Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Test device used for testing intrusion detection system and test method thereof

An intrusion detection system and testing device technology, applied in the field of information security, can solve problems such as incompleteness, security defects, inability to test IDS or IDS modules, etc., to achieve the effect of improving efficiency and accuracy, improving ability and flexibility

Inactive Publication Date: 2009-06-03
中国人民解放军信息安全测评认证中心
View PDF0 Cites 36 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] 2. The attack signature packet is usually sent through a protocol analyzer, which generates a false network attack, not a complete network attack (only contains the attack signature field), and will not cause harm to the attack target. If the IDS or IDS module gives an alarm , which is a successful insertion and evasion attack (Insertion and Evasion Attack), indicating that there is a security flaw in the IDS or IDS module
Therefore, it is impossible to test such IDS or IDS modules simply by sending attack signature packets
[0007] 3. Recording and replaying can be performed through a protocol analyzer or a special testing tool. It re-injects historical network attack data into the network, but these data are network connections containing wrong fields (such as IP addresses, ports, time stamps, etc.) and serial number, etc.), it will not really cause harm, and it may also be an insertion and evasion attack. These data will be ignored by the attack target and the IDS or IDS module, so that the IDS or IDS that uses stateful protocol analysis technology cannot Modules are tested correctly

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Test device used for testing intrusion detection system and test method thereof
  • Test device used for testing intrusion detection system and test method thereof
  • Test device used for testing intrusion detection system and test method thereof

Examples

Experimental program
Comparison scheme
Effect test

test Embodiment ID

[0027] Test Case ID: IF-020

[0028] Test case name: buffer overflow attack - Printer Overflow of IIS

[0029] Test case description: Perform a Printer Overflow attack

[0030] Function Type: 1

[0031] File name: IF-020-Overflow-Printer.cap

[0032] Vulnerability ID: V02-1020

[0033] Vulnerability: 3

[0034] Policy Type: 1

[0035] Source IP: 192.168.1.100

[0036] Destination IP: 192.168.1.20

[0037] The other file is a data file of a network attack session, including all network session data required by the attack, and the session data is stored in the order of time when the network attack occurs. The data file is a network packet file in CAP format, which comes from historical network attack data. The historical attack data may be real-time and real network attack data captured by a protocol analyzer or a sniffer program, or attack data stored in a historical attack database.

[0038] For example, the buffer overflow attack—the CAP file of the IIS Printer Overf...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a test device used for testing an intrusion detection system and a test method thereof. The test device comprises a network attack script generating module, a network attack script library module, a network attack script analyzing module, a network attack generating module and a reporting module. The test method comprises the steps as follows: (a) a network attack script is generated and is stored in a network attack script library; (b) an appointed script is selected from the network attack script library and is analyzed for getting a key parameter field of the network attack to prepare for regenerating an attack session; (c) related parameter obtained from step (b) is reconfigured, and a network attach session is established; and (d) a test report is generated according to the warning condition of an IDS or IDS module towards the network attack. The invention can realize the test towards the IDS or IDS module and in particular the test towards the IDS or IDS module which adopts a state protocol analyzing technology and can improve the efficiency and the accuracy of the test.

Description

technical field [0001] The invention belongs to the technical field of information security, and relates to the testing of network security products, in particular to a testing device and testing method for intrusion detection system (Intrusion Detection System, IDS for short) testing. Background technique [0002] Intrusion detection is a network security technology that provides real-time protection for computer networks. It mainly detects the data currently input into the protected network or protected host to determine whether the currently detected data is legal or illegal. Usually, the network intrusion detection system collects network communication information from several key points in the computer network system, such as the status and behavior of user activities, etc., and analyzes whether there is any violation of the security policy in the network through the established intrusion detection rule base. If a violation of the security policy is found, an alarm will...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06H04L12/26
Inventor 钟力何金勇
Owner 中国人民解放军信息安全测评认证中心
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com