CN109728975B - Network protocol attack testing method, device, equipment and readable storage medium - Google Patents

Network protocol attack testing method, device, equipment and readable storage medium Download PDF

Info

Publication number
CN109728975B
CN109728975B CN201811640204.6A CN201811640204A CN109728975B CN 109728975 B CN109728975 B CN 109728975B CN 201811640204 A CN201811640204 A CN 201811640204A CN 109728975 B CN109728975 B CN 109728975B
Authority
CN
China
Prior art keywords
test
concurrent
items
unit
item
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811640204.6A
Other languages
Chinese (zh)
Other versions
CN109728975A (en
Inventor
伍晓泉
高雅
梁智强
林丹生
胡海生
曾智勇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Power Grid Co Ltd
Electric Power Research Institute of Guangdong Power Grid Co Ltd
Original Assignee
Guangdong Power Grid Co Ltd
Electric Power Research Institute of Guangdong Power Grid Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Power Grid Co Ltd, Electric Power Research Institute of Guangdong Power Grid Co Ltd filed Critical Guangdong Power Grid Co Ltd
Priority to CN201811640204.6A priority Critical patent/CN109728975B/en
Publication of CN109728975A publication Critical patent/CN109728975A/en
Application granted granted Critical
Publication of CN109728975B publication Critical patent/CN109728975B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

The application discloses a network protocol attack test method, a device, equipment and a computer readable storage medium, which are characterized in that all original test items of equipment to be tested are sorted in an ascending sorting mode according to the magnitude of a failure probability factor to obtain all sorted test items, then all the test items are sequentially added into a concurrent test set C according to the maximum network flow constraint condition to perform one-time concurrent test on all the test items in the concurrent test set C, if the returned test result is ok, all the test items in the concurrent test set C are proved to pass the test, otherwise, the test items which cannot pass the test exist in the concurrent test set C are proved to be present, the defects that the traditional test method can only perform sequential one-by-one test and consumes long time are overcome, the test efficiency is improved, and the problem that the existing network protocol attack test method performs sequential one-by-one test on the test items is solved, the testing takes long time to cause the technical problem of low efficiency.

Description

Network protocol attack testing method, device, equipment and readable storage medium
Technical Field
The present application relates to the field of computer network technologies, and in particular, to a network protocol attack testing method, apparatus, device, and readable storage medium.
Background
With the rapid development of computer network technology, the network information system brings convenience to the life of people, and simultaneously faces the risk of network attack, and the security problem of the network system also brings trouble to people.
The development of computer network communication technology enables an industrial control system to gradually convert to a networking direction, a network protocol is more and more widely applied, and the risk that the industrial control system is attacked by the network protocol is increased, so that before the industrial control system is on-line, the industrial control system is subjected to a network protocol attack test by using a simulation attack method to help find weak links of products and avoid serious loss of important infrastructures such as energy, electric power and traffic caused by the network attack after the industrial control system is on-line.
The existing network protocol attack test is to carry out attack test by simulating various data packets of various network protocol layers, in order to test the performance of equipment under various network attacks, test items are often numerous, the traditional test method is to test the test items one by one in sequence, the test consumes long time, and the efficiency is low.
Disclosure of Invention
The embodiment of the application provides a network protocol attack testing method, a device, equipment and a readable storage medium, and solves the technical problems that the existing network protocol attack testing method is used for sequentially testing test items one by one, the testing time is long, and the efficiency is low.
In view of this, a first aspect of the present application provides a network protocol attack testing method, including:
101. sequencing original all test items of a device to be tested according to the magnitude value of the failure probability factor of each test item in an ascending sequence manner to obtain all sequenced test items, wherein each test item comprises the flow of a network attack packet;
102. sequentially adding each test item into a concurrent test set C, wherein the concurrent test set C meets the maximum network flow constraint condition;
103. performing concurrent testing on each test item in the concurrent test set C, if the returned test result is ok, executing step 104, and if the returned test result is fail, executing step 105;
104. recording the test results of all the test items of the concurrent test set C as pass, returning to the step 102 to continue executing the remaining test items until all the test items are executed;
105. recording the test set C as the existence of the test item which fails.
Preferably, step 105 is followed by:
106. judging whether the total number of the test items of the concurrent test set C is 1, if so, executing a step 107, otherwise, executing a step 108;
107. recording the test result of the test item as failing, and adding 1 to the failure probability factor corresponding to the test item;
108. and splitting the concurrent test set C into two concurrent test sets C1 and C2, returning to the step 103, and respectively executing C1 and C2, wherein the difference of the total number of the test items of C1 and C2 is not more than 1.
Preferably, the test items are:
in=<pn,fn,tn>,
wherein inFor the nth test item, pnFormat of the network attack packet sent for the nth test item, fnThe traffic size, t, of the network attack packet sent for the nth test itemnThe attack test time for the nth test item.
Preferably, the maximum network traffic constraint condition is:
∑(f1,f2,…,fm)<MAX,
the MAX is a maximum network traffic that can be received by the device under test.
Preferably, before step 101, the method further comprises:
100. the attack category of the equipment to be tested is obtained, and the failure probability factor corresponding to each test item of all test items of the equipment to be tested is calculated.
A second aspect of the present application provides a network protocol attack testing apparatus, including:
the device comprises a sequencing unit and a processing unit, wherein the sequencing unit is used for sequencing all original test items of a device to be tested according to the magnitude value of the failure probability factor of each test item in an ascending sequence manner to obtain all sequenced test items, and each test item comprises the flow of a network attack packet;
the aggregation unit is used for adding each test item into a concurrent test aggregation C in sequence, and the concurrent test aggregation C meets the maximum network flow constraint condition;
the test unit is used for carrying out concurrent test on each test item in the concurrent test set C, if the returned test result is ok, the first result unit is triggered, and if the returned test result is fail, the second result unit is triggered;
the first result unit is configured to record that the test results of all the test items in the concurrent test set C all pass, and trigger the set unit to continue to execute the remaining test items until all the test items are executed;
and the second result unit is used for recording the test set C as the existence of the test item which fails.
Preferably, the method further comprises the following steps:
the device comprises an acquisition unit, a judgment unit and a processing unit, wherein the acquisition unit is used for acquiring the attack category of the device to be tested and calculating the failure probability factor corresponding to each test item of all test items of the device to be tested;
the judging unit is used for judging whether the total number of the test items of the concurrent test set C is 1, if so, triggering the first recording unit, and otherwise, triggering the second recording unit;
the first recording unit is used for recording the test result of the test item as failing, and adding 1 to the failure probability factor corresponding to the test item;
the second recording unit is configured to split the concurrent test set C into two concurrent test sets C1 and C2, trigger the test unit to execute C1 and C2, respectively, where a difference between the total number of test items of C1 and C2 is not more than 1.
A third aspect of the present application provides a network protocol attack testing device, which includes a processor and a memory;
the memory is used for storing program codes and transmitting the program codes to the processor;
the processor is configured to execute the network protocol attack testing method according to the first aspect according to instructions in the program code.
A fourth aspect of the present application provides a computer-readable storage medium for storing program code for executing the network protocol attack testing method of the first aspect.
A fifth aspect of the present application provides a computer program product comprising instructions which, when run on a computer, cause the computer to perform the network protocol attack testing method of the first aspect.
According to the technical scheme, the embodiment of the application has the following advantages:
the application provides a network protocol attack testing method, which comprises the following steps: 101. sequencing all original test items of the equipment to be tested according to the magnitude value of the failure probability factor of each test item in an ascending sequence mode to obtain all sequenced test items, wherein each test item comprises the flow of the network attack packet; 102. sequentially adding all the test items into a concurrent test set C, wherein the concurrent test set C meets the maximum network flow constraint condition; 103. performing concurrent testing on each test item in the concurrent test set C, if the returned test result is ok, executing the step 104, and if the returned test result is fail, executing the step 105; 104. recording the test results of all the test items of the concurrent test set C as pass; 105. the test set C is recorded as there are test items that fail.
The network protocol attack test method provided by the application sorts all original test items of equipment to be tested in an ascending sorting mode according to the values of failure probability factors to obtain all sorted test items, then sequentially adds all the test items into a concurrent test set C according to the maximum network flow constraint condition, performs one-time concurrent test on all the test items in the concurrent test set C, if the returned test result is ok, indicates that all the test items in the concurrent test set C pass the test, otherwise indicates that test items which do not pass the test exist in the concurrent test set C, avoids the defect that the traditional test method can only test one by one in sequence and consumes long time, improves the test efficiency, and solves the problems that the existing network protocol attack test method performs sequential one by one test on the test items, the testing takes long time, resulting in the technical problem of low efficiency.
Drawings
Fig. 1 is a schematic flowchart of a network protocol attack testing method in an embodiment of the present application;
fig. 2 is another schematic flow chart of a network protocol attack testing method in the embodiment of the present application;
fig. 3 is a schematic structural diagram of a network protocol attack testing apparatus in an embodiment of the present application.
Detailed Description
In order to make the technical solutions of the present application better understood, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
For convenience of understanding, referring to fig. 1, a network protocol attack testing method provided in an embodiment of the present application includes:
and 101, sequencing all original test items of the device to be tested according to the magnitude value of the failure probability factor of each test item in an ascending sequence manner to obtain all sequenced test items, wherein each test item comprises the flow of the network attack packet.
It should be noted that the failure probability factor is a parameter used to describe the possibility that the test case will cause the failure of the device under test, and the failure probability factor is a historical empirical value and can be obtained according to the type of the device under test and the historical data of the test result of the test case.
And 102, adding all the test items into a concurrent test set C in sequence, wherein the concurrent test set C meets the maximum network flow constraint condition.
It should be noted that the maximum network traffic constraint condition is related to the specification of the device under test, and is generally a constant, for example: a hundred million devices may accept network traffic of 100M in size.
And 103, carrying out concurrent testing on each test item in the concurrent test set C, executing the step 104 if the returned test result is ok, and executing the step 105 if the returned test result is fail.
It should be noted that after the concurrent test set C is obtained, all test items in the concurrent test set C may be simultaneously subjected to the network protocol attack test case test, and then corresponding processing is performed according to the returned test result, where the test result may be represented by ok and fail, ok represents that the test passes, and fail represents that the test does not pass.
And 104, recording the test results of all the test items of the concurrent test set C as pass, returning to the step 102, and continuing to execute the rest test items until all the test items are executed.
It should be noted that, if the test result returned in step 103 is ok, it indicates that all the test items in the concurrent test set C have passed the test, at this time, all the test items in the concurrent test set C are recorded as passed, and the test is continued on the remaining test items.
And step 105, recording the sending test set C as the existence of the failed test item.
It should be noted that, if the test result returned in step 103 is fail, it indicates that, among all the test items in the concurrent test set C, there is a test item that fails to pass the test, at this time, the concurrent test is recorded in combination as the test item that fails to pass the test, and it can be understood that, for the concurrent test set C that has a test item that fails to pass the test, all the test items in the concurrent test set C may be marked as failing, and then each test item is separately processed to determine whether the test item can pass the test, and the test item that fails to pass the test in the concurrent test set C may also be determined by using other search algorithms.
The network protocol attack testing method provided in the embodiment of the application sorts original test items of equipment to be tested in an ascending sorting mode according to failure probability factor values to obtain all the sorted test items, then sequentially adds all the test items into a concurrent test set C according to the maximum network flow constraint condition, performs one-time concurrent test on all the test items in the concurrent test set C, if the returned test result is ok, indicates that all the test items in the concurrent test set C pass the test, otherwise indicates that test items which cannot pass the test exist in the concurrent test set C, avoids the defect that the traditional testing method can only perform sequential one-by-one test and consumes long time, improves the testing efficiency, and solves the problems that the existing network protocol attack testing method performs sequential one-by-one test on the test items, the testing takes long time, resulting in the technical problem of low efficiency.
For convenience of understanding, referring to fig. 2, another network protocol attack testing method in an embodiment of the present application includes:
step 100, obtaining the attack category of the device to be tested, and calculating the failure probability factor corresponding to each test item of all test items of the device to be tested.
It should be noted that each test item is an attack test case, the attack test case may be a syn flood attack, a dead ping attack, and the like, the test item may act on different objects d, that is, different device types, and the device types include: linux host, windows host, various industrial control devices and the like, wherein each device type has different performances for attack test cases, so that the failure probability factors are different, and therefore, the failure probability factors need to be classified and calculated during calculation.
And 101, sequencing all original test items of the device to be tested according to the magnitude value of the failure probability factor of each test item in an ascending sequence manner to obtain all sequenced test items, wherein each test item comprises the flow of the network attack packet.
Further, the test items are:
in=<pn,fn,tn>,
wherein inFor the nth test item, pnFormat of the network attack packet sent for the nth test item, fnThe traffic size, t, of the network attack packet sent for the nth test itemnThe attack test time for the nth test item.
It should be noted that the failure probability factor is a parameter used to describe the possibility that the test case will cause the failure of the device under test, and the failure probability factor is a historical empirical value and can be obtained according to the type of the device under test and the historical data of the test result of the test case. For attack testing, each test item i can be described by a binary group in=<pn,fn,tn>,inFor the nth test item, pnFormat of the network attack packet sent for the nth test item, fnThe traffic size, t, of the network attack packet sent for the nth test itemnThe attack test time for the nth test item.
And 102, adding all the test items into a concurrent test set C in sequence, wherein the concurrent test set C meets the maximum network flow constraint condition.
Further, the maximum network traffic constraint condition is:
∑(f1,f2,…,fm)<MAX,
the MAX is a maximum network traffic that can be received by the device under test.
It should be noted that the maximum network traffic constraint condition is related to the specification of the device under test, and is generally a constant, for example: a hundred million devices may accept network traffic of 100M in size.
And 103, carrying out concurrent testing on each test item in the concurrent test set C, executing the step 104 if the returned test result is ok, and executing the step 105 if the returned test result is fail.
It should be noted that after the concurrent test set C is obtained, all test items in the concurrent test set C may be simultaneously subjected to the network protocol attack test case test, and then corresponding processing is performed according to the returned test result, where the test result may be represented by ok and fail, ok represents that the test passes, and fail represents that the test does not pass.
And 104, recording the test results of all the test items of the concurrent test set C as pass, returning to the step 102, and continuing to execute the rest test items until all the test items are executed.
It should be noted that, if the test result returned in step 103 is ok, it indicates that all the test items in the concurrent test set C have passed the test, at this time, all the test items in the concurrent test set C are recorded as passed, and the test is continued on the remaining test items.
And step 105, recording the sending test set C as the existence of the failed test item.
It should be noted that, if the test result returned in step 103 is fail, it indicates that, among all the test items in the concurrent test set C, there is a test item that fails to pass the test, at this time, the concurrent test is recorded in combination as the test item that fails to pass the test, and it can be understood that, for the concurrent test set C that has a test item that fails to pass the test, all the test items in the concurrent test set C may be marked as failing, and then each test item is separately processed to determine whether the test item can pass the test, and the test item that fails to pass the test in the concurrent test set C may also be determined by using other search algorithms.
And step 106, judging whether the total number of the test items of the concurrent test set C is 1, if so, executing step 107, otherwise, executing step 108.
It should be noted that, when it is determined that there are test items that fail in the concurrent test set C, it is necessary to first determine whether the total number of the test items in the concurrent test set C is only 1, and then perform corresponding processing.
And 107, recording the test result of the test item as failing, and adding 1 to the failure probability factor corresponding to the test item.
It should be noted that, if the total number of the test items in the concurrent test set C is only 1, the test item is directly recorded as failing, and the corresponding failure probability factor is added by 1.
And 108, splitting the concurrent test set C into two concurrent test sets C1 and C2, returning to the step 103, and respectively executing C1 and C2, wherein the difference between the total number of test items of C1 and C2 is not more than 1.
It should be noted that, if the total number of test items in the concurrent test set C is not only 1, the concurrent test set C needs to be split into the concurrent test set C1 and the concurrent test set C2, that is, if the concurrent test set C is { i {1,i2,…,imThen C1 and C2 are: { i1,i2,…,ikAnd { i }k+1,ik+2,…,imC1 and C2 are respectively executed, wherein k is m/2 or k is m/2 ± 1, and finally, test items which do not pass all tests are determined.
For easy understanding, please refer to fig. 3, an embodiment of the present application provides a network protocol attack testing apparatus, including:
the sorting unit 301 is configured to sort all original test items of the device to be tested according to the magnitude of the failure probability factor of each test item in an ascending order, so as to obtain all sorted test items, where each test item includes the traffic of the network attack packet.
The collecting unit 302 is configured to add each test item to a concurrent test set C in sequence, where the concurrent test set C meets the maximum network traffic constraint condition.
The test unit 303 is configured to perform concurrent testing on each test item in the concurrent test set C, trigger the first result unit 304 if the returned test result is ok, and trigger the second result unit 305 if the returned test result is fail.
The first result unit 304 is configured to record the test results of all the test items of the concurrent test set C as pass, and trigger the set unit 302 to continue to execute the remaining test items until all the test items are executed.
A second result unit 305 for recording the test set C as the existence of failed test items.
Further, still include:
the obtaining unit 300 is configured to obtain an attack category of the device under test, and calculate a failure probability factor corresponding to each test item of all test items of the device under test.
The determining unit 306 is configured to determine whether the total number of the test items in the concurrent test set C is 1, if so, trigger the first recording unit 307, and otherwise, trigger the second recording unit 308.
The first recording unit 307 is configured to record the test result of the test item as failing, and add 1 to the failure probability factor corresponding to the test item.
And the second recording unit 308 is configured to split the concurrent test set C into two concurrent test sets C1 and C2, trigger the test unit 303 to execute C1 and C2, respectively, where a difference between the total number of test items of C1 and C2 is not more than 1.
Further, the test items are:
in=<pn,fn,tn>,
wherein inFor the nth test item, pnFormat of the network attack packet sent for the nth test item, fnThe traffic size, t, of the network attack packet sent for the nth test itemnThe attack test time for the nth test item.
Further, the maximum network traffic constraint condition is:
∑(f1,f2,…,fm)<MAX,
the MAX is a maximum network traffic that can be received by the device under test.
The embodiment of the application provides a network protocol attack test device, which comprises a processor and a memory:
the memory is used for storing the program codes and transmitting the program codes to the processor;
the processor is configured to execute the network protocol attack testing method in the foregoing embodiments according to instructions in the program code.
The embodiment of the present application provides a computer-readable storage medium, which is used for storing a program code, where the program code is used for executing the network protocol attack testing method in the foregoing embodiment.
The embodiment of the application also provides a computer program product comprising instructions, and when the computer program product runs on a computer, the computer is enabled to execute the method for testing the shrinkage rate of the cigarette film in the embodiment.
The terms "first," "second," "third," "fourth," and the like in the description of the application and the above-described figures, if any, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the application described herein are, for example, capable of operation in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other manners. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be substantially implemented or contributed to by the prior art, or all or part of the technical solution may be embodied in a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The above embodiments are only used for illustrating the technical solutions of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions in the embodiments of the present application.

Claims (7)

1. A network protocol attack testing method is characterized by comprising the following steps:
101. sequencing original all test items of a device to be tested according to the magnitude value of the failure probability factor of each test item in an ascending sequence manner to obtain all sequenced test items, wherein each test item comprises the flow of a network attack packet;
102. sequentially adding each test item into a concurrent test set C, wherein the concurrent test set C meets the maximum network flow constraint condition;
103. performing concurrent testing on each test item in the concurrent test set C, if the returned test result is ok, executing step 104, and if the returned test result is fail, executing step 105;
104. recording the test results of all the test items of the concurrent test set C as pass, returning to the step 102 to continue executing the remaining test items until all the test items are executed;
105. recording the concurrent test set C as the existence of the test item which fails;
106. judging whether the total number of the test items of the concurrent test set C is 1, if so, executing a step 107, otherwise, executing a step 108;
107. recording the test result of the test item as failing, and adding 1 to the failure probability factor corresponding to the test item;
108. and splitting the concurrent test set C into two concurrent test sets C1 and C2, returning to the step 103, and respectively executing C1 and C2, wherein the difference of the total number of the test items of C1 and C2 is not more than 1.
2. The network protocol attack test method according to claim 1, wherein the test items are:
in=<pn,fn,tn>,
wherein inFor the nth test item, pnFormat of the network attack packet sent for the nth test item, fnThe traffic size, t, of the network attack packet sent for the nth test itemnThe attack test time for the nth test item.
3. The network protocol attack testing method according to claim 1, wherein the maximum network traffic constraint condition is:
∑(f1,f2,…,fm)<MAX,
the MAX is a maximum network traffic that can be received by the device under test.
4. The network protocol attack testing method according to claim 1, before the step 101, further comprising:
100. the attack category of the equipment to be tested is obtained, and the failure probability factor corresponding to each test item of all test items of the equipment to be tested is calculated.
5. A network protocol attack testing device, comprising:
the device comprises a sequencing unit and a processing unit, wherein the sequencing unit is used for sequencing all original test items of a device to be tested according to the magnitude value of the failure probability factor of each test item in an ascending sequence manner to obtain all sequenced test items, and each test item comprises the flow of a network attack packet;
the aggregation unit is used for adding each test item into a concurrent test aggregation C in sequence, and the concurrent test aggregation C meets the maximum network flow constraint condition;
the test unit is used for carrying out concurrent test on each test item in the concurrent test set C, if the returned test result is ok, the first result unit is triggered, and if the returned test result is fail, the second result unit is triggered;
the first result unit is configured to record that the test results of all the test items in the concurrent test set C all pass, and trigger the set unit to continue to execute the remaining test items until all the test items are executed;
the second result unit is used for recording the concurrent test set C as the existence of the test item which fails;
the device comprises an acquisition unit, a judgment unit and a processing unit, wherein the acquisition unit is used for acquiring the attack category of the device to be tested and calculating the failure probability factor corresponding to each test item of all test items of the device to be tested;
the judging unit is used for judging whether the total number of the test items of the concurrent test set C is 1, if so, triggering the first recording unit, and otherwise, triggering the second recording unit;
the first recording unit is used for recording the test result of the test item as failing, and adding 1 to the failure probability factor corresponding to the test item;
the second recording unit is configured to split the concurrent test set C into two concurrent test sets C1 and C2, trigger the test unit to execute C1 and C2, respectively, where a difference between the total number of test items of C1 and C2 is not more than 1.
6. A network protocol attack testing device, the device comprising a processor and a memory:
the memory is used for storing program codes and transmitting the program codes to the processor;
the processor is configured to execute the network protocol attack testing method according to any one of claims 1 to 4 according to instructions in the program code.
7. A computer-readable storage medium for storing program code for executing the network protocol attack testing method according to any one of claims 1 to 4.
CN201811640204.6A 2018-12-29 2018-12-29 Network protocol attack testing method, device, equipment and readable storage medium Active CN109728975B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811640204.6A CN109728975B (en) 2018-12-29 2018-12-29 Network protocol attack testing method, device, equipment and readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811640204.6A CN109728975B (en) 2018-12-29 2018-12-29 Network protocol attack testing method, device, equipment and readable storage medium

Publications (2)

Publication Number Publication Date
CN109728975A CN109728975A (en) 2019-05-07
CN109728975B true CN109728975B (en) 2021-03-12

Family

ID=66299365

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811640204.6A Active CN109728975B (en) 2018-12-29 2018-12-29 Network protocol attack testing method, device, equipment and readable storage medium

Country Status (1)

Country Link
CN (1) CN109728975B (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101753315A (en) * 2008-11-27 2010-06-23 百度在线网络技术(北京)有限公司 Method, device and system for testing DDOS (distributed denial of service) attacks
CN101984416A (en) * 2010-11-02 2011-03-09 中兴通讯股份有限公司 Method and device for generating test case
US8160909B2 (en) * 2007-02-06 2012-04-17 Digital River, Inc. Site optimizer
CN102609352A (en) * 2011-01-19 2012-07-25 阿里巴巴集团控股有限公司 Parallel testing method and parallel testing server
CN103379000A (en) * 2012-04-28 2013-10-30 阿里巴巴集团控股有限公司 Concurrent testing method and testing server
CN105187403A (en) * 2015-08-13 2015-12-23 国家计算机网络与信息安全管理中心 Network security testing method for software-defined network
CN105511951A (en) * 2016-01-06 2016-04-20 上海斐讯数据通信技术有限公司 Task scheduling method and task scheduling system for automatic WIFI performance test platform
CN108418843A (en) * 2018-06-11 2018-08-17 中国人民解放军战略支援部队信息工程大学 Network attack target identification method based on attack graph and system

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050044460A1 (en) * 2003-08-22 2005-02-24 Hoglund Timothy E. Mapping test mux structure

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8160909B2 (en) * 2007-02-06 2012-04-17 Digital River, Inc. Site optimizer
CN101753315A (en) * 2008-11-27 2010-06-23 百度在线网络技术(北京)有限公司 Method, device and system for testing DDOS (distributed denial of service) attacks
CN101984416A (en) * 2010-11-02 2011-03-09 中兴通讯股份有限公司 Method and device for generating test case
CN102609352A (en) * 2011-01-19 2012-07-25 阿里巴巴集团控股有限公司 Parallel testing method and parallel testing server
CN103379000A (en) * 2012-04-28 2013-10-30 阿里巴巴集团控股有限公司 Concurrent testing method and testing server
CN105187403A (en) * 2015-08-13 2015-12-23 国家计算机网络与信息安全管理中心 Network security testing method for software-defined network
CN105511951A (en) * 2016-01-06 2016-04-20 上海斐讯数据通信技术有限公司 Task scheduling method and task scheduling system for automatic WIFI performance test platform
CN108418843A (en) * 2018-06-11 2018-08-17 中国人民解放军战略支援部队信息工程大学 Network attack target identification method based on attack graph and system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
王榕." 基于不变量的并发错误检测技术".《中国优秀硕士学位论文全文数据库》.2017, *

Also Published As

Publication number Publication date
CN109728975A (en) 2019-05-07

Similar Documents

Publication Publication Date Title
CN110505241B (en) Network attack plane detection method and system
CN109347827B (en) Method, device, equipment and storage medium for predicting network attack behavior
CN108881250B (en) Power communication network security situation prediction method, device, equipment and storage medium
CN109388556B (en) Method and device for analyzing test process
US11449604B2 (en) Computer security
CN113489619B (en) Network topology inference method and device based on time series analysis
CN110634471B (en) Voice quality inspection method and device, electronic equipment and storage medium
CN110689084B (en) Abnormal user identification method and device
JP2023534696A (en) Anomaly detection in network topology
CN112532455B (en) Abnormal root cause positioning method and device
CN111181923A (en) Flow detection method and device, electronic equipment and storage medium
GB2583892A (en) Adaptive computer security
US11436320B2 (en) Adaptive computer security
CN111464510B (en) Network real-time intrusion detection method based on rapid gradient lifting tree classification model
CN113660273A (en) Intrusion detection method and device based on deep learning under super-fusion framework
CN108573172B (en) Data checking and storing method and device
US20160205118A1 (en) Cyber black box system and method thereof
CN117633666A (en) Network asset identification method, device, electronic equipment and storage medium
CN109728975B (en) Network protocol attack testing method, device, equipment and readable storage medium
CN113676343A (en) Method and device for positioning fault source of power communication network
CN112446341A (en) Alarm event identification method, system, electronic equipment and storage medium
CN112953948A (en) Real-time network transverse worm attack flow detection method and device
CN107222332A (en) Method of testing, device, system and machinable medium
CN112491820B (en) Abnormity detection method, device and equipment
KR102559398B1 (en) Security monitoring intrusion detection alarm processing device and method using artificial intelligence

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant