CN109873822B - Device and method for detecting firewall rule change based on Beidou subnanosecond high-precision time service - Google Patents
Device and method for detecting firewall rule change based on Beidou subnanosecond high-precision time service Download PDFInfo
- Publication number
- CN109873822B CN109873822B CN201910132820.9A CN201910132820A CN109873822B CN 109873822 B CN109873822 B CN 109873822B CN 201910132820 A CN201910132820 A CN 201910132820A CN 109873822 B CN109873822 B CN 109873822B
- Authority
- CN
- China
- Prior art keywords
- data packet
- firewall
- delay
- data
- packet
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a device and a method for detecting firewall rule change based on Beidou subnanosecond high-precision time service. The invention can realize accurate detection of the firewall rule change without damaging the firewall configuration rule.
Description
Technical Field
The invention relates to the technical field of network security, in particular to a device and a method for detecting firewall rule change based on Beidou subnanosecond high-precision time service.
Background
Nowadays, network security devices play an increasingly important role in ensuring network security and robustness. Aiming at the rapid growth of WWW, FTP, P2P and game service applications in the current network, the enhancement of the detection of network security equipment and the network becomes a necessary link, and a firewall is a typical representative of the network security equipment.
The inventor of the present application finds that the method of the prior art has at least the following technical problems in the process of implementing the present invention:
when the configuration rule in the firewall is in action, delay exists, when the configuration rule changes, the total rule processing delay of the firewall also changes, and the delay precision of each rule processing of the firewall is in nanosecond level. In the detection device or method in the prior art, the firewall rules are directly detected and easily damaged, but the firewall is taken as a whole hardware and is not suitable for destructive detection.
Therefore, the detection method or the detection device in the prior art has the technical problem that the firewall rules are easy to be damaged.
Disclosure of Invention
In view of the above, the invention provides a device and a method for detecting firewall rule changes based on Beidou subnanosecond high-precision time service, which are used for solving or at least partially solving the technical problem that the firewall rules are easily damaged in the detection method or device in the prior art.
The invention provides a first aspect of a device for detecting firewall rule change based on Beidou subnanosecond high-precision time service, which comprises: a signal timestamp generator, a hardware firewall, a packet sending program, a packet receiving program and a delay profile mapping program, wherein,
a packet sending program for sending a data packet of a specified format;
a hardware firewall on which firewall rules are configured, the hardware firewall being used for detecting a rule change;
the system comprises a signal timestamp generator, a first data packet generator and a second data packet generator, wherein the signal timestamp generator is used for marking a data packet in a specified format sent by a packet sending program and generating a data packet marked with a subnanosecond timestamp, and the data packet marked with the subnanosecond timestamp comprises a first data packet set before passing through a hardware firewall and a second data packet set after passing through the hardware firewall;
the packet receiving program is used for matching the received data packets in the first data packet set and the second data packet set according to a preset matching algorithm and calculating the delay of each data packet through a hardware firewall;
and the delay characteristic distribution diagram drawing program is used for respectively drawing corresponding delay characteristic distribution diagrams according to the delay of the data packets under different firewall rule conditions, and judging whether the firewall rules change or not according to the corresponding delay characteristic distribution diagrams.
In one embodiment, the package receiving program of the present invention is specifically configured to:
matching the data packets in the first data packet set and the second data packet set according to a preset matching algorithm to obtain corresponding data packets;
and calculating the difference value of the corresponding timestamp according to the data packet obtained by matching, and obtaining the delay of the corresponding data packet through the hardware firewall according to the difference value.
In one embodiment, the time-lapse feature profile drawing program of the present invention is specifically configured to:
the configuration rules of the firewall are changed so that,
and obtaining the delay data of the data packets passing through the hardware firewall under different configuration rules according to the delay data before and after the change.
In one embodiment, the time-lapse feature profile drawing program of the present invention is specifically configured to:
obtaining delay data after a preset data packet calculated according to a packet receiving program passes through a hardware firewall, and drawing a delay characteristic distribution map as a first distribution map before modification;
drawing a delay characteristic distribution diagram serving as a modified second distribution diagram according to delay data obtained by a hardware firewall after a preset data packet calculated according to a packet receiving program is subjected to configuration rule modification;
and judging whether the configuration rule changes or not according to the difference between the first distribution diagram and the second distribution diagram.
In one embodiment, the time-lapse feature profiling program of the present invention is further configured to:
fitting a fitting curve corresponding to the first distribution diagram and the second distribution diagram by using a preset tool;
and judging whether the function coefficient of the corresponding fitting curve is within the error range, if so, judging that the configuration rule is not changed, and if not, judging that the configuration rule is changed.
In one embodiment, altering the configuration rules of the firewall includes:
the number of configuration rules is changed.
Based on the same inventive concept, the second aspect of the present invention provides a detection method based on the apparatus of the first aspect, the method comprising:
sending a data packet with a specified format through a packet sending program;
marking a data packet in a specified format sent by a packet sending program through a signal timestamp generator to generate a data packet marked with a subnanosecond timestamp, wherein the data packet marked with the subnanosecond timestamp comprises a first data packet set passing through a hardware firewall and a second data packet set passing through the hardware firewall;
matching the received data packets in the first data packet set and the second data packet set according to a preset matching algorithm through a packet receiving program, and calculating the delay of each data packet through a hardware firewall;
and respectively drawing corresponding delay characteristic distribution graphs according to the delays of the data packets under different firewall rule conditions through a delay characteristic distribution graph drawing program, and judging whether the firewall rules change or not according to the corresponding delay characteristic distribution graphs.
In one embodiment, matching, by a packet receiving program, data packets in a first data packet set and a second data packet set received according to a preset matching algorithm, and calculating a delay of each data packet through a hardware firewall specifically includes:
matching the data packets in the first data packet set and the second data packet set according to a preset matching algorithm to obtain corresponding data packets;
and calculating the difference value of the corresponding timestamp according to the data packet obtained by matching, and obtaining the delay of the corresponding data packet through the hardware firewall according to the difference value.
In one embodiment, the delays of the packets under different firewall rule conditions are obtained by:
the configuration rules of the firewall are changed so that,
and obtaining the delay data of the data packets passing through the hardware firewall under different configuration rules according to the delay data before and after the change.
In one embodiment, the method for determining whether a firewall rule changes according to a corresponding delay characteristic distribution map includes:
obtaining delay data after a preset data packet calculated according to a packet receiving program passes through a hardware firewall, and drawing a delay characteristic distribution map as a first distribution map before modification;
drawing a delay characteristic distribution diagram serving as a modified second distribution diagram according to delay data obtained by a hardware firewall after a preset data packet calculated according to a packet receiving program is subjected to configuration rule modification;
and judging whether the configuration rule changes or not according to the difference between the first distribution diagram and the second distribution diagram.
One or more technical solutions in the embodiments of the present application have at least one or more of the following technical effects:
the invention provides a device for detecting the change of a firewall rule of Beidou subnanosecond high-precision time service, which comprises: the system comprises a packet sending program used for sending data packets with specified formats, a hardware firewall configured with firewall rules and used for detecting rule changes, a signal timestamp generator used for marking the data packets with the specified formats sent by the packet sending program and generating data packets marked with subnanosecond timestamps, a packet receiving program used for matching the data packets in a first data packet set and a second data packet set according to a preset matching algorithm and calculating the delay of each data packet passing through the hardware firewall and a delay characteristic distribution map used for respectively drawing corresponding delay characteristic distribution maps according to the delay of the data packets under different firewall rule conditions, and a delay characteristic distribution map drawing program used for judging whether the firewall rules change according to the corresponding delay characteristic distribution maps.
Compared with the detection device in the prior art, the invention provides the Beidou subnanosecond high-precision time service bypass detection device, which is based on the fact that the detection device in the prior art can damage a hardware firewall. Meanwhile, a signal timestamp generator accurate to subnanosecond timing is researched and developed based on the Beidou subnanosecond high-precision time service technology and used for obtaining high-precision time delay of a firewall configuration rule for processing a data packet, and time delay characteristic distribution graphs under different firewall rules are drawn and analyzed and compared to detect changes of the firewall rules. The method and the device can accurately measure whether the firewall rules change or not, and can not damage the internal rules of the hardware firewall.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
FIG. 1 is a block diagram of a detection device for firewall rule change based on Beidou subnanosecond high-precision time service in the embodiment of the invention;
FIG. 2 is a schematic diagram of an embodiment of a firewall rule change detection using the apparatus shown in FIG. 1;
FIG. 3 is a conceptual diagram of the apparatus shown in FIG. 1 for firewall rule change detection;
FIG. 4 is a flowchart of a method for detecting firewall rule changes in Beidou subnanosecond high-precision time service in the embodiment of the invention.
Detailed Description
The invention aims to provide a method for acquiring high-precision processing delay of a firewall configuration rule based on a Beidou subnanosecond high-precision time service technology, drawing delay data into a delay characteristic distribution diagram, and detecting whether the firewall rule changes or not according to analysis of the delay characteristic distribution diagram of the firewall under different rules. The technical problem that the firewall rules are easy to damage in the detection method or device in the prior art is solved.
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Example one
This embodiment provides a detection device based on fire wall rule change of big dipper subnanosecond level high accuracy time service, please refer to fig. 1, and the device includes: a signal timestamp generator 101, a hardware firewall 102, a packet sending program 103, a packet receiving program 104, and a delay profile mapping program 105, wherein,
a packet sending program 101 for sending a data packet of a specified format;
a hardware firewall 102 on which firewall rules are configured and which is used to detect a change in the rules;
the signal timestamp generator 103 is configured to mark a data packet in a specified format sent by a packet sending program, and generate a data packet marked with a subnanosecond timestamp, where the data packet marked with the subnanosecond timestamp includes a first data packet set before passing through a hardware firewall and a second data packet set after passing through the hardware firewall;
a packet receiving program 104, configured to match data packets in the received first data packet set and second data packet set according to a preset matching algorithm, and calculate a delay of each data packet through a hardware firewall;
and a delay characteristic distribution diagram drawing program 105, configured to respectively draw corresponding delay characteristic distribution diagrams according to delays of data packets under different firewall rule conditions, and determine whether a firewall rule changes according to the corresponding delay characteristic distribution diagrams.
Specifically, the signal timestamp generator 103 is configured to generate a data packet marked with a sub-nanosecond timestamp; the package issuing program 101 is a program that can send a data package of a specified format in one computer; the packet receiving program is a program for receiving data packets on another computer, and the main function of the packet receiving program is to take out the timestamp on each data packet after receiving the data packets and calculate the time difference; the delay characteristic distribution diagram drawing program is used for processing a large amount of delay data processed by the packet receiving program each time, drawing the delay characteristic distribution diagram, analyzing and comparing the delay characteristic distribution diagrams of the data packets under different firewall rules, and judging whether the firewall rules change.
When the method is implemented specifically, the configured rule file is firstly imported into the firewall, and the rules of the firewall are configured. The delay characteristic distribution diagram drawing program is written by a Matlab programming language, and specifically, a plot diagram is drawn on a large amount of data packet delay data by using a plot () function in the Matlab language, and the plot diagram is used as the delay characteristic distribution diagram.
The delay of the data packet under different firewall rule conditions refers to delay data calculated before and after the firewall configuration rule is modified. For example, for the configuration rule of the hardware firewall, the packet receiving program calculates the delay data, and after the configuration rule is modified, under the same condition, the packet receiving program calculates the delay data after the rule is modified.
In an embodiment, the package receiving program in the embodiment of the present invention is specifically configured to:
matching the data packets in the first data packet set and the second data packet set according to a preset matching algorithm to obtain corresponding data packets;
and calculating the difference value of the corresponding timestamp according to the data packet obtained by matching, and obtaining the delay of the corresponding data packet through the hardware firewall according to the difference value.
Specifically, the preset matching algorithm is used for matching the data packets in the first data packet set with the data packets in the second data packet set to obtain corresponding data packets. And when the packet receiving program receives a large number of data packets marked with subnanosecond timestamps generated by the signal timestamp generator, matching the data packets marked with the subnanosecond timestamps according to a preset matching algorithm, and calculating the high-precision delay of the corresponding data packets passing through the hardware firewall.
In one embodiment, the time-lapse feature profile drawing program is specifically configured to:
the configuration rules of the firewall are changed so that,
and obtaining the delay data of the data packets passing through the hardware firewall under different configuration rules according to the delay data before and after the change.
Specifically, in order to perform more accurate detection, the invention obtains the delay data of the data packet passing through the firewall under different rules by changing the configuration rule of the firewall.
Specifically, the time-lapse feature profile drawing program is specifically configured to:
obtaining delay data after a preset data packet calculated according to a packet receiving program passes through a hardware firewall, and drawing a delay characteristic distribution map as a first distribution map before modification;
drawing a delay characteristic distribution diagram serving as a modified second distribution diagram according to delay data obtained by a hardware firewall after a preset data packet calculated according to a packet receiving program is subjected to configuration rule modification;
and judging whether the configuration rule changes or not according to the difference between the first distribution diagram and the second distribution diagram.
In specific implementation, the number or the content of the configuration rules can be modified, so that the configuration rules of the hardware firewall are modified, the first distribution diagram before modification and the second distribution diagram after modification are respectively drawn through a delay characteristic distribution diagram drawing program, and finally judgment is carried out according to the difference between the first distribution diagram and the second distribution diagram.
Specifically, the time-lapse feature profile drawing program is further configured to:
fitting a fitting curve corresponding to the first distribution diagram and the second distribution diagram by using a preset tool;
and judging whether the function coefficient of the corresponding fitting curve is within the error range, if so, judging that the configuration rule is not changed, and if not, judging that the configuration rule is changed.
Specifically, a fitting curve corresponding to each delay distribution characteristic diagram is fitted by using a fitting tool in Matlab, and whether the fitting curve function coefficients fitted by different delay characteristic distribution diagrams are within an error range is compared, so that whether the characteristic distribution diagrams are consistent, namely whether the firewall rules are changed is judged.
In one embodiment, altering the configuration rules of the firewall includes:
the number of configuration rules is changed.
To more clearly illustrate the beneficial effects of the delay measuring device provided by the present invention, please refer to fig. 2 below by way of a specific example.
When the method is implemented specifically, the configured rule file is firstly imported into the firewall, and the rules of the firewall are configured.
Step 1, experimental equipment is built according to the implementation model, and the experimental equipment is shown in figure 2.
In step 2, the packetizing program on the PC1 sets the format of the packet and then performs packetizing operation on the PC2 (for example, the packet size is set to 64KB and the packetizing frequency is 100 Hz). When the data packet 0 enters the hardware firewall, the signal timestamp generator 1 detects the data packet 0 and generates a data packet 1 marked with a sub-nanosecond timestamp of the current absolute time, and after the data packet 0 passes through the hardware firewall, the signal timestamp generator 2 detects the data packet 0 and generates a data packet 2 marked with a sub-nanosecond timestamp of the current absolute time.
And 3, transmitting the data packet 1 and the data packet 2 to a PC3 after transmitting the data packet 1 and the data packet 2 to a switch, matching the data packet 1 and the data packet 2 by a packet receiving program on the PC3 according to a matching algorithm, and calculating a difference value of corresponding time stamps to obtain the time delay of the corresponding data packets passing through a hardware firewall. The packet sending program continuously sends data packets at a certain frequency (100Hz), each data packet passes through the step 3, and after the data packets are continuously sent for a period of time, the packet receiving program can calculate and generate a large amount of data packet delay data.
And 4, processing the large amount of data packet delay programs generated in the step 3 by an analysis program on the PC3, firstly performing primary data filtering, wherein the filtering method mainly comprises the steps of deleting data with large errors according to a set threshold value, then processing the filtered delay data by using a delay characteristic distribution diagram drawing program, namely drawing a connection diagram on the data packet delay data by using a plot () function in Matlab language to generate a corresponding delay characteristic distribution diagram, and simultaneously fitting a fitting curve corresponding to each delay distribution characteristic diagram by using a fitting tool in Matlab to obtain a corresponding fitting curve function.
And 5, modifying the original firewall rule configuration file, importing the modified original firewall rule configuration file into the firewall, and changing the configuration rules of the firewall, such as changing the number of the rules in the firewall and the like. And then, sequentially executing the steps 1 to 4 to obtain a fitting curve function of the data delay characteristic distribution diagram under the modified firewall configuration rule. And comparing whether the coefficient of the characteristic distribution diagram fitting curve function of the firewall under the original rule and the modified rule is within the error range or not to judge whether the firewall rule changes or not.
Generally speaking, the measurement device provided by the invention is mainly conceived as shown in fig. 3, a data packet is marked by a timestamp generator, then high-precision delay of the data packet through a firewall is calculated, then a delay characteristic distribution diagram is drawn according to high-precision delay data, then the characteristic distribution diagrams under different configuration rules are analyzed, whether a difference exists or not is judged, if yes, the configuration rule is changed, otherwise, the configuration rule is not changed.
The detection device provided by the embodiment of the invention has the following advantages or beneficial technical effects:
1. the Beidou subnanosecond high-precision time service technology is applied to detection of change of the configuration rule in the firewall so as to judge whether the configuration rule of the firewall changes or not. The Beidou subnanosecond high-precision time service technology can provide time with the time granularity of subnanosecond, each configuration rule in the firewall has time delay when the configuration rule works, and the time delay precision is nanosecond, so that the time delay method is applied to the firewall, the processing time delay of the firewall configuration rule can be accurately measured, and whether the firewall rule changes or not is detected.
2. The device can mark subnanosecond high-precision time stamps on data packets, and measures the processing delay of the internal configuration rules of the firewall by using the device.
3. The device capable of achieving sub-nanosecond timing and generating the current accurate timing timestamp according to the detected data packet is installed at two ends of the firewall respectively, the device monitors signals in a network in real time, generates timestamps and sends the timestamps to the host through the switch, the host receives Ethernet signals which are from the sending end device and the receiving end device and are added with accurate timestamp information, and high-precision time delay of the data packet through the firewall is obtained through calculation. And obtaining firewall rule processing delay data with different rule configurations, and drawing a firewall rule processing delay characteristic distribution diagram so as to detect the change condition of the firewall rules.
When the rules configured in the firewall are different, the delay profile of the data packet passing through the data packet has difference. The technology configures the data packet delay under the firewall by acquiring different rules, draws corresponding delay characteristic distribution graphs, and then compares the difference between the distribution graphs so as to detect the change of the firewall rules.
Based on the same invention concept, the application also provides a measurement method realized by the detection device of the firewall rule change based on Beidou subnanosecond high-precision time service in the first embodiment, which is detailed in the second embodiment.
Example two
The embodiment provides a method for detecting firewall rule change based on Beidou subnanosecond high-precision time service, please refer to fig. 4, and the method includes:
step S201: sending a data packet with a specified format through a packet sending program;
step S202: marking a data packet in a specified format sent by a packet sending program through a signal timestamp generator to generate a data packet marked with a subnanosecond timestamp, wherein the data packet marked with the subnanosecond timestamp comprises a first data packet set passing through a hardware firewall and a second data packet set passing through the hardware firewall;
step S203: matching the received data packets in the first data packet set and the second data packet set according to a preset matching algorithm through a packet receiving program, and calculating the delay of each data packet through a hardware firewall;
step S204: and respectively drawing corresponding delay characteristic distribution graphs according to the delays of the data packets under different firewall rule conditions through a delay characteristic distribution graph drawing program, and judging whether the firewall rules change or not according to the corresponding delay characteristic distribution graphs.
In one embodiment, matching, by a packet receiving program, data packets in a first data packet set and a second data packet set received according to a preset matching algorithm, and calculating a delay of each data packet through a hardware firewall specifically includes:
matching the data packets in the first data packet set and the second data packet set according to a preset matching algorithm to obtain corresponding data packets;
and calculating the difference value of the corresponding timestamp according to the data packet obtained by matching, and obtaining the delay of the corresponding data packet through the hardware firewall according to the difference value.
In one embodiment, the delays of the packets under different firewall rule conditions are obtained by:
the configuration rules of the firewall are changed so that,
and obtaining the delay data of the data packets passing through the hardware firewall under different configuration rules according to the delay data before and after the change.
In one embodiment, the method for determining whether a firewall rule changes according to a corresponding delay characteristic distribution map includes:
obtaining delay data after a preset data packet calculated according to a packet receiving program passes through a hardware firewall, and drawing a delay characteristic distribution map as a first distribution map before modification;
drawing a delay characteristic distribution diagram serving as a modified second distribution diagram according to delay data obtained by a hardware firewall after a preset data packet calculated according to a packet receiving program is subjected to configuration rule modification;
and judging whether the configuration rule changes or not according to the difference between the first distribution diagram and the second distribution diagram.
Since the method introduced in the second embodiment of the present invention is implemented based on the device for detecting a firewall rule change based on the Beidou sub-nanosecond high-precision time service in the first embodiment of the present invention, based on the device introduced in the first embodiment of the present invention, a person skilled in the art can know a specific implementation process of the method, and thus details are not described herein. All methods adopted by the device based on the first embodiment of the invention belong to the protection scope of the invention.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the invention.
It will be apparent to those skilled in the art that various modifications and variations can be made in the embodiments of the present invention without departing from the spirit or scope of the embodiments of the invention. Thus, if such modifications and variations of the embodiments of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to encompass such modifications and variations.
Claims (10)
1. Detection device that firewall rule changes based on high accuracy time service of big dipper subnanosecond level, its characterized in that, the device includes: a signal timestamp generator, a hardware firewall, a packet sending program, a packet receiving program and a delay profile mapping program, wherein,
a packet sending program for sending a data packet of a specified format;
a hardware firewall on which firewall rules are configured, the hardware firewall being used for detecting a rule change;
the system comprises a signal timestamp generator, a first data packet generator and a second data packet generator, wherein the signal timestamp generator is used for marking a data packet in a specified format sent by a packet sending program and generating a data packet marked with a subnanosecond timestamp, and the data packet marked with the subnanosecond timestamp comprises a first data packet set before passing through a hardware firewall and a second data packet set after passing through the hardware firewall;
the packet receiving program is used for matching the received data packets in the first data packet set and the second data packet set according to a preset matching algorithm and calculating the delay of each data packet through a hardware firewall;
and the delay characteristic distribution diagram drawing program is used for respectively drawing corresponding delay characteristic distribution diagrams according to the delay of the data packets under different firewall rule conditions, and judging whether the firewall rules change or not according to the corresponding delay characteristic distribution diagrams.
2. The apparatus of claim 1, wherein the packaging program is specifically configured to:
matching the data packets in the first data packet set and the second data packet set according to a preset matching algorithm to obtain corresponding data packets;
and calculating the difference value of the corresponding timestamp according to the data packet obtained by matching, and obtaining the delay of the corresponding data packet through the hardware firewall according to the difference value.
3. The apparatus of claim 1, wherein the delayed feature profile rendering routine is specifically configured to:
the configuration rules of the firewall are changed so that,
and obtaining the delay data of the data packets passing through the hardware firewall under different configuration rules according to the delay data before and after the change.
4. The apparatus of claim 3, wherein the delayed feature profile mapping routine is specifically configured to:
obtaining delay data after a preset data packet calculated according to a packet receiving program passes through a hardware firewall, and drawing a delay characteristic distribution map as a first distribution map before modification;
drawing a delay characteristic distribution diagram serving as a modified second distribution diagram according to delay data obtained by a hardware firewall after a preset data packet calculated according to a packet receiving program is subjected to configuration rule modification;
and judging whether the configuration rule changes or not according to the difference between the first distribution diagram and the second distribution diagram.
5. The apparatus of claim 4, wherein the delayed feature profiling program is further configured to:
fitting a fitting curve corresponding to the first distribution diagram and the second distribution diagram by using a preset tool;
and judging whether the function coefficient of the corresponding fitting curve is within the error range, if so, judging that the configuration rule is not changed, and if not, judging that the configuration rule is changed.
6. The apparatus of claim 3, wherein altering the configuration rule of the firewall comprises:
the number of configuration rules is changed.
7. A detection method based on the device of any one of claims 1 to 6, wherein the method comprises:
sending a data packet with a specified format through a packet sending program;
marking a data packet in a specified format sent by a packet sending program through a signal timestamp generator to generate a data packet marked with a subnanosecond timestamp, wherein the data packet marked with the subnanosecond timestamp comprises a first data packet set passing through a hardware firewall and a second data packet set passing through the hardware firewall;
matching the received data packets in the first data packet set and the second data packet set according to a preset matching algorithm through a packet receiving program, and calculating the delay of each data packet through a hardware firewall;
and respectively drawing corresponding delay characteristic distribution graphs according to the delays of the data packets under different firewall rule conditions through a delay characteristic distribution graph drawing program, and judging whether the firewall rules change or not according to the corresponding delay characteristic distribution graphs.
8. The method of claim 7, wherein the step of matching the received packets in the first set of packets and the second set of packets according to a predetermined matching algorithm by the packet receiving program to calculate the delay of each packet through the hardware firewall comprises:
matching the data packets in the first data packet set and the second data packet set according to a preset matching algorithm to obtain corresponding data packets;
and calculating the difference value of the corresponding timestamp according to the data packet obtained by matching, and obtaining the delay of the corresponding data packet through the hardware firewall according to the difference value.
9. The method of claim 7, wherein the delays of the packets under different firewall rule conditions are obtained by:
the configuration rules of the firewall are changed so that,
and obtaining the delay data of the data packets passing through the hardware firewall under different configuration rules according to the delay data before and after the change.
10. The method of claim 9, wherein the steps of drawing corresponding delay characteristic distribution maps according to delays of data packets under different firewall rules, and determining whether a firewall rule changes according to the corresponding delay characteristic distribution maps comprise:
obtaining delay data after a preset data packet calculated according to a packet receiving program passes through a hardware firewall, and drawing a delay characteristic distribution map as a first distribution map before modification;
drawing a delay characteristic distribution diagram serving as a modified second distribution diagram according to delay data obtained by a hardware firewall after a preset data packet calculated according to a packet receiving program is subjected to configuration rule modification;
and judging whether the configuration rule changes or not according to the difference between the first distribution diagram and the second distribution diagram.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910132820.9A CN109873822B (en) | 2019-02-22 | 2019-02-22 | Device and method for detecting firewall rule change based on Beidou subnanosecond high-precision time service |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910132820.9A CN109873822B (en) | 2019-02-22 | 2019-02-22 | Device and method for detecting firewall rule change based on Beidou subnanosecond high-precision time service |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109873822A CN109873822A (en) | 2019-06-11 |
| CN109873822B true CN109873822B (en) | 2020-06-23 |
Family
ID=66919148
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910132820.9A Active CN109873822B (en) | 2019-02-22 | 2019-02-22 | Device and method for detecting firewall rule change based on Beidou subnanosecond high-precision time service |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109873822B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112637152B (en) * | 2020-12-08 | 2023-03-24 | 国汽(北京)智能网联汽车研究院有限公司 | Vehicle-mounted Ethernet firewall system, communication delay determination method and device |
| CN113709099B (en) * | 2021-07-12 | 2023-11-07 | 新华三大数据技术有限公司 | Mixed cloud firewall rule issuing method, device, equipment and storage medium |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1734690A1 (en) * | 2005-06-17 | 2006-12-20 | Alcatel | Performance monitoring of frame transmission in a data network utilising OAM protocols |
| CN103986943A (en) * | 2014-05-31 | 2014-08-13 | 中国科学院国家授时中心 | Large-ring time delay measurement method of digital satellite television timing system |
| CN104092676A (en) * | 2014-06-30 | 2014-10-08 | 复旦大学 | Parallel firewall rule anomaly detection method for cloud data center environment firewall as service |
| CN106027193A (en) * | 2016-07-07 | 2016-10-12 | 广州市国飞信息科技有限公司 | Clock synchronization method, module, equipment and system for network timing system |
| CN106292267A (en) * | 2016-07-28 | 2017-01-04 | 武汉纳时科技有限公司 | A kind of GNSS high accuracy time service terminal system and time service method |
| CN108540347A (en) * | 2018-04-11 | 2018-09-14 | 武汉大学 | The two end signal time-delayed sequence of cable traced to the source for network signal matches generation method |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080229419A1 (en) * | 2007-03-16 | 2008-09-18 | Microsoft Corporation | Automated identification of firewall malware scanner deficiencies |
| CN106501626B (en) * | 2016-12-12 | 2019-05-10 | 国网山东省电力公司菏泽供电公司 | A kind of wide area kernel phase system based on synchronous phasor measurement |
-
2019
- 2019-02-22 CN CN201910132820.9A patent/CN109873822B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1734690A1 (en) * | 2005-06-17 | 2006-12-20 | Alcatel | Performance monitoring of frame transmission in a data network utilising OAM protocols |
| CN103986943A (en) * | 2014-05-31 | 2014-08-13 | 中国科学院国家授时中心 | Large-ring time delay measurement method of digital satellite television timing system |
| CN104092676A (en) * | 2014-06-30 | 2014-10-08 | 复旦大学 | Parallel firewall rule anomaly detection method for cloud data center environment firewall as service |
| CN106027193A (en) * | 2016-07-07 | 2016-10-12 | 广州市国飞信息科技有限公司 | Clock synchronization method, module, equipment and system for network timing system |
| CN106292267A (en) * | 2016-07-28 | 2017-01-04 | 武汉纳时科技有限公司 | A kind of GNSS high accuracy time service terminal system and time service method |
| CN108540347A (en) * | 2018-04-11 | 2018-09-14 | 武汉大学 | The two end signal time-delayed sequence of cable traced to the source for network signal matches generation method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109873822A (en) | 2019-06-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7716329B2 (en) | Apparatus and method for detecting anomalous traffic | |
| US9989581B2 (en) | Method and device for locating partial discharges in electric cables | |
| CN109873822B (en) | Device and method for detecting firewall rule change based on Beidou subnanosecond high-precision time service | |
| US10386262B2 (en) | Leak identification in a mass transport network | |
| JP2011247887A (en) | Jitter analysis method and test measurement instrument | |
| TWI667486B (en) | Partial discharge discriminating device and partial discharge discriminating method | |
| CN109541401B (en) | Cable detection method and device and electronic equipment | |
| WO2017076189A1 (en) | Otdr event analysis algorithm based on difference window and template matching | |
| US10057155B2 (en) | Method and apparatus for determining automatic scanning action | |
| CN103559330B (en) | Method and system for detecting data consistency | |
| CN106442830B (en) | The detection method and system of gas content in transformer oil warning value | |
| CN109870404B (en) | Rain shed structure damage identification method and device and terminal equipment | |
| CN110417621B (en) | Method for detecting abnormal operation state of lightweight embedded system | |
| CN109918870B (en) | Program code execution delay measuring device and method based on Beidou subnanosecond high-precision time service | |
| CN116430181A (en) | GIS external partial discharge identification method, device, equipment and medium | |
| KR101969908B1 (en) | System for Calibration of Engine Knock and Method Thereof | |
| CN115225455A (en) | Abnormal device detection method and device, electronic device and storage medium | |
| CN107655801A (en) | A kind of dust sensor detecting system | |
| CN110109673B (en) | Compiler detection device and method based on Beidou subnanosecond high-precision time service | |
| US9882927B1 (en) | Periodicity detection | |
| CN109873695B (en) | Method and device for determining insertion point of interference waveform based on insect antenna simulation | |
| CN106202932A (en) | A kind of method evaluating stray electrical current interference curve and interference source curve similarity | |
| CN108235426B (en) | Method, device and system for detecting time delay and local time difference between terminals | |
| CN105203150A (en) | Data abnormal point systematic error detecting method for chemical device instrument | |
| JP2020139897A (en) | Knocking level evaluation method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |