Illegal TCP data stream detection method and device, and computer equipment

A detection method and detection device technology, which are applied in security communication devices, digital transmission systems, electrical components, etc., can solve the problems of inability to detect TCP data streams, affect the detection effect of illegal attacks, and achieve the effect of avoiding attacks.

Pending Publication Date: 2022-02-18
北京威努特技术有限公司
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] Therefore, the technical problem to be solved by the present invention is to overcome the defect that the packet filtering method in the prior art can only detect the abnormality of some fields, but cannot detect the abnormality of the TCP data stream, which affects the detection effect of illegal attacks, thereby providing Method, device and computer equipment for detecting illegal TCP data flow

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Illegal TCP data stream detection method and device, and computer equipment
  • Illegal TCP data stream detection method and device, and computer equipment
  • Illegal TCP data stream detection method and device, and computer equipment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0031] The embodiment of the present invention provides a detection method for illegal TCP data streams, which is applied to the detection of TCP data streams transmitted in real time by a pair of network ports (such as a pair of network ports of a firewall) of a test terminal, and the test terminal can work in a transparent mode In this way, no matter what bit combination data is transmitted by the terminal under test, the data can be transmitted to the test terminal on the link. Such as figure 1 shown, including the following steps:

[0032] S11: Receive the TCP data stream to be detected sent by the terminal under test.

[0033] Exemplarily, the tested end can be an industrial control system device or a military system device; the TCP data flow to be detected can be an industrial control system device or a military system device , protocol type), the TCP data flow to be detected includes multiple data packets. The TCP data stream can be received directly through a serial...

Embodiment 2

[0053] The embodiment of the present invention provides a detection method of an illegal TCP data stream, which is applied to the tested end, such as figure 2 shown, including the following steps:

[0054] S21: Send the TCP data flow to be detected to the testing end.

[0055] Exemplarily, the TCP data stream to be detected is created according to the method of step S11 in Embodiment 1, and the sending method of the TCP data stream to be detected can be sent through a serial port or wirelessly / wired. The method for sending the TCP data stream to be detected is not limited, and those skilled in the art can set it according to actual conditions.

[0056] S22: Receive an acknowledgment message sent by the test end, where the acknowledgment message includes the target confirmation sequence number. For specific implementation, refer to the description of the corresponding steps in Embodiment 1, which will not be repeated here.

[0057] S23: Send the data message in the TCP data...

Embodiment 3

[0061] Embodiments of the present invention provide a detection system for illegal TCP data streams, which is applied to the detection of illegal TCP data streams at the test end and the tested end, and the labels in the figure correspond to the labels in the foregoing embodiments, as image 3 As shown, the specific steps are as follows:

[0062] S21: The terminal under test sends the TCP data flow to be detected to the test terminal.

[0063] S11: The testing end receives the TCP data stream to be detected sent by the tested end.

[0064] S12: The test end obtains the first confirmation sequence number of any one of the data packets of the TCP data flow to be detected and the second confirmation sequence number of the previous data packet of any one data packet, according to the first The confirmation sequence number and the second confirmation sequence number are used to obtain the target confirmation sequence number, and the target confirmation sequence number is located b...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an illegal TCP data stream detection method and device, and computer equipment. The method comprises the following steps of: receiving a to-be-detected TCP data stream sent by a detected end; acquiring a first confirmation serial number of any one data message in a plurality of data messages and a second confirmation serial number of a previous data message of the any one data message in the to-be-detected TCP data stream, and acquiring a target confirmation serial number between the first confirmation serial number and the second confirmation serial number according to the first confirmation serial number and the second confirmation serial number; sending a confirmation message comprising the target confirmation serial number to the detected end; receiving a data message sent by the detected end, wherein the data message comprises a data message after the target confirmation serial number in the to-be-detected TCP data stream; and determining whether the to-be-detected TCP data stream is an illegal TCP data stream or not according to a receiving result of the data message. By implementing the illegal TCP data stream detection method, the state of the whole TCP data stream can be accurately detected, and attack behaviors of illegal TCP data streams on an industrial control system and a military system are avoided.

Description

technical field [0001] The invention relates to the technical field of industrial control, in particular to an illegal TCP data flow detection method, device and computer equipment. Background technique [0002] With the continuous cross-integration of industrialization and informatization, more and more information technologies have been applied to the industrial field. At the same time, due to the widespread use of general software, hardware and network facilities in industrial control systems, as well as the integration with enterprise management information systems, industrial control or military-specific systems are becoming more and more open. Therefore, there are more and more illegal attacks on industrial control equipment. Such illegal attacks may lead to dangers such as denial of service or data leakage by industrial control equipment. In view of this danger, it is very important for the protection of industrial control equipment to block the occurrence of harm by...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/40H04L43/10
CPCH04L63/1425H04L43/10H04L63/166
Inventor 王方立黄敏龙国东王静
Owner 北京威努特技术有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap