protocol basis block, block and block
Based on relation construct protocol status figure, wherein, each node for agreement a state, nodal community be protocol basis block and
Its constraint link relation, each edge is the state transfer incidence relation between protocol status;
Step 6, is traveled through by depth-first fashion to protocol status figure, and sets maximum traversal depth max_depth,
Generate lopsided packet and send according to the state transfer incidence relation between the constraint link relation and node in node;It is described
Lopsided packet refers to the part field of normal industrial control data bag by industrial control data bag produced after change at random;
Step 7, probe data packet is sent to goal systems, and whether detection target survives, if target is collapsed, can be according to abnormal
Graphic data bag writes POC scripts and carries out validating vulnerability, so as to find security breaches present in target device;
Step 8, if reaching maximum traversal depth max_depth, backtracking upwards jumps to step 6, continues to agreement shape
State figure is traveled through, if whole protocol status figure traversal is finished, is stopped.
On the basis of above-mentioned technical proposal, the present invention can also do following improvement.
Further, the acquisition methods of network packet are included but is not limited to use in the step 1 Wireshark,
The instruments such as Tcpdump, Burpsuite, Fiddler, Scapy, libpcap, for target device include but is not limited to network
Camera, intelligent router, intelligent bulbs, PLC etc., for procotol include but is not limited to Transmission Control Protocol, udp protocol,
File Transfer Protocol, Telnet agreements, http protocol, RTSP agreements, S7 agreements and MODBUS agreements etc.;
Further, the preprocessing process of network packet is included but is not limited to filter out independent protocol in the step 2
Packet, screen out and test fuzz unworthy packet and to multiple duplicate removal of recurrent network packet for occurring etc.;
Further, the piecemeal of network packet included but is not limited in the step 3 agreement request head and request data,
Protocol keyword, agreement separator and protocol contents etc.;
Further, the constraint link relation in the step 4 between protocol basis block includes but is not limited to length constraint, school
Test and constrain, field value constraint etc., the transfer incidence relation between network packet includes but is not limited to certification constraint, field
Value constraint, state switching constraint etc.;Wherein, length constraint refers to have a field in packet, and its value is the packet
Length scale;Verification and constraint refer to have a field in packet, its value be the packet verification and;Field value is constrained
Refer to have a field in packet, its value takes different values with the type of protocol version etc.;Certification is constrained, part
Agreement is before interaction, it is necessary to mutually carry out authentication;State switching constraint refers to certain the state needs in protocol state machine
Send specific packet and get to the state.
Further, the method that whether detection goal systems survives in the step 7 includes but is not limited to send icmp probe
Packet, transmission TCP SYN probe data packets, transmission TCP FIN packets, transmission TCP probe data packets, transmission UDP detections
Packet etc..
The beneficial effects of the invention are as follows:
The system that the present invention builds is by between the constraint link relation and packet between basic blocks in mining data bag
State transfer incidence relation, fuzz tests are carried out based on protocol status figure, can effectively find Internet of Things and Industry Control
Security breaches present in system equipment, solve the problems, such as that traditional bug excavation method validity is poor.
Brief description of the drawings
Fig. 1 carries out the flow chart of fuzz tests to target to be based on protocol status figure extreme saturation in the embodiment of the present invention;
Fig. 2 is the flow chart for carrying out fuzz tests to camera based on RTSP protocol status figure of the present invention;
Fig. 3 is the protocol status figure for RTSP protocol constructions of the present invention.
Specific embodiment
Principle of the invention and feature are described below in conjunction with accompanying drawing, example is served only for explaining the present invention, and
It is non-for limiting the scope of the present invention.
The present embodiment is related to a kind of industry control bug excavation method based on protocol status figure extreme saturation, mainly by obtaining
Take the network packet of target device and pre-process and obtain packet set to be analyzed, the packet in set is divided
Block.Constraint link relation and packet in packet between basic blocks are obtained with reference to the mode of automated analysis and manual analysis
Between state transfer incidence relation, and based on this construct protocol status figure.Carried out by depth-first fashion traversal protocols figure
Fuzz is tested, and is detected to whether target survives, and deposit in Internet of Things and industrial control system equipment with to be reached effectively find
Safety defect purpose.
According to the fuzz test flow charts that Fig. 1 is given, the method for the present embodiment specifically includes following steps:
Step 1, is interacted by with target device, and the network data of target device is captured using Packet Sniffer
Bag;
Step 2, the network packet to capturing is carried out pretreatment operation including filtering, duplicate removal etc., obtains data to be analyzed
Bag set;
Step 3, using protocol automation analysis method, agreement request head, request data, agreement to network packet are closed
Key word, agreement separator and protocol field value etc. carry out piecemeal, obtain substantial amounts of protocol basis block;
Step 4, with reference to automated analysis and the mode of manual analysis, letter is carried out to the protocol basis block in network packet
Number association, obtains restriction relation such as length constraint, verification and constraint, value constraint etc., and the transfer between network packet is closed
System is associated, and obtains state transfer incidence relation such as authentication condition etc.;
Step 5, is associated with the state transfer between the constraint link relation and packet between protocol basis block, block and block
Based on relation construct protocol status figure, wherein, each node for agreement a state, nodal community be protocol basis block and
Its constraint link relation, each edge is the state transfer incidence relation between protocol status;
Step 6, is traveled through by depth-first fashion to protocol status figure, and sets maximum traversal depth max_depth,
Generate lopsided packet and send according to the state transfer incidence relation between the constraint link relation and node in node;
Step 7, probe data packet is sent to goal systems, and whether detection target survives, if target is collapsed, can be according to abnormal
Graphic data bag writes POC scripts and carries out validating vulnerability;
Step 8, if reaching maximum traversal depth max_depth, backtracking upwards jumps to step 6, continues to agreement shape
State figure is traveled through, if whole protocol status figure traversal is finished, is stopped.
Describe the test of the present embodiment in detail as a example by carrying out fuzz tests using RTSP Protocol Through Networks camera below
Flow.It is as shown in Figure 2 that it implements process.
First, network packet collection and preprocessing process
The configuration management interface of IP Camera is logined first, video flowing live preview is carried out, while utilizing
Wireshark instruments capture packet.Afterwards, exit network camera administration interface, then stops the capture of packet.
Packet to being captured in Wireshark carries out pretreatment operation, sets filter condition and is filtered out for " rtsp "
The packet of RTSP agreements, preserves result and obtains packet set to be analyzed.
2nd, packet piecemeal and protocol status figure construction process
Automated analysis is carried out to protocol data bag, using separator " r n r n " separate request in RTSP agreements
Head and request data, recycle separator " r n " that the content in request header is carried out into piecemeal, recycle separator ":" further
Content in partition request head.With reference to automated analysis and the method for manual analysis, line function is entered to the basic blocks in packet
The relations such as association, value constraint, length constraint between acquisition basic blocks, such as value of " Conetent-Length " field is relied on
In the length of request data part, the transfer relationship to data parlor is associated, and obtains state transfer incidence relation such as certification
Condition, the constraint of nc values etc..
By taking the SETUP requests in RTSP agreements as an example, its raw requests content is as follows.
The result carried out after piecemeal treatment is as follows.
Wherein, name fields are the name of block, and data fields are its content, comprising pieces fields and event_
Handler fields, the title of the content such as name comprising each basic blocks, value and treatment function, event_ in pieces fields
Comprising the treatment function name between basic blocks and correspondence parameter in handler fields.
Upper example illustrates the value dependence of the value restriction relation and data parlor in packet between basic blocks.It is false
If the call number of describe packets is depended on for the value of nonce fields in the basic blocks of 1, setup packets
The value of nonce in the basic blocks of dedcribe, and the value of response fields is again relied in the basic blocks of setup packets
The value of the field such as action, username, realm, nonce and uri in basic blocks.
Based on the state transfer incidence relation of constraint link relation and data parlor between basic blocks in packet
Construction protocol status figure, the protocol status figure of RTSP agreements is as shown in Figure 3.Can be distinguished according to RTSP protocol keywords
The states such as OPTIONS, DESCRIBE, SETUP, PLAY, TEARDOWN, piecemeal treatment is carried out to the packet under each state,
Obtain the association attributes of node.When a state has different attributes, such as header field or during different uri fields, then
The state is made a distinction, such as DESCRIBE states can be divided into DESCRIBE1 (unauthenticated) and DESCRIBE2 (by certification)
Two states, obtain protocol status node of graph set after treatment;Follow the trail of packet in data flow such as tcp data stream or
Session session streams, the dependence between analysis state is saved as the attribute on side if it there is dependence, such as from
Describe1 states are needed to carry out Authorization session authentications when being switched to Describe2 states, and certification success is then cut
Describe2 states are changed to, Describe1 states are otherwise remained in.In Fig. 3, Authorization represents certification;
Username or password wrong represent user name or code error;Usertoken represents User Token;sessions
Represent session;Cmd type:Get represents command type:Obtain;Cmd type:Set represents command type:Set;Cmd
type:Teardown represents command type:Disconnect.
3rd, protocol status figure traversal and target device survival detection process
By depth-first fashion traversal protocols state diagram, and maximum traversal depth max_depth is set, according to the category of node
Property and node between incidence relation generate and send corresponding deformity packet.If not received from mesh after sending lopsided packet
The response bag of marking device, then send whether TCP SYN probe data packets acquisition equipments survive, if receiving from target device
TCP SYN+ACK packets, illustrate that target device does not collapse, on the contrary then explanation target has been collapsed, and forms an abnormal note
The lopsided packet for sending before is recorded and preserved, POC scripts is write according to the lopsided packet " leak " is verified.Detection
After finishing, if reach maximum traversal depth max_depth, backtracking upwards continues traversal protocols state diagram, if whole agreement
State diagram traversal is finished, then stopped.
The above embodiments are merely illustrative of the technical solutions of the present invention rather than is limited, the ordinary skill of this area
Personnel can modify or equivalent to technical scheme, without departing from the spirit and scope of the present invention, this
The protection domain of invention should be to be defined described in claims.
Claims (9)
1. a kind of industry control bug excavation method based on protocol status figure extreme saturation, its step includes:
1) network packet of target device is obtained, network packet pre-process is obtained packet set to be analyzed;
2) treat the packet in analyze data bag set carry out piecemeal treatment obtain a large amount of protocol basis blocks;
3) the state transfer incidence relation of the constraint link relation and data parlor in single packet between protocol basis block is extracted, and
Protocol status figure is constructed based on this;
4) protocol status figure is traveled through by depth-first fashion, generates and sends corresponding deformity packet;
5) whether acquisition equipment survives, and writing POC scripts according to lopsided packet if target device collapses carries out leak
Checking, so as to find industry control leak present in target device.
2. the method for claim 1, it is characterised in that:Step 1) using the net of Packet Sniffer crawl target device
Network packet, the Packet Sniffer is the one kind in the following tool:Wireshark、Tcpdump、Burpsuite、
Fiddler、Scapy、libpcap。
3. the method for claim 1, it is characterised in that:Step 1) target device include IP Camera, intelligence
Router, intelligent bulbs, PLC, targeted procotol include Transmission Control Protocol, udp protocol, File Transfer Protocol, Telnet agreements,
Http protocol, RTSP agreements, S7 agreements and MODBUS agreements.
4. the method for claim 1, it is characterised in that:Step 1) it is described pretreatment include:Filter out independent protocol
Packet, screens out and tests fuzz unworthy packet, and to the duplicate removal of the multiple recurrent network packet for occurring.
5. the method for claim 1, it is characterised in that:Step 2) to agreement request head, the number of request of network packet
According to, protocol keyword, agreement separator and protocol field value etc. carry out piecemeal, obtain substantial amounts of protocol basis block.
6. the method for claim 1, it is characterised in that:Step 3) constraint link relation between the protocol basis block
Including length constraint, verification and constraint, the constraint of field value, the state transfer incidence relation of the data parlor includes certification about
Beam, the constraint of field value, state switching constraint.
7. the method for claim 1, it is characterised in that:Step 3) in the protocol status figure, each node is agreement
A state, nodal community be protocol basis block and its constraint link relation, each edge be protocol status between state transfer
Incidence relation.
8. the method for claim 1, it is characterised in that:Step 4) protocol status figure is carried out time by depth-first fashion
Last, maximum traversal depth be set, recall upwards if maximum traversal depth is reached, continuation is traveled through to protocol status figure,
If whole protocol status figure traversal is finished, stop.
9. the method for claim 1, it is characterised in that:Step 5) under whether the method survived of acquisition equipment is
One kind in row:Icmp probe packet is sent, TCP SYN probe data packets is sent, is sent TCP FIN packets, sends TCP
Probe data packet, transmission UDP probe data packets.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710120947.XA CN106888209B (en) | 2017-03-02 | 2017-03-02 | A kind of industry control bug excavation method based on protocol status figure extreme saturation |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710120947.XA CN106888209B (en) | 2017-03-02 | 2017-03-02 | A kind of industry control bug excavation method based on protocol status figure extreme saturation |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106888209A true CN106888209A (en) | 2017-06-23 |
| CN106888209B CN106888209B (en) | 2019-11-29 |
Family
ID=59180471
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710120947.XA Active CN106888209B (en) | 2017-03-02 | 2017-03-02 | A kind of industry control bug excavation method based on protocol status figure extreme saturation |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106888209B (en) |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107241226A (en) * | 2017-06-29 | 2017-10-10 | 北京工业大学 | Fuzz testing method based on industry control proprietary protocol |
| CN107404487A (en) * | 2017-08-07 | 2017-11-28 | 浙江国利信安科技有限公司 | A kind of industrial control system safety detection method and device |
| CN109523858A (en) * | 2018-12-11 | 2019-03-26 | 衡阳师范学院 | A kind of Network Protocol Emulation System Teaching implementation method and process based on docker |
| CN109660558A (en) * | 2019-01-18 | 2019-04-19 | 中国电力科学研究院有限公司 | IEC104 protocol bug excavation method based on protocol status figure traversal |
| CN110134610A (en) * | 2019-05-20 | 2019-08-16 | 广东电网有限责任公司 | A kind of terminal fuzz testing method and system |
| CN111371651A (en) * | 2020-03-12 | 2020-07-03 | 杭州木链物联网科技有限公司 | Industrial communication protocol reverse analysis method |
| CN111427305A (en) * | 2020-03-29 | 2020-07-17 | 博智安全科技股份有限公司 | Method for Siemens P L C vulnerability mining |
| CN111654549A (en) * | 2020-06-11 | 2020-09-11 | 浙江浙大网新国际软件技术服务有限公司 | Automatic safety testing method based on function testing |
| CN112398839A (en) * | 2020-11-06 | 2021-02-23 | 中国科学院信息工程研究所 | Industrial control vulnerability mining method and device |
| CN112486139A (en) * | 2020-11-12 | 2021-03-12 | 顶象科技有限公司 | Industrial control system protection method, device, equipment and medium based on virtual patch |
| CN112866229A (en) * | 2021-01-13 | 2021-05-28 | 中国人民解放军国防科技大学 | High-speed network traffic identification method and system based on state diagram |
| CN115543172A (en) * | 2022-11-23 | 2022-12-30 | 天津华宁电子有限公司 | Integrated mine-road man-machine interface display control method and system for scraper conveyor |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102087631A (en) * | 2011-03-09 | 2011-06-08 | 中国人民解放军国发科学技术大学 | Method for realizing fuzzing of software on the basis of state protocol |
| US9282005B1 (en) * | 2007-11-01 | 2016-03-08 | Emc Corporation | IT infrastructure policy breach investigation interface |
-
2017
- 2017-03-02 CN CN201710120947.XA patent/CN106888209B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9282005B1 (en) * | 2007-11-01 | 2016-03-08 | Emc Corporation | IT infrastructure policy breach investigation interface |
| CN102087631A (en) * | 2011-03-09 | 2011-06-08 | 中国人民解放军国发科学技术大学 | Method for realizing fuzzing of software on the basis of state protocol |
Non-Patent Citations (1)
| Title |
|---|
| 潘道欣等: "基于网络协议逆向分析的远程控制木马漏洞挖掘", 《计算机工程》 * |
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107241226A (en) * | 2017-06-29 | 2017-10-10 | 北京工业大学 | Fuzz testing method based on industry control proprietary protocol |
| CN107241226B (en) * | 2017-06-29 | 2020-10-16 | 北京工业大学 | Fuzzy test method based on industrial control private protocol |
| CN107404487A (en) * | 2017-08-07 | 2017-11-28 | 浙江国利信安科技有限公司 | A kind of industrial control system safety detection method and device |
| CN107404487B (en) * | 2017-08-07 | 2020-07-21 | 浙江国利网安科技有限公司 | Industrial control system safety detection method and device |
| CN109523858A (en) * | 2018-12-11 | 2019-03-26 | 衡阳师范学院 | A kind of Network Protocol Emulation System Teaching implementation method and process based on docker |
| CN109660558A (en) * | 2019-01-18 | 2019-04-19 | 中国电力科学研究院有限公司 | IEC104 protocol bug excavation method based on protocol status figure traversal |
| CN110134610A (en) * | 2019-05-20 | 2019-08-16 | 广东电网有限责任公司 | A kind of terminal fuzz testing method and system |
| CN111371651A (en) * | 2020-03-12 | 2020-07-03 | 杭州木链物联网科技有限公司 | Industrial communication protocol reverse analysis method |
| CN111427305B (en) * | 2020-03-29 | 2021-09-24 | 博智安全科技股份有限公司 | Method for Siemens PLC vulnerability mining |
| CN111427305A (en) * | 2020-03-29 | 2020-07-17 | 博智安全科技股份有限公司 | Method for Siemens P L C vulnerability mining |
| CN111654549A (en) * | 2020-06-11 | 2020-09-11 | 浙江浙大网新国际软件技术服务有限公司 | Automatic safety testing method based on function testing |
| CN112398839A (en) * | 2020-11-06 | 2021-02-23 | 中国科学院信息工程研究所 | Industrial control vulnerability mining method and device |
| CN112398839B (en) * | 2020-11-06 | 2021-11-30 | 中国科学院信息工程研究所 | Industrial control vulnerability mining method and device |
| CN112486139A (en) * | 2020-11-12 | 2021-03-12 | 顶象科技有限公司 | Industrial control system protection method, device, equipment and medium based on virtual patch |
| CN112866229A (en) * | 2021-01-13 | 2021-05-28 | 中国人民解放军国防科技大学 | High-speed network traffic identification method and system based on state diagram |
| CN112866229B (en) * | 2021-01-13 | 2022-09-06 | 中国人民解放军国防科技大学 | High-speed network traffic identification method and system based on state diagram |
| CN115543172A (en) * | 2022-11-23 | 2022-12-30 | 天津华宁电子有限公司 | Integrated mine-road man-machine interface display control method and system for scraper conveyor |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106888209B (en) | 2019-11-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106888209B (en) | A kind of industry control bug excavation method based on protocol status figure extreme saturation | |
| CN102307123B (en) | NAT (Network Address Translation) flow identification method based on transmission layer flow characteristic | |
| CN104506484B (en) | A kind of proprietary protocol analysis and recognition methods | |
| CN110401581B (en) | Industrial control protocol fuzzy test case generation method based on flow tracing | |
| CN105227383B (en) | A kind of device of network topology investigation | |
| CN107733851A (en) | DNS tunnels Trojan detecting method based on communication behavior analysis | |
| CN102611713B (en) | Entropy operation-based network intrusion detection method and device | |
| CN103916384A (en) | Penetration testing method for GAP isolation and exchange device | |
| CN101714952A (en) | Method and device for identifying traffic of access network | |
| CN104283897A (en) | Trojan horse communication feature fast extraction method based on clustering analysis of multiple data streams | |
| CN107147622A (en) | HTTPS encrypts filter method, device and its computer equipment of network address | |
| CN115801464B (en) | Simulation method, system, equipment and storage medium based on TCP protocol attack | |
| CN101883023A (en) | Firewall pressure testing method | |
| Choi et al. | Automated classifier generation for application-level mobile traffic identification | |
| CN109120602A (en) | A kind of IPv6 attack source tracing method | |
| CN106878339A (en) | A kind of vulnerability scanning system and method based on internet-of-things terminal equipment | |
| CN104219221A (en) | Network security flow generating method and network security flow generating system | |
| Kotenko | Multi-agent modelling and simulation of cyber-attacks and cyber-defense for homeland security | |
| Kumar et al. | Light weighted CNN model to detect DDoS attack over distributed scenario | |
| CN106789728A (en) | A kind of voip traffic real-time identification method based on NetFPGA | |
| CN107707549A (en) | A kind of device and method automatically extracted using feature | |
| Reddy et al. | Mathematical analysis of Penetration Testing and vulnerability countermeasures | |
| KR101073402B1 (en) | Method for simulating and examining traffic and network traffic analysis system | |
| Shi et al. | Protocol-independent identification of encrypted video traffic sources using traffic analysis | |
| Alsmadi et al. | Model-based testing of SDN firewalls: a case study |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |