CN115396347B - Routing protocol fuzzy test method and system based on man-in-the-middle - Google Patents
Routing protocol fuzzy test method and system based on man-in-the-middle Download PDFInfo
- Publication number
- CN115396347B CN115396347B CN202210979782.2A CN202210979782A CN115396347B CN 115396347 B CN115396347 B CN 115396347B CN 202210979782 A CN202210979782 A CN 202210979782A CN 115396347 B CN115396347 B CN 115396347B
- Authority
- CN
- China
- Prior art keywords
- target
- router
- message
- test
- protocol
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000010998 test method Methods 0.000 title claims abstract description 17
- 238000012360 testing method Methods 0.000 claims abstract description 130
- 238000012544 monitoring process Methods 0.000 claims abstract description 37
- 238000012216 screening Methods 0.000 claims abstract description 35
- 238000000034 method Methods 0.000 claims abstract description 30
- 230000008569 process Effects 0.000 claims description 18
- 230000005856 abnormality Effects 0.000 claims description 9
- 230000001960 triggered effect Effects 0.000 claims description 8
- 230000002159 abnormal effect Effects 0.000 claims description 7
- 238000001514 detection method Methods 0.000 claims description 6
- 230000006872 improvement Effects 0.000 description 8
- 238000004891 communication Methods 0.000 description 4
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 230000007704 transition Effects 0.000 description 3
- 238000012098 association analyses Methods 0.000 description 2
- 238000006243 chemical reaction Methods 0.000 description 2
- 238000004590 computer program Methods 0.000 description 2
- 238000010276 construction Methods 0.000 description 2
- 230000007547 defect Effects 0.000 description 2
- 230000006978 adaptation Effects 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000035772 mutation Effects 0.000 description 1
- 238000004080 punching Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/18—Protocol analysers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/10—Active monitoring, e.g. heartbeat, ping or trace-route
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/03—Protocol definition or specification
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Abstract
The invention discloses a routing protocol fuzzy test method and a system based on a man-in-the-middle, wherein the method comprises the following steps: step S1: constructing a man-in-the-middle fuzzy test system, enabling the target routers to exchange data through the man-in-the-middle system, and monitoring connectivity of the target routers through the man-in-the-middle system; step S2: screening the split-flow message: screening out a target protocol message to be tested, and transmitting the target protocol message to be tested to a fuzzy test engine, wherein other messages are transmitted in a transparent way; step S3: generating a test case for fuzzy test: the man-in-the-middle system generates a fuzzy test case according to the target protocol data interacted between the routers, and then sends the fuzzy test case to the target router for fuzzy test; step S4: monitoring connectivity anomalies and reporting: and monitoring connectivity anomalies generated by the target router and reporting suspicious vulnerability information. The system is used for implementing the method. The invention has the advantages of simple principle, simple and convenient operation, capability of improving the test efficiency and the test precision, and the like.
Description
Technical Field
The invention mainly relates to the technical field of network and information security, in particular to a routing protocol fuzzy test method and system based on a man-in-the-middle.
Background
Security vulnerabilities are lifelines for studying security issues, which are central issues for network and information security. Security vulnerabilities refer to defects or shortages in the design, implementation, or operation management of an information system, thereby enabling an attacker to exploit these defects to destroy the security policies of the system without authorization. The large number of unknown and unrepaired vulnerabilities lead to network insecurity, with immeasurable consequences once these vulnerabilities are exploited.
The fuzzy test is an effective vulnerability discovery method and is widely applied in recent years. The fuzzy test technology can be traced back to 1950, when the data of the computer is mainly stored on the punching cards, and the computer program reads the data of the cards to calculate and output. If some junk cards or some obsolete and unsuitable cards are encountered, the corresponding computer program may be subject to errors and anomalies or even crashes, thus creating a vulnerability. The concept of the fuzziness test was proposed in 1989 by the professor barton miller, university of madison, wisconsin, but the technological breakthrough of the fuzziness test was the last few years. In recent years, with the popularization of network applications, there is an increasing concern about security, stability and quality of software. Software systems are becoming more and more complex, and carefully tested software can have loopholes to escape. The fuzzy test is widely studied as an efficient test method and is commonly used for finding some hidden and deeper loopholes. The problems revealed by the fuzzing test are often triggered by inputs that are unlikely to be built by the developer. The fuzzing test expands the code coverage of conventional automated testing, and unintended input used by the fuzzing test typically triggers some execution flow that is not normally triggered. The fuzzy test has the advantages of relatively low cost, higher efficiency of discovering loopholes, automatic execution and the like, and is an effective software test method. In the current specific application, the fuzzy test system generates a large amount of normal and abnormal inputs, provides the inputs for a test target, and discovers the loopholes existing in the target by monitoring the execution state of the target program. Compared with a general information system, a network protocol can enter different protocol states in operation, and the different states correspond to different inputs. The fuzzy test needs to provide all states of different test case coverage protocols, so that the fuzzy test process of the network protocol is complex, and the ideal effect is difficult to achieve by the traditional fuzzy test method.
The routing protocol, as a special network protocol, has a more complex state model than the general network protocol. Meanwhile, protocol vulnerabilities existing in routers under different configurations are not completely consistent, and for a specific network, testing is often required under a specific environment.
Current fuzzy test methods for stateful class information systems can be broadly divided into two classes. First, methods such as unit testing, variant message sequences, etc. are used in a manner similar to conventional fuzzy testing. However, the source code of the test object is required for unit test, interaction and conversion between the test states cannot be performed, and many invalid messages rejected by the test object are generated by the variant message sequence, so that the test efficiency is low. The other is to build a state transition model, which is the most common means in the recent network protocol ambiguity test method. Methods for building state transition models can also be divided into two categories. First, manual construction from protocol specifications takes a significant amount of time to study protocol specification documents. And secondly, automatically constructing by using a program, and completing the construction of a state transition model by using various algorithms by grabbing normal flow of protocol exchange by using a construction program. This approach requires the ability to determine the target state, however how to determine the target state is also a challenging task.
In the network protocol fuzzing method, autoFuzz uses a man-in-the-middle based fuzzing. AutoFuzz uses a Socks5 proxy server as a middleman, a client sends data to the Socks5 proxy server through a Socks5 session package, and the Socks5 proxy server processes the received data and sends the processed data to a target server for fuzzy test. The fuzzy test target of AutoFuzz is a network protocol of a non-routing protocol.
The network protocol ambiguity test method using the Socks5 agent as the middleman mainly has the following disadvantages:
1. communication is carried out through the Socks5 server, and protocol software is required to have an interface of the Socks 5. For targets that do not have an interface to the Socks5 and cannot be set, the Socks5 proxy server cannot be used.
The socks5 is effectively a transport layer proxy protocol that acts as a proxy between a TCP/IP based client and server and is not usable with network protocols that are not TCP/IP based.
Routing protocols such as OSPF are not TCP/IP based and it is difficult for network devices running the routing protocols to integrate the Socks5 services.
Disclosure of Invention
The technical problem to be solved by the invention is as follows: aiming at the technical problems existing in the prior art, the invention provides the routing protocol fuzzy test method and the system based on the middleman, which have the advantages of simple principle, simple and convenient operation and capability of improving the test efficiency and the test precision.
In order to solve the technical problems, the invention adopts the following technical scheme:
a man-in-the-middle based routing protocol ambiguity test method, comprising:
step S1: constructing a man-in-the-middle fuzzy test system, enabling the target routers to exchange data through the man-in-the-middle system, and monitoring connectivity of the target routers through the man-in-the-middle system;
step S2: screening the split-flow message: screening out a target protocol message to be tested, and transmitting the target protocol message to be tested to a fuzzy test engine, wherein other messages are transmitted in a transparent way;
step S3: generating a test case for fuzzy test: the man-in-the-middle system generates a fuzzy test case according to the target protocol data interacted between the routers, and then sends the fuzzy test case to the target router for fuzzy test;
step S4: monitoring connectivity anomalies and reporting: and monitoring connectivity anomalies generated by the target router and reporting suspicious vulnerability information.
As a further improvement of the process of the invention: the process of screening the streaming message in step S2 includes:
step S2.1: receiving configuration information issued after configuration, and determining a target routing protocol to be tested;
step S2.2: the message flowing into the target router is called as an input message, and the message flowing out of the target router is called as an output message; and screening out target protocol messages from the input messages, performing fuzzy test, and directly transmitting non-target protocol messages to the target router.
Step S2.3: and carrying out transparent forwarding on the output message.
As a further improvement of the process of the invention: the flow of generating the test case for the fuzzy test in the step S3 includes:
step S3.1: receiving configuration information issued after configuration, and determining which key fields of a protocol are mutated;
step S3.2: receiving a target protocol message sent after screening and shunting is completed as a seed, reassigning key fields according to configuration requirements, directly copying original values by other fields, and then sending the generated test message to a target router;
step S3.3: and simultaneously transmitting the test related information, and performing contrast monitoring.
As a further improvement of the process of the invention: in the step S3.1, the key field includes:
(a) Selecting and determining according to the characteristics of the protocol;
(b) And determining according to the published vulnerability selection.
As a further improvement of the process of the invention: the step S4 of monitoring connectivity abnormality and reporting comprises the following steps: in the process of implementing the fuzzy test on the target router, the Ping connectivity detection is continuously carried out on the second router through the first router, and when the first router cannot Ping to pass through the second router, the fact that the routing function of the target router is abnormal is indicated to be caused by the loophole triggered by the fuzzy test.
The invention further provides a routing protocol fuzzy test system based on the middleman, which comprises a screening and shunting unit, a configuration unit, a monitoring unit and a fuzzy test unit, wherein the screening and shunting unit receives configuration information issued by the configuration unit and determines a target routing protocol to be tested; the fuzzy test unit receives the configuration information issued by the configuration unit and determines to mutate key fields of the protocol; the fuzzy test unit receives the target protocol message sent by the screening and shunting unit as a seed, reassigns key fields according to configuration requirements, directly copies original values of other fields, and then sends the generated test message to the target router; and the fuzzy test unit simultaneously sends the relevant test information to the monitoring unit so that the monitoring unit can conduct contrast monitoring.
As a further improvement of the system of the invention: the screening and shunting unit refers to a message flowing into the target router as an input message and a message flowing out of the target router as an output message; the screening and shunting unit screens out the target protocol message from the input message, sends the target protocol message to the fuzzy test unit for fuzzy test, and directly sends the non-target protocol message to the target router.
As a further improvement of the system of the invention: and the screening and shunting unit transparently forwards the output message.
As a further improvement of the system of the invention: the key field includes:
(a) Selecting and determining according to the characteristics of the protocol;
(b) And determining according to the published vulnerability selection.
As a further improvement of the system of the invention: the monitoring unit is used for monitoring connectivity abnormality and reporting, and comprises: in the process of implementing the fuzzy test on the target router, the Ping connectivity detection is continuously carried out on the second router through the first router, and when the first router cannot Ping to pass through the second router, the fact that the routing function of the target router is abnormal is indicated to be caused by the loophole triggered by the fuzzy test.
Compared with the prior art, the invention has the advantages that:
1. the invention discloses a routing protocol fuzzy test method and a system based on a middleman, in particular to a black box routing protocol fuzzy test method and a system based on the middleman. The method can transparently forward protocol data between routers, does not need to make any modification setting on a test target before testing, and can be applied to a real routing environment.
2. According to the routing protocol fuzzy test method and system based on the man-in-the-middle, the fuzzy test system is connected between the routers in a man-in-the-middle mode, and no modification setting is needed for the target router; before the routing protocol exchanges data, other protocols may be run, for example, the IP address of the adjacent router is obtained through ARP protocol, and in the fuzzy test process, the router exchanges the target routing protocol data and also exchanges other protocol data, so that the man-in-the-middle system transparently forwards the data without affecting the non-target protocol. Therefore, the fuzzy test can be conveniently carried out on the router in the real environment.
3. According to the routing protocol fuzzy test method and system based on the man-in-the-middle, the data interacted between the routing protocols are directly used as seeds for fuzzy test, so that the states of related functions of the routing protocols can be covered, and the state conversion is not required to be guided and maintained manually; the method can ensure that the target router can receive and process the fuzzy test, and improves the efficiency of the fuzzy test; the mutation can be performed on the fields with high-risk vulnerability values, so that the pertinence of the fuzzy test is improved.
Drawings
FIG. 1 is a schematic flow chart of the method of the present invention.
Fig. 2 is a schematic diagram of the system of the present invention in a specific application example.
Detailed Description
The invention will be described in further detail with reference to the drawings and the specific examples.
As shown in fig. 1, the method for testing the route protocol ambiguity based on the man-in-the-middle of the invention is used for performing simple and efficient ambiguity test on a complex route protocol, and comprises the following steps:
step S1: constructing a man-in-the-middle fuzzy test system, enabling the target routers to exchange data through the man-in-the-middle system, and monitoring connectivity of the target routers through the man-in-the-middle system;
step S2: screening the split-flow message: screening out a target protocol message to be tested, and transmitting the target protocol message to be tested to a fuzzy test engine, wherein other messages are transmitted in a transparent way;
step S3: generating a test case for fuzzy test: the man-in-the-middle system generates a fuzzy test case according to the target protocol data interacted between the routers, and then sends the fuzzy test case to the target router for fuzzy test;
step S4: monitoring connectivity anomalies and reporting: and monitoring connectivity anomalies generated by the target router and reporting suspicious vulnerability information.
In the method of the invention, the man-in-the-middle attack is an 'indirect' intrusion attack, and the attack mode is to virtually place a computer controlled by an intruder between two communication computers in network connection through various technical means, and the computer is called as a 'man-in-the-middle'. The attacker who attacks the man-in-the-middle creates independent links with both ends of the communication respectively and exchanges the data received by them, so that both ends of the communication consider that they are directly talking to each other through a private connection, but in fact the whole session is completely controlled by the attacker. Such an attack may be used to simply gain access to the message or to enable an attacker to modify the message before forwarding it.
In a specific application example, the specific process of screening the streaming message in step S2 may include:
step S2.1: receiving configuration information issued after configuration, and determining a target routing protocol to be tested;
step S2.2: the message flowing into the target router R2 is called an input message, and the message flowing out of the target router R2 is called an output message; screening out target protocol messages from the input messages, performing fuzzy test, and directly transmitting non-target protocol messages to the target router R2.
Step S2.3: and carrying out transparent forwarding on the output message.
In a specific application example, the specific process of generating the test case for performing the fuzzy test in step S3 may include:
step S3.1: receiving configuration information issued after configuration, and determining which key fields of a protocol are mutated;
the key fields are those that are more prone to vulnerability, including but not limited to:
(a) Selecting and determining according to the characteristics of the protocol; such as a field in the routing protocol associated with an IP address;
(b) Determining according to published vulnerability choices; if a field is involved in a published vulnerability of a target protocol or similar protocol, then this field is said to be more vulnerable to vulnerability.
Step S3.2: receiving a target protocol message sent after screening and shunting is completed as a seed, reassigning key fields according to configuration requirements, directly copying original values by other fields, and then sending the generated test message to a target router R2;
step S3.3: and simultaneously transmitting the test related information, and performing contrast monitoring.
Referring to fig. 2, in a specific application example, connectivity anomalies are monitored and reported in step S4, which includes: in the process of implementing the fuzzy test on the target router R2, connectivity detection such as Ping is continuously performed on the router R4 through the router R3, and when the router R3 cannot Ping the router R4, it is indicated that the routing function of the target router R2 is abnormal and may be caused by a vulnerability triggered by the fuzzy test. The monitoring unit monitors connectivity abnormality of the target router in real time, performs association analysis on the connectivity abnormality and the test information sent by the fuzzy test unit, and feeds back suspicious vulnerability information to the user.
In the method of the present invention, an internet packet explorer (Ping, packet Internet Groper) is employed for a program for testing network connectivity. Ping is a service command of an application layer working in a TCP/IP network architecture, mainly to send an ICMP (Internet Control Message Protocol internet message control protocol) Echo request message to a specific destination host, and to test whether the destination is reachable and to know the relevant status.
As shown in fig. 2, the invention further provides a routing protocol fuzzy test system based on the middleman, which comprises a screening and shunting unit, a configuration unit, a monitoring unit and a fuzzy test unit, wherein the screening and shunting unit receives configuration information issued by the configuration unit and determines a target routing protocol to be tested; the fuzzy test unit receives the configuration information issued by the configuration unit and determines which key fields of the protocol are mutated; the fuzzy test unit receives the target protocol message sent by the screening and shunting unit as a seed, reassigns key fields according to configuration requirements, directly copies original values of other fields, and then sends the generated test message to the target router; and the fuzzy test unit simultaneously sends the relevant test information to the monitoring unit so that the monitoring unit can conduct contrast monitoring.
In a specific application example, the screening and shunting unit refers to a message flowing into the target router R2 as an input message and a message flowing out of the target router R2 as an output message; the screening and shunting unit screens out the target protocol message from the input message, sends the target protocol message to the fuzzy test unit for fuzzy test, and directly sends the non-target protocol message to the target router R2.
In a specific application example, the screening and shunting unit transparently forwards the output message.
In a specific application example, the fuzzy test unit receives the configuration information issued by the configuration unit and determines which key fields of the protocol are mutated. The key fields are those that are more prone to vulnerability, including but not limited to:
(a) Selecting and determining according to the characteristics of the protocol; such as a field in the routing protocol associated with an IP address;
(b) Determining according to published vulnerability choices; if a field is involved in a published vulnerability of a target protocol or similar protocol, then this field is said to be more vulnerable to vulnerability.
In a specific application example, the monitoring unit continuously performs connectivity detection such as Ping on the router R4 through the router R3 in the process of performing the fuzzy test on the target router R2, and when the router R3 cannot pin the router R4, it is indicated that the routing function of the target router R2 is abnormal, which may be caused by a vulnerability triggered by the fuzzy test. The monitoring unit monitors connectivity abnormality of the target router in real time, performs association analysis on the connectivity abnormality and the test information sent by the fuzzy test unit, and feeds back suspicious vulnerability information to the user.
The above is only a preferred embodiment of the present invention, and the protection scope of the present invention is not limited to the above examples, and all technical solutions belonging to the concept of the present invention belong to the protection scope of the present invention. It should be noted that modifications and adaptations to the invention without departing from the principles thereof are intended to be within the scope of the invention as set forth in the following claims.
Claims (4)
1. The routing protocol ambiguity test method based on the man-in-the-middle is characterized by comprising the following steps of:
step S1: constructing a man-in-the-middle fuzzy test system, enabling the target routers to exchange data through the man-in-the-middle system, and monitoring connectivity of the target routers through the man-in-the-middle system;
step S2: screening the split-flow message: screening out a target protocol message to be tested, and transmitting the target protocol message to be tested to a fuzzy test engine, wherein other messages are transmitted in a transparent way;
step S3: generating a test case for fuzzy test: the man-in-the-middle system generates a fuzzy test case according to the target protocol data interacted between the routers, and then sends the fuzzy test case to the target router for fuzzy test;
step S4: monitoring connectivity anomalies and reporting: monitoring connectivity abnormality generated by a target router and reporting suspicious vulnerability information;
the process of screening the streaming message in step S2 includes:
step S2.1: receiving configuration information issued after configuration, and determining a target routing protocol to be tested;
step S2.2: the message flowing into the target router is called as an input message, and the message flowing out of the target router is called as an output message; screening out target protocol messages from the input messages, performing fuzzy test, and directly sending non-target protocol messages to a target router;
step S2.3: transparent forwarding is carried out on the output message;
the flow of generating the test case for the fuzzy test in the step S3 includes:
step S3.1: receiving configuration information issued after configuration, and determining which key fields of a protocol are mutated;
step S3.2: receiving a target protocol message sent after screening and shunting is completed as a seed, reassigning key fields according to configuration requirements, directly copying original values by other fields, and then sending the generated test message to a target router;
step S3.3: transmitting the relevant test information simultaneously, and performing contrast monitoring;
the step S4 of monitoring connectivity abnormality and reporting comprises the following steps: in the process of implementing the fuzzy test on the target router, the Ping connectivity detection is continuously carried out on the second router through the first router, and when the first router cannot Ping to pass through the second router, the fact that the routing function of the target router is abnormal is indicated to be caused by the loophole triggered by the fuzzy test.
2. The man-in-the-middle based routing protocol ambiguity test method of claim 1, wherein in step S3.1, the key field includes:
(a) Selecting and determining according to the characteristics of the protocol;
(b) And determining according to the published vulnerability selection.
3. The routing protocol fuzzy test system based on the man-in-the-middle is characterized by comprising a screening and shunting unit, a configuration unit, a monitoring unit and a fuzzy test unit, wherein the screening and shunting unit receives configuration information issued by the configuration unit and determines a target routing protocol to be tested; the fuzzy test unit receives the configuration information issued by the configuration unit and determines to mutate key fields of the protocol; the fuzzy test unit receives the target protocol message sent by the screening and shunting unit as a seed, reassigns key fields according to configuration requirements, directly copies original values of other fields, and then sends the generated test message to the target router; the fuzzy test unit simultaneously sends the relevant test information to the monitoring unit so that the monitoring unit can conduct contrast monitoring;
the screening and shunting unit refers to a message flowing into the target router as an input message and a message flowing out of the target router as an output message; the screening and shunting unit screens out a target protocol message from the input message, sends the target protocol message to the fuzzy test unit for fuzzy test, and directly sends a non-target protocol message to the target router; the screening and shunting unit transparently forwards the output message; the monitoring unit is used for monitoring connectivity abnormality and reporting, and comprises: in the process of implementing the fuzzy test on the target router, the Ping connectivity detection is continuously carried out on the second router through the first router, and when the first router cannot Ping to pass through the second router, the fact that the routing function of the target router is abnormal is indicated to be caused by the loophole triggered by the fuzzy test.
4. The man-in-the-middle based routing protocol fuzziness test system of claim 3, wherein the emphasis field comprises:
(a) Selecting and determining according to the characteristics of the protocol;
(b) And determining according to the published vulnerability selection.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210979782.2A CN115396347B (en) | 2022-08-15 | 2022-08-15 | Routing protocol fuzzy test method and system based on man-in-the-middle |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210979782.2A CN115396347B (en) | 2022-08-15 | 2022-08-15 | Routing protocol fuzzy test method and system based on man-in-the-middle |
Publications (2)
Publication Number | Publication Date |
---|---|
CN115396347A CN115396347A (en) | 2022-11-25 |
CN115396347B true CN115396347B (en) | 2024-02-06 |
Family
ID=84121570
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210979782.2A Active CN115396347B (en) | 2022-08-15 | 2022-08-15 | Routing protocol fuzzy test method and system based on man-in-the-middle |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN115396347B (en) |
Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2011139687A1 (en) * | 2010-04-26 | 2011-11-10 | The Trustees Of The Stevens Institute Of Technology | Systems and methods for automatically detecting deception in human communications expressed in digital form |
CN104639389A (en) * | 2014-12-31 | 2015-05-20 | 北京奇虎科技有限公司 | Router evaluating device and method |
CN105103619A (en) * | 2013-03-15 | 2015-11-25 | 波音公司 | Secure routing based on the physical locations of routers |
CN108809951A (en) * | 2018-05-16 | 2018-11-13 | 南京大学 | A kind of penetration testing frame suitable for industrial control system |
CN110336827A (en) * | 2019-07-15 | 2019-10-15 | 北京工业大学 | A kind of Modbus Transmission Control Protocol fuzz testing method based on exception field positioning |
CN110505111A (en) * | 2019-07-09 | 2019-11-26 | 杭州电子科技大学 | The industry control agreement fuzz testing method reset based on flow |
CN110912776A (en) * | 2019-11-27 | 2020-03-24 | 中国科学院信息工程研究所 | Automatic fuzzy test method and device for entity router management protocol |
CN111628900A (en) * | 2019-02-28 | 2020-09-04 | 西门子股份公司 | Fuzzy test method and device based on network protocol and computer readable medium |
CN114328216A (en) * | 2021-12-27 | 2022-04-12 | 奇安信科技集团股份有限公司 | Vulnerability mining method and device |
CN114650163A (en) * | 2022-01-21 | 2022-06-21 | 中国人民解放军战略支援部队信息工程大学 | Stateful network protocol-oriented fuzzy test method and system |
CN114884647A (en) * | 2021-01-22 | 2022-08-09 | 腾讯科技(深圳)有限公司 | Network access management method and related equipment |
-
2022
- 2022-08-15 CN CN202210979782.2A patent/CN115396347B/en active Active
Patent Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2011139687A1 (en) * | 2010-04-26 | 2011-11-10 | The Trustees Of The Stevens Institute Of Technology | Systems and methods for automatically detecting deception in human communications expressed in digital form |
CN105103619A (en) * | 2013-03-15 | 2015-11-25 | 波音公司 | Secure routing based on the physical locations of routers |
CN104639389A (en) * | 2014-12-31 | 2015-05-20 | 北京奇虎科技有限公司 | Router evaluating device and method |
CN108809951A (en) * | 2018-05-16 | 2018-11-13 | 南京大学 | A kind of penetration testing frame suitable for industrial control system |
CN111628900A (en) * | 2019-02-28 | 2020-09-04 | 西门子股份公司 | Fuzzy test method and device based on network protocol and computer readable medium |
CN110505111A (en) * | 2019-07-09 | 2019-11-26 | 杭州电子科技大学 | The industry control agreement fuzz testing method reset based on flow |
CN110336827A (en) * | 2019-07-15 | 2019-10-15 | 北京工业大学 | A kind of Modbus Transmission Control Protocol fuzz testing method based on exception field positioning |
CN110912776A (en) * | 2019-11-27 | 2020-03-24 | 中国科学院信息工程研究所 | Automatic fuzzy test method and device for entity router management protocol |
CN114884647A (en) * | 2021-01-22 | 2022-08-09 | 腾讯科技(深圳)有限公司 | Network access management method and related equipment |
CN114328216A (en) * | 2021-12-27 | 2022-04-12 | 奇安信科技集团股份有限公司 | Vulnerability mining method and device |
CN114650163A (en) * | 2022-01-21 | 2022-06-21 | 中国人民解放军战略支援部队信息工程大学 | Stateful network protocol-oriented fuzzy test method and system |
Also Published As
Publication number | Publication date |
---|---|
CN115396347A (en) | 2022-11-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10708285B2 (en) | Supplementing network flow analysis with endpoint information | |
US7624448B2 (en) | Intelligent intrusion detection system utilizing enhanced graph-matching of network activity with context data | |
US8266697B2 (en) | Enabling network intrusion detection by representing network activity in graphical form utilizing distributed data sensors to detect and transmit activity data | |
EP2056559B1 (en) | Method and system for network simulation | |
Izhikevich et al. | {LZR}: Identifying unexpected internet services | |
US7062783B1 (en) | Comprehensive enterprise network analyzer, scanner and intrusion detection framework | |
US10798061B2 (en) | Automated learning of externally defined network assets by a network security device | |
US7463593B2 (en) | Network host isolation tool | |
JP2010541441A (en) | Computer-implemented method, data processing system, and computer program (router detection) for detecting unauthorized routers in a distributed network | |
MX2010006846A (en) | Method for configuring acls on network device based on flow information. | |
Vaigandla et al. | Investigation on intrusion detection systems (IDSs) in IoT | |
Qiu et al. | Global Flow Table: A convincing mechanism for security operations in SDN | |
Han et al. | State-aware network access management for software-defined networks | |
Bonola et al. | StreaMon: A data-plane programming abstraction for software-defined stream monitoring | |
Khosravifar et al. | An experience improving intrusion detection systems false alarm ratio by using honeypot | |
KR20020075319A (en) | Intelligent Security Engine and Intelligent and Integrated Security System Employing the Same | |
CN115396347B (en) | Routing protocol fuzzy test method and system based on man-in-the-middle | |
US10419388B2 (en) | Method and system for dark matter scanning | |
Gad et al. | Hierarchical events for efficient distributed network analysis and surveillance | |
HA | Investigation on intrusion detection systems in IoT | |
Anbarsu et al. | Software-Defined Networking for the Internet of Things: Securing home networks using SDN | |
Lyu et al. | A survey on enterprise network security: Asset behavioral monitoring and distributed attack detection | |
Liu et al. | Community Cleanup: Incentivizing Network Hygiene via Distributed Attack Reporting | |
US11283823B1 (en) | Systems and methods for dynamic zone protection of networks | |
Bhuyan et al. | Network Traa c Anomaly Detection and Prevention |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |