CN115622911A - A performance test method of network security detection equipment - Google Patents

A performance test method of network security detection equipment Download PDF

Info

Publication number
CN115622911A
CN115622911A CN202211247644.1A CN202211247644A CN115622911A CN 115622911 A CN115622911 A CN 115622911A CN 202211247644 A CN202211247644 A CN 202211247644A CN 115622911 A CN115622911 A CN 115622911A
Authority
CN
China
Prior art keywords
file
test
detection
value
log
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211247644.1A
Other languages
Chinese (zh)
Inventor
李永辉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuhan Sipuling Technology Co Ltd
Original Assignee
Wuhan Sipuling Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuhan Sipuling Technology Co Ltd filed Critical Wuhan Sipuling Technology Co Ltd
Priority to CN202211247644.1A priority Critical patent/CN115622911A/en
Publication of CN115622911A publication Critical patent/CN115622911A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1095Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Environmental & Geological Engineering (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

本申请提供的一种网络安全检测设备的性能测试方法,所述网络安全检测设备旁路部署于测试环境中,所述性能测试方法包括:生成测试文件;使用网络设备将测试文件从第一终端设备传输至第二终端设备,生成镜像流量;使用安全检测设备对镜像流量进行检测,生成检测日志;获取第二终端设备接收的传输后文件;若传输后文件与测试文件一致,且检测日志包括测试文件对应的日志信息,则从检测日志中获取病毒留存文件;若所述病毒留存文件与病毒样本文件一致,则输出测试结果为成功。所述性能测试方法使用网络设备的镜像流量作为测试数据,无需抓取重放报文,并且根据传输后文件、测试文件、检测日志以及病毒留存文件等共同确认测试结果,提高测试准确率。

Figure 202211247644

The present application provides a performance testing method of a network security detection device, wherein the network security detection device is side-by-side deployed in a test environment, and the performance testing method includes: generating a test file; using a network device to download the test file from the first terminal The device is transmitted to the second terminal device to generate mirrored traffic; use the security detection device to detect the mirrored traffic and generate a detection log; obtain the transmitted file received by the second terminal device; if the transmitted file is consistent with the test file, and the detection log includes For the log information corresponding to the test file, the remaining virus file is obtained from the detection log; if the remaining virus file is consistent with the virus sample file, the test result is output as successful. The performance test method uses mirrored traffic of network equipment as test data without grabbing and replaying messages, and confirms test results based on transmitted files, test files, detection logs, and virus retention files to improve test accuracy.

Figure 202211247644

Description

一种网络安全检测设备的性能测试方法A performance test method of network security detection equipment

技术领域technical field

本申请涉及计算机网络安全领域,特别涉及一种网络安全检测设备的性能测试方法。The application relates to the field of computer network security, in particular to a performance testing method of network security testing equipment.

背景技术Background technique

旁路部署的网络安全检测设备,如全流量取证系统(Total flow forensicssystem,TFS),作为网络安全防护的重要组成单元,其中的病毒检测功能是其必备的业务模块。作为旁路部署的设备,TFS的特点是只收流量,不作流量转发,因此不能直接将TFS串接在客户端和服务器之间进行测试。The network security detection equipment deployed in the bypass, such as the total flow forensics system (TFS), is an important component of network security protection, and the virus detection function is an essential business module. As a device deployed in a bypass, TFS is characterized by only receiving traffic and not forwarding traffic, so TFS cannot be directly connected in series between the client and server for testing.

目前,对TFS的病毒检测性能的测试主要依赖报文的重放。首先,测试人员需要模拟客户端向服务端发送或者从服务端下载包括病毒样本文件的测试文件,然后,收集上述传输过程产生的完整数据报文。将上述完整数据报文输入至TFS中进行病毒检测,根据检测日志的结果得到测试结果。但是如果上述报文抓取不完整,则有可能导致TFS误报或未检测上报,进而导致测试结果不准确。因此,采用上述测试方法的测试结果准确率低。At present, the test of the virus detection performance of TFS mainly relies on the replay of packets. First, the tester needs to simulate the client to send or download the test file including the virus sample file from the server, and then collect the complete data packets generated during the above transmission process. Input the above-mentioned complete data message into TFS for virus detection, and obtain the test result according to the result of the detection log. However, if the above-mentioned packets are captured incompletely, it may lead to false positives or undetected reports by TFS, resulting in inaccurate test results. Therefore, the accuracy of the test results using the above test method is low.

发明内容Contents of the invention

为解决目前的网络安全检测设备的性能测试方法中,如果报文抓取不完整,则有可能导致TFS误报或未检测上报,进而导致测试结果不准确的问题,本申请通过以下方面提供一种网络安全检测设备的性能测试方法、终端装置及计算机可读存储介质。In order to solve the problem that in the current performance test method of network security testing equipment, if the message capture is incomplete, it may cause TFS false positives or undetected reports, which may lead to inaccurate test results. This application provides a solution through the following aspects: A performance testing method of network security testing equipment, a terminal device, and a computer-readable storage medium.

本申请第一方面提供一种网络安全检测设备的性能测试方法,所述网络安全检测设备旁路部署于测试环境中,所述测试环境包括第一终端设备、网络设备和第二终端设备,所述性能测试方法包括:The first aspect of the present application provides a method for testing the performance of a network security detection device. The network security detection device is side-by-side deployed in a test environment, and the test environment includes a first terminal device, a network device, and a second terminal device. The performance testing methods mentioned above include:

生成测试文件,其中,测试文件中包括病毒样本文件;Generate a test file, wherein the test file includes a virus sample file;

使用网络设备将测试文件从第一终端设备传输至第二终端设备,生成镜像流量发送至网络安全检测设备;Using the network device to transfer the test file from the first terminal device to the second terminal device, generating mirrored traffic and sending it to the network security detection device;

使用网络安全检测设备对网络设备的镜像流量进行检测,生成检测日志;Use network security detection equipment to detect the mirrored traffic of network devices and generate detection logs;

获取传输后文件,传输后文件为第二终端设备收到的文件;Obtaining the transferred file, where the transferred file is a file received by the second terminal device;

判断传输后文件的MD5值是否等于测试文件的MD5值;Determine whether the MD5 value of the transferred file is equal to the MD5 value of the test file;

若传输后文件的MD5值等于测试文件的MD5值,则判断检测日志中是否包括测试文件对应的日志信息;If the MD5 value of the file after transmission is equal to the MD5 value of the test file, then judge whether the log information corresponding to the test file is included in the detection log;

若检测日志中包括测试文件对应的日志信息,则从检测日志获取病毒留存文件;If the detection log includes the log information corresponding to the test file, the virus retention file is obtained from the detection log;

判断病毒留存文件的MD5值是否等于病毒样本文件的MD5值;Determine whether the MD5 value of the virus retention file is equal to the MD5 value of the virus sample file;

若病毒留存文件的MD5值等于病毒样本文件的MD5值,则输出测试结果为成功。If the MD5 value of the virus remaining file is equal to the MD5 value of the virus sample file, the output test result is successful.

在一些实施例中,所述性能测试方法还包括:In some embodiments, the performance testing method also includes:

若传输后文件的MD5值不等于测试文件的MD5值,则使无效次数加一,其中,无效次数初始值为零;If the MD5 value of the file after transmission is not equal to the MD5 value of the test file, then add one to the number of invalid times, where the initial value of the number of invalid times is zero;

判断无效次数是否小于预设阈值;Judging whether the number of invalidations is less than a preset threshold;

若无效次数小于预设阈值,则继续执行生成测试文件的步骤。If the number of invalid times is less than the preset threshold, continue to execute the step of generating the test file.

在一些实施例中,所述性能测试方法还包括:In some embodiments, the performance testing method also includes:

若无效次数大于或者等于预设阈值,则输出测试结果为失败。If the number of invalid times is greater than or equal to the preset threshold, the output test result is failure.

在一些实施例中,测试文件包括白名单测试文件和黑名单测试文件,其中白名单测试文件和黑名单测试文件均包括病毒样本文件,黑名单测试文件的文件类型为预设类型,白名单测试文件的文件类型与预设类型不同;In some embodiments, the test file includes a whitelist test file and a blacklist test file, wherein both the whitelist test file and the blacklist test file include a virus sample file, the file type of the blacklist test file is a preset type, and the whitelist test file The file type of the file is different from the preset type;

网络安全检测设备被配置为检测预设类型的文件;The network security detection device is configured to detect files of preset types;

其中,判断检测日志中是否包括测试文件,若检测日志中包括测试文件,则从检测日志获取病毒留存文件,包括:Wherein, it is judged whether the test file is included in the detection log, and if the test file is included in the detection log, the virus retention file is obtained from the detection log, including:

判断检测日志是否包括对应于黑名单测试文件的日志信息;Judging whether the detection log includes log information corresponding to the blacklist test file;

若检测日志中包括对应于黑名单测试文件的日志信息,则判断检测日志是否包括对应于白名单测试文件的日志信息;If the detection log includes log information corresponding to the blacklist test file, then it is judged whether the detection log includes log information corresponding to the whitelist test file;

若检测日志不包括对应于白名单测试文件的日志信息,则从检测日志获取病毒留存文件。If the detection log does not include log information corresponding to the whitelist test file, then obtain the remaining virus file from the detection log.

在一些实施例中,所述性能测试方法还包括:In some embodiments, the performance testing method also includes:

若检测日志中不包括对应于黑名单测试文件的日志信息,则输出测试结果为失败。If the detection log does not include the log information corresponding to the blacklist test file, the output test result is failure.

在一些实施例中,所述性能测试方法还包括:In some embodiments, the performance testing method also includes:

若检测日志包括对应于白名单测试文件的日志信息,则输出测试结果为失败。If the detection log includes log information corresponding to the whitelist test file, the output test result is failure.

在一些实施例中,所述性能测试方法还包括:In some embodiments, the performance testing method also includes:

若病毒留存文件的MD5值不等于病毒样本文件的MD5值,则输出测试结果为失败。If the MD5 value of the virus remaining file is not equal to the MD5 value of the virus sample file, the output test result is failure.

在一些实施例中,第一终端设备为客户端,第二终端设备为服务器;或者,第一终端为服务器,第二终端设备为客户端。In some embodiments, the first terminal device is a client, and the second terminal device is a server; or, the first terminal is a server, and the second terminal device is a client.

本申请第二方面提供一种终端装置,包括:至少一个处理器和存储器;所述存储器,用于存储程序指令;所述处理器,用于调用并执行所述存储器中存储的程序指令,以使所述终端装置执行如本申请第一方面所述的一种网络安全检测设备的性能测试方法。The second aspect of the present application provides a terminal device, including: at least one processor and a memory; the memory is used to store program instructions; the processor is used to call and execute the program instructions stored in the memory to The terminal device is made to execute the performance testing method of a network security testing device as described in the first aspect of the present application.

本申请第三方面提供一种计算机可读存储介质,所述计算机可读存储介质中存储有指令,当其在计算机上运行时,使得所述计算机执行如本申请第一方面所述的一种网络安全检测设备的性能测试方法。The third aspect of the present application provides a computer-readable storage medium, the computer-readable storage medium stores instructions, and when the computer-readable storage medium is run on a computer, the computer executes a A performance test method for network security testing equipment.

本申请提供的一种网络安全检测设备的性能测试方法,所述网络安全检测设备旁路部署于测试环境中,所述测试环境包括第一终端设备、网络设备和第二终端设备,所述性能测试方法包括:生成测试文件;使用所述网络设备将所述测试文件从第一终端设备传输至第二终端设备,生成镜像流量发送至所述网络安全检测设备;使用所述网络安全检测设备对所述网络设备的镜像流量进行检测,生成检测日志;获取第二终端接收到的传输后文件;若所述传输后文件的MD5值等于所述测试文件的MD5值,则判断所述检测日志中是否包括所述测试文件对应的日志信息;若从所述检测日志中获取病毒留存文件,与所述病毒样本文件的MD5值进行比对;若所述病毒留存文件的MD5值等于所述病毒样本文件的MD5值,则输出测试结果为成功。所述性能测试方法使用网络设备的镜像流量作为测试数据,无需抓取重放报文,并且根据传输后文件、测试文件、检测日志以及病毒留存文件等共同确认测试结果,以提高测试准确率。The present application provides a method for testing the performance of a network security detection device. The network security detection device is side-by-side deployed in a test environment, and the test environment includes a first terminal device, a network device, and a second terminal device. The performance The test method includes: generating a test file; using the network device to transmit the test file from the first terminal device to the second terminal device, generating mirrored traffic and sending it to the network security detection device; using the network security detection device to The mirrored traffic of the network device is detected, and a detection log is generated; the file after transmission received by the second terminal is obtained; if the MD5 value of the file after the transmission is equal to the MD5 value of the test file, then it is judged that in the detection log Whether to include the log information corresponding to the test file; if the virus retention file is obtained from the detection log, compare it with the MD5 value of the virus sample file; if the MD5 value of the virus retention file is equal to the virus sample The MD5 value of the file, the output test result is success. The performance testing method uses mirrored traffic of network devices as test data without grabbing and replaying messages, and jointly confirms test results based on transmitted files, test files, detection logs, and virus retention files to improve test accuracy.

附图说明Description of drawings

图1示例性给出本申请实施例所适用的一种测试环境;Fig. 1 exemplarily provides a kind of test environment applicable to the embodiment of the present application;

图2示例性给出本申请实施例所适用的一种网络安全检测设备的各功能开关的界面示意图;FIG. 2 exemplarily shows a schematic interface diagram of various function switches of a network security detection device applicable to the embodiment of the present application;

图3示例性给出本申请实施例提供的一种网络安全检测设备的性能测试方法的工作流程示意图;FIG. 3 exemplarily shows a schematic workflow diagram of a performance testing method for a network security detection device provided in an embodiment of the present application;

图4示例性给出本申请实施例所适用的一种测试环境。FIG. 4 exemplarily shows a test environment applicable to the embodiment of the present application.

具体实施方式detailed description

为解决目前的网络安全检测设备的性能测试方法中,如果重放报文抓取不完整,则有可能导致网络安全检测设备误报,进而导致测试结果不准确的问题,本申请通过以下实施例提供一种网络安全检测设备的性能测试方法。In order to solve the problem that in the current performance test method of network security testing equipment, if the replay message capture is incomplete, it may lead to false positives of the network security testing equipment, and then lead to inaccurate test results, the application adopts the following embodiments A performance testing method of network security testing equipment is provided.

本申请实施例提供的所述性能测试方法用于测试网络安全检测设备的病毒检测性能,所述网络安全检测设备旁路部署于测试环境中,其中,所述测试环境包括第一终端设备、网路设备和第二终端设备。在本申请中以全流量取证系统(Total flow forensicssystem,TFS)作为网络安全检测设备为示例,说明所提供的测试方法的实施方式。参见图1,示例性给出本申请实施例所适用的测试环境的结构示意图。如图1所示,网络设备可以是SW(Switch,交换机)。在本实施例中,在SW中配置端口镜像,将客户端和服务器之间传输的报文镜像发送给待测试的TFS,以测试TFS的病毒检测性能。The performance testing method provided in the embodiment of the present application is used to test the virus detection performance of the network security detection device, and the network security detection device is deployed in a test environment in a bypass, wherein the test environment includes a first terminal device, a network Road equipment and the second terminal equipment. In this application, a total flow forensics system (TFS) is taken as an example of a network security detection device to illustrate the implementation of the provided testing method. Referring to FIG. 1 , a schematic structural diagram of a test environment applicable to an embodiment of the present application is exemplarily given. As shown in FIG. 1 , the network device may be a SW (Switch, switch). In this embodiment, port mirroring is configured in the SW, and the packet mirroring transmitted between the client and the server is sent to the TFS to be tested, so as to test the virus detection performance of the TFS.

在一些实施例中,第一终端设备可以是PC(客户端),对应的,第二终端设备可以是服务器,对应的报文传输过程可以是文件上传。在一些实施例中,第一终端设备可以是服务器,对应的,第二终端设备可以是客户端,对应的报文传输过程可以是文件下载。在一些实施例中,所述测试环境还包括管理PC,通过SSH(Secure Shell,安全协议外壳)连接控制待测试设备TFS、客户端及服务器。仅作为示例而非限定,第一终端设备和第二终端设备可以是服务器、个人电脑、智能手机、平板电脑中的至少一种,对于第一终端设备和第二终端设备具体是何种设备,本申请实施例不做具体限定,只要是两者之间能够实现完整的报文传输过程即可。In some embodiments, the first terminal device may be a PC (client), and correspondingly, the second terminal device may be a server, and the corresponding message transmission process may be file uploading. In some embodiments, the first terminal device may be a server, and correspondingly, the second terminal device may be a client, and the corresponding message transmission process may be file downloading. In some embodiments, the test environment also includes a management PC, which controls the device under test TFS, client and server through SSH (Secure Shell, secure protocol shell) connection. Only as an example and not a limitation, the first terminal device and the second terminal device may be at least one of a server, a personal computer, a smart phone, and a tablet computer. For the first terminal device and the second terminal device, what kind of devices are they? The embodiment of the present application does not make specific limitations, as long as a complete message transmission process can be realized between the two.

配置所述测试环境时,在服务器上部署HTTP、FTP、邮箱、Samba服务,对外提供相关的服务,保证客户端能正常使用服务器上提供的各项服务;将待测试的病毒样本文件(包含多个含病毒、不含病毒的样本)分别存放到服务器及客户端的预先指定的目录下,示例性的,upload_virus目录。将TFS上病毒检测策略总开关、启用服务(协议或应用)、服务动作(上传、下载)、文件类型作为配置参数加入参数池;参见图2,为示例性给出TFS上的各功能开关的示意图。When configuring the test environment, deploy HTTP, FTP, mailbox, and Samba services on the server to provide relevant services externally to ensure that the client can normally use the services provided on the server; the virus sample files to be tested (including multiple virus-containing and virus-free samples) are respectively stored in the pre-designated directory of the server and the client, for example, the upload_virus directory. Add the general switch of the virus detection strategy on TFS, enable service (protocol or application), service action (upload, download), and file type as configuration parameters into the parameter pool; see Figure 2, which is an example of each function switch on TFS schematic diagram.

参见图3,本申请提供的所述性能测试方法包括步骤101-109。Referring to FIG. 3 , the performance testing method provided in this application includes steps 101-109.

步骤101,生成测试文件,其中,所述测试文件包括病毒样本文件。在一些实施例中,将参数池各参数配置进行组合,得到一组测试用例集合,依次执行各个测试用例,按照测试用例中的文件类型来压缩病毒样本文件生成相应的测试文件。相应的,根据测试用例中的配置参数配置所述网络安全检测设备。Step 101, generating a test file, wherein the test file includes a virus sample file. In some embodiments, a set of test cases is obtained by combining parameter configurations in the parameter pool, each test case is executed sequentially, and virus sample files are compressed according to file types in the test cases to generate corresponding test files. Correspondingly, the network security detection device is configured according to the configuration parameters in the test case.

步骤102,使用所述网络设备将所述测试文件从第一终端设备传输至第二终端设备,生成镜像流量发送至所述网络安全检测设备。控制测试PC客户端根据测试用例中的服务(HTTP、FTP、邮箱(SMTP、IMAP、POP3)、SMB)和服务动作来上传或下载测试样本文件。Step 102, using the network device to transmit the test file from the first terminal device to the second terminal device, generating mirrored traffic and sending it to the network security detection device. The control test PC client uploads or downloads the test sample file according to the service (HTTP, FTP, mailbox (SMTP, IMAP, POP3), SMB) and service action in the test case.

步骤103,使用所述网络安全检测设备对所述网络设备的镜像流量进行检测,生成检测日志。在本申请实施例中,安全检测设备对网络设备的镜像流量进行检测,不用再抓取重放报文。Step 103, using the network security detection device to detect the mirrored traffic of the network device, and generate a detection log. In the embodiment of the present application, the security detection device detects the mirrored traffic of the network device without capturing and replaying packets.

步骤104,获取传输后文件,所述传输后文件为所述第二终端设备收到的文件。Step 104, acquire a file after transmission, where the file after transmission is a file received by the second terminal device.

步骤105,判断所述传输后文件的MD5值是否等于所述测试文件的MD5值。在本申请实施例中,先通过传输后问价您的MD5值和所述测试文件的MD5值,判断第二终端设备收到的文件是否完整,以确定此次传输过程是否正常。Step 105, judging whether the MD5 value of the transmitted file is equal to the MD5 value of the test file. In the embodiment of the present application, firstly ask your MD5 value and the MD5 value of the test file after transmission to determine whether the file received by the second terminal device is complete, so as to determine whether the transmission process is normal.

步骤106,若所述传输后文件的MD5值等于所述测试文件的MD5值,则判断所述检测日志中是否包括所述测试文件对应的日志信息。在本申请实施例中,只有当所述传输后文件的MD5值等于所述测试文件的MD5值,即此次传输过程是正常的,再判断所述网络安全检测设备生成的所述检测日志中是否包括所述测试文件对应的日志信息。Step 106, if the MD5 value of the transmitted file is equal to the MD5 value of the test file, then judge whether the detection log includes the log information corresponding to the test file. In the embodiment of the present application, only when the MD5 value of the file after the transmission is equal to the MD5 value of the test file, that is, the transmission process is normal, then it is judged that in the detection log generated by the network security detection device Whether to include the log information corresponding to the test file.

在一种实现方式中,可以通过比对所述检测日志中记录的文件名、文件MD5值是否与所述测试文件一致,以判断所述检测日志中是否包括所述测试文件对应的日志信息。In an implementation manner, it may be determined whether the detection log includes the log information corresponding to the test file by comparing whether the file name and the MD5 value of the file recorded in the detection log are consistent with the test file.

步骤107,若所述检测日志中包括所述测试文件对应的日志信息,则从所述检测日志获取病毒留存文件。目前的测试方法中一般只根据所述网络安全检测设备的检测日志作为测试结果的判定依据,但是日志往往只是直观放映结果的一个方面,拿日志作为最后的判定结果相对来说比较片面。在本申请实施例中,不仅通过检测日志作为判定依据,而且进一步下载所述检测日志中的病毒留存文件进行分析。示例性的,可以通过调用全流量聚合设备日志API接口进行检测日志查询以及下载所述病毒留存文件。Step 107, if the detection log includes the log information corresponding to the test file, obtain the remaining virus file from the detection log. In the current test method, generally only the detection log of the network security detection equipment is used as the judgment basis of the test result, but the log is often only one aspect of the visual projection result, and it is relatively one-sided to take the log as the final judgment result. In the embodiment of the present application, not only the detection log is used as the basis for determination, but also the remaining virus files in the detection log are further downloaded for analysis. Exemplarily, the query of the detection log and the download of the remaining virus file can be performed by calling the full traffic aggregation device log API interface.

在一些实施例中,可能出现所述检测日志中包括所述测试文件对应的日志信息,但是所述检测日志中无法获取到对应的病毒留存文件,此时也认为测试失败,输出测试结果为失败。In some embodiments, it may occur that the detection log includes the log information corresponding to the test file, but the corresponding virus retention file cannot be obtained in the detection log, at this time, the test is also considered to have failed, and the output test result is failure .

步骤108,判断所述病毒留存文件的MD5值是否等于所述病毒样本文件的MD5值。Step 108, judging whether the MD5 value of the virus remaining file is equal to the MD5 value of the virus sample file.

步骤109,若所述病毒留存文件的MD5值等于所述病毒样本文件的MD5值,则输出测试结果为成功。Step 109, if the MD5 value of the virus remaining file is equal to the MD5 value of the virus sample file, output the test result as success.

在一些实施例中,所述性能测试方法包括:若所述病毒留存文件的MD5值不等于所述病毒样本文件的MD5值,则执行步骤110:输出测试结果为失败。In some embodiments, the performance testing method includes: if the MD5 value of the retained virus file is not equal to the MD5 value of the virus sample file, perform step 110: output the test result as failure.

在本申请实施例中,若所述传输后文件的MD5值不等于所述测试文件的MD5值,则认为此次传输过程存在异常,对应的测试结果不可信。在一些实施例中,针对传输过程存在异常的测试文件,会再次传输该文件,进行相应的测试。在这些实施例中,所述性能测试方法还包括步骤111-113。In this embodiment of the application, if the MD5 value of the transmitted file is not equal to the MD5 value of the test file, it is considered that there is an abnormality in the transmission process, and the corresponding test result is not credible. In some embodiments, for a test file with an abnormality in the transmission process, the file is transmitted again to perform a corresponding test. In these embodiments, the performance testing method further includes steps 111-113.

步骤111,若所述传输后文件的MD5值不等于所述测试文件的MD5值,则使无效次数加一,其中,所述无效次数初始值为零。Step 111, if the MD5 value of the transmitted file is not equal to the MD5 value of the test file, add one to the invalidation count, wherein the initial value of the invalidation count is zero.

步骤112,判断所述无效次数是否小于预设阈值。Step 112, judging whether the number of times of invalidation is less than a preset threshold.

若所述无效次数小于所述预设阈值,则继续执行步骤101,生成测试文件。在一些实施例中,可以将所述测试文件对应的测试用例重新放置到待测试的测试用例集合中,重新执行。If the number of times of invalidation is less than the preset threshold, continue to execute step 101 to generate a test file. In some embodiments, the test case corresponding to the test file may be relocated to the set of test cases to be tested and re-executed.

在一些实施例中,所述性能测试方法还包括:若所述无效次数大于或者等于所述预设阈值,则执行步骤110,输出测试结果为失败,并终止执行当前的所述性能测试方法。此时,可能说明测试环境的设置或者网络设备的设置存在缺陷,需要进行相应的调整。In some embodiments, the performance testing method further includes: if the number of invalidations is greater than or equal to the preset threshold, execute step 110, output the test result as failure, and terminate execution of the current performance testing method. At this time, it may indicate that there are defects in the settings of the test environment or network equipment, and corresponding adjustments are required.

在一些实施例中,在步骤109或者步骤110之后,即输出测试结果之后,可以继续执行下一个测试用例,相应的生成测试文件以及配置所述网络安全检测设备。当测试用例集合中的所有测试用例执行完毕,根据测试记录生成测试报告,可以自动通过邮件发送给测试人员。In some embodiments, after step 109 or step 110, that is, after the test result is output, the next test case may be executed, correspondingly generate test files and configure the network security detection device. When all the test cases in the test case collection are executed, a test report is generated according to the test records, which can be automatically sent to the testers by email.

从图2中可以看出,所述网络安全检测设备可以针对不同的文件类型进行检测。如此,在一些实施例中,测试用例中可以针对文件类型设置黑名单测试文件和白名单测试文件,所述白名单测试文件和所述黑名单测试文件均包括病毒样本文件,所述黑名单测试文件的文件类型为预设类型,所述白名单测试文件的文件类型与所述预设类型不同;相应的,所述网络安全检测设备被配置为检测所述预设类型的文件。It can be seen from FIG. 2 that the network security detection device can detect different file types. Thus, in some embodiments, blacklist test files and whitelist test files can be set for file types in the test case, and both the whitelist test files and the blacklist test files include virus sample files, and the blacklist test files The file type of the file is a preset type, and the file type of the whitelist test file is different from the preset type; correspondingly, the network security detection device is configured to detect the file of the preset type.

示例性的,当前测试用例中,预设类型为“.exe”,则生成的黑名单测试文件是包含病毒样本文件的“.exe”类型文件,生成的白名单测试文件是包含病毒样本文件的非“.exe”类型文件,可以是“.7z”类型文件,也可以是“.com”类型文件;所述网络安全检测设备被配置为检测“.exe”类型的病毒样本文件。Exemplarily, in the current test case, the preset type is ".exe", then the generated blacklist test file is a ".exe" type file containing a virus sample file, and the generated whitelist test file is a file containing a virus sample file The non-".exe" type file may be a ".7z" type file or a ".com" type file; the network security detection device is configured to detect virus sample files of the ".exe" type.

在这些实施例中,步骤106-107进一步包括:In these embodiments, steps 106-107 further include:

步骤201,判断所述检测日志是否包括对应于所述黑名单测试文件的日志信息。Step 201, judging whether the detection log includes log information corresponding to the blacklist test file.

步骤202,若所述检测日志中包括对应于所述黑名单测试文件的日志信息,则判断所述检测日志是否包括对应于所述白名单测试文件的日志信息。Step 202: If the detection log includes log information corresponding to the blacklist test file, determine whether the detection log includes log information corresponding to the whitelist test file.

步骤203,若所述检测日志不包括对应于所述白名单测试文件的日志信息,则从所述检测日志获取病毒留存文件。Step 203, if the detection log does not include the log information corresponding to the whitelist test file, obtain the remaining virus file from the detection log.

在一些实施例中,步骤106-步骤107中还包括:步骤204,若所述检测日志中不包括对应于所述黑名单测试文件的日志信息,则输出测试结果为失败。In some embodiments, steps 106-107 further include: step 204, if the detection log does not include log information corresponding to the blacklist test file, output the test result as failure.

在一些实施例中,步骤106-107中还包括:步骤205,若所述检测日志包括对应于所述白名单测试文件的日志信息,则输出测试结果为失败。In some embodiments, steps 106-107 further include: step 205, if the detection log includes log information corresponding to the whitelist test file, output the test result as failure.

本申请实施例提供一种网络安全检测设备的性能测试方法,所述网络安全检测设备旁路部署于测试环境中,所述测试环境包括第一终端设备、网络设备和第二终端设备,所述性能测试方法包括:生成测试文件;使用所述网络设备将所述测试文件从第一终端设备传输至第二终端设备,生成镜像流量发送至所述网络安全检测设备;使用所述网络安全检测设备对所述网络设备的镜像流量进行检测,生成检测日志;获取第二终端接收到的传输后文件;若所述传输后文件的MD5值等于所述测试文件的MD5值,则判断所述检测日志中是否包括所述测试文件对应的日志信息;若从所述检测日志中获取病毒留存文件,与所述病毒样本文件的MD5值进行比对;若所述病毒留存文件的MD5值等于所述病毒样本文件的MD5值,则输出测试结果为成功。所述性能测试方法,使用网络设备的镜像流量作为测试数据,无需抓取重放报文,并且根据传输后文件、测试文件、检测日志以及病毒留存文件等共同确认测试结果,以提高测试准确率。An embodiment of the present application provides a method for testing performance of a network security detection device. The network security detection device is side-by-side deployed in a test environment, and the test environment includes a first terminal device, a network device, and a second terminal device. The performance testing method includes: generating a test file; using the network device to transmit the test file from the first terminal device to the second terminal device, generating mirrored traffic and sending it to the network security detection device; using the network security detection device Detecting the mirrored traffic of the network device, generating a detection log; obtaining the transmitted file received by the second terminal; if the MD5 value of the transmitted file is equal to the MD5 value of the test file, then judging the detection log Whether the log information corresponding to the test file is included in the test file; if the virus retention file is obtained from the detection log, compare it with the MD5 value of the virus sample file; if the MD5 value of the virus retention file is equal to the virus The MD5 value of the sample file, the output test result is success. The performance test method uses the mirrored traffic of the network equipment as the test data, without grabbing the replay message, and confirms the test results according to the transmitted files, test files, detection logs and virus retention files, etc., to improve the test accuracy .

进一步,以上实施例提供的所述性能测试方法结合TFS设备特点,将病毒样本文件的留存成功与否、病毒留存文件是否正确作为测试成功的判断依据,从而对整个测试形成一个结果闭环,以用户的视角来考量测试结果的成功与否,从而提升整体的测试质量。Further, the performance test method provided in the above embodiment combines the characteristics of TFS equipment, and uses whether the virus sample file is successfully retained and whether the virus retained file is correct as the basis for judging the success of the test, thereby forming a closed-loop result for the entire test, and user Consider the success or failure of the test results from a different perspective, thereby improving the overall test quality.

以上实施例提供的所述性能测试方法,可以结合测试用例集合,使用管理PC依次执行各个测试用例,解放手工操作,提高整体的测试效率,为所述网络安全检测设备的日常版本测试能更好的保驾护航;有效地提升测试样本的数量、测试套件的复杂组合度等。进一步的,所述性能测试方法的可扩展性强;当所述网络安全检测设备的功能扩展后,如支持更多的传输协议或者文件类型后,只需要适当在第一终端设备和第二终端设备上增加相应的工具集,即可以实现新功能的验证。The performance testing method provided in the above embodiment can be combined with a set of test cases, use the management PC to execute each test case in turn, liberate manual operations, improve the overall test efficiency, and provide better performance for the daily version test of the network security detection equipment. Escort; effectively increase the number of test samples, the complexity of the combination of test suites, etc. Further, the performance testing method has strong scalability; when the function of the network security detection device is expanded, such as supporting more transmission protocols or file types, it only needs to be properly installed on the first terminal device and the second terminal device. The verification of new functions can be realized by adding the corresponding tool set on the device.

参见图4,在一些实施例中,所述性能测试方法可以同时测试多台旁路部署在测试环境中的网络安全检测设备,其中,所述测试环境还包括分流设备;所述分流设备将所述网络设备(SW)生成的镜像流量分流至各个网络安全检测设备。各个网络安全检测设备根据接收到的镜像流量进行安全检测,各自生成对应的检测日志。Referring to Fig. 4, in some embodiments, the performance testing method can simultaneously test a plurality of network security detection devices bypass deployed in the test environment, wherein the test environment also includes a distribution device; the distribution device will The mirror traffic generated by the network device (SW) is distributed to each network security detection device. Each network security detection device performs security detection according to the received mirrored traffic, and generates corresponding detection logs.

本申请实施例还提供一种终端装置,包括:至少一个处理器和存储器;所述存储器,用于存储程序指令;所述处理器,用于调用并执行所述存储器中存储的程序指令,以使所述终端装置执行如前述实施例提供的网络安全检测设备的性能测试方法。The embodiment of the present application also provides a terminal device, including: at least one processor and a memory; the memory is used to store program instructions; the processor is used to call and execute the program instructions stored in the memory to The terminal device is made to execute the performance testing method of the network security testing equipment provided in the foregoing embodiments.

具体实现中,本申请实施例还提供一种计算机可读存储介质,所述计算机可读存储介质中存储有指令,当其在计算机上运行时,使得所述计算机执行如前述实施例提供的网络安全检测设备的性能测试方法。所述计算机可读介质的存储介质可为磁碟、光盘、只读存储记忆体(英文:read-only memory,简称:ROM)或随机存储记忆体(英文:random accessmemory,简称:RAM)等。In the specific implementation, the embodiment of the present application also provides a computer-readable storage medium, the computer-readable storage medium stores instructions, and when it is run on a computer, the computer executes the network A performance test method for safety testing equipment. The storage medium of the computer-readable medium may be a magnetic disk, an optical disk, a read-only memory (English: read-only memory, abbreviated: ROM) or a random access memory (English: random access memory, abbreviated: RAM), etc.

本申请实施例中所描述的性能测试方法的步骤可以直接嵌入硬件、处理器执行的软件单元、或者这两者的结合。软件单元可以存储于RAM存储器、闪存、ROM存储器、EPROM存储器、EEPROM存储器、寄存器、硬盘、可移动磁盘、CD-ROM或本领域中其它任意形式的存储媒介中。示例性地,存储媒介可以与处理器连接,以使得处理器可以从存储媒介中读取信息,并可以向存储媒介存写信息。可选地,存储媒介还可以集成到处理器中。处理器和存储媒介可以设置于ASIC中,ASIC可以设置于UE中。可选地,处理器和存储媒介也可以设置于UE中的不同的部件中。The steps of the performance testing method described in the embodiments of the present application may be directly embedded in hardware, a software unit executed by a processor, or a combination of both. The software unit may be stored in RAM memory, flash memory, ROM memory, EPROM memory, EEPROM memory, registers, hard disk, removable disk, CD-ROM or any other storage medium in the art. Exemplarily, the storage medium can be connected to the processor, so that the processor can read information from the storage medium, and can write information to the storage medium. Optionally, the storage medium can also be integrated into the processor. The processor and the storage medium can be set in the ASIC, and the ASIC can be set in the UE. Optionally, the processor and the storage medium may also be set in different components in the UE.

应理解,在本申请的各种实施例中,各过程的序号的大小并不意味着执行顺序的先后,各过程的执行顺序应以其功能和内在逻辑确定,而不应对本申请实施例的实施过程构成任何限定。It should be understood that in various embodiments of the present application, the serial numbers of the processes do not mean the order of execution, and the execution order of the processes should be determined by their functions and internal logic, rather than by the implementation order of the embodiments of the present application. The implementation process constitutes no limitation.

在上述实施例中,可以全部或部分地通过软件、硬件、固件或者其任意组合来实现。当使用软件实现时,可以全部或部分地以计算机程序产品的形式实现。所述计算机程序产品包括一个或多个计算机指令。在计算机上加载和执行所述计算机程序指令时,全部或部分地产生按照本申请实施例所述的流程或功能。所述计算机可以是通用计算机、专用计算机、计算机网络、或者其他可编程装置。所述计算机指令可以存储在计算机可读存储介质中,或者从一个计算机可读存储介质向另一个计算机可读存储介质传输,例如,所述计算机指令可以从一个网站站点、计算机、服务器或数据中心通过有线(例如同轴电缆、光纤、数字用户线(DSL))或无线(例如红外、无线、微波等)方式向另一个网站站点、计算机、服务器或数据中心进行传输。所述计算机可读存储介质可以是计算机能够存取的任何可用介质或者是包含一个或多个可用介质集成的服务器、数据中心等数据存储设备。所述可用介质可以是磁性介质,(例如,软盘、硬盘、磁带)、光介质(例如,DVD)、或者半导体介质(例如固态硬盘Solid State Disk(SSD))等。In the above embodiments, all or part of them may be implemented by software, hardware, firmware or any combination thereof. When implemented using software, it may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When the computer program instructions are loaded and executed on the computer, the processes or functions according to the embodiments of the present application will be generated in whole or in part. The computer can be a general purpose computer, a special purpose computer, a computer network, or other programmable devices. The computer instructions may be stored in or transmitted from one computer-readable storage medium to another computer-readable storage medium, for example, the computer instructions may be transmitted from a website, computer, server or data center Transmission to another website site, computer, server, or data center by wired (eg, coaxial cable, optical fiber, digital subscriber line (DSL)) or wireless (eg, infrared, wireless, microwave, etc.). The computer-readable storage medium may be any available medium that can be accessed by a computer, or a data storage device such as a server or a data center integrated with one or more available media. The available medium may be a magnetic medium (for example, a floppy disk, a hard disk, or a magnetic tape), an optical medium (for example, DVD), or a semiconductor medium (for example, a Solid State Disk (SSD)).

本说明书的各个实施例之间相同相似的部分互相参见即可,每个实施例重点介绍的都是与其他实施例不同之处。尤其,对于系统实施例而言,由于其基本相似于方法实施例,所以描述的比较简单,相关之处参见方法实施例部分的说明即可。The same and similar parts of the various embodiments in this specification can be referred to each other, and each embodiment focuses on the differences from other embodiments. In particular, for the system embodiment, since it is basically similar to the method embodiment, the description is relatively simple, and for the related parts, please refer to the description of the method embodiment.

本领域的技术人员可以清楚地了解到本发明实施例中的技术可借助软件加必需的通用硬件平台的方式来实现。基于这样的理解,本发明实施例中的技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品可以存储在存储介质中,如ROM/RAM、磁碟、光盘等,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本发明各个实施例或者实施例的某些部分所述的性能测试方法。Those skilled in the art can clearly understand that the technologies in the embodiments of the present invention can be implemented by means of software plus a necessary general-purpose hardware platform. Based on this understanding, the essence of the technical solutions in the embodiments of the present invention or the part that contributes to the prior art can be embodied in the form of software products, and the computer software products can be stored in storage media, such as ROM/RAM , magnetic disk, optical disk, etc., including several instructions to make a computer device (which may be a personal computer, server, or network equipment, etc.) execute the performance testing method described in various embodiments or some parts of the embodiments of the present invention.

Claims (10)

1. A performance test method of a network security detection device is characterized in that the network security detection device is deployed in a test environment by-pass, the test environment comprises a first terminal device, a network device and a second terminal device, and the performance test method comprises the following steps:
generating a test file, wherein the test file comprises a virus sample file;
transmitting the test file from the first terminal equipment to the second terminal equipment by using the network equipment, generating mirror image flow and sending the mirror image flow to the network security detection equipment;
detecting the mirror image flow of the network equipment by using the network security detection equipment to generate a detection log;
acquiring a transmitted file, wherein the transmitted file is a file received by the second terminal device;
judging whether the MD5 value of the transmitted file is equal to the MD5 value of the test file;
if the MD5 value of the transmitted file is equal to the MD5 value of the test file, judging whether the detection log comprises log information corresponding to the test file;
if the detection log comprises log information corresponding to the test file, acquiring a virus retention file from the detection log;
judging whether the MD5 value of the virus retention file is equal to the MD5 value of the virus sample file;
and if the MD5 value of the virus retention file is equal to the MD5 value of the virus sample file, outputting a test result as success.
2. The performance testing method of claim 1, further comprising:
if the MD5 value of the transmitted file is not equal to the MD5 value of the test file, adding one to the invalid times, wherein the initial value of the invalid times is zero;
judging whether the invalid times are smaller than a preset threshold value or not;
and if the invalid times are smaller than the preset threshold value, continuing to execute the step of generating the test file.
3. The performance testing method of claim 2, further comprising:
and if the invalid times are greater than or equal to the preset threshold value, outputting a test result as failure.
4. The performance testing method of claim 1, wherein the test files comprise a white list test file and a black list test file, wherein the white list test file and the black list test file both comprise a virus sample file, the file type of the black list test file is a preset type, and the file type of the white list test file is different from the preset type;
the network security detection device is configured to detect the preset type of file;
judging whether the test file is included in the detection log, and if the test file is included in the detection log, acquiring a virus retention file from the detection log, wherein the method comprises the following steps:
judging whether the detection log comprises log information corresponding to the blacklist test file or not;
if the detection log comprises log information corresponding to the blacklist test file, judging whether the detection log comprises the log information corresponding to the whitelist test file;
and if the detection log does not comprise log information corresponding to the white list test file, acquiring a virus retention file from the detection log.
5. The performance testing method of claim 4, further comprising:
and if the detection log does not comprise the log information corresponding to the blacklist test file, outputting a test result as failure.
6. The performance testing method of claim 4, further comprising:
and if the detection log comprises log information corresponding to the white list test file, outputting a test result as failure.
7. The performance testing method of claim 1, further comprising:
and if the MD5 value of the virus retention file is not equal to the MD5 value of the virus sample file, outputting a test result as failure.
8. The performance testing method according to claim 1, wherein the first terminal device is a client, and the second terminal device is a server;
or,
the first terminal device is a server, and the second terminal device is a client.
9. A terminal device, comprising: at least one processor and a memory;
the memory to store program instructions;
the processor is used for calling and executing the program instructions stored in the memory so as to enable the terminal device to execute the performance testing method of the network security detection equipment according to any one of claims 1-8.
10. A computer-readable storage medium, characterized in that,
the computer-readable storage medium has stored therein instructions that, when executed on a computer, cause the computer to execute the performance testing method of the network security detection apparatus according to any one of claims 1 to 8.
CN202211247644.1A 2022-10-12 2022-10-12 A performance test method of network security detection equipment Pending CN115622911A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211247644.1A CN115622911A (en) 2022-10-12 2022-10-12 A performance test method of network security detection equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211247644.1A CN115622911A (en) 2022-10-12 2022-10-12 A performance test method of network security detection equipment

Publications (1)

Publication Number Publication Date
CN115622911A true CN115622911A (en) 2023-01-17

Family

ID=84863195

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211247644.1A Pending CN115622911A (en) 2022-10-12 2022-10-12 A performance test method of network security detection equipment

Country Status (1)

Country Link
CN (1) CN115622911A (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101623068B1 (en) * 2015-01-28 2016-05-20 한국인터넷진흥원 System for collecting and analyzing traffic on network
CN110825571A (en) * 2019-10-29 2020-02-21 苏州浪潮智能科技有限公司 Method and device for acquiring error information of test log of Linux system
CN113626232A (en) * 2021-06-30 2021-11-09 苏州浪潮智能科技有限公司 Method, device and equipment for checking server logs and readable medium
CN114095412A (en) * 2021-11-19 2022-02-25 北京天融信网络安全技术有限公司 Safety equipment testing method and device, electronic equipment and storage medium
CN114928564A (en) * 2021-02-03 2022-08-19 华为技术有限公司 Function verification method and device of security component

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101623068B1 (en) * 2015-01-28 2016-05-20 한국인터넷진흥원 System for collecting and analyzing traffic on network
CN110825571A (en) * 2019-10-29 2020-02-21 苏州浪潮智能科技有限公司 Method and device for acquiring error information of test log of Linux system
CN114928564A (en) * 2021-02-03 2022-08-19 华为技术有限公司 Function verification method and device of security component
CN113626232A (en) * 2021-06-30 2021-11-09 苏州浪潮智能科技有限公司 Method, device and equipment for checking server logs and readable medium
CN114095412A (en) * 2021-11-19 2022-02-25 北京天融信网络安全技术有限公司 Safety equipment testing method and device, electronic equipment and storage medium

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
史国振;张萌;付鹏;苏;: "IDS设备检测工具的设计与实现", 信息网络安全, no. 05, 10 May 2016 (2016-05-10), pages 23 - 29 *

Similar Documents

Publication Publication Date Title
CN112231271B (en) Data migration integrity verification method, device, equipment and computer readable medium
CN103581185B (en) Resist the cloud checking and killing method of test free to kill, Apparatus and system
CN103268448B (en) The method and system of the security of detection of dynamic Mobile solution
CN106936688B (en) Notification sending method and device
CN102457841B (en) For detecting the method and apparatus of virus
CN114222320A (en) Method, device, apparatus, storage medium, and program for testing communication device
US20160140345A1 (en) Information processing device, filtering system, and filtering method
CN114095412B (en) Safety equipment testing method and device, electronic equipment and storage medium
CN112650557B (en) A command execution method and device
CN115622911A (en) A performance test method of network security detection equipment
CN112968914A (en) System, method, device and medium for requesting data to be imported into vulnerability scanner in real time
CN111625449A (en) File filtering rule testing method, device, equipment and readable storage medium
Zhang et al. Collapse like a house of cards: Hacking building automation system through fuzzing
CN117376187A (en) Communication protocol detection method and detection system
CN118210696A (en) Protocol interface automatic test method and device, storage medium and electronic equipment
CN113395235B (en) IoT system remote testing method, system and equipment
CN113704087A (en) File service testing method and device of cross-domain transmission equipment and electronic equipment
TW202147158A (en) Computer-implemented methods and systems for pre-analysis of emails for threat detection
CN113448836A (en) Software interface testing method and device, electronic equipment and storage medium
CN116389469A (en) Information pushing method and device, storage medium and electronic equipment
CN113722129B (en) A storage reliability test method and related device
CN114143088B (en) Network fault diagnosis method, device, equipment and computer readable storage medium
CN114356630B (en) Memory leakage detection method, electronic equipment, storage medium and system
Karahoca et al. Forensic benchmarking for android messenger applications
US11836063B2 (en) System, control device, log extraction method, and computer-readable medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination