Unlock instant, AI-driven research and patent intelligence for your innovation.

Method and device for testing anti-escape capability of network intrusion prevention system, and tester

A protection system and ability testing technology, applied in the field of computer networks, can solve the problems of low detection efficiency, laborious, time-consuming, etc.

Active Publication Date: 2019-04-26
CHINA INFORMATION TECH SECURITY EVALUATION CENT
View PDF4 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] In view of this, the embodiment of the present invention provides a network intrusion prevention system anti-escape ability testing method, device and testing machine to solve the problems caused by manual or semi-automatic detection of IPS in the prior art. Time-consuming, labor-intensive, and low-efficiency detection problems

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for testing anti-escape capability of network intrusion prevention system, and tester
  • Method and device for testing anti-escape capability of network intrusion prevention system, and tester
  • Method and device for testing anti-escape capability of network intrusion prevention system, and tester

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0047] The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some, not all, embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

[0048] Aiming at the time-consuming, labor-intensive and low-efficiency problems of IPS anti-evasion detection based on manual or semi-automatic methods in the prior art, this application discloses a network intrusion protection system for automatic combined anti-escape capability testing of network intrusion protection systems Anti-evasion capability testing method device and testing machine, the method, device and testing machine select escape measures matchi...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a method and device for testing the anti-escape capability of a network intrusion prevention system, and a tester. The method comprises the steps of: judging whether escape combinations, which are not traversed and matched with a protocol of an attack flow, exist or not, and if not, counting and outputting the number of generated escape combinations and the success and failure number; if the escape combinations, which are not traversed, exist, generating a single escape combination, which is not traversed; on the basis of a self-built protocol stack, performing layer-by-layer encapsulation and variation on an attack code according to the single escape combination, and generating test attack flow data; and, testing the attack flow data by utilizing a target drone, judging a test result, if escape fails, judging whether escape combination actions and subsequent actions, which are not traversed, exist or not, if escape is successful, generating and outputting the smallest escape combination, and judging whether escape combination actions and subsequent actions, which are not traversed, exist or not. Automatic detection of the anti-escape test onto an IPS is realized; the test efficiency is increased; and the test cost is reduced.

Description

technical field [0001] The invention relates to the technical field of computer networks, in particular to a network intrusion prevention system anti-escape ability testing method, device and testing machine for testing computer network intrusion prevention systems based on automatic combination. Background technique [0002] Intrusion Prevention System (Intrusion Prevention System, hereinafter referred to as IPS) is a computer network security facility and a supplement to antivirus software (Antivirus Programs) and firewall (Packet Filter, Application Gateway). After the development of IPS is completed, case source testing is required. At present, security testing for IPS mainly includes two parts: functional testing and penetration testing. When performing a penetration test on the IPS, it is necessary to check the anti-attack and evasion capability of the service port, that is, add specific evasion measures to the attack traffic that the IPS can identify, change the origi...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1408H04L63/1416Y02D30/50
Inventor 熊琦张宝峰许源王峰
Owner CHINA INFORMATION TECH SECURITY EVALUATION CENT