CN114070766A - Network security product validity detection method and related equipment - Google Patents
Network security product validity detection method and related equipment Download PDFInfo
- Publication number
- CN114070766A CN114070766A CN202111348604.1A CN202111348604A CN114070766A CN 114070766 A CN114070766 A CN 114070766A CN 202111348604 A CN202111348604 A CN 202111348604A CN 114070766 A CN114070766 A CN 114070766A
- Authority
- CN
- China
- Prior art keywords
- detection
- security product
- network security
- preset
- validity
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/50—Testing arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
- H04L43/0805—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Environmental & Geological Engineering (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
According to the validity detection method and the relevant equipment for the network security product, the preset validity detection automation script comprising the preset attack detection flow and the detection flow characteristics is sent to the network security product. And determining the effectiveness of the network security product according to the detection flow characteristics based on an alarm result returned after the network security product reacts to the preset attack detection flow. The preset attack detection flow consists of at least one detection flow packet, the detection flow characteristics comprise a detection flow number, a detection type and a detection identifier, and each number in the detection flow number corresponds to each detection flow packet one to one. The preset validity detection automation script comprising the preset attack detection flow and the detection flow characteristics can reduce the dependence on personnel and production environment in the validity detection process, and efficiently and conveniently detect the validity of the network security product.
Description
Technical Field
The present disclosure relates to the field of network security technologies, and in particular, to a method for detecting validity of a network security product and a related device.
Background
Network security products (products of network security) refer to various software products and related products combining software and hardware for ensuring system and information security of various user networks and enabling the system to normally operate. The network security product comprises various software and hardware products such as antivirus software, a firewall, an intrusion detection system, information encryption, security authentication, security assessment and the like, and the network security product consists of the above products.
Under the condition of large-scale deployment or cloud deployment, the workload of validity detection on the network security product increases exponentially, so that how to efficiently and conveniently detect the validity of the network security product becomes a technical problem which needs to be solved by technical personnel in the field.
Disclosure of Invention
In view of the foregoing problems, the present disclosure provides a method and related device for detecting validity of a network security product, which overcome or at least partially solve the foregoing problems, and the technical solution is as follows:
a network security product validity detection method comprises the following steps:
obtaining a preset validity detection automation script, wherein the preset validity detection automation script comprises preset attack detection flow and detection flow characteristics, the preset attack detection flow is composed of at least one detection flow packet, the detection flow characteristics comprise a detection flow number, a detection type and a detection identification, and each number in the detection flow number corresponds to each detection flow packet one to one;
sending the preset validity detection automation script to at least one network security product in a target network to obtain an alarm result returned after the network security product reacts to the preset attack detection flow;
and determining whether the network security product alarms each detected flow packet in the alarm result according to the detection identifier and the detected flow number, and if so, determining that the network security product can provide effective protection for the attack of the detection type.
Optionally, the method further includes:
and under the condition that the network security product does not alarm all the detection flow packets in the alarm result, determining that the network security product cannot provide effective protection for the detection flow packets which are not alarmed in the detection type.
Optionally, the determining, according to the detection identifier and the detection traffic number, whether the network security product alarms each of the detection traffic packets in the alarm result includes:
retrieving the alarm corresponding to the detection identifier from the alarm result;
and determining whether the alarm corresponding to the detection identifier comprises the alarm of the detection flow packet corresponding to each number in the detection flow number, and if so, determining that the network security product can provide effective protection for the attack of the detection type.
Optionally, the method further includes:
and adding the IP address corresponding to the preset validity detection automation script into a white list of the target network.
Optionally, the method further includes:
and generating an effectiveness detection report corresponding to the network security product based on the alarm result.
Optionally, the network security product includes a serial security product and a bypass security product, the serial security product is configured to block and alarm the preset attack detection traffic, and the bypass security product is configured to alarm the preset attack detection traffic.
Optionally, the target network includes a DMZ network, an internal network, and/or a private network.
Optionally, the sending the preset validity detection automation script to at least one network security product in a target network includes:
and sending the preset validity detection automation script to at least one network security product in the target network according to a preset validity detection time interval.
An apparatus for detecting validity of network security products, comprising: an availability detection automation script obtaining unit, a network security product alarm result obtaining unit and a network security product availability determining unit,
the validity detection automation script obtaining unit is used for obtaining a preset validity detection automation script, wherein the preset validity detection automation script comprises a preset attack detection flow and detection flow characteristics, the preset attack detection flow is composed of at least one detection flow packet, the detection flow characteristics comprise a detection flow number, a detection type and a detection identifier, and each number in the detection flow number corresponds to each detection flow packet one to one;
the network security product alarm result obtaining unit is used for sending the preset validity detection automation script to at least one network security product in a target network to obtain an alarm result returned after the network security product reacts to the preset attack detection flow;
and the network security product validity determining unit is used for determining whether the network security product alarms each detected flow packet in the alarm result according to the detection identifier and the detected flow number, and if so, determining that the network security product can provide effective protection for the attack of the detection type.
An electronic device comprising at least one processor, and at least one memory connected to the processor, a bus; the processor and the memory complete mutual communication through the bus; the processor is used for calling the program instructions in the memory so as to execute any one of the network security product validity detection methods.
By means of the technical scheme, the preset validity detection automation script can be obtained through the network security product validity detection method and the related equipment, wherein the preset validity detection automation script comprises preset attack detection flow and detection flow characteristics, the preset attack detection flow is composed of at least one detection flow packet, the detection flow characteristics comprise a detection flow number, a detection type and a detection identification, and each number in the detection flow number corresponds to each detection flow packet one by one; sending a preset validity detection automation script to at least one network security product in a target network to obtain an alarm result returned after the network security product reacts to preset attack detection flow; and determining whether the network security product alarms each detection flow packet in the alarm result according to the detection identification and the detection flow number, and if so, determining that the network security product can provide effective protection for the attack of the detection type. The preset validity detection automation script comprising the preset attack detection flow and the detection flow characteristics can reduce the dependence on personnel and production environment in the validity detection process, and efficiently and conveniently detect the validity of the network security product.
The foregoing description is only an overview of the technical solutions of the present disclosure, and the embodiments of the present disclosure are described below in order to make the technical means of the present disclosure more clearly understood and to make the above and other objects, features, and advantages of the present disclosure more clearly understandable.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the disclosure. Also, like reference numerals are used to refer to like parts throughout the drawings. In the drawings:
fig. 1 is a schematic flow chart diagram illustrating an implementation manner of a network security product validity detection method provided by an embodiment of the present disclosure;
fig. 2 shows a schematic structural diagram of an apparatus for detecting validity of a network security product according to an embodiment of the present disclosure.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
As shown in fig. 1, a flow diagram of an implementation manner of a network security product validity detection method provided in an embodiment of the present disclosure may include:
s100, obtaining a preset validity detection automation script, wherein the preset validity detection automation script comprises preset attack detection flow and detection flow characteristics, the preset attack detection flow is composed of at least one detection flow packet, the detection flow characteristics comprise a detection flow number, a detection type and a detection identification, and each number in the detection flow number corresponds to each detection flow packet one to one.
It can be understood that the embodiment of the present disclosure can obtain a pre-designed validity detection automation script according to the actual attack detection requirement. For example: the disclosed embodiments can design an automation script for validity detection of sql injection type attacks as "GET/? The method comprises the steps that id is 1 unit selected transmitted from admin & check _ no & 1& check _ type & sql & check _ sign & safety _ ceck ", wherein" id "is preset attack detection flow," check _ no "is detection flow number," check _ type "is detection type, and" check _ sign "is detection identification. Wherein the number of the detection traffic numbers is related to the number of detection traffic packets constituting the preset attack detection traffic. For example: the number 1 corresponds to the detection traffic packet a, and the number 2 corresponds to the detection traffic packet B. The embodiment of the disclosure can distinguish service flow or other attacks through the detection identification, conveniently inspects network security products, can conveniently perform alarm transverse comparison between different network security products through the detection type, and can conveniently count the alarm total amount and the report missing of the detection flow packet through the detection flow number.
S200, sending the preset validity detection automation script to at least one network security product in the target network, and obtaining an alarm result returned after the network security product reacts to the preset attack detection flow.
Optionally, the target network includes a DMZ network, an internal network, and/or a private network. Among them, a DMZ (sparse zone) network is a security buffer constructed between an external network and an internal network or a private network, and is used to solve the problem that the external network cannot connect to the internal network. The internal network is a network that is not connected to an external network. A private network is a network for private use.
Optionally, the network security product includes a serial security product and a bypass security product. The serial security product is used for blocking and alarming the preset attack detection flow, and the bypass security product is used for alarming the preset attack detection flow.
It can be understood that, in the embodiment of the present disclosure, an IP or a domain name of a target network that needs to perform validity detection on a network security product may be obtained, and a preset validity detection automation script may be sent to the target network according to the IP or the domain name, so that the network security product in the target network may react to a preset attack detection flow in the preset validity detection automation script.
Optionally, the embodiment of the present disclosure may send the preset validity detection automation script to at least one network security product in the target network according to the preset validity detection time interval. According to the embodiment of the disclosure, validity detection can be periodically performed on the network security product in the target network by presetting the validity detection time interval, so that the validity detection on the network security product is more convenient.
Optionally, in the embodiment of the present disclosure, the IP address corresponding to the preset validity detection automation script may be added to a white list of the target network. The IP address corresponding to the preset validity detection automation script is added to the white list of the target network, so that the network security product can be prevented from blackening and forbidding the IP address, the subsequent preset validity detection automation script which cannot be sent through the IP address is prevented from carrying out validity detection, and meanwhile, after the serial security product is forbidden to the IP address, the bypass security product cannot obtain the condition that the preset validity detection automation script carries out validity detection.
S300, according to the detection identification and the detection flow number, whether the network security product alarms each detection flow packet is determined in the alarm result, and if yes, the network security product is determined to be capable of providing effective protection for the attack of the detection type.
Optionally, the embodiment of the present disclosure may retrieve an alarm corresponding to the detection identifier from the alarm result. And determining whether the alarm corresponding to the detection identifier comprises the alarm of the detection flow packet corresponding to each number in the detection flow number, and if so, determining that the network security product can provide effective protection for the attack of the detection type.
Optionally, in the embodiment of the present disclosure, it may be determined that the network security product cannot provide effective protection for the detection traffic packets that are not alarmed under the detection type under the condition that it is determined that the network security product does not alarm each detection traffic packet in the alarm result. Specifically, the embodiment of the present disclosure may determine, through a missing number corresponding to the alarm, the detection traffic packet corresponding to the missing number, and further determine that the network security product cannot provide effective protection for the detection traffic packet.
Optionally, the embodiment of the present disclosure may generate an effectiveness detection report corresponding to the network security product based on the alarm result.
It can be understood that, according to the alarm results of a plurality of network security products in the target network, the embodiment of the present disclosure may generate an effectiveness detection report corresponding to the present effectiveness detection. Optionally, the validity check report may be as shown in table 1.
TABLE 1
The invention provides a method for detecting the effectiveness of a network security product, which is used for sending a preset effectiveness detection automation script comprising preset attack detection flow and detection flow characteristics to the network security product. And determining the effectiveness of the network security product according to the detection flow characteristics based on an alarm result returned after the network security product reacts to the preset attack detection flow. The preset attack detection flow consists of at least one detection flow packet, the detection flow characteristics comprise a detection flow number, a detection type and a detection identifier, and each number in the detection flow number corresponds to each detection flow packet one to one. The preset validity detection automation script comprising the preset attack detection flow and the detection flow characteristics can reduce the dependence on personnel and production environment in the validity detection process, and efficiently and conveniently detect the validity of the network security product.
Although the operations are depicted in a particular order, this should not be understood as requiring that such operations be performed in the particular order shown or in sequential order. Under certain circumstances, multitasking and parallel processing may be advantageous.
It should be understood that the various steps recited in the method embodiments of the present disclosure may be performed in a different order, and/or performed in parallel. Moreover, method embodiments may include additional steps and/or omit performing the illustrated steps. The scope of the present disclosure is not limited in this respect.
Corresponding to the above method embodiment, an embodiment of the present disclosure further provides a device for detecting validity of a network security product, where the structure of the device is shown in fig. 2, and the device may include: the system comprises an effectiveness detection automation script obtaining unit 100, a network security product alarm result obtaining unit 200 and a network security product effectiveness determining unit 300.
An validity detection automation script obtaining unit 100, configured to obtain a preset validity detection automation script, where the preset validity detection automation script includes a preset attack detection flow and a detection flow characteristic, the preset attack detection flow is composed of at least one detection flow packet, the detection flow characteristic includes a detection flow number, a detection type, and a detection identifier, and each number in the detection flow number corresponds to each detection flow packet one to one.
The network security product alarm result obtaining unit 200 is configured to send the preset validity detection automation script to at least one network security product in the target network, and obtain an alarm result returned after the network security product reacts to the preset attack detection traffic.
And the network security product validity determining unit 300 is configured to determine, according to the detection identifier and the detection traffic number, whether the network security product alarms each detection traffic packet in the alarm result, and if so, determine that the network security product can provide effective protection against the detection type attack.
Optionally, the network security product validity determining unit 300 may be further configured to determine that the network security product cannot provide effective protection for the detection traffic packets that are not alarmed in the detection type under the condition that it is determined in the alarm result that the network security product does not alarm each detection traffic packet.
Optionally, the network security product validity determining unit 300 may be specifically configured to retrieve an alarm corresponding to the detection identifier from an alarm result; and determining whether the alarm corresponding to the detection identifier comprises the alarm of the detection flow packet corresponding to each number in the detection flow number, and if so, determining that the network security product can provide effective protection for the attack of the detection type.
Optionally, the apparatus may further include: and a white list adding unit.
And the white list adding unit is used for adding the IP address corresponding to the preset validity detection automation script into the white list of the target network.
Optionally, the apparatus may further include: and a report generation unit.
And the report generation unit is used for generating an effectiveness detection report corresponding to the network security product based on the alarm result.
Optionally, the network security product includes a serial security product and a bypass security product, the serial security product is used for blocking and alarming the preset attack detection flow, and the bypass security product is used for alarming the preset attack detection flow.
Optionally, the target network includes a DMZ network, an internal network, and/or a private network.
Optionally, the network security product alarm result obtaining unit 200 may be specifically configured to send the preset validity detection automation script to at least one network security product in the target network according to the preset validity detection time interval.
The utility model provides a network security product validity detection device, will include predetermine attack detection flow and detect the automation script of predetermineeing validity detection of flow characteristic and send to the network security product. And determining the effectiveness of the network security product according to the detection flow characteristics based on an alarm result returned after the network security product reacts to the preset attack detection flow. The preset attack detection flow consists of at least one detection flow packet, the detection flow characteristics comprise a detection flow number, a detection type and a detection identifier, and each number in the detection flow number corresponds to each detection flow packet one to one. The preset validity detection automation script comprising the preset attack detection flow and the detection flow characteristics can reduce the dependence on personnel and production environment in the validity detection process, and efficiently and conveniently detect the validity of the network security product.
With regard to the apparatus in the above-described embodiment, the specific manner in which each module performs the operation has been described in detail in the embodiment related to the method, and will not be elaborated here.
The network security product validity detection device comprises a processor and a memory, wherein the validity detection automation script obtaining unit, the network security product alarm result obtaining unit, the network security product validity determining unit and the like are stored in the memory as program units, and the processor executes the program units stored in the memory to realize corresponding functions.
The processor comprises a kernel, and the kernel calls the corresponding program unit from the memory. The kernel can be set to be one or more than one, and the kernel parameters are adjusted to reduce the dependence on personnel and production environment in the validity detection process through the preset validity detection automation script comprising preset attack detection flow and detection flow characteristics, so that the validity of the network security product is efficiently and conveniently detected.
The disclosed embodiments provide a computer-readable storage medium on which a program is stored, which when executed by a processor implements the network security product validity detection method.
The embodiment of the disclosure provides a processor, which is used for running a program, wherein the network security product validity detection method is executed when the program runs.
The embodiment of the disclosure provides an electronic device, which comprises at least one processor, at least one memory connected with the processor, and a bus; the processor and the memory complete mutual communication through a bus; the processor is used for calling the program instructions in the memory so as to execute the network security product validity detection method. The electronic device herein may be a server, a PC, a PAD, a mobile phone, etc.
The present disclosure also provides a computer program product adapted to perform a program of initializing a network security product validity detection method step when executed on an electronic device.
The present disclosure is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus, electronic devices (systems), and computer program products according to embodiments of the disclosure. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, an electronic device includes one or more processors (CPUs), memory, and a bus. The electronic device may also include input/output interfaces, network interfaces, and the like.
The memory may include volatile memory in a computer readable medium, Random Access Memory (RAM) and/or nonvolatile memory such as Read Only Memory (ROM) or flash memory (flash RAM), and the memory includes at least one memory chip. The memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
In the description of the present disclosure, it is to be understood that the directions or positional relationships indicated as referring to the terms "upper", "lower", "front", "rear", "left" and "right", etc., are based on the directions or positional relationships shown in the drawings, and are only for convenience of describing the present invention and simplifying the description, but do not indicate or imply that the positions or elements referred to must have specific directions, be constituted and operated in specific directions, and thus, are not to be construed as limitations of the present disclosure.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in the process, method, article, or apparatus that comprises the element.
As will be appreciated by one skilled in the art, embodiments of the present disclosure may be provided as a method, system, or computer program product. Accordingly, the present disclosure may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present disclosure may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and so forth) having computer-usable program code embodied therein.
The above are merely examples of the present disclosure, and are not intended to limit the present disclosure. Various modifications and variations of this disclosure will be apparent to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present disclosure should be included in the scope of the claims of the present disclosure.
Claims (10)
1. A network security product validity detection method is characterized by comprising the following steps:
obtaining a preset validity detection automation script, wherein the preset validity detection automation script comprises preset attack detection flow and detection flow characteristics, the preset attack detection flow is composed of at least one detection flow packet, the detection flow characteristics comprise a detection flow number, a detection type and a detection identification, and each number in the detection flow number corresponds to each detection flow packet one to one;
sending the preset validity detection automation script to at least one network security product in a target network to obtain an alarm result returned after the network security product reacts to the preset attack detection flow;
and determining whether the network security product alarms each detected flow packet in the alarm result according to the detection identifier and the detected flow number, and if so, determining that the network security product can provide effective protection for the attack of the detection type.
2. The method of claim 1, further comprising:
and under the condition that the network security product does not alarm all the detection flow packets in the alarm result, determining that the network security product cannot provide effective protection for the detection flow packets which are not alarmed in the detection type.
3. The method according to claim 1, wherein the determining, in the alarm result, whether the network security product alarms each of the detected traffic packets according to the detection identifier and the detected traffic number includes:
retrieving the alarm corresponding to the detection identifier from the alarm result;
and determining whether the alarm corresponding to the detection identifier comprises the alarm of the detection flow packet corresponding to each number in the detection flow number, and if so, determining that the network security product can provide effective protection for the attack of the detection type.
4. The method of claim 1, further comprising:
and adding the IP address corresponding to the preset validity detection automation script into a white list of the target network.
5. The method of claim 1, further comprising:
and generating an effectiveness detection report corresponding to the network security product based on the alarm result.
6. The method of claim 1, wherein the network security product comprises a tandem security product for blocking and alarming the preset attack detection traffic and a bypass security product for alarming the preset attack detection traffic.
7. The method of claim 1, wherein the target network comprises a DMZ network, an internal network, and/or a private network.
8. The method of claim 1, wherein sending the preset validity detection automation script to at least one network security product in a target network comprises:
and sending the preset validity detection automation script to at least one network security product in the target network according to a preset validity detection time interval.
9. An apparatus for detecting validity of network security product, comprising: an availability detection automation script obtaining unit, a network security product alarm result obtaining unit and a network security product availability determining unit,
the validity detection automation script obtaining unit is used for obtaining a preset validity detection automation script, wherein the preset validity detection automation script comprises a preset attack detection flow and detection flow characteristics, the preset attack detection flow is composed of at least one detection flow packet, the detection flow characteristics comprise a detection flow number, a detection type and a detection identifier, and each number in the detection flow number corresponds to each detection flow packet one to one;
the network security product alarm result obtaining unit is used for sending the preset validity detection automation script to at least one network security product in a target network to obtain an alarm result returned after the network security product reacts to the preset attack detection flow;
and the network security product validity determining unit is used for determining whether the network security product alarms each detected flow packet in the alarm result according to the detection identifier and the detected flow number, and if so, determining that the network security product can provide effective protection for the attack of the detection type.
10. An electronic device comprising at least one processor, and at least one memory connected to the processor, a bus; the processor and the memory complete mutual communication through the bus; the processor is used for calling the program instructions in the memory to execute the network security product validity detection method according to any one of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111348604.1A CN114070766B (en) | 2021-11-15 | 2021-11-15 | Network security product effectiveness detection method and related equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111348604.1A CN114070766B (en) | 2021-11-15 | 2021-11-15 | Network security product effectiveness detection method and related equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114070766A true CN114070766A (en) | 2022-02-18 |
| CN114070766B CN114070766B (en) | 2023-08-11 |
Family
ID=80272020
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111348604.1A Active CN114070766B (en) | 2021-11-15 | 2021-11-15 | Network security product effectiveness detection method and related equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114070766B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101447898A (en) * | 2008-11-19 | 2009-06-03 | 中国人民解放军信息安全测评认证中心 | Test system used for network safety product and test method thereof |
| CN106487813A (en) * | 2016-12-13 | 2017-03-08 | 北京匡恩网络科技有限责任公司 | Industry control network safety detecting system and detection method |
| CN106506545A (en) * | 2016-12-21 | 2017-03-15 | 深圳市深信服电子科技有限公司 | A kind of network security threats assessment system and method |
| WO2019070216A2 (en) * | 2017-10-05 | 2019-04-11 | Icterra Bi̇lgi̇ Ve İleti̇şi̇m Teknoloji̇leri̇ Sanayi̇ Ve Ti̇caret Anoni̇m Şi̇rketi̇ | Firewall effectiveness measurement with multi-port intrusion detection system |
| CN109688088A (en) * | 2017-10-19 | 2019-04-26 | 中国信息安全测评中心 | The anti-escape capability test method of network intrusion protection system, device and test machine |
-
2021
- 2021-11-15 CN CN202111348604.1A patent/CN114070766B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101447898A (en) * | 2008-11-19 | 2009-06-03 | 中国人民解放军信息安全测评认证中心 | Test system used for network safety product and test method thereof |
| CN106487813A (en) * | 2016-12-13 | 2017-03-08 | 北京匡恩网络科技有限责任公司 | Industry control network safety detecting system and detection method |
| CN106506545A (en) * | 2016-12-21 | 2017-03-15 | 深圳市深信服电子科技有限公司 | A kind of network security threats assessment system and method |
| WO2019070216A2 (en) * | 2017-10-05 | 2019-04-11 | Icterra Bi̇lgi̇ Ve İleti̇şi̇m Teknoloji̇leri̇ Sanayi̇ Ve Ti̇caret Anoni̇m Şi̇rketi̇ | Firewall effectiveness measurement with multi-port intrusion detection system |
| CN109688088A (en) * | 2017-10-19 | 2019-04-26 | 中国信息安全测评中心 | The anti-escape capability test method of network intrusion protection system, device and test machine |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114070766B (en) | 2023-08-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108182581B (en) | Accounting method and device for block chain | |
| US10735456B2 (en) | Advanced cybersecurity threat mitigation using behavioral and deep analytics | |
| CN110798472B (en) | Data leakage detection method and device | |
| CN107196895B (en) | Network attack tracing implementation method and device | |
| CN108932426B (en) | Unauthorized vulnerability detection method and device | |
| CN110809010B (en) | Threat information processing method, device, electronic equipment and medium | |
| US20130081141A1 (en) | Security threat detection associated with security events and an actor category model | |
| US9900335B2 (en) | Systems and methods for prioritizing indicators of compromise | |
| CN113489713B (en) | Network attack detection method, device, equipment and storage medium | |
| CN112003838B (en) | Network threat detection method, device, electronic device and storage medium | |
| WO2015066604A1 (en) | Systems and methods for identifying infected network infrastructure | |
| CN114006771B (en) | Flow detection method and device | |
| CN111885007B (en) | Information tracing method, device, system and storage medium | |
| CN111711617A (en) | Method and device for detecting web crawler, electronic equipment and storage medium | |
| WO2011149773A2 (en) | Security threat detection associated with security events and an actor category model | |
| US11799892B2 (en) | Methods for public cloud database activity monitoring and devices thereof | |
| CN112700242A (en) | Method, device and medium for detecting sensitive information of block chain in advance | |
| CN114208114B (en) | Multi-view security context per participant | |
| WO2019018829A1 (en) | Advanced cybersecurity threat mitigation using behavioral and deep analytics | |
| CN109639437B (en) | Monitoring method, device, equipment and medium based on trusted data source | |
| US11251976B2 (en) | Data security processing method and terminal thereof, and server | |
| CN110458396A (en) | The monitoring method and device of risk data | |
| CN114070766B (en) | Network security product effectiveness detection method and related equipment | |
| CN115913700A (en) | Automatic handling method of network security alarm based on threat intelligence and related equipment | |
| CN114567678A (en) | Resource calling method and device of cloud security service and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |