CN107395586A - A kind of method for updating network security product, experiment node and related system - Google Patents
A kind of method for updating network security product, experiment node and related system Download PDFInfo
- Publication number
- CN107395586A CN107395586A CN201710581279.0A CN201710581279A CN107395586A CN 107395586 A CN107395586 A CN 107395586A CN 201710581279 A CN201710581279 A CN 201710581279A CN 107395586 A CN107395586 A CN 107395586A
- Authority
- CN
- China
- Prior art keywords
- experiment
- algorithm routine
- control system
- data
- virtual
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/65—Updates
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer And Data Communications (AREA)
Abstract
The embodiments of the invention provide a kind of method for updating network security product, experiment node and related system, the security capabilities for Fast Persistence lifting network security product.Present invention method includes:Control system sends experiment algorithm routine to the multiple virtual laboratories for being distributed in different user terminals respectively;The virtual laboratory runs the experiment algorithm routine in user terminal, and the operational factor of the experiment algorithm routine is fed back to the control system;The control system is according to the operational factor checking feasibility for testing algorithm routine;When finally determining that the experiment algorithm routine is feasible, the virtual laboratory is by the experiment algorithm routine renewal into the network security product of the user terminal.
Description
Technical field
The present invention relates to field of information security technology, more particularly to a kind of method for updating network security product, experiment section
Point and related system.
Background technology
Current era, internet development is rapid, and the attack meanses of hacker also make rapid progress, and the detection of safety product is defendd
The renewal speed of algorithm routine does not often catch up with the development speed of assault means.The update method of safety product is main at present
It is to be completed by product up-gradation and rule base upgrading.
A leak be mined it is open after, the safety detection and defence algorithm routine of security firm can not be excavated enough
User data safety detection and defence algorithm routine are verified, often using being manually configured with the test of safety product
Terminal is tested.
The safety detection and defence algorithm routine of security firm are in test terminal authentication, the only test terminal of acquisition
User data, and the test of safety detection and defence algorithm routine generally requires the supports of a large number of users data, to obtain greatly
The test data of amount, cause test period longer, since algorithm blank to maturation often to pass through the several months, or even last year when
Between verify, seriously hinder the fast development of product, secondly, safety detection and defence algorithm routine checking be test terminal,
The inspection of real scene is not subjected to, it is insufficient for program verification.
The content of the invention
The embodiments of the invention provide a kind of method for updating network security product, experiment node and related system, it is used for
Fast Persistence lifts the security capabilities of network security product.
First aspect of the embodiment of the present invention provides a kind of method for updating network security product, it may include:
Control system sends experiment algorithm routine to the multiple virtual laboratories for being distributed in different user terminals respectively;
The virtual laboratory runs the experiment algorithm routine in user terminal, and to described in control system feedback
Test the operational factor of algorithm routine;
The control system is according to the operational factor checking feasibility for testing algorithm routine;
When finally determining that the experiment algorithm routine is feasible, the virtual laboratory updates the experiment algorithm routine
Into the network security product of the user terminal.
With reference in a first aspect, in the first possible embodiment of first aspect, the control system respectively to
The multiple virtual laboratories for being distributed in different user terminals are sent before testing algorithm routine, are also comprised the following steps:
Step 1, control system send data acquisition to the multiple virtual laboratories for being distributed in different user terminals respectively and referred to
Order;
Step 2, the virtual laboratory gather target data according to the data acquisition instructions, and pass to the control
System;
Step 3, when collecting the target data more than preset quantity, it is real according to the target data preliminary identification
The feasibility of checking method program, when primarily determining that the experiment algorithm routine is feasible, the control system is performed by the reality
The step of multiple virtual laboratories are arrived in the renewal of checking method program.
With reference to the first possible embodiment of first aspect, in second of possible embodiment of first aspect
In, the virtual laboratory gathers target data according to the data acquisition instructions, including:
The virtual laboratory is based on Intel by data forwarding plane acquisition user data, the data forwarding plane
DPDK development kits are realized;
The virtual laboratory extracts the target data corresponding to the data acquisition instructions from the user data.
With reference to the third possible embodiment of first aspect, in the 4th kind of possible embodiment of first aspect
In, it is described after developer optimizes to the experiment algorithm routine when it is determined that the experiment algorithm routine is infeasible
Method also includes:
The control system reacquires new data acquisition instructions, and the new data acquisition instructions are that developer is
What the Optimal Experimental algorithm routine after checking optimization was set;
The step 1 as described in the first possible embodiment of first aspect is repeated to step 3, to the Optimal Experimental
The feasibility of algorithm routine is verified.
With reference in a first aspect, the first possible embodiment of first aspect, second of possible reality of first aspect
Mode is applied, the third possible embodiment of first aspect is described in the 4th kind of possible embodiment of first aspect
Virtual laboratory is the application program that user terminal is deployed in using Docker container techniques.
With reference in a first aspect, the first possible embodiment of first aspect, second of possible reality of first aspect
Apply mode, the third possible embodiment of first aspect, in the 5th kind of possible embodiment of first aspect, the party
Method also includes:Control system monitors the state of virtual laboratory, to determine available virtual laboratory.
Second aspect of the embodiment of the present invention provides a kind of control system, it may include:
Data acquisition module, data analysis module, update module, wherein,
The update module is used to send experiment algorithm to the multiple virtual laboratories for being distributed in different user terminals respectively
Program;
The data acquisition module is used for the operational factor for receiving the experiment algorithm routine of the virtual laboratory feedback;
The data analysis module, for being analyzed the operational factor with the feasible of confirmatory experiment algorithm routine
Property.
With reference to second aspect, in the first possible embodiment of second aspect, the data acquisition module is also used
In sending data acquisition instructions to the multiple virtual laboratories for being distributed in different user terminals respectively, and the virtual experimental is received
The target data of room feedback;
The data analysis module is additionally operable to when collecting the target data more than preset quantity, according to the mesh
Mark the feasibility of data preliminary identification experiment algorithm routine.
With reference to second aspect, the first possible embodiment of second aspect, second in second aspect be possible
In embodiment, the system also includes:
Monitoring module, for monitoring the state of virtual laboratory, to determine available virtual laboratory.
The third aspect of the embodiment of the present invention provides a kind of experiment node, is deployed in user terminal, it may include:
Virtual laboratory, network security product, wherein,
The network security product is used to customer flow is cleaned and detected, to protect the safety of user network;
The virtual laboratory is used in user terminal running experiment algorithm routine, and feeds back the experiment to control system
The operational factor of algorithm routine, when finally determining that the experiment algorithm routine is feasible, the experiment algorithm routine renewal is arrived
In the network security product of the user terminal.
With reference to the third aspect, in the first possible embodiment of the third aspect, the system also includes data forwarding
Plane is used to gather user data, and the data forwarding plane is realized based on Intel DPDK datum planes development kit;
The virtual laboratory is additionally operable to receive the data acquisition instructions that control system is sent;
The virtual laboratory gathers target data from the user data according to the data acquisition instructions and transmitted
To the control system.
With reference to the third aspect, the first possible embodiment of the third aspect, second in the third aspect be possible
In embodiment, the virtual laboratory is the application program that user terminal is deployed in using Docker container techniques.
Fourth aspect of the embodiment of the present invention provides a kind of system for updating network security product, it may include:
Such as the control system described in the possible embodiment of the first of second aspect or second aspect;
It is any in the first possible embodiment, second of possible embodiment such as the third aspect, the third aspect
Laboratory node described in.
As can be seen from the above technical solutions, the embodiment of the present invention has advantages below:
It is whole to different user is respectively distributed to will to test algorithm routine renewal for control system can in the embodiment of the present invention
Multiple virtual laboratories at end, and then run simultaneously in the real scene of multiple user terminals, can be simultaneously in running
The operational factor of multiple experiment samples is gathered, has saved data acquisition time, when control system and/or developer are according to operation
When parameter finally determines that experiment algorithm routine is feasible, experiment algorithm routine is updated into the network security product of user terminal,
I.e. the embodiment of the present invention can both reduce the time of data acquisition, shorten the program development cycle, can be tested again in real scene
Checking method program is confirmed, improves the reliability of verification process.
Brief description of the drawings
Fig. 1 is a kind of one embodiment schematic diagram for the method for updating network security product in the embodiment of the present invention;
Fig. 2 is a kind of another embodiment schematic diagram for the method for updating network security product in the embodiment of the present invention;
Fig. 3 is a kind of one embodiment schematic diagram of control system in the embodiment of the present invention;
Fig. 4 is a kind of another embodiment schematic diagram of control system in the embodiment of the present invention;
Fig. 5 is a kind of one embodiment schematic diagram for testing node in the embodiment of the present invention;
Fig. 6 is a kind of another embodiment schematic diagram for testing node in the embodiment of the present invention;
Fig. 7 is a kind of one embodiment schematic diagram for the system for updating network security product in the embodiment of the present invention;
Fig. 8 is a kind of structural form schematic diagram for the system for updating network security product in the embodiment of the present invention.
Embodiment
The embodiments of the invention provide a kind of method for updating network security product, experiment node and related system, it is used for
Fast Persistence lifts the security capabilities of network security product.
By container virtualization technology, such as Docker container techniques in the embodiment of the present invention, one is built in user terminal
The individual virtual laboratory container for being used to verify safety detection and defend algorithm;Pass through DPDK high-performance network datas between multiple containers
Bag handles framework improving performance and does Network Isolation;The virtual laboratory container of all user terminals passes through the control system on cloud
It is unified into a bigger laboratory.Controlled by control system and update virtual experimental container, can be objective quickly to collect
The new safety detection of family information, checking and defence algorithm routine., can be with because the checking done using the true environment of client
The proving period of algorithm is greatly shortened, network security product can be arrived with quick renewal after algorithm routine obtains fully checking
In, reach the quick purpose for updating network security product security capabilities.
In order to make it easy to understand, the idiographic flow in the embodiment of the present invention is described below, referring to Fig. 1, of the invention
A kind of method one embodiment for updating network security product may include in embodiment:
101st, control system sends experiment algorithm routine to the multiple virtual laboratories for being distributed in different user terminals respectively;
Virtual laboratory can be deployed in user terminal using container virtualization technology, due to using container virtualization skill
Other application programs of art, the virtual laboratory and user terminal are kept apart, and can reduce the shadow that other are used to user terminal
Ring, when needing to verify the feasibility that a certain experiment algorithm routine is run in user's actual production scene, control system can be with
By experiment algorithm routine renewal to respectively to being distributed in multiple virtual laboratories of different user terminals, to implement checking stream
Journey.
102nd, virtual laboratory is in user terminal running experiment algorithm routine, and to control system pump back test algorithm routine
Operational factor;
After by experiment algorithm routine renewal into multiple virtual laboratories, the virtual experimental of user terminal is deployed in
Room can run the experiment algorithm routine in user terminal, verify the experiment algorithm routine in truly production scene, running
During can record the operational factor of the program, and related operational factor is fed back to control system.
103rd, according to the feasibility of operational factor confirmatory experiment algorithm routine;
Control system and/or developer can assess experiment algorithm with the operational factor fed back according to multiple virtual laboratories
Feasibility of the program in true production circumstances, specific evaluation criteria and specific experiment algorithm routine institute pin in practice
To particular network potential safety hazard specific features it is related, specific evaluation criteria does not limit herein.
104th, when final determination experiment algorithm routine is feasible, network peace of the algorithm routine renewal to user terminal will be tested
In full product.
When developer and/or control system finally determine that the experiment algorithm routine is feasible, control system or virtual real
Testing room can be by experiment algorithm routine renewal into the network security product of user terminal, to protect the network security of user.
It is whole to different user is respectively distributed to will to test algorithm routine renewal for control system can in the embodiment of the present invention
Multiple virtual laboratories at end, and then run simultaneously in the real scene of multiple user terminals, can be simultaneously in running
The operational factor of multiple experiment samples is gathered, has saved data acquisition time, when control system and/or developer are according to operation
When parameter finally determines that experiment algorithm routine is feasible, experiment algorithm routine is updated into the network security product of user terminal,
I.e. the embodiment of the present invention can both reduce the time of data acquisition, shorten the program development cycle, can be tested again in real scene
Checking method program is confirmed, improves the reliability of verification process.
In order to make it easy to understand, the method that network security product is updated in the embodiment of the present invention will be retouched in detail below
State, referring to Fig. 2, another embodiment of the method for network security product is updated in the embodiment of the present invention may include:
201st, control system sends data acquisition instructions to the multiple virtual laboratories for being distributed in different user terminals respectively;
Monitor a certain Network Security Vulnerabilities or a certain network hole be mined it is open after, developer can be based on should
Hidden danger develops corresponding safety detection and defence algorithm routine as algorithm routine is tested, to verify the experiment algorithm routine,
Developer can send data acquisition to the multiple virtual laboratories for being distributed in different user terminals respectively by control system
Instruction, to gather the target data needed for confirmatory experiment algorithm routine.
202nd, virtual laboratory gathers target data according to data acquisition instructions, and passes to control system;
Virtual laboratory is to be deployed in user terminal using container virtualization technology, and virtual laboratory is receiving data acquisition
Can be according to the instruction in target data corresponding to user terminal collection after instruction, and pass to control system.
In practice, container virtual technology, such as Docker container techniques can be used, by virtual laboratory and network
Safety product containerization so that virtual laboratory and network security product is mutually isolated is independent of each other, in virtual laboratory container
And the data forwarding plane acquisition realized based on Intel DPDK development kits can be used to use between network security product container
User data, the data forwarding plane can realize the network functions such as route, bridge, mirror image, be responsible for access customer network, forwarding visitor
Family flow, data processing performance and handling capacity can be improved using the technology, by the data forwarding plane user terminal and/
Or the user data such as the data on flows of user terminal, journal file are gathered in network security product, virtual laboratory is from the data
In the user data that Forwarding plane collects, according to five-tuple, mirror image, filters out number of targets corresponding to data acquisition instructions on demand
According to, it is ensured that experimentation does not influence the business of user.
It is appreciated that the virtual container technology in the present embodiment can be Docker container techniques, or other
Virtual container technology, is not limited specifically herein, and the data forwarding plane in the present embodiment can use and be based on Intel DPDK
Development kit is realized, other development kits can also be used to realize, not limited herein specifically.
It is understood that the mode of detection with the defence of cyberspace vulnerability different in practice is different, specifically
The target data of required collection of experiment algorithm routine checking also differ, specific acquisition instructions and target data are herein not
Limit.
203rd, when collecting the target data of preset quantity, whether algorithm routine is tested according to target data preliminary identification
It is feasible;
After control system collects sufficient amount of target data by multiple virtual laboratories, control system can be with
Run specific parser to analyze target data, control system and/or developer can be with according at the beginning of analysis results
Whether step judgment experiment algorithm routine has reached the effect desired by the algorithm, and the feasible of algorithm routine is tested with this preliminary identification
Property, if preliminary judgment experiment algorithm routine is feasible, step 204 is performed, if preliminary judgment experiment algorithm routine is infeasible,
Then developer can reset new data acquisition instructions according to the experiment algorithm routine after modification or optimization, and follow again
Ring performs step 201 to 203 pairs of amended experiment algorithm routines and re-starts preliminary identification, is developed until developer
Untill algorithm routine is tested after optimization by preliminary identification.
Specific parser can include but is not limited to SVM algorithm, CART algorithms, Naive Bayes naive Bayesians
Sorting algorithm etc., is not limited specifically herein.
204th, when primarily determining that experiment algorithm routine is feasible, multiple virtual laboratories are arrived into experiment algorithm routine renewal;
205th, virtual laboratory is in user terminal running experiment algorithm routine, and to control system pump back test algorithm routine
Operational factor;
After primarily determining that experiment algorithm routine is feasible, control system arrives experiment algorithm routine renewal multiple virtual
In laboratory, the virtual laboratory can run the experiment algorithm routine used in user terminal, and checking should in truly production scene
Algorithm routine is tested, the operational factor of the program can be recorded in the process of running, and related operation is fed back to control system
Parameter.
206th, it is whether feasible according to operational factor confirmatory experiment algorithm routine;
Control system and/or developer can assess experiment algorithm with the operational factor fed back according to multiple virtual laboratories
Feasibility of the program in true production circumstances, if judgment experiment algorithm routine is feasible, step 207 is performed, if judging real
When checking method program is infeasible, developer can reset new data according to the experiment algorithm routine after modification or optimization
Acquisition instructions, and the experiment algorithm routine that circulation is performed after step 201 to 206 pairs of modifications or optimization again re-starts checking,
Untill the experiment algorithm routine after developer optimizes is by corresponding checking.
207th, when final determination experiment algorithm routine is feasible, network peace of the algorithm routine renewal to user terminal will be tested
In full product;
When developer and/or control system finally determine that the experiment algorithm routine is feasible, control system or virtual real
Testing room can be by experiment algorithm routine renewal into the network security product of user terminal, to protect the network security of user.
208th, the state of virtual laboratory is monitored.
Optionally, control system can periodically or in real time monitor according to the mandate of user and be distributed in different use
The state of the virtual laboratory of family terminal, to determine to participate in the virtual laboratory of experiment, control system can not have to not
Available virtual laboratory sends data, saves Internet resources.
In the present embodiment, when developer develop for some cyberspace vulnerability preliminary experiment algorithm routine or
When person needs substantial amounts of user data to be verified or referred to when algorithm routine is tested in exploitation, it can be distinguished by control system
Data acquisition instructions are sent to the multiple virtual laboratories for being distributed in different user terminals, are covered using being developed based on Intel DPDK
The data forwarding plane acquisition user data that part is realized, can pass through multiple virtual laboratory Quick Acquisitions to enough targets
Data, the time needed for data acquisition is saved, has shortened proving period, in the situation that the business of guarantee user is normally carried out
Under, virtual laboratory is to the user data that collects mirror image on demand, to gather sufficient amount of target data to testing algorithm journey
Sequence carries out preliminary identification, and will be updated by the experiment algorithm routine of preliminary identification into virtual laboratory in the true of user terminal
Verified in production scene of growing directly from seeds, it is infeasible or finally verify infeasible experiment algorithm routine, exploit person for preliminary identification
Member can reset acquisition instructions, to test the support that the optimization of algorithm routine provides user data, repeat data and adopt
Collection and the process of checking, the experiment algorithm routine of demand are met until developing, can passes through virtual after being verified
Laboratory or control system will test algorithm routine renewal into network security product, with the network security of persistence maintenance user.
Referring to Fig. 3, the control system in above-described embodiment will be described in detail below, one in the embodiment of the present invention
One embodiment of kind control system may include:
Data acquisition module 301, data analysis module 302, update module 303, wherein,
Update module 303 is used to send experiment algorithm journey to the multiple virtual laboratories for being distributed in different user terminals respectively
Sequence;
Data acquisition module 301 is used for the operational factor for the experiment algorithm routine for receiving virtual laboratory feedback;
Data analysis module 302, for being analyzed operational factor with the feasibility of confirmatory experiment algorithm routine.
Referring to Fig. 4, on the basis of the embodiment shown in Fig. 3, further, in the present embodiment, data acquisition module
301 are additionally operable to send data acquisition instructions to the multiple virtual laboratories for being distributed in different user terminals respectively, and receive virtual
The target data of laboratory feedback;
Data analysis module 302 is additionally operable to when collecting the target data more than preset quantity, according at the beginning of target data
Step confirms the feasibility of checking method program.
Optionally, in the present embodiment, the control system can also include:
Monitoring module 304, for monitoring the state of virtual laboratory, to determine available virtual laboratory.
In practice, control system can monitor periodically or in real time and be distributed in not according to the mandate of user
With the state of the virtual laboratory of user terminal, to determine that the virtual laboratory of experiment can be participated in, control system can not have to
Data are sent to disabled virtual laboratory, save Internet resources.
The embodiment of the present invention additionally provides a kind of experiment node for being deployed in user terminal, referring to Fig. 5, the present invention is implemented
A kind of one embodiment for testing node may include in example:
Virtual laboratory 501, network security product 502, wherein,
Network security product 502 is used to customer flow is cleaned and detected, to protect the safety of user network;
Virtual laboratory 501 is used in user terminal running experiment algorithm routine, and to control system pump back test algorithm
The operational factor of program, when final determination experiment algorithm routine is feasible, algorithm routine renewal will be tested to the net of user terminal
In network safety product.
Preferably, the network security product in the present embodiment, including WAF classes safety product, IPS classes safety product, APT classes
One or more in safety product, UTM class safety products.
Referring to Fig. 6, on the basis of the embodiment shown in Fig. 5, also include in the present embodiment:
Data forwarding plane 503, for gathering user data, data forwarding plane is opened based on Intel DPDK datum planes
Hair net part is realized;
Virtual laboratory 501 is additionally operable to receive the data acquisition instructions that control system is sent;
Virtual laboratory 501 gathers from user data target data according to data acquisition instructions and passes to control system
System.
In practice, it is preferred that container virtual technology, such as Docker container techniques can be used, by virtual experimental
Room and network security product containerization so that virtual laboratory and network security product is mutually isolated is independent of each other, virtual real
Testing between room container and network security product container can use the data forwarding realized based on Intel DPDK development kits to put down
Face 503 gathers user data, and the data forwarding plane 503 can realize the network functions such as route, bridge, mirror image, is responsible for access
Customer network, customer traffic is forwarded, data processing performance and handling capacity can be improved using the technology, put down by the data forwarding
Face 503 gathers the user data such as data on flows, the journal file of user terminal in user terminal and/or network security product,
In the user data that virtual laboratory 501 collects from the data forwarding plane 503, according to five-tuple, mirror image, is filtered out on demand
Target data corresponding to data acquisition instructions, it is ensured that experimentation does not influence the business of user.
Embodiment with reference to shown in Fig. 3 to Fig. 6, refers to Fig. 7 and Fig. 8, and the embodiment of the present invention additionally provides a kind of renewal
The system of network security product, by network by shown in the control system in the embodiment shown in Fig. 3 or Fig. 4 and Fig. 5 or Fig. 6
Embodiment in experiment node connect.
By container virtualization technology, such as Docker container techniques in the present embodiment, a use is built in user terminal
In checking safety detection and the virtual laboratory container of defence algorithm;Between multiple containers by DPDK high-performance network data bags at
Manage frame lifter performance and do Network Isolation;The virtual laboratory container of all user terminals is combined by the control system on cloud
The laboratory bigger into one.Controlled by control system and update virtual experimental container, can believed with quickly collecting client
Cease, verify new safety detection and defence algorithm routine.Because the checking done using the true environment of client, can be significantly
Shorten the proving period of algorithm, can be with quickly renewal into network security product after algorithm routine obtains fully checking
Go, reach the purpose of quick renewal network security product security capabilities.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description,
The specific work process of device and unit, the corresponding process in preceding method embodiment is may be referred to, will not be repeated here.
In several embodiments provided herein, it should be understood that disclosed system, apparatus and method can be with
Realize by another way.For example, device embodiment described above is only schematical, for example, the unit
Division, only a kind of division of logic function, can there is other dividing mode, such as multiple units or component when actually realizing
Another system can be combined or be desirably integrated into, or some features can be ignored, or do not perform.It is another, it is shown or
The mutual coupling discussed or direct-coupling or communication connection can be the indirect couplings by some interfaces, device or unit
Close or communicate to connect, can be electrical, mechanical or other forms.
The unit illustrated as separating component can be or may not be physically separate, show as unit
The part shown can be or may not be physical location, you can with positioned at a place, or can also be distributed to multiple
On NE.Some or all of unit therein can be selected to realize the mesh of this embodiment scheme according to the actual needs
's.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, can also
That unit is individually physically present, can also two or more units it is integrated in a unit.Above-mentioned integrated list
Member can both be realized in the form of hardware, can also be realized in the form of SFU software functional unit.
If the integrated unit is realized in the form of SFU software functional unit and is used as independent production marketing or use
When, it can be stored in a computer read/write memory medium.Based on such understanding, technical scheme is substantially
The part to be contributed in other words to prior art or all or part of the technical scheme can be in the form of software products
Embody, the computer software product is stored in a storage medium, including some instructions are causing a computer
Equipment (can be personal computer, server, or network equipment etc.) performs the complete of each embodiment methods described of the present invention
Portion or part steps.And foregoing storage medium includes:USB flash disk, mobile hard disk, read-only storage (ROM, Read-Only
Memory), random access memory (RAM, Random Access Memory), magnetic disc or CD etc. are various can store journey
The medium of sequence code.
Described above, the above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although with reference to before
Embodiment is stated the present invention is described in detail, it will be understood by those within the art that:It still can be to preceding
State the technical scheme described in each embodiment to modify, or equivalent substitution is carried out to which part technical characteristic;And these
Modification is replaced, and the essence of appropriate technical solution is departed from the spirit and scope of various embodiments of the present invention technical scheme.
Claims (13)
- A kind of 1. method for updating network security product, it is characterised in that comprise the following steps:Control system sends experiment algorithm routine to the multiple virtual laboratories for being distributed in different user terminals respectively;The virtual laboratory runs the experiment algorithm routine in user terminal, and feeds back the experiment to the control system The operational factor of algorithm routine;The control system is according to the operational factor checking feasibility for testing algorithm routine;When finally determining that the experiment algorithm routine is feasible, the experiment algorithm routine renewal is arrived institute by the virtual laboratory In the network security product for stating user terminal.
- 2. according to the method for claim 1, it is characterised in that whole to different user is distributed in respectively in the control system Before multiple virtual laboratories at end send experiment algorithm routine, also comprise the following steps:Step 1, control system send data acquisition instructions to the multiple virtual laboratories for being distributed in different user terminals respectively;Step 2, the virtual laboratory gather target data according to the data acquisition instructions, and pass to the control system System;Step 3, when collecting the target data more than preset quantity, tested and calculated according to the target data preliminary identification The feasibility of method program, when primarily determining that the experiment algorithm routine is feasible, perform the control system and calculate the experiment The step of multiple virtual laboratories are arrived in the renewal of method program.
- 3. according to the method for claim 2, it is characterised in that the virtual laboratory is adopted according to the data acquisition instructions Collect target data, including:The virtual laboratory is based on Intel DPDK by data forwarding plane acquisition user data, the data forwarding plane Development kit is realized;The virtual laboratory extracts the target data corresponding to the data acquisition instructions from the user data.
- 4. according to the method for claim 3, it is characterised in that when it is determined that the experiment algorithm routine is infeasible, exploitation After personnel optimize to the experiment algorithm routine, methods described also includes:The control system reacquires new data acquisition instructions, and the new data acquisition instructions are that developer is checking What the Optimal Experimental algorithm routine after optimization was set;Step 1 as claimed in claim 2 is repeated to step 3, the feasibility of the Optimal Experimental algorithm routine is carried out tentatively Checking.
- 5. method according to any one of claim 1 to 4, it is characterised in that the virtual laboratory is use Docker container techniques are deployed in the application program of user terminal.
- 6. method according to any one of claim 1 to 4, it is characterised in that also include:Control system monitors the state of virtual laboratory, to determine available virtual laboratory.
- A kind of 7. control system, it is characterised in that including:Update module, data acquisition module, data analysis module, wherein,The update module is used to send experiment algorithm routine to the multiple virtual laboratories for being distributed in different user terminals respectively;The data acquisition module is used for the operational factor for receiving the experiment algorithm routine of the virtual laboratory feedback;The data analysis module, for being analyzed the operational factor with the feasibility of confirmatory experiment algorithm routine.
- 8. system according to claim 7, it is characterised in thatThe data acquisition module is additionally operable to adopt to the multiple virtual laboratories transmission data for being distributed in different user terminals respectively Collection instruction, and receive the target data of the virtual laboratory feedback;The data analysis module is additionally operable to when collecting the target data more than preset quantity, according to the number of targets According to the feasibility of preliminary identification experiment algorithm routine.
- 9. the system according to claim 7 or 8, it is characterised in that also include:Monitoring module, for monitoring the state of virtual laboratory, to determine available virtual laboratory.
- 10. one kind experiment node, is deployed in user terminal, it is characterised in that including:Virtual laboratory, network security product, wherein,The network security product is used to customer flow is cleaned and detected, to protect the safety of user network;The virtual laboratory is used in user terminal running experiment algorithm routine, and feeds back the experiment algorithm to control system The operational factor of program, when finally determining that the experiment algorithm routine is feasible, by the experiment algorithm routine renewal described in In the network security product of user terminal.
- 11. experiment node according to claim 10, it is characterised in that be also used to gather user including data forwarding plane Data, the data forwarding plane are realized based on Intel DPDK datum planes development kit;The virtual laboratory is additionally operable to receive the data acquisition instructions that control system is sent;The virtual laboratory gathers from the user data target data according to the data acquisition instructions and passes to institute State control system.
- 12. the experiment node according to claim 10 or 11, it is characterised in that the virtual laboratory is using Docker Container technique is deployed in the application program of user terminal.
- 13. a kind of system for updating network security product, it is characterised in that including as any one of claim 7 to 9 Control system and the experiment node as any one of claim 10 to 12.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710581279.0A CN107395586A (en) | 2017-07-17 | 2017-07-17 | A kind of method for updating network security product, experiment node and related system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710581279.0A CN107395586A (en) | 2017-07-17 | 2017-07-17 | A kind of method for updating network security product, experiment node and related system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107395586A true CN107395586A (en) | 2017-11-24 |
Family
ID=60340723
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710581279.0A Pending CN107395586A (en) | 2017-07-17 | 2017-07-17 | A kind of method for updating network security product, experiment node and related system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107395586A (en) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101521899A (en) * | 2009-03-31 | 2009-09-02 | 大连海事大学 | System and method for on-computer test of mobile applications |
US20110225217A1 (en) * | 2010-03-15 | 2011-09-15 | Salesforce.Com, Inc. | System, method and computer program product for deploying an update between environments of a multi-tenant on-demand database system |
CN102567198A (en) * | 2010-12-30 | 2012-07-11 | ***通信集团公司 | System and method for testing application program in physical system environment |
CN103377120A (en) * | 2012-04-24 | 2013-10-30 | 深圳市财付通科技有限公司 | Test method and device for application programs |
-
2017
- 2017-07-17 CN CN201710581279.0A patent/CN107395586A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101521899A (en) * | 2009-03-31 | 2009-09-02 | 大连海事大学 | System and method for on-computer test of mobile applications |
US20110225217A1 (en) * | 2010-03-15 | 2011-09-15 | Salesforce.Com, Inc. | System, method and computer program product for deploying an update between environments of a multi-tenant on-demand database system |
CN102567198A (en) * | 2010-12-30 | 2012-07-11 | ***通信集团公司 | System and method for testing application program in physical system environment |
CN103377120A (en) * | 2012-04-24 | 2013-10-30 | 深圳市财付通科技有限公司 | Test method and device for application programs |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105206114B (en) | Fly control, license, security maintenance method and apparatus, server, aircraft | |
CN105022960B (en) | Multiple features mobile terminal from malicious software detecting method and system based on network traffics | |
CN107211011A (en) | System and method for Malicious Code Detection | |
CN105100092B (en) | Client is controlled to access detection method, the device and system of network | |
CN106708700B (en) | A kind of O&M monitoring method and device applied to server-side | |
CN106295348A (en) | The leak detection method of application program and device | |
CN110198303A (en) | Threaten the generation method and device, storage medium, electronic device of information | |
CN109615015A (en) | A kind of data preprocessing method based on block chain intelligence contract and machine learning | |
CN110399720A (en) | A kind of method and relevant apparatus of file detection | |
CN110188538A (en) | Using the method and device of sandbox cluster detection data | |
CN107545178A (en) | The detection method and cloud application detection means of a kind of cloud application | |
CN107229497A (en) | Server test method and server test device | |
CN109992969A (en) | A kind of malicious file detection method, device and detection platform | |
CN106067879B (en) | The detection method and device of information | |
CN107231360A (en) | Network virus protection method, safe wireless router and system based on cloud network | |
CN110457903A (en) | A kind of virus analysis method, apparatus, equipment and medium | |
CN107395586A (en) | A kind of method for updating network security product, experiment node and related system | |
CN109460930A (en) | A kind of method and relevant device of determining adventure account | |
CN106571971A (en) | Empty shell website detection method, device and system | |
CN115348117B (en) | User level unauthorized behavior determination method and device | |
CN108205496A (en) | For the verification process of cloud platform | |
CN110401626B (en) | Hacker attack grading detection method and device | |
CN109727674A (en) | A kind of deciphering method and device of genetic test report | |
CN115525897A (en) | System detection method and device for terminal equipment, electronic device and storage medium | |
US20210377313A1 (en) | Threat Mitigation System and Method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20171124 |
|
RJ01 | Rejection of invention patent application after publication |