CN109873822A - The detection device and method of firewall rule variation based on Beidou subnanosecond grade high-precision time service - Google Patents
The detection device and method of firewall rule variation based on Beidou subnanosecond grade high-precision time service Download PDFInfo
- Publication number
- CN109873822A CN109873822A CN201910132820.9A CN201910132820A CN109873822A CN 109873822 A CN109873822 A CN 109873822A CN 201910132820 A CN201910132820 A CN 201910132820A CN 109873822 A CN109873822 A CN 109873822A
- Authority
- CN
- China
- Prior art keywords
- data packet
- firewall
- delay
- rule
- characteristic profile
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses the detection devices and method of the firewall rule variation based on Beidou subnanosecond grade high-precision time service, utilize the signal time generator researched and developed based on Beidou subnanosecond grade high-precision Service of Timing, obtain the high-precision delay data that firewall rule is handled under different configuration rules, and it is depicted as the characteristic profile that is delayed accordingly, to carry out analysis comparison, to detect whether firewall rule changes.The present invention may be implemented to change firewall rule and accurately be detected, and not destroying to firewall configuration rule.
Description
Technical field
The present invention relates to technical field of network security, and in particular to a kind of anti-based on Beidou subnanosecond grade high-precision time service
The detection device and method of wall with flues rule variation.
Background technique
Nowadays, Network Security Device plays increasingly important role in terms of guaranteeing network security property and robustness.
It is increased rapidly for what WWW, FTP, P2P, game services in current network were applied, reinforces the inspection to Network Security Device and network
It surveys, becomes a necessary link, firewall is exactly the Typical Representative in Network Security Device.
At least there is following technology in implementing the present invention, it may, the method for finding the prior art in present inventor
Problem:
Configuration rule inside firewall in action when exist delay, when configuration rule changes, firewall is total
Rule process delay can also change, and every rule of firewall processing delay precision be nanosecond.The prior art
In detection device or method, directly firewall rule is detected, is easy to destroy it, but firewall conduct
One hardware entirety should not carry out destructive detection to it.
It follows that there is the skill for being easy to be destroyed to firewall rule in detection method in the prior art or device
Art problem.
Summary of the invention
In view of this, the firewall rule variation that the present invention provides a kind of based on Beidou subnanosecond grade high-precision time service
Detection device and method, to solve or at least partly solve detection method in the prior art or device in the presence of easy pair
The technical issues of firewall rule is destroyed.
First aspect present invention provides the detection of the variation of the firewall rule based on Beidou subnanosecond grade high-precision time service
Device, the device include: signal time stamp generator, hardware firewall, program of giving out a contract for a project, packet receiving program and delay characteristic profile
Drawing program, wherein
Give out a contract for a project program, for sending the data packet of specified format;
Hardware firewall is configured with firewall rule thereon, be used to carry out the detection of regular variation;
Signal time stamp generator, the data packet for the specified format to program transmission of giving out a contract for a project are marked, and generate label
There is the data packet of subnanosecond grade timestamp, wherein the data packet for being marked with subnanosecond grade timestamp includes by hardware firewall
The first data packet set before and the second data packet set after hardware firewall;
Packet receiving program, for according to preset matching algorithm to the first data packet set and the second data packet set received
In data packet matched, calculate delay of each data packet Jing Guo hardware firewall;
Be delayed characteristic profile drawing program, for the delay according to the data packet under different fire-proof rule condition, divides
Corresponding delay characteristic profile is not drawn, judges whether firewall rule becomes according to corresponding delay characteristic profile
Change.
In one embodiment, packet receiving program of the invention, is specifically used for:
The data packet in the first data packet set and the second data packet set is matched according to preset matching algorithm,
Obtain corresponding data packet;
According to the data packet that matching obtains, the difference of corresponding timestamp is calculated, corresponding data packet is obtained according to difference and is passed through
The delay of hardware firewall.
In one embodiment, delay characteristic profile drawing program of the invention, is specifically used for:
The configuration rule of firewall is changed,
According to the delay data of change front and back, delay number of the data packet Jing Guo hardware firewall under different configuration rules is obtained
According to.
In one embodiment, delay characteristic profile drawing program of the invention, is specifically used for:
By the delay characteristic profile of the drafting according to the calculated preset data packet of packet receiving program Jing Guo hardware firewall,
As the first distribution map before change;
By what is drawn according to hardware firewall of the calculated preset data packet of packet receiving program after changing configuration rule
Be delayed characteristic profile, as the second distribution map after change;
According to the difference of the first distribution map and the second distribution map, judge whether configuration rule changes.
In one embodiment, delay characteristic profile drawing program of the invention is also used to:
The first distribution map and the corresponding matched curve of the second distribution map are fitted using default tool;
Whether in error range the function coefficients of corresponding matched curve are judged, if it is, determining configuration rule not
It changes, if it is not, then determining that configuration rule changes.
In one embodiment, the configuration rule for changing firewall includes:
Change the quantity of configuration rule.
Based on same inventive concept, second aspect of the present invention provides a kind of detection based on first aspect described device
Method, this method comprises:
The data packet of specified format is sent by program of giving out a contract for a project;
It is marked by data packet of the signal time stamp generator to the specified format for program transmission of giving out a contract for a project, generation is marked with
The data packet of subnanosecond grade timestamp, wherein be marked with subnanosecond grade timestamp data packet include by hardware firewall it
The first preceding data packet set and the second data packet set after hardware firewall;
By packet receiving program according to preset matching algorithm to the first data packet set and the second data packet set received
In data packet matched, calculate delay of each data packet Jing Guo hardware firewall;
Divided by the characteristic profile drawing program that is delayed according to the delay of the data packet under different fire-proof rule condition
Corresponding delay characteristic profile is not drawn, judges whether firewall rule becomes according to corresponding delay characteristic profile
Change.
In one embodiment, by packet receiving program according to preset matching algorithm to the first data packet set received
It is matched with the data packet in the second data packet set, calculates delay of each data packet Jing Guo hardware firewall, specifically
Include:
The data packet in the first data packet set and the second data packet set is matched according to preset matching algorithm,
Obtain corresponding data packet;
According to the data packet that matching obtains, the difference of corresponding timestamp is calculated, corresponding data packet is obtained according to difference and is passed through
The delay of hardware firewall.
In one embodiment, the delay of the data packet under different fire-proof rule condition is obtained by following manner:
The configuration rule of firewall is changed,
According to the delay data of change front and back, delay number of the data packet Jing Guo hardware firewall under different configuration rules is obtained
According to.
In one embodiment, it according to the delay of the data packet under different fire-proof rule condition, draws correspond to respectively
Delay characteristic profile, judge whether firewall rule changes according to corresponding delay characteristic profile, specifically include:
By the delay characteristic profile of the drafting according to the calculated preset data packet of packet receiving program Jing Guo hardware firewall,
As the first distribution map before change;
By the drafting of the hardware firewall according to the calculated preset data packet of packet receiving program after changing configuration rule
Delay characteristic profile, as the second distribution map after change;
According to the difference of the first distribution map and the second distribution map, judge whether configuration rule changes.
Said one or multiple technical solutions in the embodiment of the present application at least have following one or more technology effects
Fruit:
The detection device of the firewall rule variation of Beidou subnanosecond grade high-precision time service provided by the invention, comprising: use
In send specified format data packet program of giving out a contract for a project, be configured with firewall rule, be used to carry out the detection of regular variation
Hardware firewall, for the data packet of specified format for program transmission of giving out a contract for a project to be marked, when generation is marked with subnanosecond grade
Between stab data packet signal time stamp generator, for according to preset matching algorithm to the first data packet set received and
Data packet in two data packet set is matched, and the packet receiving program of delay of each data packet Jing Guo hardware firewall is calculated
And for the delay according to the data packet under different fire-proof rule condition, corresponding delay characteristic profile is drawn respectively,
The whether changed delay characteristic profile drawing program of firewall rule is judged according to corresponding delay characteristic profile.
Detection device compared with the existing technology can be for hardware firewall be destroyed, and the present invention provides a kind of bases
Detection device is bypassed in Beidou subnanosecond grade high-precision time service, Beidou subnanosecond grade high-precision Service of Timing is applied to firewall
The detection of internal configuration rule variation, to judge whether firewall configuration rule is changed.It is based on Beidou subnanosecond simultaneously
Grade high-precision Service of Timing has developed the signal time stamp generator for being accurate to subnanosecond grade timing, for obtaining firewall configuration rule
The high-precision delay of data packet is then handled, and by drawing the delay characteristic profile under different fire-proof rule, it is carried out
Analysis is compared to be detected with the variation to firewall rule.It is accurately surveyed realizing to whether firewall rule changes
While amount, the internal rule of hardware firewall will not be destroyed.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is the present invention
Some embodiments for those of ordinary skill in the art without creative efforts, can also basis
These attached drawings obtain other attached drawings.
Fig. 1 is the detection dress of the firewall rule variation in the embodiment of the present invention based on Beidou subnanosecond grade high-precision time service
The structural block diagram set;
Fig. 2 is that the device in application drawing 1 carries out the implementation diagram that firewall rule variation detects;
Fig. 3 is the rendering that device shown in Fig. 1 carries out firewall rule variation detection;
Fig. 4 is the detection method of the firewall rule variation of Beidou subnanosecond grade high-precision time service in the embodiment of the present invention
Flow chart.
Specific embodiment
The purpose of the present invention is to provide one kind to obtain firewall configuration based on Beidou subnanosecond grade high-precision Service of Timing
The high Precision Processing delay of rule, and delay data is depicted as delay characteristic profile, it prevents fires according under analysis Different Rule
Whether the delay characteristic profile detection firewall rule of wall changes.Improve detection method in the prior art or dress
Setting, which there is technical issues that be easy, carries out firewall rule.
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention
In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is
A part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art
Every other embodiment obtained without creative efforts, shall fall within the protection scope of the present invention.
Embodiment one
The detection device for present embodiments providing the firewall rule variation based on Beidou subnanosecond grade high-precision time service, is asked
Referring to Fig. 1, the device include: signal time stamp generator 101, hardware firewall 102, program of giving out a contract for a project 103, packet receiving program 104 with
And delay characteristic profile drawing program 105, wherein
Program of giving out a contract for a project 101, for sending the data packet of specified format;
Hardware firewall 102 is configured with firewall rule thereon, be used to carry out the detection of regular variation;
Signal time stamp generator 103, the data packet for the specified format to program transmission of giving out a contract for a project are marked, and generate mark
Note has the data packet of subnanosecond grade timestamp, wherein the data packet for being marked with subnanosecond grade timestamp includes preventing fires by hardware
The first data packet set before wall and the second data packet set after hardware firewall;
Packet receiving program 104, for according to preset matching algorithm to the first data packet set received and the second data packet
Data packet in set is matched, and delay of each data packet Jing Guo hardware firewall is calculated;
Be delayed characteristic profile drawing program 105, for the delay according to the data packet under different fire-proof rule condition,
Corresponding delay characteristic profile is drawn respectively, judges whether firewall rule becomes according to corresponding delay characteristic profile
Change.
Specifically, signal time stamp generator 103 is for generating the data packet for being marked with subnanosecond grade timestamp;Give out a contract for a project journey
Sequence 101 refers to the program that specified format data packet can be sent in a computer;Packet receiving program refers on another computer
The program of received data packet, the major function of packet receiving program are that timestamp in each data packet is taken out after receiving data packet simultaneously
Carry out the calculating of time difference;The characteristic profile drawing program that is delayed is used for every time by the processed a large amount of delays of packet receiving program
Data are handled, and are depicted as delay characteristic profile, and the packet delay feature under different fire-proof rule is compared in analysis
Distribution map is judged to whether firewall rule changes.
When it is implemented, configured rule file is first imported firewall, the rule of firewall is configured.Delay
Characteristic profile drawing program is write by Matlab programming language, specifically, being to utilize plot () letter in Matlab language
Several pairs of mass data packet delay data carry out the drafting of line graph, in this, as delay characteristic profile.
The delay of data packet under different fire-proof rule condition refers to through modification firewall configuration rule front and back, meter
The delay data of calculating.For example, the rule of the configuration for hardware firewall, calculates delay data by packet receiving program, when
After modifying configuration rule, under identical condition, then the delay data after alteration ruler is calculated by packet receiving program.
In one embodiment, the packet receiving program in the embodiment of the present invention, is specifically used for:
The data packet in the first data packet set and the second data packet set is matched according to preset matching algorithm,
Obtain corresponding data packet;
According to the data packet that matching obtains, the difference of corresponding timestamp is calculated, corresponding data packet is obtained according to difference and is passed through
The delay of hardware firewall.
Specifically, preset matching algorithm is used for in the data packet and the second data packet set in the first data packet set
Data packet matched, obtain corresponding data packet.When packet receiving program receives largely by the generation of signal time stamp generator
After being marked with the data packet of subnanosecond grade timestamp, then it can be matched when being marked with subnanosecond grade according to preset matching algorithm
Between the data packet stabbed, calculate high-precision delay of the corresponding data packet Jing Guo hardware firewall.
In one embodiment, be delayed characteristic profile drawing program, is specifically used for:
The configuration rule of firewall is changed,
According to the delay data of change front and back, delay number of the data packet Jing Guo hardware firewall under different configuration rules is obtained
According to.
Specifically, in order to be more precisely detected, the present invention is obtained not by the configuration rule of change firewall
Pass through the delay data of firewall with the lower data packet of rule.
Specifically, be delayed characteristic profile drawing program, is specifically used for:
By the delay characteristic profile of the drafting according to the calculated preset data packet of packet receiving program Jing Guo hardware firewall,
As the first distribution map before change;
By the drafting of the hardware firewall according to the calculated preset data packet of packet receiving program after changing configuration rule
Delay characteristic profile, as the second distribution map after change;
According to the difference of the first distribution map and the second distribution map, judge whether configuration rule changes.
When it is implemented, can quantity to configuration rule or content modify, to match to hardware firewall
It sets rule to modify, and then draws the first distribution map and change before change respectively by the characteristic profile drawing program that is delayed
The second distribution map afterwards, is finally judged according to the difference of the first distribution map and the second distribution map.
Specifically, delay characteristic profile drawing program is also used to:
The first distribution map and the corresponding matched curve of the second distribution map are fitted using default tool;
Whether in error range the function coefficients of corresponding matched curve are judged, if it is, determining configuration rule not
It changes, if it is not, then determining that configuration rule changes.
Specifically, the corresponding fitting song of each delay distribution characteristics figure is fitted using the fitting tool in Matlab
Line, compares whether in error range different delayed time characteristic profile fits the matched curve function coefficients come, is sentenced with this
Whether disconnected characteristic profile is consistent, i.e., whether firewall rule is changed.
In one embodiment, the configuration rule for changing firewall includes:
Change the quantity of configuration rule.
It is specific below by one in order to illustrate more clearly of the beneficial effect of Time delay measurement device provided by the invention
Example refers to Fig. 2.
When it is implemented, configured rule file is first imported firewall, the rule of firewall is configured.
Step 1, experimental facilities is built according to implementation model, sees Fig. 2.
Step 2, the program of giving out a contract for a project on PC1 sets and give out a contract for a project operation (for example, data to PC2 after the format of data packet
Packet is dimensioned to 64KB, and frequency of giving out a contract for a project is 100Hz).When data packet 0 is generated before entering hardware firewall by signal time stamp
Device 1 detects, and generates one and mark the data packet 1 for having the subnanosecond grade timestamp of absolute time, and data packet 0 is through really up to the mark
It after part firewall, is detected by signal time stamp generator 2, and generates one and mark the subnanosecond grade time for having absolute time
The data packet 2 of stamp.
Step 3, data packet 1 and data packet 2 are transmitted to PC3 after being transmitted to interchanger, and the packet receiving program on PC3 is according to matching
Algorithm matches data packet 1 and data packet 2, and calculates the difference of corresponding timestamp, obtains corresponding data packet by hardware
The delay of firewall.Program of the giving out a contract for a project transmission data packet lasting with a certain frequency (100Hz), each data packet pass through step 3,
Lasting transmission data packet for a period of time after, packet receiving program, which can calculate, produces mass data packet delay data.
Step 4, the analysis program on PC3 handles the mass data packet delay program that step 3 generates, first to its into
The filtering of row preliminary data, the main method of filtering is to leave out the very big data of error according to the threshold value of setting, then utilizes delay
Characteristic profile drawing program handles filtered delay data, that is, utilizes the plot () in Matlab language
Function carries out the drafting of line graph to packet delay data, generates corresponding delay characteristic profile, while utilizing Matlab
In fitting tool fit the corresponding matched curve of each delay distribution characteristics figure, obtain corresponding matched curve function.
Step 5, it modifies to former firewall rule configuration file, and imports firewall, change the configuration rule of firewall
Then, regular quantity etc. such as in change firewall.Then, fire prevention of the step 1 to step 4, after being changed successively is executed
The matched curve function of data delay characteristic profile under wall configuration rule.Compare firewall after meta-rule and change under rule
Characteristic profile matched curve function coefficient whether in error range, to judge whether firewall rule changes.
On the whole, measuring device provided by the invention, mainly design by time stamp generator as shown in figure 3, marked
Then data packet calculates data packet and is delayed by the high-precision of firewall, draws time-delay characteristic then according to high-precision delay data
Distribution map is levied, then analyzes the characteristic profile under different configuration rules, if is had differences, and if so, determining configuration rule
It changes, does not otherwise change.
The detection device that embodiment of the present invention provides has the following advantages that or advantageous effects:
1, Beidou subnanosecond grade high-precision Service of Timing is applied to the detection of configuration rule variation inside firewall, to sentence
Whether disconnected firewall configuration rule is changed.Beidou subnanosecond grade high-precision Service of Timing is capable of providing time granularity as Asia
The time of nanosecond, at the same firewall inside every configuration rule in action when there is also delays, and the delay precision be receive
Second grade, therefore, the former, which is applied to the latter, can accurately measure the processing delay of firewall configuration rule, and detect firewall
Whether rule is changed.
2, the signal time stamp for being accurate to subnanosecond grade timing based on Beidou subnanosecond grade high-precision Service of Timing development is raw
It grows up to be a useful person, which can be to the High Precision Time Stamps of subnanosecond grade in packet marking, inside device measurement firewall
The processing of configuration rule is delayed.
3, the timing of subnanosecond grade can be accomplished and according to the data packet life detected by installing one respectively at firewall both ends
At the device of current accurate timing timestamp, signal in the device real time monitoring network generates timestamp and simultaneously passes through interchanger
It is sent to host, host is received from the ethernet signal added with precise time stamp information for sending end device and receiving end device,
Data packet is obtained by calculation to be delayed by the high-precision of firewall.It obtains at the firewall rule having under Different Rule configuration
Delay data is managed, and is depicted as firewall rule processing delay characteristic profile, firewall rule situation of change is detected with this.
When the rule configured in firewall is different, data packet has difference by its delay characteristic profile.This skill
Art becomes corresponding delay characteristic profile by obtaining the packet delay under Different Rule configuration firewall, and drawing, so
Compare the difference between distribution map afterwards, the variation of firewall rule is detected with this.
Based on the same inventive concept, present invention also provides in embodiment one be based on the high-precision time service of Beidou subnanosecond grade
Firewall rule variation detection device realize measurement method, detailed in Example two.
Embodiment two
Present embodiments provide a kind of detection side of firewall rule variation based on Beidou subnanosecond grade high-precision time service
Method refers to Fig. 4, this method comprises:
Step S201: the data packet of specified format is sent by program of giving out a contract for a project;
Step S202: being marked by data packet of the signal time stamp generator to the specified format for program transmission of giving out a contract for a project,
Generate the data packet for being marked with subnanosecond grade timestamp, wherein the data packet for being marked with subnanosecond grade timestamp includes through really up to the mark
The first data packet set before part firewall and the second data packet set after hardware firewall;
Step S203: by packet receiving program according to preset matching algorithm to the first data packet set received and the second number
It is matched according to the data packet in packet set, calculates delay of each data packet Jing Guo hardware firewall;
Step S204: by the characteristic profile drawing program that is delayed, according to the data packet under different fire-proof rule condition
Delay, draw corresponding delay characteristic profile respectively, judge that firewall rule is according to corresponding delay characteristic profile
It is no to change.
In one embodiment, by packet receiving program according to preset matching algorithm to the first data packet set received
It is matched with the data packet in the second data packet set, calculates delay of each data packet Jing Guo hardware firewall, specifically
Include:
The data packet in the first data packet set and the second data packet set is matched according to preset matching algorithm,
Obtain corresponding data packet;
According to the data packet that matching obtains, the difference of corresponding timestamp is calculated, corresponding data packet is obtained according to difference and is passed through
The delay of hardware firewall.
In one embodiment, the delay of the data packet under different fire-proof rule condition is obtained by following manner:
The configuration rule of firewall is changed,
According to the delay data of change front and back, delay number of the data packet Jing Guo hardware firewall under different configuration rules is obtained
According to.
In one embodiment, it according to the delay of the data packet under different fire-proof rule condition, draws correspond to respectively
Delay characteristic profile, judge whether firewall rule changes according to corresponding delay characteristic profile, specifically include:
By the delay characteristic profile of the drafting according to the calculated preset data packet of packet receiving program Jing Guo hardware firewall,
As the first distribution map before change;
By the drafting of the hardware firewall according to the calculated preset data packet of packet receiving program after changing configuration rule
Delay characteristic profile, as the second distribution map after change;
According to the difference of the first distribution map and the second distribution map, judge whether configuration rule changes.
By the method that the embodiment of the present invention two is introduced, for based on being based on Beidou subnanosecond grade in the embodiment of the present invention one
The method that the detection device of the firewall rule variation of high-precision time service is realized, so introduced based on the embodiment of the present invention one
Device, the affiliated personnel in this field can understand the specific implementation process of this method, so details are not described herein.It is all to be based on this
Method used by the device of inventive embodiments one belongs to the range of the invention to be protected.
It should be understood by those skilled in the art that, the embodiment of the present invention can provide as method, system or computer program
Product.Therefore, complete hardware embodiment, complete software embodiment or reality combining software and hardware aspects can be used in the present invention
Apply the form of example.Moreover, it wherein includes the computer of computer usable program code that the present invention, which can be used in one or more,
The computer program implemented in usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) produces
The form of product.
Although preferred embodiments of the present invention have been described, it is created once a person skilled in the art knows basic
Property concept, then additional changes and modifications can be made to these embodiments.So it includes excellent that the following claims are intended to be interpreted as
It selects embodiment and falls into all change and modification of the scope of the invention.
Obviously, those skilled in the art can carry out various modification and variations without departing from this hair to the embodiment of the present invention
The spirit and scope of bright embodiment.In this way, if these modifications and variations of the embodiment of the present invention belong to the claims in the present invention
And its within the scope of equivalent technologies, then the present invention is also intended to include these modifications and variations.
Claims (10)
1. the detection device that the firewall rule based on Beidou subnanosecond grade high-precision time service changes, which is characterized in that the device
Include: signal time stamp generator, hardware firewall, program of giving out a contract for a project, packet receiving program and delay characteristic profile drawing program,
In,
Give out a contract for a project program, for sending the data packet of specified format;
Hardware firewall is configured with firewall rule thereon, be used to carry out the detection of regular variation;
Signal time stamp generator, the data packet for the specified format to program transmission of giving out a contract for a project are marked, and generation is marked with Asia
The data packet of nsec stamp, wherein the data packet for being marked with subnanosecond grade timestamp includes by before hardware firewall
The first data packet set and the second data packet set after hardware firewall;
Packet receiving program, for according to preset matching algorithm in the first data packet set and the second data packet set received
Data packet is matched, and delay of each data packet Jing Guo hardware firewall is calculated;
Delay characteristic profile drawing program is drawn respectively for the delay according to the data packet under different fire-proof rule condition
Corresponding delay characteristic profile is made, judges whether firewall rule changes according to corresponding delay characteristic profile.
2. device as described in claim 1, which is characterized in that packet receiving program is specifically used for:
The data packet in the first data packet set and the second data packet set is matched according to preset matching algorithm, is obtained
Corresponding data packet;
According to the data packet that matching obtains, the difference of corresponding timestamp is calculated, corresponding data packet is obtained by hardware according to difference
The delay of firewall.
3. device as described in claim 1, which is characterized in that delay characteristic profile drawing program is specifically used for:
The configuration rule of firewall is changed,
According to the delay data of change front and back, delay data of the data packet Jing Guo hardware firewall under different configuration rules is obtained.
4. device as claimed in claim 3, which is characterized in that delay characteristic profile drawing program is specifically used for:
By the delay characteristic profile of the drafting according to the calculated preset data packet of packet receiving program Jing Guo hardware firewall, as
The first distribution map before change;
The delay that will be drawn according to hardware firewall of the calculated preset data packet of packet receiving program after changing configuration rule
Characteristic profile, as the second distribution map after change;
According to the difference of the first distribution map and the second distribution map, judge whether configuration rule changes.
5. device as claimed in claim 4, which is characterized in that delay characteristic profile drawing program is also used to:
The first distribution map and the corresponding matched curve of the second distribution map are fitted using default tool;
Whether in error range the function coefficients of corresponding matched curve are judged, if it is, determining that configuration rule does not occur
Variation, if it is not, then determining that configuration rule changes.
6. device as claimed in claim 3, which is characterized in that the configuration rule for changing firewall includes:
Change the quantity of configuration rule.
7. a kind of detection method based on any one of claim 1 to claim 6 claim described device, feature exist
In, this method comprises:
The data packet of specified format is sent by program of giving out a contract for a project;
It is marked by data packet of the signal time stamp generator to the specified format for program transmission of giving out a contract for a project, generation is marked with Ya Na
The data packet of second grade timestamp, wherein the data packet for being marked with subnanosecond grade timestamp includes by before hardware firewall
First data packet set and the second data packet set after hardware firewall;
By packet receiving program according to preset matching algorithm in the first data packet set and the second data packet set received
Data packet is matched, and delay of each data packet Jing Guo hardware firewall is calculated;
It is drawn respectively by delay characteristic profile drawing program according to the delay of the data packet under different fire-proof rule condition
Corresponding delay characteristic profile is made, judges whether firewall rule changes according to corresponding delay characteristic profile.
8. the method for claim 7, which is characterized in that by packet receiving program according to preset matching algorithm to receiving
Data packet in first data packet set and the second data packet set is matched, and is calculated each data packet and is prevented fires by hardware
The delay of wall, specifically includes:
The data packet in the first data packet set and the second data packet set is matched according to preset matching algorithm, is obtained
Corresponding data packet;
According to the data packet that matching obtains, the difference of corresponding timestamp is calculated, corresponding data packet is obtained by hardware according to difference
The delay of firewall.
9. the method for claim 7, which is characterized in that the delay of the data packet under different fire-proof rule condition passes through
Following manner obtains:
The configuration rule of firewall is changed,
According to the delay data of change front and back, delay data of the data packet Jing Guo hardware firewall under different configuration rules is obtained.
10. method as claimed in claim 9, which is characterized in that according to prolonging for the data packet under different fire-proof rule condition
When, corresponding delay characteristic profile is drawn respectively, judges whether firewall rule is sent out according to corresponding delay characteristic profile
Changing specifically includes:
By the delay characteristic profile of the drafting according to the calculated preset data packet of packet receiving program Jing Guo hardware firewall, as
The first distribution map before change;
By prolonging for the drafting of the hardware firewall according to the calculated preset data packet of packet receiving program after changing configuration rule
When characteristic profile, as the second distribution map after change;
According to the difference of the first distribution map and the second distribution map, judge whether configuration rule changes.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910132820.9A CN109873822B (en) | 2019-02-22 | 2019-02-22 | Device and method for detecting firewall rule change based on Beidou subnanosecond high-precision time service |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910132820.9A CN109873822B (en) | 2019-02-22 | 2019-02-22 | Device and method for detecting firewall rule change based on Beidou subnanosecond high-precision time service |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109873822A true CN109873822A (en) | 2019-06-11 |
| CN109873822B CN109873822B (en) | 2020-06-23 |
Family
ID=66919148
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910132820.9A Active CN109873822B (en) | 2019-02-22 | 2019-02-22 | Device and method for detecting firewall rule change based on Beidou subnanosecond high-precision time service |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109873822B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112637152A (en) * | 2020-12-08 | 2021-04-09 | 国汽(北京)智能网联汽车研究院有限公司 | Vehicle-mounted Ethernet firewall system, communication delay determination method and device |
| CN113709099A (en) * | 2021-07-12 | 2021-11-26 | 新华三大数据技术有限公司 | Method, device, equipment and storage medium for issuing mixed cloud firewall rules |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1734690A1 (en) * | 2005-06-17 | 2006-12-20 | Alcatel | Performance monitoring of frame transmission in a data network utilising OAM protocols |
| US20080229419A1 (en) * | 2007-03-16 | 2008-09-18 | Microsoft Corporation | Automated identification of firewall malware scanner deficiencies |
| CN103986943A (en) * | 2014-05-31 | 2014-08-13 | 中国科学院国家授时中心 | Large-ring time delay measurement method of digital satellite television timing system |
| CN104092676A (en) * | 2014-06-30 | 2014-10-08 | 复旦大学 | Parallel firewall rule anomaly detection method for cloud data center environment firewall as service |
| CN106027193A (en) * | 2016-07-07 | 2016-10-12 | 广州市国飞信息科技有限公司 | Clock synchronization method, module, equipment and system for network timing system |
| CN106292267A (en) * | 2016-07-28 | 2017-01-04 | 武汉纳时科技有限公司 | A kind of GNSS high accuracy time service terminal system and time service method |
| CN106501626A (en) * | 2016-12-12 | 2017-03-15 | 国网山东省电力公司菏泽供电公司 | A kind of wide area kernel phase system based on synchronous phasor measurement |
| CN108540347A (en) * | 2018-04-11 | 2018-09-14 | 武汉大学 | The two end signal time-delayed sequence of cable traced to the source for network signal matches generation method |
-
2019
- 2019-02-22 CN CN201910132820.9A patent/CN109873822B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1734690A1 (en) * | 2005-06-17 | 2006-12-20 | Alcatel | Performance monitoring of frame transmission in a data network utilising OAM protocols |
| US20080229419A1 (en) * | 2007-03-16 | 2008-09-18 | Microsoft Corporation | Automated identification of firewall malware scanner deficiencies |
| CN103986943A (en) * | 2014-05-31 | 2014-08-13 | 中国科学院国家授时中心 | Large-ring time delay measurement method of digital satellite television timing system |
| CN104092676A (en) * | 2014-06-30 | 2014-10-08 | 复旦大学 | Parallel firewall rule anomaly detection method for cloud data center environment firewall as service |
| CN106027193A (en) * | 2016-07-07 | 2016-10-12 | 广州市国飞信息科技有限公司 | Clock synchronization method, module, equipment and system for network timing system |
| CN106292267A (en) * | 2016-07-28 | 2017-01-04 | 武汉纳时科技有限公司 | A kind of GNSS high accuracy time service terminal system and time service method |
| CN106501626A (en) * | 2016-12-12 | 2017-03-15 | 国网山东省电力公司菏泽供电公司 | A kind of wide area kernel phase system based on synchronous phasor measurement |
| CN108540347A (en) * | 2018-04-11 | 2018-09-14 | 武汉大学 | The two end signal time-delayed sequence of cable traced to the source for network signal matches generation method |
Non-Patent Citations (1)
| Title |
|---|
| 庞立华: "IP网络中端到端时延特性的测量与估计", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112637152A (en) * | 2020-12-08 | 2021-04-09 | 国汽(北京)智能网联汽车研究院有限公司 | Vehicle-mounted Ethernet firewall system, communication delay determination method and device |
| CN112637152B (en) * | 2020-12-08 | 2023-03-24 | 国汽(北京)智能网联汽车研究院有限公司 | Vehicle-mounted Ethernet firewall system, communication delay determination method and device |
| CN113709099A (en) * | 2021-07-12 | 2021-11-26 | 新华三大数据技术有限公司 | Method, device, equipment and storage medium for issuing mixed cloud firewall rules |
| CN113709099B (en) * | 2021-07-12 | 2023-11-07 | 新华三大数据技术有限公司 | Mixed cloud firewall rule issuing method, device, equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109873822B (en) | 2020-06-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113961434A (en) | Method and system for monitoring abnormal behaviors of distributed block chain system users | |
| US20170041126A1 (en) | Modeling a clock | |
| CN104102687A (en) | Identification and classification of web traffic inside encrypted network tunnels | |
| CN104731914A (en) | Method for detecting user abnormal behavior based on behavior similarity | |
| CN109873822A (en) | The detection device and method of firewall rule variation based on Beidou subnanosecond grade high-precision time service | |
| JP2007243368A5 (en) | ||
| JP2007243368A (en) | Congestion path classification method of classifying congestion path from packet delay, management apparatus and program | |
| CN109543065A (en) | A kind of video active identification method of combination block chain | |
| CN106407768B (en) | A kind of determination of device-fingerprint, the method and apparatus that target device is identified | |
| CN110460608B (en) | Situation awareness method and system including correlation analysis | |
| CN106330611A (en) | Anonymous protocol classification method based on statistical feature classification | |
| CN107145779A (en) | A kind of recognition methods of offline Malware daily record and device | |
| CN108574668A (en) | A kind of ddos attack peak flow prediction technique based on machine learning | |
| CN105631325B (en) | A kind of malicious application detection method and device | |
| CN108270761A (en) | A kind of domain name legitimacy detection method and device | |
| CN105871861B (en) | A kind of intrusion detection method of self study protocol rule | |
| CN114155083A (en) | Transaction detection method, device and equipment based on block chain and readable storage medium | |
| CN116938683A (en) | Network path analysis system and method based on network security anomaly detection | |
| CN106850658B (en) | The network malicious act detection method of real-time online study | |
| MX2022008154A (en) | Network security protection method and protection device. | |
| CN105873085B (en) | Node recognition methods is cloned based on physic channel information and the wireless sensor network of degree of belief | |
| CN105634863B (en) | A kind of method and apparatus of application protocol detection | |
| CN113067802B (en) | User identification method, device, equipment and computer readable storage medium | |
| CN110784330B (en) | Method and device for generating application recognition model | |
| CN110493217B (en) | Distributed situation perception method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |