CN110311835B - Electric power IEC protocol conformance verification method based on content template - Google Patents
Electric power IEC protocol conformance verification method based on content template Download PDFInfo
- Publication number
- CN110311835B CN110311835B CN201910612753.0A CN201910612753A CN110311835B CN 110311835 B CN110311835 B CN 110311835B CN 201910612753 A CN201910612753 A CN 201910612753A CN 110311835 B CN110311835 B CN 110311835B
- Authority
- CN
- China
- Prior art keywords
- tcp
- binary string
- content
- protocol
- byte
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/18—Protocol analysers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/03—Protocol definition or specification
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/16—Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
- H04L69/163—In-band adaptation of TCP data exchange; In-band control procedures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Communication Control (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
A method for verifying electric power IEC protocol conformance based on a content template. The invention belongs to the field of network communication, and particularly relates to a method for verifying the compliance of an electric power IEC protocol based on a content template. The method and the device solve the problems that in the prior art, the efficiency of a protocol conformance verification process is low, and the protocol conformance verification process is difficult to quickly and effectively verify the value range of a specific protocol field. The scheme of the invention is as follows: establishing a content template according to IEC protocol specifications, capturing a TCP message of a designated TCP port transmitted in a network, then extracting a TCP message binary string, carrying out bitwise AND operation on the TCP message binary string and a corresponding content template binary string to obtain a result binary string, finally comparing the result binary string with the TCP message binary string, and outputting a judgment result. Whether the TCP message load content meets the IEC protocol standard or not can be quickly verified through the definition and simple AND operation of the content template, and therefore the performance of protocol conformance verification is improved.
Description
Technical Field
The invention belongs to the field of network communication, and particularly relates to a method for verifying the compliance of an electric power IEC protocol based on a content template.
Background
The IEC series protocols are standard communication protocol specifications commonly used for power systems, are widely applied to devices and networks in power scenes such as power transmission networks and new energy power plants in recent years, are used for performing remote operations such as information acquisition and control on power related devices, and various device manufacturers should implement protocol stacks of respective devices according to the IEC standard specifications. However, the protocol implementation process may deviate from the specification requirement due to inconsistent understanding of the protocol by different implementers. The network attacker may also modify the contents of the protocol field by using the forged network TCP message, so as to achieve the illegal purposes of network attack, disguised communication and the like. Therefore, the protocol conformance verification of the TCP message transmitted in the power network is an important work for the network security and the network specification.
At present, the following methods are common methods for detecting network protocol conformance: protocol consistency check facing to protocol running state, the method faces to response sequence of protocol request and response to test whether a host computer performs response operation according to protocol specification; the method judges whether the protocol implementation conforms to the field content specified by the protocol standard through a mode recognition method, and the principle is to search a specific mode string from a protocol transmission load so as to verify whether the protocol content transmitted in the TCP message meets the specification requirement.
For the prior art, the protocol conformance verification can not be carried out aiming at the value of a specific binary bit in the TCP message content, the protocol conformance inspection facing the protocol running state is focused on the standard conformance inspection of the protocol running state, and the inspection aiming at the protocol content field is insufficient; the method specifies a plurality of mode strings for each protocol, and searches and matches the plurality of mode strings from each TCP message content, has the defects of needing to search the TCP message content in sequence or jump, and has lower efficiency and lacking a verification means for a single binary bit value in a protocol specification under the condition of coexistence of a plurality of mode strings.
Disclosure of Invention
The problem of the defect that the protocol conformance verification process is difficult to carry out quick and effective verification aiming at the value range of a specific protocol field in the prior art is solved, and the method is aimed at: by the definition and simple and operation of the content template, whether the TCP message load content meets the IEC protocol standard or not can be quickly verified, and therefore the performance of protocol conformance verification is improved.
The technical scheme adopted by the invention is as follows:
a method for verifying the compliance of an electric power IEC protocol based on a content template is characterized by comprising the following steps:
step 1: the method comprises the following steps of formulating a content template according to the IEC protocol specification, wherein the content template comprises at least one content template binary string, and the value of each byte of each template binary string is filled in according to the value range of the byte at the corresponding position in the IEC protocol specification, and the filling method comprises the following steps: selecting bytes at the corresponding positions of the IEC protocol TCP message in the IEC specification according to the positions of the bytes in the template binary string, taking out all allowed values of the IEC specification for the bytes, carrying out bitwise or (|) operation on all the allowed values, filling the operation result into the corresponding bytes of the content template binary string, and recording the byte length of the content template binary string and the byte offset of the binary string in the IEC protocol TCP message;
step 2: capturing TCP messages of a designated TCP port transmitted in a network, only selecting all TCP messages received and transmitted by a TCP port number 2404 for subsequent analysis, and discarding other TCP messages;
and step 3: extracting TCP load content in a TCP message, sequentially extracting each content template binary string in a content template, reading the byte length and the byte offset of the content template binary string, and extracting the TCP message binary string from the TCP load content according to the byte offset and the byte length;
and 4, step 4: carrying out bitwise AND operation on the binary string of the TCP message and the binary string of the corresponding content template to obtain a result binary string;
and 5: and comparing the result binary string with the TCP message binary string, and outputting a judgment result.
Wherein the step 1 comprises:
step 1.1: initializing a binary string consistent with a standard TCP message format in an IEC protocol specification, wherein, taking bytes as units, all values allowed by the protocol specification are subjected to bitwise OR operation to protocol fields with a value range specified in the protocol specification to obtain a template value of the bytes; for a protocol field whose value range is not specified by the protocol specification, setting all binary bits of all bytes of the field to be 0x 01; recording the binary string as a template binary string TEMPSTR, recording the byte length of the binary string as LEN, and recording the byte OFFSET of the starting position of the binary string as OFFSET;
step 1.2: recording the TEMPSTR, LEN and OFFSET obtained in the step 1.1 as a triple { TEMPSTR, LEN and OFFSET };
step 1.3: if multiple TCP message formats are defined in the IEC specification, according to the methods of steps 1.1 and 1.2, a triple { TEMPSTR, LEN, OFFSET } can be respectively formulated according to each TCP message format, and a plurality of triples jointly form a content template.
Extracting TCP load content of the TCP message in the step 3, marking as PAYLOAD, verifying content conformity of each obtained PAYLOAD of the TCP message, extracting TEMPSTR, LEN and OFFSET from each triple in a content template, extracting one or more TCP message binary strings with the length of LEN from the PAYLOAD according to the values of OFFSET and LEN, wherein the number of the TCP message binary strings is the same as that of the triples in the content template, and if the length of the PAYLOAD is not enough to extract the TCP message binary strings, the data content of the TCP message binary strings is supplemented by 0; and the plurality of TCP message binary strings are marked as { PACKSTR1, PACKSTR2, … … and PACKSTRn }.
And 4, performing bitwise AND operation on TEMPSTR in the triples in the step 4 and a plurality of TCP message binary strings { PACKSTR1, PACKSTR2, … … and PACKSTRn } in sequence to obtain a plurality of result binary strings, wherein the result binary strings are marked as { RESULTSTR1, RESULTST2, … … and RESULTSTRn }.
In step 5, the result binary strings { PACKSTR1, PACKSTR2, … …, PACKSTRn } are respectively compared with the result binary strings { RESULTSTR1, RESULTST2, … …, RESULTSTRn } one by one, and if any PACKSTRi is completely consistent with the content of the corresponding RESULTSTRi, it is determined that the captured TCP message conforms to the protocol specification, and if all PACKSTRi are not consistent with the content of the corresponding RESULTSTRi, it is determined that the TCP message does not conform to the protocol specification, and a determination result is output.
In step 2, all TCP messages received and sent by the TCP port number 2404 specified by the IEC protocol specification are captured.
In summary, due to the adoption of the technical scheme, the invention has the beneficial effects that:
1. the efficiency of IEC protocol conformance verification can be remarkably improved.
2. Protocol testing does not need to be initiated on a host machine and equipment of the power system.
2. A plurality of mode character strings are not required to be established, and the mode strings are not required to be searched in the TCP message.
3. The validity of the content can be determined for the binary digits.
Drawings
The invention will now be described, by way of example, with reference to the accompanying drawings, in which:
FIG. 1 is a flow chart of the overall technique of the present invention.
Fig. 2 is a schematic diagram of protocol content conformance determination based on bitwise and operation.
Detailed Description
All of the features disclosed in this specification, or all of the steps in any method or process so disclosed, may be combined in any combination, except combinations of features and/or steps that are mutually exclusive.
The present invention will be described in detail with reference to fig. 1 and 2.
For convenience, the present invention defines the following terms:
TCP messages: a TCP packet refers to a data packet transmitted in a network, and one TCP packet includes an MAC header, an IP header, a TCP header, and a TCP payload.
TCP ports: the data content of a fixed position in the TCP header identifies the port number to which the TCP packet belongs.
TCP loading: the byte content of the network TCP message after the TCP header is referred to, and the byte content is the load of the TCP protocol.
Binary string: the TCP load extracted from the TCP message is stored in a binary mode.
Content template: a data structure comprising one or more TEMPLATE binary strings, and the byte length LEN, the start position byte OFFSET, denoted TEMPLATE, of each TEMPLATE binary string.
Content template binary string: a series of continuous binary data, in bytes, the data content of each byte conforms to the standard IEC protocol specification and contains all allowed values of the protocol specification, which is denoted as TEMPSTR.
Byte length of content template binary string: the length of a template binary string in bytes, i.e. the total number of bytes of the template binary string, is denoted LEN.
Start position byte offset: the OFFSET of the starting position of a template binary string in a TCP message is marked as OFFSET by taking bytes as units.
TCP message binary string: the original content of TCP message with specified length, which is extracted from communication TCP message and begins from specified offset position, is extracted in binary string mode and is marked as PACKSTR.
The result binary string: the result of bitwise AND operation of the TCP message binary string and the template binary string byte by byte is recorded as RESULTSTR.
Taking the first 7 bytes of the transmission content of the I-format TCP message in the IEC-60870-5-104 protocol specification as an example, the specification requires: in the TCP packet data load in IEC-60870-5-104 protocol specification I format carried by TCP protocol, the 1 st byte is a start character and must be 0x68, the first byte of the first ASDU (the 7 th byte in TCP data load) is a type field, it is required that the highest bit of the byte cannot be 1, and the 2 nd to 6 th bytes are sequence number fields and may be any value.
A power IEC protocol conformance verification method based on a content template comprises the following steps:
step 1: the method comprises the following steps of formulating a content template according to the IEC protocol specification, wherein the content template comprises at least one content template binary string, and the value of each byte of each template binary string is filled in according to the value range of the byte at the corresponding position in the IEC protocol specification, and the filling method comprises the following steps: selecting bytes at the corresponding positions of the IEC protocol TCP message in the IEC specification according to the positions of the bytes in the template binary string, taking out all allowed values of the IEC specification for the bytes, carrying out bitwise or (|) operation on all the allowed values, filling the operation results into the bytes corresponding to the content template binary string, and recording the byte length of the content template binary string and the byte offset of the binary string in the IEC protocol TCP message, wherein the range of the allowed values of the IEC specification for each byte is the category defined by the IEC specification;
step 2: capturing TCP messages of a designated TCP port transmitted in a network, only selecting all TCP messages received and transmitted by a TCP port number 2404 for subsequent analysis, and discarding other TCP messages;
and step 3: extracting TCP load content in a TCP message, sequentially extracting each content template binary string in a content template, reading the byte length and the byte offset of the content template binary string, and extracting the TCP message binary string from the TCP load content according to the byte offset and the byte length;
and 4, step 4: carrying out bitwise AND operation on the binary string of the TCP message and the binary string of the corresponding content template to obtain a result binary string;
and 5: and comparing the result binary string with the TCP message binary string, and outputting a judgment result.
Preferably, the step 1 comprises:
step 1.1: initializing a binary string consistent with a standard TCP message format in an IEC protocol specification, wherein, taking bytes as units, all values allowed by the protocol specification are subjected to bitwise OR operation to protocol fields with a value range specified in the protocol specification to obtain a template value of the bytes; for a protocol field whose value range is not specified by the protocol specification, setting all binary bits of all bytes of the field to be 0x 01; recording the binary string as a template binary string TEMPSTR, recording the byte length of the binary string as LEN, and recording the byte OFFSET of the starting position of the binary string as OFFSET;
step 1.2: recording the TEMPSTR, LEN and OFFSET obtained in the step 1.1 as a triple { TEMPSTR, LEN and OFFSET };
step 1.3: if multiple TCP message formats are defined in the IEC specification, according to the methods of steps 1.1 and 1.2, a triple { TEMPSTR, LEN, OFFSET } can be respectively formulated according to each TCP message format, and a plurality of triples jointly form a content template.
Initializing a binary string consistent with a standard TCP message format in an IEC specification, wherein the binary string is a binary string of 7 bytes, performing bitwise OR operation on all values allowed by a protocol specification by taking bytes as units for a protocol field with a value range specified in the protocol specification to obtain a template value of the byte, and the 1 st byte is 0x68, and the 7 th byte is binary 11101111, namely 0x 7F; for the protocol field whose value range is not specified by the protocol specification, all binary bits of all bytes of the field are set to be 0x01, and 2-6 bytes are taken as 0XFFFFFFFFF in this example; taking the binary string as a TEMPLATE binary string TEMPSTR, taking the byte length as LEN, taking the byte OFFSET of the start position as OFFSET, taking the TEMPSTR content as 0x68FFFFFFFFFF7F, taking the LEN value as 7, taking the OFFSET as 0 (starting from the 1 st byte, OFFSET is 0), taking the TEMPSTR, LEN, and OFFSET as a triplet { TEMPSTR, LEN, OFFSET }, and taking the triplet content as {0x68FFFFFFFFFF7F, 7, 0} in this embodiment, if multiple TCP packet formats are defined in the IEC specification, according to the method of this embodiment, a triplet { TEMPSTR, LEN, OFFSET } can be respectively formulated according to each TCP packet format, and multiple triplets jointly form a content TEMPLATE tempate, that is: termplate ═ triplet 1, triplet 2, … …, triplet n, where n is the number of triplets in termplate, and termplate in this embodiment contains only one triplet.
Preferably, the TCP load content of the TCP packet extracted in step 3 is recorded as PAYLOAD, and each time a PAYLOAD of a TCP packet is obtained, the content conformance is verified, each triplet in the content template is extracted, TEMPSTR, LEN, OFFSET of the triplet is extracted, according to values of OFFSET and LEN, a TCP packet binary string starting from the second OFFSET byte and having a length of LEN is extracted from the PAYLOAD, the number of TCP packet binary strings extracted from one PAYLOAD is one or more, the number of TCP packet binary strings is the same as the number of triplets in the content template, and if the length of PAYLOAD is not enough to extract a TCP packet binary string, the data content of the TCP packet binary string is filled with 0; and the plurality of TCP message binary strings are marked as { PACKSTR1, PACKSTR2, … … and PACKSTRn }.
The method comprises the steps of sequentially reading each triple in TEMPLES obtained in the embodiment, taking out TEMPSTR, LEN and OFFSET of each triple, and extracting a TCP message binary string which starts from the second OFFSET byte and has the length of LEN from the PAYLOAD according to the values of the OFFSET and the LEN, wherein at least one TCP message binary string can be obtained in the step, the number of the TCP message binary strings is equivalent to the number n of the triples in the embodiment, and if the length of the PAYLOAD is not enough to extract a certain TCP message binary string, the data content of the TCP message binary string is supplemented by 0; and extracting a plurality of TCP message binary strings which are output and marked as { PACKSTR1, PACKSTR2, … … and PACKSTRn }, wherein only one PACKSTR is obtained in the example, and the value of the PACKSTR is 0x 682878727A 0D 09.
Preferably, the TEMPSTR in the triplets in step 4 is respectively and-bitwise operated with a plurality of TCP packet binary strings { PACKSTR1, PACKSTR2, … …, PACKSTRn } in sequence to obtain a plurality of result binary strings, and the result binary strings are marked as { RESULTSTR1, RESULTST2, … …, RESULTSTRn }.
The TEMPSTR in the { triplet 1, triplet 2, … …, triplet n } obtained in this embodiment is respectively and bitwise anded with the { PACKSTR1, PACKSTR2, … …, PACKSTRn } obtained in this embodiment, to obtain a plurality of result binary strings, which are denoted as { RESULTSTR1, RESULTST2, … …, RESULTSTRn }, a RESULTSTR is obtained in this embodiment, and the value of the RESULTSTR is 0x 682878727A 0D 09, and the bitwise and process is shown in fig. 2.
Preferably, in the step 5, the result binary strings { PACKSTR1, PACKSTR2, … …, PACKSTRn } are respectively compared with the result binary strings { RESULTSTR1, RESULTST2, … …, RESULTSTRn } one by one, and if any PACKSTRi is completely consistent with the content of the corresponding RESULTSTRi, it is determined that the captured TCP message conforms to the protocol specification, and if all PACKSTRi are not consistent with the content of the corresponding RESULTSTRi, it is determined that the TCP message does not conform to the protocol specification, and a determination result is output.
In this embodiment, only one result binary string RESULTSTR is obtained, the value of which is 0x 682878727A 0D 09, in this example, only one PACKSTR is obtained, the value of which is 0x 682878727A 0D 09, and the contents of the two are completely consistent, it is determined that the TCP packet conforms to the IEC protocol specification.
Preferably, all TCP messages received and sent by the TCP port number 2404 specified by the IEC protocol specification are captured in step 2.
The method captures the TCPTCP message of the specified port in the network, captures all TCP data TCP messages which are received and transmitted by a TCP port number 2404 specified by IEC protocol specification, extracts the TCP protocol load content of the TCP messages and records the TCP protocol load content as PAYLOAD, and in the embodiment, the first 7 bytes of the PAYLOAD are assumed to be 0x 682878727A 0D 09.
And finally, circularly capturing the network TCP message and carrying out conformance check.
The above-mentioned embodiments only express the specific embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the present application. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present invention, which falls within the protection scope of the present application.
Claims (7)
1. A method for verifying the compliance of an electric power IEC protocol based on a content template is characterized by comprising the following steps:
step 1: establishing a content template according to the IEC protocol specification, wherein the content template comprises at least one content template binary string, and the value of each byte of each template binary string is filled in according to the value range of the byte at the corresponding position in the IEC protocol specification;
step 2: capturing TCP messages of a designated TCP port transmitted in a network, only selecting all TCP messages received and transmitted by a TCP port number 2404 for subsequent analysis, and discarding other TCP messages;
and step 3: extracting TCP load content in a TCP message, sequentially extracting each content template binary string in a content template, reading the byte length and the byte offset of the content template binary string, and extracting the TCP message binary string from the TCP load content according to the byte offset and the byte length;
and 4, step 4: carrying out bitwise AND operation on the binary string of the TCP message and the binary string of the corresponding content template to obtain a result binary string;
and 5: and comparing the result binary string with the TCP message binary string, judging and outputting a judgment result.
2. The method for verifying compliance of power IEC protocol based on content template as claimed in claim 1, wherein the step 1 comprises:
step 1.1: initializing a binary string consistent with a standard TCP message format in an IEC protocol specification, wherein, taking bytes as units, all values allowed by the protocol specification are subjected to bitwise OR operation to protocol fields with a value range specified in the protocol specification to obtain a template value of the bytes; for a protocol field whose value range is not specified by the protocol specification, setting all binary bits of all bytes of the field to be 0x 01; recording the binary string as a template binary string TEMPSTR, recording the byte length of the binary string as LEN, and recording the byte OFFSET of the starting position of the binary string as OFFSET;
step 1.2: recording the TEMPSTR, LEN and OFFSET obtained in the step 1.1 as a triple { TEMPSTR, LEN and OFFSET };
step 1.3: if multiple TCP message formats are defined in the IEC specification, a triple { TEMPSTR, LEN, OFFSET } is respectively established according to each TCP message format according to the methods of the steps 1.1 and 1.2, and a plurality of triples jointly form a content template.
3. The method according to claim 2, wherein the TCP load content of the TCP packet is extracted in step 3 and is marked as PAYLOAD, and each time a PAYLOAD of a TCP packet is obtained, the content compliance is verified, each triplet of the TCP packet is extracted from the content template, TEMPSTR, LEN, OFFSET of the triplet is extracted, a TCP packet binary string with a length of LEN from the second OFFSET byte is extracted from the PAYLOAD according to values of OFFSET and LEN, the number of the TCP packet binary strings extracted from one PAYLOAD is one or more, the number of the TCP packet binary strings is the same as the number of the triplets in the content template, and if the length of the PAYLOAD is not enough to extract the TCP packet binary string, the data content of the TCP packet binary string is filled with 0; and the plurality of TCP message binary strings are marked as { PACKSTR1, PACKSTR2, … … and PACKSTRn }.
4. The method as claimed in claim 3, wherein the TEMPSTR in the triplets in step 4 is bit-wise ANDed with TCP packet binary strings { PACKSTR1, PACKSTR2, … …, PACKSTRn } in sequence to obtain a plurality of result binary strings, and the result binary strings are denoted as { RESULTSTR1, RESULTST2, … …, RESULTSTRn }.
5. The method as claimed in claim 4, wherein the specific process of step 5 is comparing the result binary strings { PACKSTR1, PACKSTR2, … …, PACKSTRn } with the result binary strings { RESULTSTR1, RESULTST2, … …, RESULTSTRn } one by one, and if any PACKSTRi is completely consistent with the content of the corresponding RESULTSTRi, determining that the captured TCP message is in compliance with the protocol specification, and if all PACKSTRi are not consistent with the content of the corresponding RESULTSTRi, determining that the TCP message is not in compliance with the protocol specification, and outputting the determination result.
6. The method according to claim 1, wherein all TCP messages sent and received by a TCP port number 2404 specified by IEC protocol specification are captured in step 2.
7. The method for verifying the conformance of the electric power IEC protocol based on the content template as claimed in claim 1, wherein the method for filling the value of each byte of the template binary string in step 1 into the value range of the corresponding position byte is to select the byte at the position of the byte in the template binary string in the IEC specification at the position corresponding to the IEC protocol TCP message, take out all the allowable values of the IEC specification for the byte, perform bitwise or (|) operation on all the allowable values, fill the operation result into the corresponding byte of the content template binary string, and record the byte length of the content template binary string and the byte offset of the content template binary string in the IEC protocol TCP message.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910612753.0A CN110311835B (en) | 2019-07-09 | 2019-07-09 | Electric power IEC protocol conformance verification method based on content template |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910612753.0A CN110311835B (en) | 2019-07-09 | 2019-07-09 | Electric power IEC protocol conformance verification method based on content template |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110311835A CN110311835A (en) | 2019-10-08 |
CN110311835B true CN110311835B (en) | 2021-05-14 |
Family
ID=68077927
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910612753.0A Active CN110311835B (en) | 2019-07-09 | 2019-07-09 | Electric power IEC protocol conformance verification method based on content template |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110311835B (en) |
Family Cites Families (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102209019B (en) * | 2010-03-30 | 2015-09-16 | 杭州华三通信技术有限公司 | A kind of load-balancing method based on message payload and load-balancing device |
CN103248609A (en) * | 2012-02-06 | 2013-08-14 | 同方股份有限公司 | System, device and method for detecting data from end to end |
CN102868571B (en) * | 2012-08-07 | 2015-04-08 | 华为技术有限公司 | Method and device for rule matching |
US9300632B2 (en) * | 2013-12-31 | 2016-03-29 | Fortinet, Inc. | Examining and controlling IPv6 extension headers |
CN105515995B (en) * | 2015-12-01 | 2018-09-21 | 华为技术有限公司 | Message processing method and device |
CN106878098A (en) * | 2015-12-10 | 2017-06-20 | 深圳市中兴微电子技术有限公司 | The identifying processing method and device of data message |
CN106649217A (en) * | 2016-10-28 | 2017-05-10 | 东软集团股份有限公司 | Data matching method and device |
CN106657104B (en) * | 2016-12-30 | 2019-09-06 | 杭州迪普科技股份有限公司 | A kind of matching process and device of prevention policies |
CN107426049A (en) * | 2017-05-16 | 2017-12-01 | 国家计算机网络与信息安全管理中心 | A kind of network traffics accurate detecting method, equipment and storage medium |
-
2019
- 2019-07-09 CN CN201910612753.0A patent/CN110311835B/en active Active
Also Published As
Publication number | Publication date |
---|---|
CN110311835A (en) | 2019-10-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111211980B (en) | Transmission link management method, transmission link management device, electronic equipment and storage medium | |
CN111709009A (en) | Detection method and device for networked industrial control system, computer equipment and medium | |
CN110602078B (en) | Application encryption traffic generation method and system based on generation countermeasure network | |
CN112702235B (en) | Method for automatically and reversely analyzing unknown protocol | |
CN111866024A (en) | Network encryption traffic identification method and device | |
CN109450733A (en) | A kind of network-termination device recognition methods and system based on machine learning | |
CN110311835B (en) | Electric power IEC protocol conformance verification method based on content template | |
CN115190056B (en) | Method, device and equipment for identifying and analyzing programmable flow protocol | |
CN102111401B (en) | Protocol recognition method and device as well as equipment | |
US9577669B2 (en) | Methods, systems, and computer readable media for optimized message decoding | |
CN104683241A (en) | Message detection method and device | |
CN113347145B (en) | 5G wireless communication application secret evaluation system and method | |
CN109347671B (en) | System and method for realizing in-band OAM Metadata editing in chip | |
RU2622788C1 (en) | Method for protecting information-computer networks against cyber attacks | |
CN105530098B (en) | A kind of agreement fingerprint extraction method and system | |
CN111814161A (en) | Data transmission method and system | |
CN106850451A (en) | A kind of data transmission method, apparatus and system | |
CN113014578A (en) | Fragment message detection method based on convolutional neural network and storage medium | |
US11979479B1 (en) | Packet sorting and reassembly circuit module | |
KR101519619B1 (en) | Advanced packet searching apparatus and method for classifying packet based on signature searching | |
US20240137431A1 (en) | Packet sorting and reassembly circuit module | |
CN104661043A (en) | Method, device and system for transmitting transport stream | |
CN114301960B (en) | Processing method and device for cluster asymmetric traffic, electronic equipment and storage medium | |
CN115001810B (en) | Equipment feature extraction system and extraction method based on network protocol interaction behavior | |
CN115766204B (en) | Dynamic IP equipment identification system and method for encrypted traffic |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |