CN114070766B - Network security product effectiveness detection method and related equipment - Google Patents
Network security product effectiveness detection method and related equipment Download PDFInfo
- Publication number
- CN114070766B CN114070766B CN202111348604.1A CN202111348604A CN114070766B CN 114070766 B CN114070766 B CN 114070766B CN 202111348604 A CN202111348604 A CN 202111348604A CN 114070766 B CN114070766 B CN 114070766B
- Authority
- CN
- China
- Prior art keywords
- detection
- network
- security product
- network security
- preset
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/50—Testing arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
- H04L43/0805—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Environmental & Geological Engineering (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The method and the related equipment for detecting the effectiveness of the network security product send a preset effectiveness detection automation script comprising preset attack detection flow and detection flow characteristics to the network security product. Based on the alarm result returned after the network security product reacts to the preset attack detection flow, the validity of the network security product is determined according to the detection flow characteristics. The preset attack detection flow consists of at least one detection flow packet, the detection flow characteristics comprise detection flow numbers, detection types and detection identifications, and each number in the detection flow numbers corresponds to each detection flow packet one by one. The method and the device can reduce the dependence on personnel and production environment in the validity detection process by the preset validity detection automation script comprising the preset attack detection flow and the detection flow characteristics, and efficiently and conveniently detect the validity of the network security product.
Description
Technical Field
The disclosure relates to the technical field of network security, in particular to a method for detecting the effectiveness of a network security product and related equipment.
Background
The network security product (products of network security) is a product of various software products and related combination of software and hardware for ensuring the security of the system and information of various user networks and ensuring the normal operation of the system. The network security product comprises various anti-virus software, a firewall, an intrusion detection system, software and hardware products such as information encryption, security authentication and security assessment, and the like, and the network security product is composed of the products.
Under the condition of large-scale deployment or cloud deployment, the workload of detecting the effectiveness of the network security product is exponentially increased, so how to efficiently and conveniently detect the effectiveness of the network security product becomes a technical problem which needs to be solved by the technicians in the field.
Disclosure of Invention
In view of the above problems, the present disclosure provides a method and related device for detecting the validity of a network security product, which overcomes the above problems or at least partially solves the above problems, and the technical solutions are as follows:
a method for detecting the validity of a network security product, comprising:
obtaining a preset validity detection automation script, wherein the preset validity detection automation script comprises preset attack detection flow and detection flow characteristics, the preset attack detection flow is composed of at least one detection flow packet, the detection flow characteristics comprise detection flow numbers, detection types and detection identifiers, and each number in the detection flow numbers corresponds to each detection flow packet one by one;
the preset validity detection automation script is sent to at least one network security product in a target network, and an alarm result returned after the network security product reacts to the preset attack detection flow is obtained;
and determining whether the network security product alarms each detected flow packet in the alarm result according to the detection identifier and the detected flow number, and if so, determining that the network security product can provide effective protection for the attack of the detection type.
Optionally, the method further comprises:
and under the condition that the network security product does not alarm each detection flow packet in the alarm result, determining that the network security product cannot provide effective protection for the detection flow packet which is not alarmed under the detection type.
Optionally, the determining, in the alarm result, whether the network security product alarms each detected traffic packet according to the detection identifier and the detected traffic number includes:
retrieving an alarm corresponding to the detection identifier from the alarm result;
and determining whether the alarm corresponding to the detection identifier comprises an alarm of the detection flow packet corresponding to each number in the detection flow numbers, and if so, determining that the network security product can provide effective protection for the attack of the detection type.
Optionally, the method further comprises:
and adding the IP address corresponding to the preset validity detection automation script into a white list of the target network.
Optionally, the method further comprises:
and generating a validity detection report corresponding to the network security product based on the alarm result.
Optionally, the network security product includes a serial security product and a bypass security product, where the serial security product is used to block and alarm the preset attack detection flow, and the bypass security product is used to alarm the preset attack detection flow.
Optionally, the target network includes a DMZ network, an internal network, and/or a private network.
Optionally, the sending the preset validity detection automation script to at least one network security product in the target network includes:
and sending the preset validity detection automation script to at least one network security product in a target network according to a preset validity detection time interval.
A network security product effectiveness detection device, comprising: a validity detection automation script obtaining unit, a network security product alarm result obtaining unit and a network security product validity determining unit,
the validity detection automation script obtaining unit is configured to obtain a preset validity detection automation script, where the preset validity detection automation script includes a preset attack detection flow and a detection flow feature, the preset attack detection flow is formed by at least one detection flow packet, the detection flow feature includes a detection flow number, a detection type and a detection identifier, and each number in the detection flow number corresponds to each detection flow packet one by one;
the network security product alarm result obtaining unit is used for sending the preset validity detection automation script to at least one network security product in a target network to obtain an alarm result returned after the network security product reacts to the preset attack detection flow;
the network security product effectiveness determining unit is configured to determine, according to the detection identifier and the detection traffic number, whether the network security product alarms each detection traffic packet in the alarm result, and if so, determine that the network security product can provide effective protection for the detection type attack.
An electronic device comprising at least one processor, and at least one memory, bus connected to the processor; the processor and the memory complete communication with each other through the bus; the processor is configured to invoke the program instructions in the memory to perform the network security product effectiveness detection method of any one of the above.
By means of the technical scheme, the network security product effectiveness detection method and the related equipment can obtain the preset effectiveness detection automation script, wherein the preset effectiveness detection automation script comprises preset attack detection flow and detection flow characteristics, the preset attack detection flow consists of at least one detection flow packet, the detection flow characteristics comprise detection flow numbers, detection types and detection identifications, and each number in the detection flow numbers corresponds to each detection flow packet one by one; the method comprises the steps of sending a preset validity detection automation script to at least one network security product in a target network, and obtaining an alarm result returned after the network security product reacts to preset attack detection flow; and determining whether the network security product alarms each detected flow packet in the alarm result according to the detection identification and the detected flow number, and if so, determining that the network security product can provide effective protection for the attack of the detection type. The method and the device can reduce the dependence on personnel and production environment in the validity detection process by the preset validity detection automation script comprising the preset attack detection flow and the detection flow characteristics, and efficiently and conveniently detect the validity of the network security product.
The foregoing description is merely an overview of the technical solutions of the present disclosure, and may be implemented according to the content of the specification in order to make the technical means of the present disclosure more clearly understood, and in order to make the above and other objects, features and advantages of the present disclosure more clearly understood, the following specific embodiments of the present disclosure are specifically described.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the disclosure. Also, like reference numerals are used to designate like parts throughout the figures. In the drawings:
FIG. 1 is a flow chart of an embodiment of a method for detecting the validity of a network security product according to an embodiment of the present disclosure;
fig. 2 is a schematic structural diagram of a network security product validity detection device according to an embodiment of the present disclosure.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
As shown in fig. 1, a flowchart of an implementation manner of a network security product validity detection method provided by an embodiment of the present disclosure may include:
s100, obtaining a preset validity detection automation script, wherein the preset validity detection automation script comprises preset attack detection flow and detection flow characteristics, the preset attack detection flow is composed of at least one detection flow packet, the detection flow characteristics comprise detection flow numbers, detection types and detection identifications, and each number in the detection flow numbers corresponds to each detection flow packet one by one.
It can be appreciated that the embodiments of the present disclosure may obtain a pre-designed validity detection automation script according to actual attack detection requirements. For example: the effectiveness detection automation script that the disclosed embodiments may be designed to be "GET/? id= 1union select password from admin&check_no =1 & check_type=sql & check_sign=security_ceck ", wherein" id "is a preset attack detection flow," check_no "is a detection flow number," check_type "is a detection type, and" check_sign "is a detection identifier. Wherein the number of the detected traffic numbers is related to the number of detected traffic packets constituting the preset attack detected traffic. For example: the number 1 corresponds to the detected traffic packet a and the number 2 corresponds to the detected traffic packet B. According to the embodiment of the disclosure, the service flow or other attacks can be distinguished through the detection identifier, the network security products can be conveniently examined, the alarm transverse comparison among different network security products can be conveniently carried out through the detection type, and statistics of the total alarm amount and the missing report of the detection flow packet can be conveniently carried out through the detection flow number.
And S200, sending the preset validity detection automation script to at least one network security product in the target network, and obtaining an alarm result returned after the network security product reacts to the preset attack detection flow.
Optionally, the target network comprises a DMZ network, an internal network, and/or a private network. Wherein the DMZ (demilitarized zone, quarantine) network is a secure buffer constructed between an external network and an internal network or private network for solving the problem that the external network cannot connect to the internal network. The internal network is a network that is not connected to an external network. A private network is a network used for private purposes.
Optionally, the network security products include a serial security product and a bypass security product. The serial safety product is used for blocking and alarming the preset attack detection flow, and the bypass safety product is used for alarming the preset attack detection flow.
It can be understood that the embodiment of the disclosure can obtain the IP or the domain name of the target network needing to perform the validity detection of the network security product, and send the preset validity detection automation script to the target network according to the IP or the domain name, so that the network security product in the target network reacts to the preset attack detection flow in the preset validity detection automation script.
Optionally, the embodiment of the disclosure may send the preset validity detection automation script to at least one network security product in the target network at preset validity detection time intervals. According to the method and the device for detecting the validity of the network security product, the validity detection time interval is preset, so that the validity detection of the network security product can be carried out periodically.
Optionally, the embodiment of the present disclosure may add an IP address corresponding to the preset validity detection automation script to a whitelist of the target network. According to the embodiment of the disclosure, the IP address corresponding to the preset validity detection automation script is added to the white list of the target network, so that the network security product can be prevented from blackening and blocking the IP address, the subsequent preset validity detection automation script which cannot be sent through the IP address can be prevented from carrying out validity detection, and meanwhile, the situation that the bypass security product cannot obtain the preset validity detection automation script to carry out validity detection after the serial security product blocks the IP address is prevented.
S300, according to the detection identification and the detection flow number, determining whether the network security product alarms each detection flow packet in the alarm result, and if so, determining that the network security product can provide effective protection for the attack of the detection type.
Optionally, the embodiment of the disclosure may retrieve an alarm corresponding to the detection identifier from the alarm result. And determining whether the alarm corresponding to the detection identifier comprises an alarm of the detection flow packet corresponding to each number in the detection flow numbers, and if so, determining that the network security product can provide effective protection for the attack of the detection type.
Optionally, the embodiment of the disclosure may determine that the network security product cannot provide effective protection for the detection traffic packet that is not alarmed under the detection type when it is determined that the network security product does not alarm for each detection traffic packet in the alarm result. Specifically, the embodiment of the disclosure can determine the detection flow packet corresponding to the missing number through the missing number corresponding to the alarm, thereby determining that the network security product cannot provide effective protection for the detection flow packet.
Optionally, the embodiment of the disclosure may generate a validity detection report corresponding to the network security product based on the alarm result.
It can be appreciated that the embodiment of the disclosure may generate a validity detection report corresponding to the present validity detection according to the alarm results of the plurality of network security products in the target network. Alternatively, the validity detection report may be as shown in table 1.
TABLE 1
The method for detecting the validity of the network security product comprises the step of sending a preset validity detection automation script comprising preset attack detection flow and detection flow characteristics to the network security product. Based on the alarm result returned after the network security product reacts to the preset attack detection flow, the validity of the network security product is determined according to the detection flow characteristics. The preset attack detection flow consists of at least one detection flow packet, the detection flow characteristics comprise detection flow numbers, detection types and detection identifications, and each number in the detection flow numbers corresponds to each detection flow packet one by one. The method and the device can reduce the dependence on personnel and production environment in the validity detection process by the preset validity detection automation script comprising the preset attack detection flow and the detection flow characteristics, and efficiently and conveniently detect the validity of the network security product.
Although operations are depicted in a particular order, this should not be understood as requiring that such operations be performed in the particular order shown or in sequential order. In certain circumstances, multitasking and parallel processing may be advantageous.
It should be understood that the various steps recited in the method embodiments of the present disclosure may be performed in a different order and/or performed in parallel. Furthermore, method embodiments may include additional steps and/or omit performing the illustrated steps. The scope of the present disclosure is not limited in this respect.
Corresponding to the above method embodiment, the embodiment of the present disclosure further provides a network security product validity detection device, where the structure of the network security product validity detection device is shown in fig. 2, and may include: a validity detection automation script obtaining unit 100, a network security product alarm result obtaining unit 200, and a network security product validity determining unit 300.
The validity detection automation script obtaining unit 100 is configured to obtain a preset validity detection automation script, where the preset validity detection automation script includes a preset attack detection flow and a detection flow feature, the preset attack detection flow is formed by at least one detection flow packet, the detection flow feature includes a detection flow number, a detection type and a detection identifier, and each number in the detection flow number corresponds to each detection flow packet one by one.
The network security product alarm result obtaining unit 200 is configured to send a preset validity detection automation script to at least one network security product in the target network, so as to obtain an alarm result returned after the network security product reacts to the preset attack detection flow.
The network security product validity determining unit 300 is configured to determine, according to the detection identifier and the detection traffic number, whether the network security product alarms each detection traffic packet in the alarm result, and if so, determine that the network security product can provide effective protection for the detection type attack.
Optionally, the network security product validity determining unit 300 may be further configured to determine that the network security product cannot provide effective protection for the detection traffic packet that is not alarmed under the detection type when it is determined that the network security product does not alarm each detection traffic packet in the alarm result.
Optionally, the network security product validity determining unit 300 may be specifically configured to retrieve an alarm corresponding to the detection identifier from the alarm result; and determining whether the alarm corresponding to the detection identifier comprises an alarm of the detection flow packet corresponding to each number in the detection flow numbers, and if so, determining that the network security product can provide effective protection for the attack of the detection type.
Optionally, the apparatus may further include: white list adding unit.
And the white list adding unit is used for adding the IP address corresponding to the preset validity detection automation script into the white list of the target network.
Optionally, the apparatus may further include: and a report generation unit.
And the report generation unit is used for generating a validity detection report corresponding to the network security product based on the alarm result.
Optionally, the network security product includes a serial security product and a bypass security product, the serial security product is used for blocking and alarming the preset attack detection flow, and the bypass security product is used for alarming the preset attack detection flow.
Optionally, the target network comprises a DMZ network, an internal network, and/or a private network.
Optionally, the network security product alert result obtaining unit 200 may be specifically configured to send, according to a preset validity detection time interval, a preset validity detection automation script to at least one network security product in the target network.
The utility model provides a network security product validity detection device, will include the attack detection flow of predetermineeing and detect the automatic script of validity detection of the flow characteristic of predetermineeing and send to network security product. Based on the alarm result returned after the network security product reacts to the preset attack detection flow, the validity of the network security product is determined according to the detection flow characteristics. The preset attack detection flow consists of at least one detection flow packet, the detection flow characteristics comprise detection flow numbers, detection types and detection identifications, and each number in the detection flow numbers corresponds to each detection flow packet one by one. The method and the device can reduce the dependence on personnel and production environment in the validity detection process by the preset validity detection automation script comprising the preset attack detection flow and the detection flow characteristics, and efficiently and conveniently detect the validity of the network security product.
The specific manner in which the various modules perform the operations in the apparatus of the above embodiments have been described in detail in connection with the embodiments of the method, and will not be described in detail herein.
The network security product validity detection device comprises a processor and a memory, wherein the validity detection automation script obtaining unit, the network security product alarm result obtaining unit, the network security product validity determining unit and the like are all stored in the memory as program units, and the processor executes the program units stored in the memory to realize corresponding functions.
The processor includes a kernel, and the kernel fetches the corresponding program unit from the memory. The kernel can be provided with one or more than one, and the kernel parameters are adjusted to detect the flow and detect the preset validity detection automation script of the flow characteristics through the preset attack, so that the dependence on personnel and production environment in the validity detection process is reduced, and the validity detection is carried out on the network security product efficiently and conveniently.
Embodiments of the present disclosure provide a computer-readable storage medium having a program stored thereon, which when executed by a processor, implements the network security product effectiveness detection method.
The embodiment of the disclosure provides a processor for running a program, wherein the program runs to execute the network security product effectiveness detection method.
The embodiment of the disclosure provides an electronic device, which comprises at least one processor, and at least one memory and a bus connected with the processor; the processor and the memory complete communication with each other through a bus; the processor is used for calling the program instructions in the memory to execute the network security product effectiveness detection method. The electronic device herein may be a server, a PC, a PAD, a mobile phone, etc.
The present disclosure also provides a computer program product adapted to perform a program initialized with the steps of the network security product validity detection method when executed on an electronic device.
The present disclosure is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus, electronic devices (systems), and computer program products according to embodiments of the disclosure. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In one typical configuration, the electronic device includes one or more processors (CPUs), memory, and a bus. The electronic device may also include input/output interfaces, network interfaces, and the like.
The memory may include volatile memory, random Access Memory (RAM), and/or nonvolatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM), among other forms in computer readable media, the memory including at least one memory chip. Memory is an example of a computer-readable medium.
Computer readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of storage media for a computer include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by a computing device. Computer-readable media, as defined herein, does not include transitory computer-readable media (transmission media), such as modulated data signals and carrier waves.
In the description of the present disclosure, it should be understood that, if the directions or positional relationships indicated by the terms "upper", "lower", "front", "rear", "left" and "right", etc., are based on the directions or positional relationships shown in the drawings, are merely for convenience of describing the present invention and simplifying the description, and do not indicate or imply that the positions or elements referred to must have a specific orientation, be constructed and operated in a specific orientation, and thus should not be construed as limitations of the present disclosure.
It is noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article or apparatus that comprises an element.
It will be appreciated by those skilled in the art that embodiments of the present disclosure may be provided as a method, system, or computer program product. Accordingly, the present disclosure may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present disclosure may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.
The foregoing is merely exemplary of the present disclosure and is not intended to limit the present disclosure. Various modifications and variations of this disclosure will be apparent to those skilled in the art. Any modifications, equivalent substitutions, improvements, or the like, which are within the spirit and principles of the present disclosure, are intended to be included within the scope of the claims of the present disclosure.
Claims (10)
1. A method for detecting the validity of a network security product, comprising the steps of:
obtaining a preset validity detection automation script, wherein the preset validity detection automation script comprises preset attack detection flow and detection flow characteristics, the preset attack detection flow is composed of at least one detection flow packet, the detection flow characteristics comprise detection flow numbers, detection types and detection identifiers, and each number in the detection flow numbers corresponds to each detection flow packet one by one;
the preset validity detection automation script is sent to at least one network security product in a target network to obtain an alarm result returned after the network security product reacts to the preset attack detection flow, wherein the target network comprises an isolation area network, an internal network and/or a special network, and the isolation area network is a security buffer area constructed between an external network and the internal network or the special network;
and determining whether the network security product alarms each detected flow packet in the alarm result according to the detection identifier and the detected flow number, and if so, determining that the network security product can provide effective protection for the attack of the detection type.
2. The method as recited in claim 1, further comprising:
and under the condition that the network security product does not alarm each detection flow packet in the alarm result, determining that the network security product cannot provide effective protection for the detection flow packet which is not alarmed under the detection type.
3. The method of claim 1, wherein determining in the alert result whether the network security product alerts each of the detected traffic packets based on the detected identity and the detected traffic number comprises:
retrieving an alarm corresponding to the detection identifier from the alarm result;
and determining whether the alarm corresponding to the detection identifier comprises an alarm of the detection flow packet corresponding to each number in the detection flow numbers, and if so, determining that the network security product can provide effective protection for the attack of the detection type.
4. The method as recited in claim 1, further comprising:
and adding the IP address corresponding to the preset validity detection automation script into a white list of the target network.
5. The method as recited in claim 1, further comprising:
and generating a validity detection report corresponding to the network security product based on the alarm result.
6. The method of claim 1, wherein the network security product comprises a serial security product for blocking and alerting the preset attack detection traffic and a bypass security product for alerting the preset attack detection traffic.
7. The method of claim 1, wherein the target network comprises a DMZ network, an internal network, and/or a private network.
8. The method of claim 1, wherein said sending the preset validity detection automation script into at least one network security product in a target network comprises:
and sending the preset validity detection automation script to at least one network security product in a target network according to a preset validity detection time interval.
9. A network security product effectiveness detection device, comprising: a validity detection automation script obtaining unit, a network security product alarm result obtaining unit and a network security product validity determining unit,
the validity detection automation script obtaining unit is configured to obtain a preset validity detection automation script, where the preset validity detection automation script includes a preset attack detection flow and a detection flow feature, the preset attack detection flow is formed by at least one detection flow packet, the detection flow feature includes a detection flow number, a detection type and a detection identifier, and each number in the detection flow number corresponds to each detection flow packet one by one;
the network security product alarm result obtaining unit is configured to send the preset validity detection automation script to at least one network security product in a target network, and obtain an alarm result returned after the network security product reacts to the preset attack detection flow, where the target network includes an isolation area network, an internal network and/or a private network, and the isolation area network is a security buffer area configured between an external network and the internal network or the private network;
the network security product effectiveness determining unit is configured to determine, according to the detection identifier and the detection traffic number, whether the network security product alarms each detection traffic packet in the alarm result, and if so, determine that the network security product can provide effective protection for the detection type attack.
10. An electronic device comprising at least one processor, and at least one memory, bus connected to the processor; the processor and the memory complete communication with each other through the bus; the processor is configured to invoke program instructions in the memory to perform the network security product effectiveness detection method of any one of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111348604.1A CN114070766B (en) | 2021-11-15 | 2021-11-15 | Network security product effectiveness detection method and related equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111348604.1A CN114070766B (en) | 2021-11-15 | 2021-11-15 | Network security product effectiveness detection method and related equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114070766A CN114070766A (en) | 2022-02-18 |
| CN114070766B true CN114070766B (en) | 2023-08-11 |
Family
ID=80272020
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111348604.1A Active CN114070766B (en) | 2021-11-15 | 2021-11-15 | Network security product effectiveness detection method and related equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114070766B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101447898A (en) * | 2008-11-19 | 2009-06-03 | 中国人民解放军信息安全测评认证中心 | Test system used for network safety product and test method thereof |
| CN106487813A (en) * | 2016-12-13 | 2017-03-08 | 北京匡恩网络科技有限责任公司 | Industry control network safety detecting system and detection method |
| CN106506545A (en) * | 2016-12-21 | 2017-03-15 | 深圳市深信服电子科技有限公司 | A kind of network security threats assessment system and method |
| WO2019070216A2 (en) * | 2017-10-05 | 2019-04-11 | Icterra Bi̇lgi̇ Ve İleti̇şi̇m Teknoloji̇leri̇ Sanayi̇ Ve Ti̇caret Anoni̇m Şi̇rketi̇ | Firewall effectiveness measurement with multi-port intrusion detection system |
| CN109688088A (en) * | 2017-10-19 | 2019-04-26 | 中国信息安全测评中心 | The anti-escape capability test method of network intrusion protection system, device and test machine |
-
2021
- 2021-11-15 CN CN202111348604.1A patent/CN114070766B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101447898A (en) * | 2008-11-19 | 2009-06-03 | 中国人民解放军信息安全测评认证中心 | Test system used for network safety product and test method thereof |
| CN106487813A (en) * | 2016-12-13 | 2017-03-08 | 北京匡恩网络科技有限责任公司 | Industry control network safety detecting system and detection method |
| CN106506545A (en) * | 2016-12-21 | 2017-03-15 | 深圳市深信服电子科技有限公司 | A kind of network security threats assessment system and method |
| WO2019070216A2 (en) * | 2017-10-05 | 2019-04-11 | Icterra Bi̇lgi̇ Ve İleti̇şi̇m Teknoloji̇leri̇ Sanayi̇ Ve Ti̇caret Anoni̇m Şi̇rketi̇ | Firewall effectiveness measurement with multi-port intrusion detection system |
| CN109688088A (en) * | 2017-10-19 | 2019-04-26 | 中国信息安全测评中心 | The anti-escape capability test method of network intrusion protection system, device and test machine |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114070766A (en) | 2022-02-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10558807B2 (en) | Method and device for providing access page | |
| US9069954B2 (en) | Security threat detection associated with security events and an actor category model | |
| CN107196895B (en) | Network attack tracing implementation method and device | |
| CN112003838B (en) | Network threat detection method, device, electronic device and storage medium | |
| CN113676449B (en) | Network attack processing method and device | |
| WO2011149773A2 (en) | Security threat detection associated with security events and an actor category model | |
| CN107770125A (en) | A kind of network security emergency response method and emergency response platform | |
| CN110868418A (en) | Threat information generation method and device | |
| CN109951345A (en) | A kind of alert processing method and device | |
| CN112700242A (en) | Method, device and medium for detecting sensitive information of block chain in advance | |
| US11251976B2 (en) | Data security processing method and terminal thereof, and server | |
| CN114070766B (en) | Network security product effectiveness detection method and related equipment | |
| Athavale et al. | Framework for threat analysis and attack modelling of network security protocols | |
| RU2703329C1 (en) | Method of detecting unauthorized use of network devices of limited functionality from a local network and preventing distributed network attacks from them | |
| CN116346433A (en) | Method and system for detecting network security situation of power system | |
| CN114567678A (en) | Resource calling method and device of cloud security service and electronic equipment | |
| CN114697052A (en) | Network protection method and device | |
| CN113596051B (en) | Detection method, detection apparatus, electronic device, medium, and computer program | |
| CN114629689B (en) | IP address fraud recognition method, device, computer equipment and storage medium | |
| US11159544B2 (en) | Systems and methods for secure communication in cloud computing environments | |
| CN116545743A (en) | Digital network fusion processing system and digital network fusion processing method | |
| CN117407865A (en) | Interface safety protection method and device, electronic equipment and storage medium | |
| CN116318934A (en) | Safety early warning method and system based on Internet of things equipment behavior modeling | |
| CN116015817A (en) | Network security disposal method and related equipment | |
| CN114710392A (en) | Event information acquisition method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |