CN212486538U - Capability verification system for intrusion detection - Google Patents
Capability verification system for intrusion detection Download PDFInfo
- Publication number
- CN212486538U CN212486538U CN202021422528.5U CN202021422528U CN212486538U CN 212486538 U CN212486538 U CN 212486538U CN 202021422528 U CN202021422528 U CN 202021422528U CN 212486538 U CN212486538 U CN 212486538U
- Authority
- CN
- China
- Prior art keywords
- module
- intrusion detection
- decoding
- execution instruction
- test
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Alarm Systems (AREA)
Abstract
The embodiment of the utility model discloses ability verification system to intrusion detection. The method comprises the following steps: the first input module is used for acquiring a number; the first decoding module is connected with the first input module and the memory decoding table and used for inquiring the memory, analyzing the number and generating an execution instruction corresponding to the number; the driving module is connected with the first decoding module and used for driving the testing module according to the execution instruction; and the test module is used for executing the capability verification test of the intrusion detection system. The application is used for testing samples of multiple manufacturers, and achieves the effects of improving the detection efficiency, reducing the detection cost and ensuring the safety of the samples.
Description
Technical Field
The embodiment of the utility model provides a relate to software security technical field, especially relate to a capability verification system to intrusion detection.
Background
With the development of scientific technology, the diversity and the depth of data information are gradually improved, and the data security is more and more important.
The intrusion detection system capability verification article is an intrusion detection system which can flexibly configure the security function of prototype equipment by selecting a control device, and is a sample used by a capability verification provider for evaluating the detection capability of a detection laboratory. The specific implementation process is that a capability verification provider designs and develops an intrusion detection system with functional failure, sends an intrusion detection system capability verification article to a laboratory for detection, verifies whether the detection laboratory can find the existing functional failure or not through the detection result of the detection laboratory, and accordingly evaluates the detection level of the detection laboratory for intrusion detection system products.
However, in order to prevent cross-talk between laboratories and ensure the validity of the test result, after the test of the current laboratory is completed by using the sample, the sample needs to be sent back by the current laboratory, reconfigured, and then sent to the next laboratory for testing. Such an increase in the mailing path not only affects the speed of detection, but also increases the cost of detection due to mailing, and increases the probability of damage.
SUMMERY OF THE UTILITY MODEL
An embodiment of the utility model provides a capability verification system to intrusion detection can realize reducing the transmission repeatedly to the sample to realize improving detection efficiency, reduce the detection cost and ensure the effect of the security of sample.
An embodiment of the utility model provides a capability verification system to intrusion detection, include:
the first input module is used for obtaining a number;
the first decoding module is connected with the first input module and the memory decoding table and used for inquiring the memory, analyzing the number and generating an execution instruction corresponding to the number;
the driving module is connected with the first decoding module and used for driving the testing module according to the execution instruction;
and the test module is used for executing the capability verification test of the intrusion detection system.
Further, the system further comprises: the second input module is connected with the memory and used for inputting a decoding table; the decoding table comprises a number and a corresponding execution instruction.
Further, the first decoding module is specifically configured to: receiving an electrical signal of a first input module; and reading the data content corresponding to the number in the decoding table according to the electric signal to be used as an execution instruction.
Further, the test module operates according to the defect configuration sequence corresponding to the execution instruction.
Further, the number of the numbers contained in the memory is multiple; each number corresponds to 1 or more execution instructions; each 1 execution instruction corresponds to 1 defect configuration sequence.
Preferably, the system of the present application further comprises: and the coding module is used for distributing a number to the sample to be tested, and generating an execution instruction and a defect configuration sequence.
Preferably, the system of the present application further comprises: and the second decoding module is used for responding to the number and determining the defect configuration sequence corresponding to the number.
Preferably, the system of the present application further comprises: and the configuration module is used for acquiring the defect configuration sequence corresponding to the digital number from the second decoding module, and the configuration test module forms an intrusion detection system capability verification article.
Through adopting the technical scheme that this application provided for many manufacturers' sample test can realize reducing the transmission number of times of test article or sample, with the effect of realization improvement detection efficiency, reduction detection cost and the security of ensureing the sample.
According to at least one embodiment of the application, remote configuration and online test of the system can be realized, and the detection efficiency is further improved.
Drawings
Fig. 1 is a schematic structural diagram of a capability verification apparatus for intrusion detection according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of a capability verification apparatus for intrusion detection according to a second embodiment of the present invention;
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be further noted that, for the convenience of description, only some of the structures related to the present invention are shown in the drawings, not all of the structures.
The defect design, configuration and transmission mode of the intrusion detection system capability verification article is that the intrusion detection system has N configurable functional defects (or can not be configured as defects), and a capability verification provider selects M defects from the N configurable functional defects to form X types of intrusion detection system capability verification articles with different defects. The capability verification provider distributes X different capability verification articles to Y (Y > > X) family laboratories for detection. Because Y > X, the sample needs to be sent back to the capability verification provider after each laboratory is tested, the capability verification provider reconfigures the sample and sends the sample to the next laboratory, and records which of the X types of samples the next laboratory belongs to, so as to establish a mapping relationship between the defect type and the laboratory. This sample configuration and delivery scheme may reduce the probability of cross-talk between different laboratories. But also has the following defects: the sample transfer between the laboratory and the capability verification provider wastes time and mailing costs, and the transfer efficiency is low.
Example one
Fig. 1 is a schematic structural diagram of a capability verification device for intrusion detection according to an embodiment of the present invention, which is applicable to the case of intrusion detection, and the capability verification device for intrusion detection can be implemented by software and/or hardware, and can be used to configure a sample for intrusion detection in a laboratory.
As shown in fig. 1, the capability verification apparatus for intrusion detection includes:
the first input module 10 is connected with the first decoding module 21, and comprises an input key used for acquiring a number through the input key;
the first decoding module 21 is connected to the decoding table in the memory 30, and configured to parse the number and generate an execution instruction;
the driving module 40 is connected to the first decoding module 21, and is configured to generate a driving potential according to the execution instruction to drive the testing module 50;
and the test module 50 is connected with the drive module 40 and is used for receiving the drive potential and executing an intrusion detection system capability verification test.
The capability verification test of the intrusion detection system may include a test function as described in GBT20275 and 2013 information security technology network intrusion detection system technical requirement and test evaluation method.
The first input module 10 may be an input device in a laboratory, and may input a number through a keyboard. Preferably, the first input module 10 may be further configured to issue an acquisition request for acquiring a number to acquire, as the number, a number that can be executed from the capability verification provider.
A first decoding module 21, which may be disposed at the capability verification provider side; the number may also be transmitted to the remote first decoding module 21 by means of telecommunication. The first decoding module 21 is used for parsing and translating the number to obtain an execution instruction actually required by the user.
The memory 30 may be disposed on the side of the capability verification provider, or may be disposed in the cloud server, and is configured to store a decoding table, where the decoding table includes the number and a corresponding execution instruction, so as to support the first decoding module to analyze the number. And the first decoding module queries a memory, analyzes the number and generates an execution instruction corresponding to the number.
Further, the number of the numbers contained in the memory is multiple; each 1 number corresponds to 1 or more execution instructions; each 1 execution instruction corresponds to 1 defect configuration sequence. And when a signal of the driving module is received, the testing module operates according to the defect configuration sequence corresponding to the execution instruction.
The driving module 40, which may be a driver, may generate a driving potential according to the execution instruction actually required by the user and analyzed by the first decoding module, where the driving potential may include a high potential and a low potential, and may further include interaction between the high potential and the low potential, so as to implement bearing of different execution instructions, drive the testing module 50, and implement a purpose of flexibly configuring the testing module.
The testing module 50 may be a module for testing laboratory equipment, such as an intrusion detection system capability verification article. The test module 50 receives the driving potential and performs a test. Specifically, different configurations may be implemented according to an operation instruction actually required by a user, for example, one defect is preset for one function, or another defect is preset for another function. The testing module includes a sample interface for local or remote access to a sample to be tested.
The test module comprises an intrusion detection software system in the prior art, for example, N configurable functional defects (which may or may not be configured as defects) are provided, a capability verification provider selects M defects from the N configurable functional defects to form X types of intrusion detection system capability verification articles with different defects, and the X types of intrusion detection system capability verification articles with different defects are activated through corresponding X defect configuration sequences.
In an embodiment of the technical solution provided by this embodiment, the test module completes presetting and testing of at least one defect under the driving of the driving module. Through adopting the technical scheme that this application provided, can realize reducing the number of times of mailing to the test article to realize improving detection efficiency, reduce the detection cost and ensure the effect of the security of sample.
On the basis of the above technical solution, optionally, the system further includes: and a second input module 60, connected to the memory 30, for performing an input operation on the decoding table in the memory.
The second input module may be disposed at a side of the capability verification provider, and may be configured to complete an input operation of information during a process of writing and updating data in the decoding table.
By the arrangement, the decoding table can be initialized and configured and then updated, so that data support can be provided for the configuration of the test module actually required by a user.
Optionally, the first decoding module is specifically configured to: receiving an electrical signal of a first input module; and reading the data content corresponding to the digital number according to the electric signal as an execution instruction. The electrical signal may be obtained by compiling a number received by the key, and the one or more execution instructions corresponding to the number may be obtained from a decoding table by using the electrical signal. According to the scheme, the execution instruction corresponding to the number can be determined directly by the gating circuit, and the method is fast and accurate.
Example two
Fig. 2 is a schematic structural diagram of a second embodiment of the present invention, which is directed to an apparatus for verifying intrusion detection capability, and this embodiment is applicable to the case of intrusion detection, and this system for verifying intrusion detection capability can be implemented by software and/or hardware, and can be used to configure a sample for intrusion detection in a laboratory.
As shown in fig. 2, on the basis of the first embodiment, the capability verification system for intrusion detection further includes: an encoding module 70, a second decoding module 22, and a configuration module 80; wherein:
the encoding module 70 is connected to the storage module 30, and is configured to configure a mapping relationship between at least one sample and at least one functional defect, where each sample corresponds to a defect configuration sequence, and assigns a number to each sample to be tested; sending the mapping relation between each sample and the number as well as all the samples and the corresponding defect configuration sequences to a storage module;
the storage module is also used for storing the mapping relation between each sample and the number, all samples and the corresponding defect configuration sequences; for example, the decoding table further includes a number and a corresponding defect allocation sequence.
The second decoding module 22 is connected to the storage module 30, and configured to respond to a digital numbering request and determine a defect configuration sequence corresponding to the digital numbering; for example, the second decoding module is specifically configured to: receiving an electrical signal of a second input module; and reading the data content corresponding to the number in the decoding table according to the electric signal to obtain a defect configuration sequence.
The configuration module 80 is connected to the second decoding module 22, and configured to obtain the defect configuration sequence corresponding to the input number from the second decoding module 22, and configure and change the data and/or the operation structure of the execution program in the test module 50, so as to form X kinds of intrusion detection system capability verification articles with different defects, that is, to implement activation of X defect configuration sequences.
The test module 50 may be connected to a device to be tested in a laboratory, and the test module may be provided with a certain functional defect for the device to be tested to identify, if the functional defect can be identified, the device in the laboratory passes verification, and if the functional defect cannot be identified, it is determined that the device to be tested in the laboratory has a problem.
In the scheme, the defect design can be set according to the function requirements of the national standard GBT20275-2013 information security technology network intrusion detection system and the test evaluation method of the intrusion detection product, namely the function of an intrusion detection prototype comes from the function requirements of the intrusion detection prototype in the national standard, and the defect setting is set, namely, some functions of the intrusion detection prototype are disabled, so that the defect setting method can be obtained through the function requirements in the national standard.
The encoding module 70 may be configured to configure mapping relationships between all X samples and M corresponding defects after a capability verification provider logs in an intrusion detection system encoding module; each sample is assigned one or several numerical numbers (one-to-one or one-to-many relationship). And storing the mapping relation between each sample and a plurality of corresponding digital numbers, all the X samples and the mapping relation between M corresponding defects in a defect storage module. And recording the mapping relation between each sample and a plurality of corresponding number numbers and the mapping relation between all X samples and M corresponding defects by the capability verification provider.
In this embodiment, the encoding module 70 is further configured to:
and identifying the identity of the user, and determining whether the user has the configuration authority or not according to the identification result of the identified identity of the user.
For example by identifying a username/password or other authentication mechanism, and only the capability verification provider takes possession of the username/password. By such an arrangement, the security of the capability verification apparatus for intrusion detection can be ensured.
In this embodiment, the storage module 30 is further specifically configured to:
and encrypting the mapping relation between each sample and the number and the mapping relation between all the samples and the corresponding functional defects by adopting a preset rule, and storing.
The preset encryption rule may be an encryption rule adopting a hash algorithm, or may be a symmetric or asymmetric encryption rule, and after the mapping relationship is obtained, the encryption rule is encrypted and stored.
It can be understood by those skilled in the art that when all or at least a portion of the first input module, the second input module, the first decoding module, the second decoding module, the memory, the driving module, the configuration module, and the testing module are integrated into one device, the device can be tested in various laboratories through transmission. Each laboratory uses the respective number to operate the device, and the execution code suitable for the laboratory is called to implement the corresponding test.
It will be understood by those skilled in the art that when the test procedure may be implemented through an access network, all or at least a portion of the first input module, the second input module, the first decoding module, the second decoding module, the memory, the driver module, the configuration module, and the test module may be distributed entities in the network. Each laboratory uses the respective number to operate the entity, and invokes the execution code applicable to the laboratory to perform the corresponding test.
To use the present device, one way to effect the defect is: the ability verification provider selects a sample, randomly selects a number corresponding to the sample, inputs the number into the storage module, and the second decoding module 22 is respectively connected to the second input module 60 and the configuration module 80, so that each defect corresponding to the number is validated through the second decoding module and the configuration module inside the system. The first input module only allows the input of a digital number and has no other functions, so that the configuration module can not arbitrarily tamper the test module, and the information security of the sample in the using process is improved.
In this technical solution, optionally, the configuration module 80 is further configured to:
after the intrusion detection of the current laboratory is finished, sending a digital number updating request to the second decoding module to receive the updated digital number;
and responding to the input operation of the updated number, and acquiring a defect configuration sequence corresponding to the updated number from the second decoding module so as to carry out intrusion detection on the next laboratory.
Therefore, another way to validate the defect is that after the test of the current laboratory is completed, a digital number update request can be sent to the second decoding module by the configuration module 80 at the current laboratory or the next laboratory to receive the updated digital number; the number is input through the first input module, the second decoding module 22 is connected to the first input module 10 and the configuration module 80, respectively, and the configuration module obtains the defect configuration sequence corresponding to the updated number from the second decoding module, so that the execution program in the test module is activated according to another defect configuration sequence to perform intrusion detection on the next laboratory.
The scheme improves the transmission efficiency of articles verified by the capability of the intrusion detection system, saves time and reduces the transportation cost.
Compared with the prior art, the scheme can realize the following effects:
in the current transfer mode, if Y laboratories participate in capacity verification, the number of transfers required is 2Y, and by adopting the scheme, the number of transfers of the sample is Y +1, and the reduced number of transfers is Y-1.
The probability of the test result of the intercommunication among laboratories is reduced, and the laboratories which transmit test articles mutually can not distinguish whether the same test is carried out or not through the digital numbers or the physical identifications of the samples provided by the capability verification providers.
In addition, the fault is issued through automatic configuration, so that the fault probability of manual configuration of the fault is reduced, and the reliability and credibility of the test are improved.
It should be noted that the foregoing is only a preferred embodiment of the present invention and the technical principles applied. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present invention has been described in greater detail with reference to the above embodiments, the present invention is not limited to the above embodiments, and may include other equivalent embodiments without departing from the scope of the present invention.
Claims (8)
1. A capability verification system for intrusion detection, comprising:
the first input module is used for acquiring a number;
the first decoding module is connected with the first input module and the memory and used for inquiring the memory, analyzing the number and generating an execution instruction corresponding to the number;
the driving module is connected with the first decoding module and used for driving the testing module according to the execution instruction;
and the test module is used for executing the capability verification test of the intrusion detection system.
2. The system of claim 1, further comprising:
the second input module is connected with the memory and used for inputting a decoding table;
the decoding table comprises a number and a corresponding execution instruction.
3. The system of claim 2, wherein the first decoding module is specifically configured to:
receiving an electrical signal of a first input module;
and reading the data content corresponding to the number in the decoding table according to the electric signal to be used as an execution instruction.
4. The system of claim 2, further comprising:
and the coding module is used for distributing the number, generating an execution instruction and a defect configuration sequence.
5. The system according to any one of claims 1 to 4, further comprising:
and the second decoding module is used for responding to the number and determining the defect configuration sequence corresponding to the number.
6. The system of claim 5, further comprising:
and the configuration module is used for acquiring the defect configuration sequence corresponding to the digital number from the second decoding module, and the configuration test module forms an intrusion detection system capability verification article.
7. The system according to any one of claims 1 to 4,
and the test module operates according to the defect configuration sequence corresponding to the execution instruction.
8. The system according to any one of claims 1 to 4,
the number of the numbers contained in the memory is multiple;
each 1 number corresponds to 1 or more execution instructions;
each 1 execution instruction corresponds to 1 defect configuration sequence.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202021422528.5U CN212486538U (en) | 2020-07-17 | 2020-07-17 | Capability verification system for intrusion detection |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202021422528.5U CN212486538U (en) | 2020-07-17 | 2020-07-17 | Capability verification system for intrusion detection |
Publications (1)
Publication Number | Publication Date |
---|---|
CN212486538U true CN212486538U (en) | 2021-02-05 |
Family
ID=74451559
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202021422528.5U Expired - Fee Related CN212486538U (en) | 2020-07-17 | 2020-07-17 | Capability verification system for intrusion detection |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN212486538U (en) |
-
2020
- 2020-07-17 CN CN202021422528.5U patent/CN212486538U/en not_active Expired - Fee Related
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108923908B (en) | Authorization processing method, device, equipment and storage medium | |
CN107645486B (en) | login authentication method and device | |
CN106790083B (en) | Detection method, device and the mobile terminal that DNS is kidnapped | |
CN105787364B (en) | Automatic testing method, device and system for tasks | |
CN104915296A (en) | Buried point testing method, data query method and device | |
CN112367680B (en) | External communication test method and device based on intelligent ammeter and computer equipment | |
CN108537042A (en) | Self-defined plug-in unit generation method, device, equipment and storage medium | |
WO2016022561A1 (en) | Method and system for facilitating terminal identifiers | |
CN105303112A (en) | Component calling bug detection method and apparatus | |
CN106161003A (en) | Application program login method and terminal, system | |
CN111160504A (en) | Method, device and equipment for generating dynamic two-dimensional code and storage medium | |
CN212486538U (en) | Capability verification system for intrusion detection | |
CN105704132A (en) | Method and apparatus for tracing electronic identities | |
CN113886221B (en) | Test script generation method and device, storage medium and electronic equipment | |
CN113922952A (en) | Access request response method, device, computer equipment and storage medium | |
CN112733166A (en) | license authentication and authorization function realization method and system | |
CN113468509A (en) | User authentication migration method, device, equipment and storage medium | |
CN111866995A (en) | WeChat applet-based intelligent device network distribution method and system | |
CN113468001A (en) | Method and device for testing interface processing logic | |
CN107305610B (en) | Access path processing method and device, and automaton identification method, device and system | |
CN112737872B (en) | ARINC664P7 end system cross-network testing system and method | |
CN102122333B (en) | Method for logging in document library system | |
CN111585844B (en) | Test method, system, server and storage medium based on verification code | |
CN116881880B (en) | Space-time data management system and space-time data service resource cooperative scheduling method | |
CN115001805B (en) | Single sign-on method, device, equipment and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20210205 Termination date: 20210717 |
|
CF01 | Termination of patent right due to non-payment of annual fee |