CN114143099B - Network security policy self-checking attack and defense test method and device and storage medium - Google Patents
Network security policy self-checking attack and defense test method and device and storage medium Download PDFInfo
- Publication number
- CN114143099B CN114143099B CN202111470437.8A CN202111470437A CN114143099B CN 114143099 B CN114143099 B CN 114143099B CN 202111470437 A CN202111470437 A CN 202111470437A CN 114143099 B CN114143099 B CN 114143099B
- Authority
- CN
- China
- Prior art keywords
- network
- defense
- attack
- network security
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Abstract
The invention discloses a method for self-checking, attacking and defending tests of a network security policy, which comprises the following steps: launching a network attack aiming at a pre-deployed network security strategy and sending an attack instruction; after receiving an attack instruction, collecting monitoring data according to a network security strategy, and judging whether the network attack is received or not based on the monitoring data; if the network attack is judged to be suffered, storing the monitoring data judged to be the network attack in a defense database, updating a defense result identifier stored in the defense database, and executing a defense instruction according to the updated defense result identifier; and if the network attack is not received, executing a network security strategy deleting instruction. The method can complete attack and defense self-checking while setting the network security policy, has strong timeliness, and also improves the network security.
Description
Technical Field
The invention relates to the technical field of network security. More specifically, the present invention relates to a method and an apparatus for self-checking, attacking and defending tests of network security policies.
Background
With the rapid development of computer technology, information networks have become an important guarantee for social development. There are many sensitive information, even national secrets. It is inevitable to attract various human attacks from all over the world (e.g., information disclosure, information theft, data tampering, data deletion and addition, computer viruses, etc.). The network communication has the characteristic of whole-course whole-network combined operation. As far as communication is concerned, it consists of five major parts: transmission and switching, network standards, protocols and coding, communication terminals, communication sources, personnel. Most of these five major components are seriously threatened and attacked, and all of them become attack points for networks and information. In the network, ensuring information security is the core of network security, and for the situations that network services are large in scale, complex in application relationship and multi-level in a machine room operation and maintenance scene, network security testing is performed by means of periodic inspection vulnerability scanning, one time of network vulnerability exposure is only performed during periodic inspection, the network vulnerability may exist for a period before the periodic inspection, so that timeliness is poor, and for ensuring that the network services are not interfered by the inspection vulnerability scanning for a long time, the large-scale inspection vulnerability scanning is only used for solving the prominent problem, so that some network vulnerabilities are easily ignored or missed.
Disclosure of Invention
An object of the present invention is to solve at least the above problems and to provide at least the advantages described later.
The invention also aims to provide a method and a device for the network security policy self-checking attack and defense test, which can perform attack and defense self-checking while the network security policy setting is completed, have strong timeliness, improve the network security, and indirectly reflect whether the network security policy has network vulnerabilities which are easy to ignore or not by the generated network defense trend baseline and the network failure number baseline.
To achieve these objects and other advantages in accordance with the purpose of the invention, there is provided a method for self-checking, attacking and defending a network security policy, comprising:
initiating a network attack aiming at a pre-deployed network security strategy and sending an attack instruction;
after receiving the attack instruction, collecting monitoring data according to a network security strategy, and judging whether the attack is attacked by the network or not based on the monitoring data;
if the network attack is judged to be suffered, storing the monitoring data judged to be the network attack in a defense database, updating a defense result identifier stored in the defense database, and executing a defense instruction according to the updated defense result identifier;
otherwise, the defense result identification stored in the defense database is not updated, and the instruction of deleting the network security policy is executed.
Preferably, after executing the defense instruction, the method further includes:
generating a network defense trend baseline based on data in a defense database;
a network fault number baseline is generated based on data in the historical alert database.
Preferably, the network security policy includes: and the defense rules are set at least according to three parameters of the intranet IP, the network port and the protocol.
Preferably, the method for launching a network attack against a pre-deployed network security policy includes:
forging and sending a network data packet by using a third-party function library scapy of a python development language;
receiving a return result, and accessing the application corresponding to the network port according to the network port IP which sends the return result;
and packaging the attack data packet for the application and sending the attack data packet.
Preferably, the method for collecting monitoring data according to the network security policy and determining whether the network attack is received based on the monitoring data includes:
performing packet grabbing sniffing on the attack data packet, and analyzing a message quintuple aiming at the sniffed message;
and counting the times of occurrence of messages aiming at the same destination address or the same destination port in a preset time period, and if the times exceed the preset times, judging that the messages are attacked by the network.
Preferably, the method of storing the interception data discriminated as the cyber attack in the defense database includes: and classifying and storing the message quintuple aiming at the same destination address or destination port in a preset time period by combining a timestamp.
Preferably, the defense instruction includes: the accessible port targeted by the network attack is closed.
Preferably, the method for generating a network defense trend baseline based on data in the defense database comprises: establishing a coordinate system by taking a time axis as a horizontal axis and taking attack times as a vertical axis, dividing the time axis into a plurality of periods, collecting attack data in a defense database in each period and counting the attack times, then taking points in the coordinate system, and connecting the attack times counted in each period along the time axis direction to obtain a network defense trend baseline;
the method for generating the network defense trend baseline based on the data in the historical alarm database comprises the following steps: and establishing a coordinate system by taking a time axis as a horizontal axis and the failure times as a vertical axis, dividing the time axis into a plurality of periods, collecting failure data in a historical alarm database in each period, counting the failure times, taking points in the coordinate system, and connecting the failure times counted in each period along the time axis to obtain a network failure number baseline.
The invention also provides a device for self-checking attack and defense tests of network security policies, which comprises at least one processor and a memory which is in communication connection with the at least one processor, wherein the memory stores instructions which can be executed by the at least one processor, and the instructions are executed by the at least one processor so as to enable the at least one processor to execute the method.
The invention also provides a storage medium on which a computer program is stored which, when executed by a processor, implements the method described above.
The invention at least comprises the following beneficial effects: the network attack is automatically carried out on the pre-deployed network security strategy, whether the defense rule of the network security strategy is effective or not can be checked, if the network attack cannot be effectively defended, the network security strategy still has a leak and needs to be improved immediately, the network security is indirectly improved, the network security strategy can carry out attack and defense self-checking after the deployment is finished, the timeliness is improved, the short-term or long-term existence of the leak is avoided, in addition, whether the network security strategy has the network leak which is easy to ignore or not can be indirectly reflected through the generated network defense trend baseline and the network fault number baseline, and the machine room operation and maintenance personnel can be helped to improve the network security.
Additional advantages, objects, and features of the invention will be set forth in part in the description which follows and in part will become apparent to those having ordinary skill in the art upon examination of the following or may be learned from practice of the invention.
Drawings
Fig. 1 is a flowchart of a method for self-checking, attacking and defending a network security policy according to an embodiment of the present invention.
Detailed Description
The present invention is further described in detail below with reference to the attached drawings so that those skilled in the art can implement the invention by referring to the description text.
It is to be noted that the experimental methods described in the following embodiments are all conventional methods unless otherwise specified, and the reagents and materials described therein are commercially available unless otherwise specified; in the description of the present invention, the terms "lateral", "longitudinal", "upper", "lower", "front", "rear", "left", "right", "vertical", "horizontal", "top", "bottom", "inner", "outer", and the like indicate orientations or positional relationships based on the orientations or positional relationships shown in the drawings, merely for convenience in describing the present invention and simplifying the description, and do not indicate or imply that the device or element referred to must have a particular orientation, be constructed and operated in a particular orientation, and thus, should not be construed as limiting the present invention.
Abbreviations and key terms used in the present invention are defined as follows:
library of Scapy functions: scapy is a Python program that enables users to send, sniff, and parse and forge network packets. This functionality allows the construction of tools that can probe, scan, or attack networks. In other words, scapy is a powerful interactive packet handler. It can forge or decode packets of a large number of protocols, send over wires, capture them, match requests and replies, etc. Scapy can easily handle most classical tasks such as scanning, trace routing, probing, unit testing, attacks, or network discovery.
Sr1 () function: the function used to send the accept packet may listen for the acknowledged packet and the content of the acknowledgement, as well as the unacknowledged packets.
Sendp () function: the function is used for sending the Ether data packet, the function only sends and does not receive, in the function, inter is used for setting sending interval (seconds), loop is used for setting whether to send all the time, 1 represents yes, and 0 represents no.
Ether (), IP (), TCP (), UDP (): are all packets of the protocol.
A message quintuple: source address, destination address, source port, destination port, protocol.
As shown in fig. 1, an embodiment of the present invention provides a method for self-checking, attacking and defending a network security policy, including:
s101, initiating a network attack aiming at a pre-deployed network security strategy and sending an attack instruction;
specifically, the network security policy may be built through a set of Linux commands, and the network security policy includes: the defense rule is set at least according to three parameters of an intranet IP, a network port and a protocol, and if the network request data does not exceed the scope of the defense rule, the network request is allowed to access, such as: and in unit time, if the number of access requests to the network port does not exceed the threshold value, allowing the access.
Specifically, the method for launching a network attack aiming at a pre-deployed network security policy comprises the following steps:
the third-party function library scapy of the python development language is used for forging and sending network data packets, the scapy function library can be used for packaging TCP and UDP protocol messages of network requests, a network port range is set, then the Sr1 () function is used for orderly sending the three layers of data messages, if a return result is received, the network port for sending the return result is open, and attack can be initiated aiming at the port.
Receiving a return result, and accessing the application corresponding to the network port according to the network port IP which sends the return result;
for application encapsulation attack data packet and sending, here, an Ether (IP (TCP ()) type packet or an Ether (IP (UDP ()) type packet may be used to encapsulate the attack data packet, and then the sendp () function is used to send the attack data packet to the application without interruption.
After the steps are executed, a round of simulated attack on the network security strategy is completed, and since the self-checking attack and defense are performed at the moment, in order to improve the self-checking efficiency, the simulated attack is completed and an attack instruction is also sent out, so that the network defense measures can be started quickly.
S102, after receiving an attack instruction, collecting monitoring data according to a network security strategy, and judging whether the network attack is received or not based on the monitoring data;
specifically, the method for collecting monitoring data according to the network security policy and judging whether the network attack is received or not based on the monitoring data comprises the following steps:
carrying out packet sniffing on the attack data packet, and analyzing a message quintuple aiming at the sniffed message;
and counting the times of occurrence of messages aiming at the same destination address or the same destination port in a preset time period, and if the times exceed the preset times, judging that the messages are attacked by the network.
If a certain source address accesses a large number of application ports of the intranet within a certain time range, the attack message can be judged.
S103, if the network attack is judged to be suffered, storing the monitoring data judged to be the network attack in a defense database, updating a defense result identifier stored in the defense database, and executing a defense instruction according to the updated defense result identifier;
specifically, the method for storing the monitoring data judged as the network attack in the defense database comprises the following steps: and classifying and storing the message quintuple aiming at the same destination address or destination port in a preset time period by combining a timestamp.
And S104, if not, not updating the defense result identification stored in the defense database, and executing a command of deleting the network security policy.
At this time, because the network security policy does not correctly recognize the network attack behavior, the defense result identifier stored in the defense database is not updated, and the instruction for deleting the network security policy is executed based on the updated defense result identifier, which indicates that the network security policy has a bug and needs to be improved, so the network security policy is no longer applicable and can be deleted naturally.
In addition, it is more desirable that a test instruction may be set, the test instruction may be triggered after the network security policy is set, and the network security policy self-checking attack-defense test method may be executed immediately after the test instruction is triggered.
In the embodiment, whether the defense rule of the network security policy is effective can be checked by automatically carrying out network attack on the pre-deployed network security policy, if the network attack cannot be effectively defended, the network security policy still has a bug, and immediate improvement is needed, so that the network security is indirectly improved, and the network security policy can carry out attack and defense self-check after deployment is completed, so that the timeliness is improved, and the short-term or long-term existence of the bug is avoided.
In another embodiment, after executing the defense instruction, the method further includes:
and S105, generating a network defense trend baseline based on the data in the defense database, and generating a network fault number baseline based on the data in the historical alarm database.
Specifically, the method for generating the network defense trend baseline based on the data in the defense database comprises the following steps: establishing a coordinate system by taking a time axis as a horizontal axis and taking attack times as a vertical axis, dividing the time axis into a plurality of periods, collecting attack data in a defense database in each period and counting the attack times, then taking points in the coordinate system, and connecting the attack times counted in each period along the time axis direction to obtain a network defense trend baseline;
the method for generating the network defense trend baseline based on the data in the historical alarm database comprises the following steps: and establishing a coordinate system by taking a time axis as a horizontal axis and the failure times as a vertical axis, dividing the time axis into a plurality of periods, collecting failure data in a historical alarm database in each period, counting the failure times, taking points in the coordinate system, and connecting the failure times counted in each period along the time axis to obtain a network failure number baseline.
The higher the network defense trend baseline is, the more the defense times resisting the network attack are, the lower the network defense trend baseline is, and the less the defense times resisting the network attack are.
The higher the baseline of the number of network faults is, the more the successful times of network attack are shown, and the lower the baseline of the number of network faults is, the less the successful times of network attack are shown.
By combining the network defense trend baseline and the network failure number baseline, workers can have a rough understanding of the effectiveness of the network security policy, such as:
the network defense trend baseline is increased and the network failure number baseline is decreased, which shows that the network failure number is reduced probably because of the larger defense times for resisting the network attack, and the network security strategy is probably effective.
The network defense trend baseline is increased and the network fault number baseline is also increased, which shows that although the defense times for resisting network attacks are more, more faults still occur, the network security strategy is not perfect, and security holes capable of being attacked may exist.
The baseline of the network defense trend is reduced and the baseline of the number of network faults is also reduced, which shows that although the defense times for resisting network attacks are less, the known basic defense of the security vulnerabilities is effective, and some low-risk vulnerabilities which are less in number and have no pertinence are possible.
The network defense trend baseline is reduced and the network failure number baseline is increased, which shows that the network failure number is increased probably because the defense times resisting network attack are less, and the network security strategy has known and unknown security holes and simultaneously forms threats to the network, so that the network security strategy needs to be improved as soon as possible.
The embodiment of the invention also provides a network security policy self-checking attack and defense test device, which comprises at least one processor and a memory, wherein the memory is in communication connection with the at least one processor, and the memory stores instructions executable by the at least one processor, and the instructions are executed by the at least one processor to enable the at least one processor to execute the method.
Embodiments of the present invention further provide a storage medium, on which a computer program is stored, and when the program is executed by a processor, the method is implemented.
The storage medium may be a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various readable storage media capable of storing program codes.
While embodiments of the invention have been described above, it is not intended to be limited to the details shown, described and illustrated herein, but is to be accorded the widest scope consistent with the principles and novel features herein disclosed, and to such extent that such modifications are readily available to those skilled in the art, and it is not intended to be limited to the details shown and described herein without departing from the general concept as defined by the appended claims and their equivalents.
Claims (7)
1. A method for self-checking, attacking and defending test of network security policies is characterized by comprising the following steps:
launching a network attack aiming at a pre-deployed network security strategy and sending an attack instruction;
after receiving an attack instruction, collecting monitoring data according to a network security strategy, and judging whether the network attack is received or not based on the monitoring data;
if the network attack is judged to be suffered, storing the monitoring data judged to be the network attack in a defense database, updating a defense result identifier stored in the defense database, and executing a defense instruction according to the updated defense result identifier;
otherwise, the defense result identification stored in the defense database is not updated, and the instruction of deleting the network security strategy is executed;
wherein the network security policy comprises: the defense rules are set at least according to three parameters of an intranet IP, a network port and a protocol;
the method for launching the network attack aiming at the pre-deployed network security strategy comprises the following steps:
forging and sending a network data packet by using a third-party function library scapy of a python development language;
receiving a return result, and accessing the application corresponding to the network port according to the network port IP which sends the return result;
the attack data packet is packaged and sent aiming at the application;
the method for acquiring monitoring data according to the network security policy and judging whether the network attack is received or not based on the monitoring data comprises the following steps:
carrying out packet sniffing on the attack data packet, and analyzing a message quintuple aiming at the sniffed message;
counting the times of the occurrence of the messages aiming at the same destination address or the same destination port in a preset time period, and if the times exceed the preset times, judging that the messages are attacked by the network.
2. The method for self-checking, attacking and defending the network security policy according to claim 1, wherein after executing the defense instruction, further comprising:
and generating a network defense trend baseline based on the data in the defense database, and generating a network fault number baseline based on the data in the historical alarm database.
3. The method for self-checking attack and defense tests of network security policies according to claim 1, wherein the method for storing interception data discriminated as a network attack in the defense database comprises: and classifying and storing the message quintuple aiming at the same destination address or destination port in a preset time period by combining the timestamp.
4. The method of network security policy self-checking attack-defense test of claim 3, wherein the defense instruction comprises: the accessible port to which the network attack is directed is closed.
5. The method for self-checking attack and defense testing of network security policies of claim 2, wherein the method for generating a network defense trend baseline based on data in the defense database comprises: establishing a coordinate system by taking a time axis as a horizontal axis and taking attack times as a vertical axis, dividing the time axis into a plurality of periods, collecting attack data in a defense database in each period and counting the attack times, then taking points in the coordinate system, and connecting the attack times counted in each period along a time axis, namely a network defense trend baseline;
the method for generating the network defense trend baseline based on the data in the historical alarm database comprises the following steps: and establishing a coordinate system by taking a time axis as a horizontal axis and the failure times as a vertical axis, dividing the time axis into a plurality of periods, collecting failure data in a historical alarm database in each period, counting the failure times, taking points in the coordinate system, and connecting the failure times counted in each period along the time axis to obtain a network failure number baseline.
6. An apparatus for self-checking attack and defense tests on network security policies, comprising at least one processor and a memory communicatively coupled to the at least one processor, wherein the memory stores instructions executable by the at least one processor, and the instructions are executable by the at least one processor to cause the at least one processor to perform the method of any one of claims 1 to 5.
7. A storage medium on which a computer program is stored which, when being executed by a processor, carries out the method of any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111470437.8A CN114143099B (en) | 2021-12-03 | 2021-12-03 | Network security policy self-checking attack and defense test method and device and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111470437.8A CN114143099B (en) | 2021-12-03 | 2021-12-03 | Network security policy self-checking attack and defense test method and device and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114143099A CN114143099A (en) | 2022-03-04 |
| CN114143099B true CN114143099B (en) | 2022-11-22 |
Family
ID=80387800
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111470437.8A Active CN114143099B (en) | 2021-12-03 | 2021-12-03 | Network security policy self-checking attack and defense test method and device and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114143099B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114679333A (en) * | 2022-04-19 | 2022-06-28 | 深圳市永达电子信息股份有限公司 | Dual security decision method based on function and network and computer readable storage medium |
| CN115296850A (en) * | 2022-07-08 | 2022-11-04 | 中电信数智科技有限公司 | Network attack and defense exercise distributed learning method based on artificial intelligence |
| CN115664786A (en) * | 2022-10-24 | 2023-01-31 | 惠州市德赛西威智能交通技术研究院有限公司 | Automobile defense method, defense system, honeypot system and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9882929B1 (en) * | 2014-09-30 | 2018-01-30 | Palo Alto Networks, Inc. | Dynamic selection and generation of a virtual clone for detonation of suspicious content within a honey network |
| CN109361534A (en) * | 2018-09-20 | 2019-02-19 | 中国航天系统科学与工程研究院 | A kind of network security emulation system |
| CN110830457A (en) * | 2019-10-25 | 2020-02-21 | 腾讯科技(深圳)有限公司 | Attack sensing method, device, equipment and medium based on honeypot induction |
| CN112367337A (en) * | 2020-11-26 | 2021-02-12 | 杭州安恒信息技术股份有限公司 | Network security attack and defense method, device and medium |
| CN113259392A (en) * | 2021-06-28 | 2021-08-13 | 四块科技(深圳)有限公司 | Network security attack and defense method, device and storage medium |
-
2021
- 2021-12-03 CN CN202111470437.8A patent/CN114143099B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9882929B1 (en) * | 2014-09-30 | 2018-01-30 | Palo Alto Networks, Inc. | Dynamic selection and generation of a virtual clone for detonation of suspicious content within a honey network |
| CN109361534A (en) * | 2018-09-20 | 2019-02-19 | 中国航天系统科学与工程研究院 | A kind of network security emulation system |
| CN110830457A (en) * | 2019-10-25 | 2020-02-21 | 腾讯科技(深圳)有限公司 | Attack sensing method, device, equipment and medium based on honeypot induction |
| CN112367337A (en) * | 2020-11-26 | 2021-02-12 | 杭州安恒信息技术股份有限公司 | Network security attack and defense method, device and medium |
| CN113259392A (en) * | 2021-06-28 | 2021-08-13 | 四块科技(深圳)有限公司 | Network security attack and defense method, device and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114143099A (en) | 2022-03-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN114143099B (en) | Network security policy self-checking attack and defense test method and device and storage medium | |
| Zhang et al. | An IoT honeynet based on multiport honeypots for capturing IoT attacks | |
| CN106650436B (en) | A kind of safety detection method and device based on local area network | |
| CN105763392B (en) | A kind of industry control agreement fuzz testing method based on protocol status | |
| CN110324310A (en) | Networked asset fingerprint identification method, system and equipment | |
| CN112054996B (en) | Attack data acquisition method and device for honeypot system | |
| US20160241574A1 (en) | Systems and methods for determining trustworthiness of the signaling and data exchange between network systems | |
| CN110351237B (en) | Honeypot method and device for numerical control machine tool | |
| CN107612890B (en) | Network monitoring method and system | |
| CN109144023A (en) | A kind of safety detection method and equipment of industrial control system | |
| CN112788034A (en) | Processing method and device for resisting network attack, electronic equipment and storage medium | |
| CN104348808A (en) | Session processing method and device | |
| CN112217777A (en) | Attack backtracking method and equipment | |
| CN113934621A (en) | Fuzzy test method, system, electronic device and medium | |
| CN113489703A (en) | Safety protection system | |
| CN116318783B (en) | Network industrial control equipment safety monitoring method and device based on safety index | |
| CN112231679A (en) | Terminal equipment verification method and device and storage medium | |
| CN114629714B (en) | Malicious program behavior processing method and system for mutual reinforcement of honeypot and sandbox | |
| CN109768949A (en) | A kind of port scan processing system, method and relevant apparatus | |
| CN114374838A (en) | Network camera monitoring method, device, equipment and medium | |
| CN113872964A (en) | Vulnerability rule generation method and related device | |
| CN112541179A (en) | Android application digital certificate verification vulnerability detection system and method | |
| Wu et al. | Testing and evaluation of the mimic defense principle verification system | |
| CN114401113B (en) | Network security policy AI autonomous defense method and system based on security ontology modeling | |
| CN114710307B (en) | Network detection identification method and system based on virtual network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: Room 1308, 13th floor, East Tower, 33 Fuxing Road, Haidian District, Beijing 100036 Applicant after: China Telecom Digital Intelligence Technology Co.,Ltd. Address before: Room 1308, 13th floor, East Tower, 33 Fuxing Road, Haidian District, Beijing 100036 Applicant before: CHINA TELECOM GROUP SYSTEM INTEGRATION Co.,Ltd. |
|
| CB02 | Change of applicant information | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |