CN110311835B - Electric power IEC protocol conformance verification method based on content template - Google Patents

Electric power IEC protocol conformance verification method based on content template Download PDF

Info

Publication number
CN110311835B
CN110311835B CN201910612753.0A CN201910612753A CN110311835B CN 110311835 B CN110311835 B CN 110311835B CN 201910612753 A CN201910612753 A CN 201910612753A CN 110311835 B CN110311835 B CN 110311835B
Authority
CN
China
Prior art keywords
tcp
binary string
content
protocol
byte
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910612753.0A
Other languages
Chinese (zh)
Other versions
CN110311835A (en
Inventor
赵博
段军红
李玉杰
马志程
闫晓斌
付嘉渝
张宪康
李方军
杨波
张驯
袁晖
赵金雄
李龙
张自强
盖晓平
张建辉
刘志远
李春亮
卫祥
党倩
王刚
尚闻博
孙碧颖
沈琛云
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Gansu Electric Power Co Ltd
Electric Power Research Institute of State Grid Gansu Electric Power Co Ltd
Original Assignee
State Grid Gansu Electric Power Co Ltd
Electric Power Research Institute of State Grid Gansu Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Gansu Electric Power Co Ltd, Electric Power Research Institute of State Grid Gansu Electric Power Co Ltd filed Critical State Grid Gansu Electric Power Co Ltd
Priority to CN201910612753.0A priority Critical patent/CN110311835B/en
Publication of CN110311835A publication Critical patent/CN110311835A/en
Application granted granted Critical
Publication of CN110311835B publication Critical patent/CN110311835B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/18Protocol analysers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/03Protocol definition or specification 
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • H04L69/163In-band adaptation of TCP data exchange; In-band control procedures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Communication Control (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

A method for verifying electric power IEC protocol conformance based on a content template. The invention belongs to the field of network communication, and particularly relates to a method for verifying the compliance of an electric power IEC protocol based on a content template. The method and the device solve the problems that in the prior art, the efficiency of a protocol conformance verification process is low, and the protocol conformance verification process is difficult to quickly and effectively verify the value range of a specific protocol field. The scheme of the invention is as follows: establishing a content template according to IEC protocol specifications, capturing a TCP message of a designated TCP port transmitted in a network, then extracting a TCP message binary string, carrying out bitwise AND operation on the TCP message binary string and a corresponding content template binary string to obtain a result binary string, finally comparing the result binary string with the TCP message binary string, and outputting a judgment result. Whether the TCP message load content meets the IEC protocol standard or not can be quickly verified through the definition and simple AND operation of the content template, and therefore the performance of protocol conformance verification is improved.

Description

Electric power IEC protocol conformance verification method based on content template
Technical Field
The invention belongs to the field of network communication, and particularly relates to a method for verifying the compliance of an electric power IEC protocol based on a content template.
Background
The IEC series protocols are standard communication protocol specifications commonly used for power systems, are widely applied to devices and networks in power scenes such as power transmission networks and new energy power plants in recent years, are used for performing remote operations such as information acquisition and control on power related devices, and various device manufacturers should implement protocol stacks of respective devices according to the IEC standard specifications. However, the protocol implementation process may deviate from the specification requirement due to inconsistent understanding of the protocol by different implementers. The network attacker may also modify the contents of the protocol field by using the forged network TCP message, so as to achieve the illegal purposes of network attack, disguised communication and the like. Therefore, the protocol conformance verification of the TCP message transmitted in the power network is an important work for the network security and the network specification.
At present, the following methods are common methods for detecting network protocol conformance: protocol consistency check facing to protocol running state, the method faces to response sequence of protocol request and response to test whether a host computer performs response operation according to protocol specification; the method judges whether the protocol implementation conforms to the field content specified by the protocol standard through a mode recognition method, and the principle is to search a specific mode string from a protocol transmission load so as to verify whether the protocol content transmitted in the TCP message meets the specification requirement.
For the prior art, the protocol conformance verification can not be carried out aiming at the value of a specific binary bit in the TCP message content, the protocol conformance inspection facing the protocol running state is focused on the standard conformance inspection of the protocol running state, and the inspection aiming at the protocol content field is insufficient; the method specifies a plurality of mode strings for each protocol, and searches and matches the plurality of mode strings from each TCP message content, has the defects of needing to search the TCP message content in sequence or jump, and has lower efficiency and lacking a verification means for a single binary bit value in a protocol specification under the condition of coexistence of a plurality of mode strings.
Disclosure of Invention
The problem of the defect that the protocol conformance verification process is difficult to carry out quick and effective verification aiming at the value range of a specific protocol field in the prior art is solved, and the method is aimed at: by the definition and simple and operation of the content template, whether the TCP message load content meets the IEC protocol standard or not can be quickly verified, and therefore the performance of protocol conformance verification is improved.
The technical scheme adopted by the invention is as follows:
a method for verifying the compliance of an electric power IEC protocol based on a content template is characterized by comprising the following steps:
step 1: the method comprises the following steps of formulating a content template according to the IEC protocol specification, wherein the content template comprises at least one content template binary string, and the value of each byte of each template binary string is filled in according to the value range of the byte at the corresponding position in the IEC protocol specification, and the filling method comprises the following steps: selecting bytes at the corresponding positions of the IEC protocol TCP message in the IEC specification according to the positions of the bytes in the template binary string, taking out all allowed values of the IEC specification for the bytes, carrying out bitwise or (|) operation on all the allowed values, filling the operation result into the corresponding bytes of the content template binary string, and recording the byte length of the content template binary string and the byte offset of the binary string in the IEC protocol TCP message;
step 2: capturing TCP messages of a designated TCP port transmitted in a network, only selecting all TCP messages received and transmitted by a TCP port number 2404 for subsequent analysis, and discarding other TCP messages;
and step 3: extracting TCP load content in a TCP message, sequentially extracting each content template binary string in a content template, reading the byte length and the byte offset of the content template binary string, and extracting the TCP message binary string from the TCP load content according to the byte offset and the byte length;
and 4, step 4: carrying out bitwise AND operation on the binary string of the TCP message and the binary string of the corresponding content template to obtain a result binary string;
and 5: and comparing the result binary string with the TCP message binary string, and outputting a judgment result.
Wherein the step 1 comprises:
step 1.1: initializing a binary string consistent with a standard TCP message format in an IEC protocol specification, wherein, taking bytes as units, all values allowed by the protocol specification are subjected to bitwise OR operation to protocol fields with a value range specified in the protocol specification to obtain a template value of the bytes; for a protocol field whose value range is not specified by the protocol specification, setting all binary bits of all bytes of the field to be 0x 01; recording the binary string as a template binary string TEMPSTR, recording the byte length of the binary string as LEN, and recording the byte OFFSET of the starting position of the binary string as OFFSET;
step 1.2: recording the TEMPSTR, LEN and OFFSET obtained in the step 1.1 as a triple { TEMPSTR, LEN and OFFSET };
step 1.3: if multiple TCP message formats are defined in the IEC specification, according to the methods of steps 1.1 and 1.2, a triple { TEMPSTR, LEN, OFFSET } can be respectively formulated according to each TCP message format, and a plurality of triples jointly form a content template.
Extracting TCP load content of the TCP message in the step 3, marking as PAYLOAD, verifying content conformity of each obtained PAYLOAD of the TCP message, extracting TEMPSTR, LEN and OFFSET from each triple in a content template, extracting one or more TCP message binary strings with the length of LEN from the PAYLOAD according to the values of OFFSET and LEN, wherein the number of the TCP message binary strings is the same as that of the triples in the content template, and if the length of the PAYLOAD is not enough to extract the TCP message binary strings, the data content of the TCP message binary strings is supplemented by 0; and the plurality of TCP message binary strings are marked as { PACKSTR1, PACKSTR2, … … and PACKSTRn }.
And 4, performing bitwise AND operation on TEMPSTR in the triples in the step 4 and a plurality of TCP message binary strings { PACKSTR1, PACKSTR2, … … and PACKSTRn } in sequence to obtain a plurality of result binary strings, wherein the result binary strings are marked as { RESULTSTR1, RESULTST2, … … and RESULTSTRn }.
In step 5, the result binary strings { PACKSTR1, PACKSTR2, … …, PACKSTRn } are respectively compared with the result binary strings { RESULTSTR1, RESULTST2, … …, RESULTSTRn } one by one, and if any PACKSTRi is completely consistent with the content of the corresponding RESULTSTRi, it is determined that the captured TCP message conforms to the protocol specification, and if all PACKSTRi are not consistent with the content of the corresponding RESULTSTRi, it is determined that the TCP message does not conform to the protocol specification, and a determination result is output.
In step 2, all TCP messages received and sent by the TCP port number 2404 specified by the IEC protocol specification are captured.
In summary, due to the adoption of the technical scheme, the invention has the beneficial effects that:
1. the efficiency of IEC protocol conformance verification can be remarkably improved.
2. Protocol testing does not need to be initiated on a host machine and equipment of the power system.
2. A plurality of mode character strings are not required to be established, and the mode strings are not required to be searched in the TCP message.
3. The validity of the content can be determined for the binary digits.
Drawings
The invention will now be described, by way of example, with reference to the accompanying drawings, in which:
FIG. 1 is a flow chart of the overall technique of the present invention.
Fig. 2 is a schematic diagram of protocol content conformance determination based on bitwise and operation.
Detailed Description
All of the features disclosed in this specification, or all of the steps in any method or process so disclosed, may be combined in any combination, except combinations of features and/or steps that are mutually exclusive.
The present invention will be described in detail with reference to fig. 1 and 2.
For convenience, the present invention defines the following terms:
TCP messages: a TCP packet refers to a data packet transmitted in a network, and one TCP packet includes an MAC header, an IP header, a TCP header, and a TCP payload.
TCP ports: the data content of a fixed position in the TCP header identifies the port number to which the TCP packet belongs.
TCP loading: the byte content of the network TCP message after the TCP header is referred to, and the byte content is the load of the TCP protocol.
Binary string: the TCP load extracted from the TCP message is stored in a binary mode.
Content template: a data structure comprising one or more TEMPLATE binary strings, and the byte length LEN, the start position byte OFFSET, denoted TEMPLATE, of each TEMPLATE binary string.
Content template binary string: a series of continuous binary data, in bytes, the data content of each byte conforms to the standard IEC protocol specification and contains all allowed values of the protocol specification, which is denoted as TEMPSTR.
Byte length of content template binary string: the length of a template binary string in bytes, i.e. the total number of bytes of the template binary string, is denoted LEN.
Start position byte offset: the OFFSET of the starting position of a template binary string in a TCP message is marked as OFFSET by taking bytes as units.
TCP message binary string: the original content of TCP message with specified length, which is extracted from communication TCP message and begins from specified offset position, is extracted in binary string mode and is marked as PACKSTR.
The result binary string: the result of bitwise AND operation of the TCP message binary string and the template binary string byte by byte is recorded as RESULTSTR.
Taking the first 7 bytes of the transmission content of the I-format TCP message in the IEC-60870-5-104 protocol specification as an example, the specification requires: in the TCP packet data load in IEC-60870-5-104 protocol specification I format carried by TCP protocol, the 1 st byte is a start character and must be 0x68, the first byte of the first ASDU (the 7 th byte in TCP data load) is a type field, it is required that the highest bit of the byte cannot be 1, and the 2 nd to 6 th bytes are sequence number fields and may be any value.
A power IEC protocol conformance verification method based on a content template comprises the following steps:
step 1: the method comprises the following steps of formulating a content template according to the IEC protocol specification, wherein the content template comprises at least one content template binary string, and the value of each byte of each template binary string is filled in according to the value range of the byte at the corresponding position in the IEC protocol specification, and the filling method comprises the following steps: selecting bytes at the corresponding positions of the IEC protocol TCP message in the IEC specification according to the positions of the bytes in the template binary string, taking out all allowed values of the IEC specification for the bytes, carrying out bitwise or (|) operation on all the allowed values, filling the operation results into the bytes corresponding to the content template binary string, and recording the byte length of the content template binary string and the byte offset of the binary string in the IEC protocol TCP message, wherein the range of the allowed values of the IEC specification for each byte is the category defined by the IEC specification;
step 2: capturing TCP messages of a designated TCP port transmitted in a network, only selecting all TCP messages received and transmitted by a TCP port number 2404 for subsequent analysis, and discarding other TCP messages;
and step 3: extracting TCP load content in a TCP message, sequentially extracting each content template binary string in a content template, reading the byte length and the byte offset of the content template binary string, and extracting the TCP message binary string from the TCP load content according to the byte offset and the byte length;
and 4, step 4: carrying out bitwise AND operation on the binary string of the TCP message and the binary string of the corresponding content template to obtain a result binary string;
and 5: and comparing the result binary string with the TCP message binary string, and outputting a judgment result.
Preferably, the step 1 comprises:
step 1.1: initializing a binary string consistent with a standard TCP message format in an IEC protocol specification, wherein, taking bytes as units, all values allowed by the protocol specification are subjected to bitwise OR operation to protocol fields with a value range specified in the protocol specification to obtain a template value of the bytes; for a protocol field whose value range is not specified by the protocol specification, setting all binary bits of all bytes of the field to be 0x 01; recording the binary string as a template binary string TEMPSTR, recording the byte length of the binary string as LEN, and recording the byte OFFSET of the starting position of the binary string as OFFSET;
step 1.2: recording the TEMPSTR, LEN and OFFSET obtained in the step 1.1 as a triple { TEMPSTR, LEN and OFFSET };
step 1.3: if multiple TCP message formats are defined in the IEC specification, according to the methods of steps 1.1 and 1.2, a triple { TEMPSTR, LEN, OFFSET } can be respectively formulated according to each TCP message format, and a plurality of triples jointly form a content template.
Initializing a binary string consistent with a standard TCP message format in an IEC specification, wherein the binary string is a binary string of 7 bytes, performing bitwise OR operation on all values allowed by a protocol specification by taking bytes as units for a protocol field with a value range specified in the protocol specification to obtain a template value of the byte, and the 1 st byte is 0x68, and the 7 th byte is binary 11101111, namely 0x 7F; for the protocol field whose value range is not specified by the protocol specification, all binary bits of all bytes of the field are set to be 0x01, and 2-6 bytes are taken as 0XFFFFFFFFF in this example; taking the binary string as a TEMPLATE binary string TEMPSTR, taking the byte length as LEN, taking the byte OFFSET of the start position as OFFSET, taking the TEMPSTR content as 0x68FFFFFFFFFF7F, taking the LEN value as 7, taking the OFFSET as 0 (starting from the 1 st byte, OFFSET is 0), taking the TEMPSTR, LEN, and OFFSET as a triplet { TEMPSTR, LEN, OFFSET }, and taking the triplet content as {0x68FFFFFFFFFF7F, 7, 0} in this embodiment, if multiple TCP packet formats are defined in the IEC specification, according to the method of this embodiment, a triplet { TEMPSTR, LEN, OFFSET } can be respectively formulated according to each TCP packet format, and multiple triplets jointly form a content TEMPLATE tempate, that is: termplate ═ triplet 1, triplet 2, … …, triplet n, where n is the number of triplets in termplate, and termplate in this embodiment contains only one triplet.
Preferably, the TCP load content of the TCP packet extracted in step 3 is recorded as PAYLOAD, and each time a PAYLOAD of a TCP packet is obtained, the content conformance is verified, each triplet in the content template is extracted, TEMPSTR, LEN, OFFSET of the triplet is extracted, according to values of OFFSET and LEN, a TCP packet binary string starting from the second OFFSET byte and having a length of LEN is extracted from the PAYLOAD, the number of TCP packet binary strings extracted from one PAYLOAD is one or more, the number of TCP packet binary strings is the same as the number of triplets in the content template, and if the length of PAYLOAD is not enough to extract a TCP packet binary string, the data content of the TCP packet binary string is filled with 0; and the plurality of TCP message binary strings are marked as { PACKSTR1, PACKSTR2, … … and PACKSTRn }.
The method comprises the steps of sequentially reading each triple in TEMPLES obtained in the embodiment, taking out TEMPSTR, LEN and OFFSET of each triple, and extracting a TCP message binary string which starts from the second OFFSET byte and has the length of LEN from the PAYLOAD according to the values of the OFFSET and the LEN, wherein at least one TCP message binary string can be obtained in the step, the number of the TCP message binary strings is equivalent to the number n of the triples in the embodiment, and if the length of the PAYLOAD is not enough to extract a certain TCP message binary string, the data content of the TCP message binary string is supplemented by 0; and extracting a plurality of TCP message binary strings which are output and marked as { PACKSTR1, PACKSTR2, … … and PACKSTRn }, wherein only one PACKSTR is obtained in the example, and the value of the PACKSTR is 0x 682878727A 0D 09.
Preferably, the TEMPSTR in the triplets in step 4 is respectively and-bitwise operated with a plurality of TCP packet binary strings { PACKSTR1, PACKSTR2, … …, PACKSTRn } in sequence to obtain a plurality of result binary strings, and the result binary strings are marked as { RESULTSTR1, RESULTST2, … …, RESULTSTRn }.
The TEMPSTR in the { triplet 1, triplet 2, … …, triplet n } obtained in this embodiment is respectively and bitwise anded with the { PACKSTR1, PACKSTR2, … …, PACKSTRn } obtained in this embodiment, to obtain a plurality of result binary strings, which are denoted as { RESULTSTR1, RESULTST2, … …, RESULTSTRn }, a RESULTSTR is obtained in this embodiment, and the value of the RESULTSTR is 0x 682878727A 0D 09, and the bitwise and process is shown in fig. 2.
Preferably, in the step 5, the result binary strings { PACKSTR1, PACKSTR2, … …, PACKSTRn } are respectively compared with the result binary strings { RESULTSTR1, RESULTST2, … …, RESULTSTRn } one by one, and if any PACKSTRi is completely consistent with the content of the corresponding RESULTSTRi, it is determined that the captured TCP message conforms to the protocol specification, and if all PACKSTRi are not consistent with the content of the corresponding RESULTSTRi, it is determined that the TCP message does not conform to the protocol specification, and a determination result is output.
In this embodiment, only one result binary string RESULTSTR is obtained, the value of which is 0x 682878727A 0D 09, in this example, only one PACKSTR is obtained, the value of which is 0x 682878727A 0D 09, and the contents of the two are completely consistent, it is determined that the TCP packet conforms to the IEC protocol specification.
Preferably, all TCP messages received and sent by the TCP port number 2404 specified by the IEC protocol specification are captured in step 2.
The method captures the TCPTCP message of the specified port in the network, captures all TCP data TCP messages which are received and transmitted by a TCP port number 2404 specified by IEC protocol specification, extracts the TCP protocol load content of the TCP messages and records the TCP protocol load content as PAYLOAD, and in the embodiment, the first 7 bytes of the PAYLOAD are assumed to be 0x 682878727A 0D 09.
And finally, circularly capturing the network TCP message and carrying out conformance check.
The above-mentioned embodiments only express the specific embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the present application. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present invention, which falls within the protection scope of the present application.

Claims (7)

1. A method for verifying the compliance of an electric power IEC protocol based on a content template is characterized by comprising the following steps:
step 1: establishing a content template according to the IEC protocol specification, wherein the content template comprises at least one content template binary string, and the value of each byte of each template binary string is filled in according to the value range of the byte at the corresponding position in the IEC protocol specification;
step 2: capturing TCP messages of a designated TCP port transmitted in a network, only selecting all TCP messages received and transmitted by a TCP port number 2404 for subsequent analysis, and discarding other TCP messages;
and step 3: extracting TCP load content in a TCP message, sequentially extracting each content template binary string in a content template, reading the byte length and the byte offset of the content template binary string, and extracting the TCP message binary string from the TCP load content according to the byte offset and the byte length;
and 4, step 4: carrying out bitwise AND operation on the binary string of the TCP message and the binary string of the corresponding content template to obtain a result binary string;
and 5: and comparing the result binary string with the TCP message binary string, judging and outputting a judgment result.
2. The method for verifying compliance of power IEC protocol based on content template as claimed in claim 1, wherein the step 1 comprises:
step 1.1: initializing a binary string consistent with a standard TCP message format in an IEC protocol specification, wherein, taking bytes as units, all values allowed by the protocol specification are subjected to bitwise OR operation to protocol fields with a value range specified in the protocol specification to obtain a template value of the bytes; for a protocol field whose value range is not specified by the protocol specification, setting all binary bits of all bytes of the field to be 0x 01; recording the binary string as a template binary string TEMPSTR, recording the byte length of the binary string as LEN, and recording the byte OFFSET of the starting position of the binary string as OFFSET;
step 1.2: recording the TEMPSTR, LEN and OFFSET obtained in the step 1.1 as a triple { TEMPSTR, LEN and OFFSET };
step 1.3: if multiple TCP message formats are defined in the IEC specification, a triple { TEMPSTR, LEN, OFFSET } is respectively established according to each TCP message format according to the methods of the steps 1.1 and 1.2, and a plurality of triples jointly form a content template.
3. The method according to claim 2, wherein the TCP load content of the TCP packet is extracted in step 3 and is marked as PAYLOAD, and each time a PAYLOAD of a TCP packet is obtained, the content compliance is verified, each triplet of the TCP packet is extracted from the content template, TEMPSTR, LEN, OFFSET of the triplet is extracted, a TCP packet binary string with a length of LEN from the second OFFSET byte is extracted from the PAYLOAD according to values of OFFSET and LEN, the number of the TCP packet binary strings extracted from one PAYLOAD is one or more, the number of the TCP packet binary strings is the same as the number of the triplets in the content template, and if the length of the PAYLOAD is not enough to extract the TCP packet binary string, the data content of the TCP packet binary string is filled with 0; and the plurality of TCP message binary strings are marked as { PACKSTR1, PACKSTR2, … … and PACKSTRn }.
4. The method as claimed in claim 3, wherein the TEMPSTR in the triplets in step 4 is bit-wise ANDed with TCP packet binary strings { PACKSTR1, PACKSTR2, … …, PACKSTRn } in sequence to obtain a plurality of result binary strings, and the result binary strings are denoted as { RESULTSTR1, RESULTST2, … …, RESULTSTRn }.
5. The method as claimed in claim 4, wherein the specific process of step 5 is comparing the result binary strings { PACKSTR1, PACKSTR2, … …, PACKSTRn } with the result binary strings { RESULTSTR1, RESULTST2, … …, RESULTSTRn } one by one, and if any PACKSTRi is completely consistent with the content of the corresponding RESULTSTRi, determining that the captured TCP message is in compliance with the protocol specification, and if all PACKSTRi are not consistent with the content of the corresponding RESULTSTRi, determining that the TCP message is not in compliance with the protocol specification, and outputting the determination result.
6. The method according to claim 1, wherein all TCP messages sent and received by a TCP port number 2404 specified by IEC protocol specification are captured in step 2.
7. The method for verifying the conformance of the electric power IEC protocol based on the content template as claimed in claim 1, wherein the method for filling the value of each byte of the template binary string in step 1 into the value range of the corresponding position byte is to select the byte at the position of the byte in the template binary string in the IEC specification at the position corresponding to the IEC protocol TCP message, take out all the allowable values of the IEC specification for the byte, perform bitwise or (|) operation on all the allowable values, fill the operation result into the corresponding byte of the content template binary string, and record the byte length of the content template binary string and the byte offset of the content template binary string in the IEC protocol TCP message.
CN201910612753.0A 2019-07-09 2019-07-09 Electric power IEC protocol conformance verification method based on content template Active CN110311835B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910612753.0A CN110311835B (en) 2019-07-09 2019-07-09 Electric power IEC protocol conformance verification method based on content template

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910612753.0A CN110311835B (en) 2019-07-09 2019-07-09 Electric power IEC protocol conformance verification method based on content template

Publications (2)

Publication Number Publication Date
CN110311835A CN110311835A (en) 2019-10-08
CN110311835B true CN110311835B (en) 2021-05-14

Family

ID=68077927

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910612753.0A Active CN110311835B (en) 2019-07-09 2019-07-09 Electric power IEC protocol conformance verification method based on content template

Country Status (1)

Country Link
CN (1) CN110311835B (en)

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102209019B (en) * 2010-03-30 2015-09-16 杭州华三通信技术有限公司 A kind of load-balancing method based on message payload and load-balancing device
CN103248609A (en) * 2012-02-06 2013-08-14 同方股份有限公司 System, device and method for detecting data from end to end
CN102868571B (en) * 2012-08-07 2015-04-08 华为技术有限公司 Method and device for rule matching
US9300632B2 (en) * 2013-12-31 2016-03-29 Fortinet, Inc. Examining and controlling IPv6 extension headers
CN105515995B (en) * 2015-12-01 2018-09-21 华为技术有限公司 Message processing method and device
CN106878098A (en) * 2015-12-10 2017-06-20 深圳市中兴微电子技术有限公司 The identifying processing method and device of data message
CN106649217A (en) * 2016-10-28 2017-05-10 东软集团股份有限公司 Data matching method and device
CN106657104B (en) * 2016-12-30 2019-09-06 杭州迪普科技股份有限公司 A kind of matching process and device of prevention policies
CN107426049A (en) * 2017-05-16 2017-12-01 国家计算机网络与信息安全管理中心 A kind of network traffics accurate detecting method, equipment and storage medium

Also Published As

Publication number Publication date
CN110311835A (en) 2019-10-08

Similar Documents

Publication Publication Date Title
CN111211980B (en) Transmission link management method, transmission link management device, electronic equipment and storage medium
CN111709009A (en) Detection method and device for networked industrial control system, computer equipment and medium
CN110602078B (en) Application encryption traffic generation method and system based on generation countermeasure network
CN112702235B (en) Method for automatically and reversely analyzing unknown protocol
CN111866024A (en) Network encryption traffic identification method and device
CN109450733A (en) A kind of network-termination device recognition methods and system based on machine learning
CN110311835B (en) Electric power IEC protocol conformance verification method based on content template
CN115190056B (en) Method, device and equipment for identifying and analyzing programmable flow protocol
CN102111401B (en) Protocol recognition method and device as well as equipment
US9577669B2 (en) Methods, systems, and computer readable media for optimized message decoding
CN104683241A (en) Message detection method and device
CN113347145B (en) 5G wireless communication application secret evaluation system and method
CN109347671B (en) System and method for realizing in-band OAM Metadata editing in chip
RU2622788C1 (en) Method for protecting information-computer networks against cyber attacks
CN105530098B (en) A kind of agreement fingerprint extraction method and system
CN111814161A (en) Data transmission method and system
CN106850451A (en) A kind of data transmission method, apparatus and system
CN113014578A (en) Fragment message detection method based on convolutional neural network and storage medium
US11979479B1 (en) Packet sorting and reassembly circuit module
KR101519619B1 (en) Advanced packet searching apparatus and method for classifying packet based on signature searching
US20240137431A1 (en) Packet sorting and reassembly circuit module
CN104661043A (en) Method, device and system for transmitting transport stream
CN114301960B (en) Processing method and device for cluster asymmetric traffic, electronic equipment and storage medium
CN115001810B (en) Equipment feature extraction system and extraction method based on network protocol interaction behavior
CN115766204B (en) Dynamic IP equipment identification system and method for encrypted traffic

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant