CN111865928A - Security testing device and method for mimicry switch - Google Patents

Security testing device and method for mimicry switch Download PDF

Info

Publication number
CN111865928A
CN111865928A CN202010602605.3A CN202010602605A CN111865928A CN 111865928 A CN111865928 A CN 111865928A CN 202010602605 A CN202010602605 A CN 202010602605A CN 111865928 A CN111865928 A CN 111865928A
Authority
CN
China
Prior art keywords
test
attack
switch
simulation
command line
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010602605.3A
Other languages
Chinese (zh)
Inventor
赵博
刘勤让
宋克
沈剑良
魏帅
刘宗海
杨梅樾
张霞
虎艳宾
董春雷
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Information Engineering University of PLA Strategic Support Force
Original Assignee
Information Engineering University of PLA Strategic Support Force
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Information Engineering University of PLA Strategic Support Force filed Critical Information Engineering University of PLA Strategic Support Force
Priority to CN202010602605.3A priority Critical patent/CN111865928A/en
Publication of CN111865928A publication Critical patent/CN111865928A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/50Testing arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention belongs to the technical field of network facility security test, and discloses a security test device of a mimicry switch, which comprises a configuration management terminal, a protocol module, a test interface and a control module, wherein the protocol module is positioned in protocol stack software of a mimicry switch controller; the test interface is inserted in protocol stack software of the mimic switch controller; the mimic switch comprises a plurality of controllers; the test interface comprises a command line interface and a simulation attack access point; the test interface is used for replacing the output data of the protocol stack software with data preset by a tester according to a control instruction of the tester; the invention also discloses a security testing method of the mimic switch. The invention can simulate the attack behavior of an attacker aiming at any loophole and backdoor of the control management surface of the switch, including unknown loophole and backdoor; the test can be carried out without the need for testers to have the relevant professional technologies of utilizing vulnerabilities, backdoors and implementing network attacks.

Description

Security testing device and method for mimicry switch
Technical Field
The invention belongs to the technical field of network facility security testing, and particularly relates to a security testing device and a security testing method for a mimicry switch.
Background
With the continuous development of network technology, the importance of network space security is more and more prominent. The security of the ethernet switch, which is a node device widely used in the network, has an important influence on the security of the entire network space.
The existing security test method for the switch is mainly limited to the tests in the aspects of flow control, MAC address number limitation, user access control, security audit and the like (the security test method for Ethernet switch equipment, China national information industry division 2007.4.16). The existing switch security testing method is mainly set aiming at known security risks, attack means or security measures, and comprises the aspects of limiting access of illegal users, increasing the cracking difficulty of the illegal users, disabling unnecessary services, perfecting log management and the like.
The mimicry switch is endowed with intrinsic safety attributes from a system level by a unique heterogeneous redundancy architecture, and can resist attacks based on unknown vulnerabilities and backdoors. However, there is currently a lack of effective testing means for the particular architecture of the mimic switch, and its defense against unknown vulnerabilities and backdoor attacks. Testing of a mimicry switch faces three major problems:
(1) The utilization of the loophole and the backdoor unfolding attack requires high professional skills and is difficult to be qualified by ordinary testers. How to enable ordinary testers to finish the test of the defense capability of the mimic switch to the bug backdoor without training.
(2) Due to the privacy of vulnerability backdoors, it is difficult to know and impossible to traverse all vulnerabilities and backdoors in a particular system. How to complete the test of the simulated switch on the defense capability of the bug backdoor on the premise of not knowing which bug backdoors exist in the system.
(3) Compared with the traditional switch, the mimic switch has obviously different heterogeneous and redundant structures, and how to test the safety of the mimic switch according to the structural characteristics of the mimic switch.
Disclosure of Invention
The invention provides a security testing device and a security testing method of a mimic switch, aiming at the problems that the professional technical requirements of testers are high, all bugs and backdoors in a system cannot be traversed, and an effective testing means is lacked in the existing testing method of the mimic switch.
In order to achieve the purpose, the invention adopts the following technical scheme:
a security testing device of a mimicry switch comprises a configuration management terminal, a protocol module, a testing interface and a control module, wherein the protocol module is positioned in protocol stack software of a controller of the mimicry switch; the test interface is inserted in protocol stack software of the mimic switch controller; the mimic switch comprises a plurality of controllers;
The test interface comprises a command line interface and a simulation attack access point; the test interface is used for replacing the output data of the protocol stack software with data preset by a tester according to a control instruction of the tester;
the configuration management terminal is used for logging in a mimic switch command line interface through a serial port/a network port so as to configure the mimic switch to perform white box instrumentation test;
the command line interface is used for analyzing a user command line, outputting a test instruction to the simulated attack access point and determining a simulated attack target;
the simulated attack access point is used for receiving the simulated attack activation message and implementing the simulated attack behavior according to the test instruction;
the protocol module is used for constructing and sending protocol messages through functions, and modifying corresponding message filling contents according to a simulation attack target when the protocol module is attacked so as to achieve the purpose of simulating the attack.
Further, the protocol comprises RIP, OSPF, STP, LLDP.
A security testing method of a mimic switch comprises the following steps:
inserting the test interface into the protocol stack software of the mimic switch controller through the configuration management terminal, and recompiling the protocol stack software; the mimic switch comprises a plurality of controllers;
Sending a simulation attack activation message to protocol stack software of a mimicry switch controller through a simulation attack access point;
setting a simulation attack target, and inputting a test command through a command line interface;
the command line interface analyzes a user test command line and outputs a test instruction to the simulated attack access point;
the simulation attack access point receives the simulation attack activation message and implements the simulation attack behavior according to the test instruction;
and the protocol module modifies the corresponding message filling content according to the simulated attack target to complete the security test of the mimicry switch.
Further, when the simulation attack target is to modify the version number of the OSPF message, the method includes:
inserting a test interface into protocol stack software of 1 controller in the simulated switch by a configuration management terminal to modify the version number of the OSPF message into preset data, and recompiling the protocol stack software;
sending a simulation attack activation message to protocol stack software of a mimic switch controller with a test interface inserted therein through a simulation attack access point;
setting a simulation attack target to modify the version number of the OSPF message into preset data, and inputting a test command line through a command line interface;
The command line interface analyzes a user test command line and outputs a test instruction to the simulated attack access point;
the simulation attack access point receives the simulation attack activation message and implements the simulation attack behavior according to the test instruction;
recording OSPF message output by the switch, wherein the version field value is not preset data, which indicates that the attack is unsuccessful;
and completing attack test of all controllers according to the steps so as to complete the security test of the mimicry switch.
Further, when the simulation attack target is to modify the port number of the LLDP packet, the method includes:
inserting a test interface into protocol stack software of 1 controller in the mimicry switch by a configuration management terminal to modify the port number of the LLDP message as preset data and recompiling the protocol stack software;
sending a simulation attack activation message to protocol stack software of a mimic switch controller with a test interface inserted therein through a simulation attack access point;
setting a simulation attack target to modify the port number of the LLDP message into preset data, and inputting a test command line through a command line interface;
the command line interface analyzes a user test command line and outputs a test instruction to the simulated attack access point;
The simulation attack access point receives the simulation attack activation message and implements the simulation attack behavior according to the test instruction;
recording an LLDP message output by the switch, wherein the value of the port number field is not preset data, which indicates that the attack is unsuccessful;
and completing attack test of all controllers according to the steps so as to complete the security test of the mimicry switch.
Compared with the prior art, the invention has the following beneficial effects:
(1) the invention can simulate the attack behavior of an attacker aiming at any loophole and backdoor of the control management surface of the mimicry switch, including unknown loophole and backdoor;
(2) the invention can develop the test without the related professional technologies of utilizing the loophole, backdoor and implementing network attack for the tester;
(3) the invention aims at the structural design of the mimicry switch and can test the capability of the mimicry switch for resisting unknown bugs and backdoor attacks.
Drawings
FIG. 1 is a schematic diagram of a security testing apparatus of a mimic switch according to an embodiment of the present invention;
FIG. 2 is a basic flowchart of a security testing method for a mimic switch according to an embodiment of the present invention;
FIG. 3 is a basic flowchart of a security testing method for a mimic switch according to another embodiment of the present invention;
Fig. 4 is a schematic diagram of a pseudo switch architecture of a security testing method for a pseudo switch according to an embodiment of the present invention;
fig. 5 is a basic flowchart of a security testing method for a mimic switch according to another embodiment of the present invention.
Detailed Description
The invention is further illustrated by the following examples in conjunction with the accompanying drawings:
example 1
As shown in fig. 1, a security testing apparatus for a mimic switch includes a configuration management terminal, a protocol module, and a testing interface, where the protocol module is located in a protocol stack software of a mimic switch controller; the test interface is inserted in protocol stack software of the mimic switch controller; the mimic switch includes a plurality of controllers.
The test interface comprises a command line interface and a simulation attack access point; the test interface is used for replacing the output data of the protocol stack software with data preset by the tester according to the control instruction of the tester.
The configuration management terminal is used for logging in a mimic switch command line interface through a serial port/a network port so as to configure the mimic switch to perform white box instrumentation test; specifically, the configuration management terminal may be a general computer.
The command line interface is used for analyzing a user command line, outputting a test instruction to the simulated attack access point and determining a simulated attack target; if the user inputs a command: an attack OSPF-version 10, which means that the attack target is to modify the version field value in the OSPF message to 10 and inform the simulated attack access point to implement the simulated attack; the notification process is realized through a file or a pipeline, for example, a custom file wbox.ini in protocol stack software is used for transmitting an attack instruction at a simulated attack access point, and after a user inputs the simulated attack instruction, a command line interface program adds "ospf _ version _ acked =1 in the wbox.ini file; OSPF _ version =10 "content, indicating" ready for attack in a manner of modifying OSPF version field value to 0x10 "; the protocol module obtains attack contents by reading the wbox. ini file, and simulates the attack after receiving the activation message.
The simulated attack access point is used for receiving the simulated attack activation message and implementing the simulated attack behavior according to the test instruction.
The protocol module is used for constructing and sending a protocol message through functions (such as hello _ send, ls _ req _ send and packet _ header _ set), and modifying corresponding message filling contents according to a simulated attack target when the protocol message is attacked so as to achieve the purpose of simulating the attacked message. Specifically, original functions of protocol stack software such as hello _ send, ls _ req _ send, packet _ header _ set and the like are modified, and a function of simulating attacked according to an attack instruction is added; for example, after reading wbox. ini content, the protocol module learns attack content, and after receiving a simulated attack activation message, the modified packet _ header _ set function implements simulated attacked operation, and fixedly writes a version field value as '0 x 10' when constructing an ospf message header, thereby achieving the purpose of simulating attacked.
Further, the protocol comprises RIP, OSPF, STP, LLDP.
Example 2
As shown in fig. 2, a method for testing the security of a mimic switch based on the security testing apparatus of the mimic switch according to embodiment 1 includes:
step S201: inserting the test interface into the protocol stack software of the mimic switch controller through the configuration management terminal, and recompiling the protocol stack software; the mimic switch comprises a plurality of controllers;
step S202: sending a simulation attack activation message to protocol stack software of a mimicry switch controller through a simulation attack access point; specifically, the analog activation packet refers to a packet containing a specific field content, for example, a packet containing a field "0 x 101010"; during testing, specific fields contained in the attack activation message are simulated to trigger attack operation; the contents of a particular field may be customized by the tester;
step S203: setting a simulation attack target, and inputting a test command through a command line interface;
step S204: the command line interface analyzes a user test command line and outputs a test instruction to the simulated attack access point;
step S205: the simulation attack access point receives the simulation attack activation message and implements the simulation attack behavior according to the test instruction;
Step S206: and the protocol module modifies the corresponding message filling content according to the simulated attack target to complete the security test of the mimicry switch.
Example 3
As shown in fig. 3, the security testing apparatus for a mimic switch according to embodiment 1 and the security testing method for a mimic switch according to embodiment 2 are provided.
As an implementable manner, the mimic switch includes 3 controllers, i.e. controller 1, controller 2, and controller 3, and a typical architecture of the mimic switch is shown in fig. 4, it should be noted that fig. 4 is a typical, but not exclusive, form of the switch controller. The switch is logically divided into two parts, namely a control management plane and a data forwarding plane, and the corresponding entities are a controller and a switching chip respectively. The control management plane provides functions of analyzing various network protocols, updating and managing routing tables and the like for the Ethernet switch, provides a control platform for managers for maintaining, updating and monitoring the switch, and is generally formed by running various protocol stacks and management software on a main control CPU through an operating system, namely a controller. The data forwarding plane processes or forwards data entering through the switch port according to a data forwarding rule set by a routing table issued by the control management plane, and generally adopts a special switching chip.
When the simulation attack target is to modify the version number of the OSPF message, the method comprises the following steps:
step S301: inserting the test interface into the protocol stack software of the mimic switch controller 1 through the configuration management terminal to modify the version number of the OSPF message into the preset data, and recompiling the protocol stack software; specifically, the following test interface codes are inserted into the protocol stack software:
if (!ospf_version_attack)
stream _ putc (s, OSPF _ VERSION)/. original code filling VERSION number is 2-
else
stream _ putc (s, ospf _ version _ attack), execute the code that fills in the new version number +
Step S302: sending a simulation attack activation message to protocol stack software of the controller 1 through a simulation attack access point;
step S303: setting a simulation attack target (a preset output data strategy) to modify the version number of the OSPF message into preset data, and inputting a test command line through a command line interface; as one possible implementation, the simulated attack targets are set as: modifying the version field of the OSPF message into 0x10, and inputting a test command attackospf-version 10 into a command line interface (command line interface);
step S304: the command line interface analyzes a user test command line and outputs a test instruction to the simulated attack access point;
Step S305: the simulation attack access point receives the simulation attack activation message and implements the simulation attack behavior according to the test instruction;
step S306: recording an OSPF message output by a switch, wherein the version field value is not preset data, namely the version field value is not 0x10, which indicates that the attack is unsuccessful;
step S307: clearing the attack state of the switch controller 1, repeating the testing steps S301-S306 to the controller 2, wherein the output OSPF message version field is still the original value, but not 0x10, which indicates that the attack is unsuccessful;
step S308: the attack state of the switch controller 2 is cleared, and the step S301 to the step S306 are repeatedly tested on the controller 3, and the attack result is still unsuccessful.
And (3) integrating the test steps to obtain a test conclusion: the mimicry switch has the capability of resisting the attack behavior aiming at tampering the OSPF message version field based on any bugs and backdoor attacking a single controller.
It should be noted that, in the above test process, the test interface may also be inserted into the protocol stack software of all controllers of the mimic switch through the configuration management terminal, and then attack tests are performed on 1 controller, 2 controllers or all controllers respectively to test the capability of the mimic switch to resist attacks of different strengths; the test process aims at the simulation attack target to modify the version number of the OSPF message, and the test conclusion can be obtained when the targeted simulation attack target is to modify other fields of the OSPF message or the targeted simulation attack target is to modify any fields of other protocol messages.
Example 4
As shown in fig. 5, the security testing apparatus for a mimic switch according to embodiment 1 and the security testing method for a mimic switch according to embodiment 2 are provided.
As an implementable manner, the mimic switch includes 3 controllers, i.e. controller 1, controller 2, and controller 3, and a typical architecture of the mimic switch is shown in fig. 4, it should be noted that fig. 4 is a typical, but not exclusive, form of the switch controller.
When the simulation attack target is to modify the port number of the LLDP message, the method comprises the following steps:
step S401: inserting a test interface into protocol stack software of the mimic switch controller 1 through a configuration management terminal to modify the port number of the LLDP message as preset data, and recompiling the protocol stack software; specifically, the following test interface codes are inserted into the protocol stack software:
if (!lldp_port_attack)
stream _ putc (s, LLDP _ PORT), original code filling PORT number of 17 +
else
stream _ putc (s, lldp _ port _ attack), executing code which fills in new port number +
Step S402: sending a simulation attack activation message to protocol stack software of the controller 1 through a simulation attack access point;
Step S403: setting a simulation attack target (a preset output data strategy) to modify the port number of the LLDP message into preset data, and inputting a test command line through a command line interface; as one possible implementation, the simulated attack targets are set as: modifying the port number field of the LLDP protocol message to be 0x01, and inputting a test command attach LLDP-port 01 on a command line interface;
step S404: the command line interface analyzes a user test command line and outputs a test instruction to the simulated attack access point;
step S405: the simulation attack access point receives the simulation attack activation message and implements the simulation attack behavior according to the test instruction;
step S406: recording an LLDP message output by the switch, wherein the value of the port number field is not preset data, namely the value of the port number field is not 0x01, which indicates that the attack is unsuccessful;
step S407: clearing the attack state of the switch controller 1, repeating the testing steps S401-S406 for the controller 2, wherein the port number field of the output LLDP message is still the original value, but not 0x10, which indicates that the attack is unsuccessful;
step S408: the attack state of the switch controller 2 is cleared, and the step S401 to the step S406 are repeatedly tested on the controller 3, and the attack result is still unsuccessful.
And (3) integrating the test steps to obtain a test conclusion: the mimicry switch has the capability of resisting the attack behavior aiming at tampering the LLDP message port field based on any bugs and backdoor attacking a single controller.
It should be noted that, in the above test process, the test interface may also be inserted into the protocol stack software of all controllers of the mimic switch through the configuration management terminal, and then attack tests are performed on 1 controller, 2 controllers or all controllers respectively to test the capability of the mimic switch to resist attacks of different strengths; the simulation attack target aimed at in the test process is to modify the port number field of the LLDP message, and when the simulation attack target aimed at is to modify other fields of the LLDP message or the simulation attack target aimed at is to modify any fields of other protocol messages, the test conclusion can be obtained.
The above shows only the preferred embodiments of the present invention, and it should be noted that it is obvious to those skilled in the art that various modifications and improvements can be made without departing from the principle of the present invention, and these modifications and improvements should also be considered as the protection scope of the present invention.

Claims (5)

1. A security testing device of a mimicry switch comprises a configuration management terminal and a protocol module, wherein the protocol module is positioned in protocol stack software of a controller of the mimicry switch and is characterized by also comprising a testing interface; the test interface is inserted in protocol stack software of the mimic switch controller; the mimic switch comprises a plurality of controllers;
the test interface comprises a command line interface and a simulation attack access point; the test interface is used for replacing the output data of the protocol stack software with data preset by a tester according to a control instruction of the tester;
the configuration management terminal is used for logging in a mimic switch command line interface through a serial port/a network port so as to configure the mimic switch to perform white box instrumentation test;
the command line interface is used for analyzing a user command line, outputting a test instruction to the simulated attack access point and determining a simulated attack target;
the simulated attack access point is used for receiving the simulated attack activation message and implementing the simulated attack behavior according to the test instruction;
the protocol module is used for constructing and sending protocol messages through functions, and modifying corresponding message filling contents according to a simulation attack target when the protocol module is attacked so as to achieve the purpose of simulating the attack.
2. The apparatus of claim 1, wherein the protocol comprises RIP, OSPF, STP, LLDP.
3. A method for testing the security of a mimic switch based on the apparatus for testing the security of a mimic switch according to any one of claims 1-2, comprising:
inserting the test interface into the protocol stack software of the mimic switch controller through the configuration management terminal, and recompiling the protocol stack software; the mimic switch comprises a plurality of controllers;
sending a simulation attack activation message to protocol stack software of a mimicry switch controller through a simulation attack access point;
setting a simulation attack target, and inputting a test command through a command line interface;
the command line interface analyzes a user test command line and outputs a test instruction to the simulated attack access point;
the simulation attack access point receives the simulation attack activation message and implements the simulation attack behavior according to the test instruction;
and the protocol module modifies the corresponding message filling content according to the simulated attack target to complete the security test of the mimicry switch.
4. The method of claim 3, wherein when the target of the simulation attack is to modify the version number of the OSPF packet, the method comprises:
Inserting a test interface into protocol stack software of 1 controller in the simulated switch by a configuration management terminal to modify the version number of the OSPF message into preset data, and recompiling the protocol stack software;
sending a simulation attack activation message to protocol stack software of a mimic switch controller with a test interface inserted therein through a simulation attack access point;
setting a simulation attack target to modify the version number of the OSPF message into preset data, and inputting a test command line through a command line interface;
the command line interface analyzes a user test command line and outputs a test instruction to the simulated attack access point;
the simulation attack access point receives the simulation attack activation message and implements the simulation attack behavior according to the test instruction;
recording OSPF message output by the switch, wherein the version field value is not preset data, which indicates that the attack is unsuccessful;
and completing attack test of all controllers according to the steps so as to complete the security test of the mimicry switch.
5. The method of claim 3, wherein when the simulation attack targets the modification of the port number of the LLDP packet, the method comprises:
Inserting a test interface into protocol stack software of 1 controller in the mimicry switch by a configuration management terminal to modify the port number of the LLDP message as preset data and recompiling the protocol stack software;
sending a simulation attack activation message to protocol stack software of a mimic switch controller with a test interface inserted therein through a simulation attack access point;
setting a simulation attack target to modify the port number of the LLDP message into preset data, and inputting a test command line through a command line interface;
the command line interface analyzes a user test command line and outputs a test instruction to the simulated attack access point;
the simulation attack access point receives the simulation attack activation message and implements the simulation attack behavior according to the test instruction;
recording an LLDP message output by the switch, wherein the value of the port number field is not preset data, which indicates that the attack is unsuccessful;
and completing attack test of all controllers according to the steps so as to complete the security test of the mimicry switch.
CN202010602605.3A 2020-06-29 2020-06-29 Security testing device and method for mimicry switch Pending CN111865928A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010602605.3A CN111865928A (en) 2020-06-29 2020-06-29 Security testing device and method for mimicry switch

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010602605.3A CN111865928A (en) 2020-06-29 2020-06-29 Security testing device and method for mimicry switch

Publications (1)

Publication Number Publication Date
CN111865928A true CN111865928A (en) 2020-10-30

Family

ID=72989252

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010602605.3A Pending CN111865928A (en) 2020-06-29 2020-06-29 Security testing device and method for mimicry switch

Country Status (1)

Country Link
CN (1) CN111865928A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113347085A (en) * 2021-06-02 2021-09-03 河南信大网御科技有限公司 Method for realizing STP protocol under mimicry environment
CN113746843A (en) * 2021-09-03 2021-12-03 天津芯海创科技有限公司 Method for quantifying attack success rate of mimicry switch
CN114584330A (en) * 2020-11-16 2022-06-03 华为技术有限公司 Vulnerability testing method and device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2343971A (en) * 1998-08-06 2000-05-24 Siemens Ag Checking a program module in on-line and off-line modes
CN101252483A (en) * 2008-04-10 2008-08-27 北京星网锐捷网络技术有限公司 System and method for testing switch
CN110445787A (en) * 2019-08-09 2019-11-12 华东计算技术研究所(中国电子科技集团公司第三十二研究所) Heterogeneous testing device and method based on DHR framework mimicry defense platform

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2343971A (en) * 1998-08-06 2000-05-24 Siemens Ag Checking a program module in on-line and off-line modes
CN101252483A (en) * 2008-04-10 2008-08-27 北京星网锐捷网络技术有限公司 System and method for testing switch
CN110445787A (en) * 2019-08-09 2019-11-12 华东计算技术研究所(中国电子科技集团公司第三十二研究所) Heterogeneous testing device and method based on DHR framework mimicry defense platform

Non-Patent Citations (9)

* Cited by examiner, † Cited by third party
Title
傅秋宇等: "网络协议实验平台的设计与实现", 《南开大学学报(自然科学版)》 *
刘利枚等: "嵌入式软件白盒测试系统的实现", 《电子测量技术》 *
姜文等: "基于持续集成的C/C++软件覆盖率测试", 《计算机技术与发展》 *
宋克等: "基于拟态防御的以太网交换机内生安全体系结构", 《通信学报》 *
张铮等: "web服务器拟态防御原理验证系统测试与分析", 《信息安全学报》 *
王鹏等: "MNOS:拟态网络操作系统设计与实现", 《计算机研究与发展》 *
钟华等: "软件安全分析综述", 《现代计算机(专业版)》 *
马海龙等: "基于动态异构冗余机制的路由器拟态防御体系结构", 《信息安全学报》 *
马海龙等: "路由器拟态防御能力测试与分析", 《信息安全学报》 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114584330A (en) * 2020-11-16 2022-06-03 华为技术有限公司 Vulnerability testing method and device
CN113347085A (en) * 2021-06-02 2021-09-03 河南信大网御科技有限公司 Method for realizing STP protocol under mimicry environment
CN113746843A (en) * 2021-09-03 2021-12-03 天津芯海创科技有限公司 Method for quantifying attack success rate of mimicry switch
CN113746843B (en) * 2021-09-03 2024-01-05 天津芯海创科技有限公司 Method for quantifying attack success rate of mimicry switch

Similar Documents

Publication Publication Date Title
CN111865928A (en) Security testing device and method for mimicry switch
CN109802852B (en) Method and system for constructing network simulation topology applied to network target range
Fovino et al. An experimental investigation of malware attacks on SCADA systems
Radoglou-Grammatikis et al. Attacking iec-60870-5-104 scada systems
Lanotte et al. A formal approach to cyber-physical attacks
Parian et al. Fooling the master: Exploiting weaknesses in the modbus protocol
CN101447898A (en) Test system used for network safety product and test method thereof
CN109194684B (en) Method and device for simulating denial of service attack and computing equipment
CN112100625B (en) Operating system access control vulnerability discovery method based on model detection
CN110912927A (en) Method and device for detecting control message in industrial control system
CN104462962A (en) Method for detecting unknown malicious codes and binary bugs
CN116681013B (en) Simulation verification method, platform, device, equipment and medium of network chip
JP2016113122A (en) Test device of on-vehicle network
Gao et al. Em-fuzz: Augmented firmware fuzzing via memory checking
Banik et al. Implementing man-in-the-middle attack to investigate network vulnerabilities in smart grid test-bed
Rrushi Dnic architectural developments for 0-knowledge detection of opc malware
Fern et al. Detecting hardware trojans in unspecified functionality using mutation testing
Zhou et al. P4Tester: Efficient runtime rule fault detection for programmable data planes
Meng et al. SeVNoC: Security validation of system-on-chip designs with NoC fabrics
CN206195821U (en) Industry control network security detection device
CN105025067A (en) Information security technology research platform
Redwood Cyber physical system vulnerability research
Wang et al. A novel model for the internet worm propagation
Jaromin et al. Design and implementation of industrial control system emulators
US20190098022A1 (en) Security surveillance system and security surveillance method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20201030