CN107395586A - A kind of method for updating network security product, experiment node and related system - Google Patents

A kind of method for updating network security product, experiment node and related system Download PDF

Info

Publication number
CN107395586A
CN107395586A CN201710581279.0A CN201710581279A CN107395586A CN 107395586 A CN107395586 A CN 107395586A CN 201710581279 A CN201710581279 A CN 201710581279A CN 107395586 A CN107395586 A CN 107395586A
Authority
CN
China
Prior art keywords
experiment
algorithm routine
control system
data
virtual
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710581279.0A
Other languages
Chinese (zh)
Inventor
张结辉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sangfor Technologies Co Ltd
Original Assignee
Sangfor Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sangfor Technologies Co Ltd filed Critical Sangfor Technologies Co Ltd
Priority to CN201710581279.0A priority Critical patent/CN107395586A/en
Publication of CN107395586A publication Critical patent/CN107395586A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/65Updates

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer And Data Communications (AREA)

Abstract

The embodiments of the invention provide a kind of method for updating network security product, experiment node and related system, the security capabilities for Fast Persistence lifting network security product.Present invention method includes:Control system sends experiment algorithm routine to the multiple virtual laboratories for being distributed in different user terminals respectively;The virtual laboratory runs the experiment algorithm routine in user terminal, and the operational factor of the experiment algorithm routine is fed back to the control system;The control system is according to the operational factor checking feasibility for testing algorithm routine;When finally determining that the experiment algorithm routine is feasible, the virtual laboratory is by the experiment algorithm routine renewal into the network security product of the user terminal.

Description

A kind of method for updating network security product, experiment node and related system
Technical field
The present invention relates to field of information security technology, more particularly to a kind of method for updating network security product, experiment section Point and related system.
Background technology
Current era, internet development is rapid, and the attack meanses of hacker also make rapid progress, and the detection of safety product is defendd The renewal speed of algorithm routine does not often catch up with the development speed of assault means.The update method of safety product is main at present It is to be completed by product up-gradation and rule base upgrading.
A leak be mined it is open after, the safety detection and defence algorithm routine of security firm can not be excavated enough User data safety detection and defence algorithm routine are verified, often using being manually configured with the test of safety product Terminal is tested.
The safety detection and defence algorithm routine of security firm are in test terminal authentication, the only test terminal of acquisition User data, and the test of safety detection and defence algorithm routine generally requires the supports of a large number of users data, to obtain greatly The test data of amount, cause test period longer, since algorithm blank to maturation often to pass through the several months, or even last year when Between verify, seriously hinder the fast development of product, secondly, safety detection and defence algorithm routine checking be test terminal, The inspection of real scene is not subjected to, it is insufficient for program verification.
The content of the invention
The embodiments of the invention provide a kind of method for updating network security product, experiment node and related system, it is used for Fast Persistence lifts the security capabilities of network security product.
First aspect of the embodiment of the present invention provides a kind of method for updating network security product, it may include:
Control system sends experiment algorithm routine to the multiple virtual laboratories for being distributed in different user terminals respectively;
The virtual laboratory runs the experiment algorithm routine in user terminal, and to described in control system feedback Test the operational factor of algorithm routine;
The control system is according to the operational factor checking feasibility for testing algorithm routine;
When finally determining that the experiment algorithm routine is feasible, the virtual laboratory updates the experiment algorithm routine Into the network security product of the user terminal.
With reference in a first aspect, in the first possible embodiment of first aspect, the control system respectively to The multiple virtual laboratories for being distributed in different user terminals are sent before testing algorithm routine, are also comprised the following steps:
Step 1, control system send data acquisition to the multiple virtual laboratories for being distributed in different user terminals respectively and referred to Order;
Step 2, the virtual laboratory gather target data according to the data acquisition instructions, and pass to the control System;
Step 3, when collecting the target data more than preset quantity, it is real according to the target data preliminary identification The feasibility of checking method program, when primarily determining that the experiment algorithm routine is feasible, the control system is performed by the reality The step of multiple virtual laboratories are arrived in the renewal of checking method program.
With reference to the first possible embodiment of first aspect, in second of possible embodiment of first aspect In, the virtual laboratory gathers target data according to the data acquisition instructions, including:
The virtual laboratory is based on Intel by data forwarding plane acquisition user data, the data forwarding plane DPDK development kits are realized;
The virtual laboratory extracts the target data corresponding to the data acquisition instructions from the user data.
With reference to the third possible embodiment of first aspect, in the 4th kind of possible embodiment of first aspect In, it is described after developer optimizes to the experiment algorithm routine when it is determined that the experiment algorithm routine is infeasible Method also includes:
The control system reacquires new data acquisition instructions, and the new data acquisition instructions are that developer is What the Optimal Experimental algorithm routine after checking optimization was set;
The step 1 as described in the first possible embodiment of first aspect is repeated to step 3, to the Optimal Experimental The feasibility of algorithm routine is verified.
With reference in a first aspect, the first possible embodiment of first aspect, second of possible reality of first aspect Mode is applied, the third possible embodiment of first aspect is described in the 4th kind of possible embodiment of first aspect Virtual laboratory is the application program that user terminal is deployed in using Docker container techniques.
With reference in a first aspect, the first possible embodiment of first aspect, second of possible reality of first aspect Apply mode, the third possible embodiment of first aspect, in the 5th kind of possible embodiment of first aspect, the party Method also includes:Control system monitors the state of virtual laboratory, to determine available virtual laboratory.
Second aspect of the embodiment of the present invention provides a kind of control system, it may include:
Data acquisition module, data analysis module, update module, wherein,
The update module is used to send experiment algorithm to the multiple virtual laboratories for being distributed in different user terminals respectively Program;
The data acquisition module is used for the operational factor for receiving the experiment algorithm routine of the virtual laboratory feedback;
The data analysis module, for being analyzed the operational factor with the feasible of confirmatory experiment algorithm routine Property.
With reference to second aspect, in the first possible embodiment of second aspect, the data acquisition module is also used In sending data acquisition instructions to the multiple virtual laboratories for being distributed in different user terminals respectively, and the virtual experimental is received The target data of room feedback;
The data analysis module is additionally operable to when collecting the target data more than preset quantity, according to the mesh Mark the feasibility of data preliminary identification experiment algorithm routine.
With reference to second aspect, the first possible embodiment of second aspect, second in second aspect be possible In embodiment, the system also includes:
Monitoring module, for monitoring the state of virtual laboratory, to determine available virtual laboratory.
The third aspect of the embodiment of the present invention provides a kind of experiment node, is deployed in user terminal, it may include:
Virtual laboratory, network security product, wherein,
The network security product is used to customer flow is cleaned and detected, to protect the safety of user network;
The virtual laboratory is used in user terminal running experiment algorithm routine, and feeds back the experiment to control system The operational factor of algorithm routine, when finally determining that the experiment algorithm routine is feasible, the experiment algorithm routine renewal is arrived In the network security product of the user terminal.
With reference to the third aspect, in the first possible embodiment of the third aspect, the system also includes data forwarding Plane is used to gather user data, and the data forwarding plane is realized based on Intel DPDK datum planes development kit;
The virtual laboratory is additionally operable to receive the data acquisition instructions that control system is sent;
The virtual laboratory gathers target data from the user data according to the data acquisition instructions and transmitted To the control system.
With reference to the third aspect, the first possible embodiment of the third aspect, second in the third aspect be possible In embodiment, the virtual laboratory is the application program that user terminal is deployed in using Docker container techniques.
Fourth aspect of the embodiment of the present invention provides a kind of system for updating network security product, it may include:
Such as the control system described in the possible embodiment of the first of second aspect or second aspect;
It is any in the first possible embodiment, second of possible embodiment such as the third aspect, the third aspect Laboratory node described in.
As can be seen from the above technical solutions, the embodiment of the present invention has advantages below:
It is whole to different user is respectively distributed to will to test algorithm routine renewal for control system can in the embodiment of the present invention Multiple virtual laboratories at end, and then run simultaneously in the real scene of multiple user terminals, can be simultaneously in running The operational factor of multiple experiment samples is gathered, has saved data acquisition time, when control system and/or developer are according to operation When parameter finally determines that experiment algorithm routine is feasible, experiment algorithm routine is updated into the network security product of user terminal, I.e. the embodiment of the present invention can both reduce the time of data acquisition, shorten the program development cycle, can be tested again in real scene Checking method program is confirmed, improves the reliability of verification process.
Brief description of the drawings
Fig. 1 is a kind of one embodiment schematic diagram for the method for updating network security product in the embodiment of the present invention;
Fig. 2 is a kind of another embodiment schematic diagram for the method for updating network security product in the embodiment of the present invention;
Fig. 3 is a kind of one embodiment schematic diagram of control system in the embodiment of the present invention;
Fig. 4 is a kind of another embodiment schematic diagram of control system in the embodiment of the present invention;
Fig. 5 is a kind of one embodiment schematic diagram for testing node in the embodiment of the present invention;
Fig. 6 is a kind of another embodiment schematic diagram for testing node in the embodiment of the present invention;
Fig. 7 is a kind of one embodiment schematic diagram for the system for updating network security product in the embodiment of the present invention;
Fig. 8 is a kind of structural form schematic diagram for the system for updating network security product in the embodiment of the present invention.
Embodiment
The embodiments of the invention provide a kind of method for updating network security product, experiment node and related system, it is used for Fast Persistence lifts the security capabilities of network security product.
By container virtualization technology, such as Docker container techniques in the embodiment of the present invention, one is built in user terminal The individual virtual laboratory container for being used to verify safety detection and defend algorithm;Pass through DPDK high-performance network datas between multiple containers Bag handles framework improving performance and does Network Isolation;The virtual laboratory container of all user terminals passes through the control system on cloud It is unified into a bigger laboratory.Controlled by control system and update virtual experimental container, can be objective quickly to collect The new safety detection of family information, checking and defence algorithm routine., can be with because the checking done using the true environment of client The proving period of algorithm is greatly shortened, network security product can be arrived with quick renewal after algorithm routine obtains fully checking In, reach the quick purpose for updating network security product security capabilities.
In order to make it easy to understand, the idiographic flow in the embodiment of the present invention is described below, referring to Fig. 1, of the invention A kind of method one embodiment for updating network security product may include in embodiment:
101st, control system sends experiment algorithm routine to the multiple virtual laboratories for being distributed in different user terminals respectively;
Virtual laboratory can be deployed in user terminal using container virtualization technology, due to using container virtualization skill Other application programs of art, the virtual laboratory and user terminal are kept apart, and can reduce the shadow that other are used to user terminal Ring, when needing to verify the feasibility that a certain experiment algorithm routine is run in user's actual production scene, control system can be with By experiment algorithm routine renewal to respectively to being distributed in multiple virtual laboratories of different user terminals, to implement checking stream Journey.
102nd, virtual laboratory is in user terminal running experiment algorithm routine, and to control system pump back test algorithm routine Operational factor;
After by experiment algorithm routine renewal into multiple virtual laboratories, the virtual experimental of user terminal is deployed in Room can run the experiment algorithm routine in user terminal, verify the experiment algorithm routine in truly production scene, running During can record the operational factor of the program, and related operational factor is fed back to control system.
103rd, according to the feasibility of operational factor confirmatory experiment algorithm routine;
Control system and/or developer can assess experiment algorithm with the operational factor fed back according to multiple virtual laboratories Feasibility of the program in true production circumstances, specific evaluation criteria and specific experiment algorithm routine institute pin in practice To particular network potential safety hazard specific features it is related, specific evaluation criteria does not limit herein.
104th, when final determination experiment algorithm routine is feasible, network peace of the algorithm routine renewal to user terminal will be tested In full product.
When developer and/or control system finally determine that the experiment algorithm routine is feasible, control system or virtual real Testing room can be by experiment algorithm routine renewal into the network security product of user terminal, to protect the network security of user.
It is whole to different user is respectively distributed to will to test algorithm routine renewal for control system can in the embodiment of the present invention Multiple virtual laboratories at end, and then run simultaneously in the real scene of multiple user terminals, can be simultaneously in running The operational factor of multiple experiment samples is gathered, has saved data acquisition time, when control system and/or developer are according to operation When parameter finally determines that experiment algorithm routine is feasible, experiment algorithm routine is updated into the network security product of user terminal, I.e. the embodiment of the present invention can both reduce the time of data acquisition, shorten the program development cycle, can be tested again in real scene Checking method program is confirmed, improves the reliability of verification process.
In order to make it easy to understand, the method that network security product is updated in the embodiment of the present invention will be retouched in detail below State, referring to Fig. 2, another embodiment of the method for network security product is updated in the embodiment of the present invention may include:
201st, control system sends data acquisition instructions to the multiple virtual laboratories for being distributed in different user terminals respectively;
Monitor a certain Network Security Vulnerabilities or a certain network hole be mined it is open after, developer can be based on should Hidden danger develops corresponding safety detection and defence algorithm routine as algorithm routine is tested, to verify the experiment algorithm routine, Developer can send data acquisition to the multiple virtual laboratories for being distributed in different user terminals respectively by control system Instruction, to gather the target data needed for confirmatory experiment algorithm routine.
202nd, virtual laboratory gathers target data according to data acquisition instructions, and passes to control system;
Virtual laboratory is to be deployed in user terminal using container virtualization technology, and virtual laboratory is receiving data acquisition Can be according to the instruction in target data corresponding to user terminal collection after instruction, and pass to control system.
In practice, container virtual technology, such as Docker container techniques can be used, by virtual laboratory and network Safety product containerization so that virtual laboratory and network security product is mutually isolated is independent of each other, in virtual laboratory container And the data forwarding plane acquisition realized based on Intel DPDK development kits can be used to use between network security product container User data, the data forwarding plane can realize the network functions such as route, bridge, mirror image, be responsible for access customer network, forwarding visitor Family flow, data processing performance and handling capacity can be improved using the technology, by the data forwarding plane user terminal and/ Or the user data such as the data on flows of user terminal, journal file are gathered in network security product, virtual laboratory is from the data In the user data that Forwarding plane collects, according to five-tuple, mirror image, filters out number of targets corresponding to data acquisition instructions on demand According to, it is ensured that experimentation does not influence the business of user.
It is appreciated that the virtual container technology in the present embodiment can be Docker container techniques, or other Virtual container technology, is not limited specifically herein, and the data forwarding plane in the present embodiment can use and be based on Intel DPDK Development kit is realized, other development kits can also be used to realize, not limited herein specifically.
It is understood that the mode of detection with the defence of cyberspace vulnerability different in practice is different, specifically The target data of required collection of experiment algorithm routine checking also differ, specific acquisition instructions and target data are herein not Limit.
203rd, when collecting the target data of preset quantity, whether algorithm routine is tested according to target data preliminary identification It is feasible;
After control system collects sufficient amount of target data by multiple virtual laboratories, control system can be with Run specific parser to analyze target data, control system and/or developer can be with according at the beginning of analysis results Whether step judgment experiment algorithm routine has reached the effect desired by the algorithm, and the feasible of algorithm routine is tested with this preliminary identification Property, if preliminary judgment experiment algorithm routine is feasible, step 204 is performed, if preliminary judgment experiment algorithm routine is infeasible, Then developer can reset new data acquisition instructions according to the experiment algorithm routine after modification or optimization, and follow again Ring performs step 201 to 203 pairs of amended experiment algorithm routines and re-starts preliminary identification, is developed until developer Untill algorithm routine is tested after optimization by preliminary identification.
Specific parser can include but is not limited to SVM algorithm, CART algorithms, Naive Bayes naive Bayesians Sorting algorithm etc., is not limited specifically herein.
204th, when primarily determining that experiment algorithm routine is feasible, multiple virtual laboratories are arrived into experiment algorithm routine renewal;
205th, virtual laboratory is in user terminal running experiment algorithm routine, and to control system pump back test algorithm routine Operational factor;
After primarily determining that experiment algorithm routine is feasible, control system arrives experiment algorithm routine renewal multiple virtual In laboratory, the virtual laboratory can run the experiment algorithm routine used in user terminal, and checking should in truly production scene Algorithm routine is tested, the operational factor of the program can be recorded in the process of running, and related operation is fed back to control system Parameter.
206th, it is whether feasible according to operational factor confirmatory experiment algorithm routine;
Control system and/or developer can assess experiment algorithm with the operational factor fed back according to multiple virtual laboratories Feasibility of the program in true production circumstances, if judgment experiment algorithm routine is feasible, step 207 is performed, if judging real When checking method program is infeasible, developer can reset new data according to the experiment algorithm routine after modification or optimization Acquisition instructions, and the experiment algorithm routine that circulation is performed after step 201 to 206 pairs of modifications or optimization again re-starts checking, Untill the experiment algorithm routine after developer optimizes is by corresponding checking.
207th, when final determination experiment algorithm routine is feasible, network peace of the algorithm routine renewal to user terminal will be tested In full product;
When developer and/or control system finally determine that the experiment algorithm routine is feasible, control system or virtual real Testing room can be by experiment algorithm routine renewal into the network security product of user terminal, to protect the network security of user.
208th, the state of virtual laboratory is monitored.
Optionally, control system can periodically or in real time monitor according to the mandate of user and be distributed in different use The state of the virtual laboratory of family terminal, to determine to participate in the virtual laboratory of experiment, control system can not have to not Available virtual laboratory sends data, saves Internet resources.
In the present embodiment, when developer develop for some cyberspace vulnerability preliminary experiment algorithm routine or When person needs substantial amounts of user data to be verified or referred to when algorithm routine is tested in exploitation, it can be distinguished by control system Data acquisition instructions are sent to the multiple virtual laboratories for being distributed in different user terminals, are covered using being developed based on Intel DPDK The data forwarding plane acquisition user data that part is realized, can pass through multiple virtual laboratory Quick Acquisitions to enough targets Data, the time needed for data acquisition is saved, has shortened proving period, in the situation that the business of guarantee user is normally carried out Under, virtual laboratory is to the user data that collects mirror image on demand, to gather sufficient amount of target data to testing algorithm journey Sequence carries out preliminary identification, and will be updated by the experiment algorithm routine of preliminary identification into virtual laboratory in the true of user terminal Verified in production scene of growing directly from seeds, it is infeasible or finally verify infeasible experiment algorithm routine, exploit person for preliminary identification Member can reset acquisition instructions, to test the support that the optimization of algorithm routine provides user data, repeat data and adopt Collection and the process of checking, the experiment algorithm routine of demand are met until developing, can passes through virtual after being verified Laboratory or control system will test algorithm routine renewal into network security product, with the network security of persistence maintenance user.
Referring to Fig. 3, the control system in above-described embodiment will be described in detail below, one in the embodiment of the present invention One embodiment of kind control system may include:
Data acquisition module 301, data analysis module 302, update module 303, wherein,
Update module 303 is used to send experiment algorithm journey to the multiple virtual laboratories for being distributed in different user terminals respectively Sequence;
Data acquisition module 301 is used for the operational factor for the experiment algorithm routine for receiving virtual laboratory feedback;
Data analysis module 302, for being analyzed operational factor with the feasibility of confirmatory experiment algorithm routine.
Referring to Fig. 4, on the basis of the embodiment shown in Fig. 3, further, in the present embodiment, data acquisition module 301 are additionally operable to send data acquisition instructions to the multiple virtual laboratories for being distributed in different user terminals respectively, and receive virtual The target data of laboratory feedback;
Data analysis module 302 is additionally operable to when collecting the target data more than preset quantity, according at the beginning of target data Step confirms the feasibility of checking method program.
Optionally, in the present embodiment, the control system can also include:
Monitoring module 304, for monitoring the state of virtual laboratory, to determine available virtual laboratory.
In practice, control system can monitor periodically or in real time and be distributed in not according to the mandate of user With the state of the virtual laboratory of user terminal, to determine that the virtual laboratory of experiment can be participated in, control system can not have to Data are sent to disabled virtual laboratory, save Internet resources.
The embodiment of the present invention additionally provides a kind of experiment node for being deployed in user terminal, referring to Fig. 5, the present invention is implemented A kind of one embodiment for testing node may include in example:
Virtual laboratory 501, network security product 502, wherein,
Network security product 502 is used to customer flow is cleaned and detected, to protect the safety of user network;
Virtual laboratory 501 is used in user terminal running experiment algorithm routine, and to control system pump back test algorithm The operational factor of program, when final determination experiment algorithm routine is feasible, algorithm routine renewal will be tested to the net of user terminal In network safety product.
Preferably, the network security product in the present embodiment, including WAF classes safety product, IPS classes safety product, APT classes One or more in safety product, UTM class safety products.
Referring to Fig. 6, on the basis of the embodiment shown in Fig. 5, also include in the present embodiment:
Data forwarding plane 503, for gathering user data, data forwarding plane is opened based on Intel DPDK datum planes Hair net part is realized;
Virtual laboratory 501 is additionally operable to receive the data acquisition instructions that control system is sent;
Virtual laboratory 501 gathers from user data target data according to data acquisition instructions and passes to control system System.
In practice, it is preferred that container virtual technology, such as Docker container techniques can be used, by virtual experimental Room and network security product containerization so that virtual laboratory and network security product is mutually isolated is independent of each other, virtual real Testing between room container and network security product container can use the data forwarding realized based on Intel DPDK development kits to put down Face 503 gathers user data, and the data forwarding plane 503 can realize the network functions such as route, bridge, mirror image, is responsible for access Customer network, customer traffic is forwarded, data processing performance and handling capacity can be improved using the technology, put down by the data forwarding Face 503 gathers the user data such as data on flows, the journal file of user terminal in user terminal and/or network security product, In the user data that virtual laboratory 501 collects from the data forwarding plane 503, according to five-tuple, mirror image, is filtered out on demand Target data corresponding to data acquisition instructions, it is ensured that experimentation does not influence the business of user.
Embodiment with reference to shown in Fig. 3 to Fig. 6, refers to Fig. 7 and Fig. 8, and the embodiment of the present invention additionally provides a kind of renewal The system of network security product, by network by shown in the control system in the embodiment shown in Fig. 3 or Fig. 4 and Fig. 5 or Fig. 6 Embodiment in experiment node connect.
By container virtualization technology, such as Docker container techniques in the present embodiment, a use is built in user terminal In checking safety detection and the virtual laboratory container of defence algorithm;Between multiple containers by DPDK high-performance network data bags at Manage frame lifter performance and do Network Isolation;The virtual laboratory container of all user terminals is combined by the control system on cloud The laboratory bigger into one.Controlled by control system and update virtual experimental container, can believed with quickly collecting client Cease, verify new safety detection and defence algorithm routine.Because the checking done using the true environment of client, can be significantly Shorten the proving period of algorithm, can be with quickly renewal into network security product after algorithm routine obtains fully checking Go, reach the purpose of quick renewal network security product security capabilities.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description, The specific work process of device and unit, the corresponding process in preceding method embodiment is may be referred to, will not be repeated here.
In several embodiments provided herein, it should be understood that disclosed system, apparatus and method can be with Realize by another way.For example, device embodiment described above is only schematical, for example, the unit Division, only a kind of division of logic function, can there is other dividing mode, such as multiple units or component when actually realizing Another system can be combined or be desirably integrated into, or some features can be ignored, or do not perform.It is another, it is shown or The mutual coupling discussed or direct-coupling or communication connection can be the indirect couplings by some interfaces, device or unit Close or communicate to connect, can be electrical, mechanical or other forms.
The unit illustrated as separating component can be or may not be physically separate, show as unit The part shown can be or may not be physical location, you can with positioned at a place, or can also be distributed to multiple On NE.Some or all of unit therein can be selected to realize the mesh of this embodiment scheme according to the actual needs 's.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, can also That unit is individually physically present, can also two or more units it is integrated in a unit.Above-mentioned integrated list Member can both be realized in the form of hardware, can also be realized in the form of SFU software functional unit.
If the integrated unit is realized in the form of SFU software functional unit and is used as independent production marketing or use When, it can be stored in a computer read/write memory medium.Based on such understanding, technical scheme is substantially The part to be contributed in other words to prior art or all or part of the technical scheme can be in the form of software products Embody, the computer software product is stored in a storage medium, including some instructions are causing a computer Equipment (can be personal computer, server, or network equipment etc.) performs the complete of each embodiment methods described of the present invention Portion or part steps.And foregoing storage medium includes:USB flash disk, mobile hard disk, read-only storage (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic disc or CD etc. are various can store journey The medium of sequence code.
Described above, the above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although with reference to before Embodiment is stated the present invention is described in detail, it will be understood by those within the art that:It still can be to preceding State the technical scheme described in each embodiment to modify, or equivalent substitution is carried out to which part technical characteristic;And these Modification is replaced, and the essence of appropriate technical solution is departed from the spirit and scope of various embodiments of the present invention technical scheme.

Claims (13)

  1. A kind of 1. method for updating network security product, it is characterised in that comprise the following steps:
    Control system sends experiment algorithm routine to the multiple virtual laboratories for being distributed in different user terminals respectively;
    The virtual laboratory runs the experiment algorithm routine in user terminal, and feeds back the experiment to the control system The operational factor of algorithm routine;
    The control system is according to the operational factor checking feasibility for testing algorithm routine;
    When finally determining that the experiment algorithm routine is feasible, the experiment algorithm routine renewal is arrived institute by the virtual laboratory In the network security product for stating user terminal.
  2. 2. according to the method for claim 1, it is characterised in that whole to different user is distributed in respectively in the control system Before multiple virtual laboratories at end send experiment algorithm routine, also comprise the following steps:
    Step 1, control system send data acquisition instructions to the multiple virtual laboratories for being distributed in different user terminals respectively;
    Step 2, the virtual laboratory gather target data according to the data acquisition instructions, and pass to the control system System;
    Step 3, when collecting the target data more than preset quantity, tested and calculated according to the target data preliminary identification The feasibility of method program, when primarily determining that the experiment algorithm routine is feasible, perform the control system and calculate the experiment The step of multiple virtual laboratories are arrived in the renewal of method program.
  3. 3. according to the method for claim 2, it is characterised in that the virtual laboratory is adopted according to the data acquisition instructions Collect target data, including:
    The virtual laboratory is based on Intel DPDK by data forwarding plane acquisition user data, the data forwarding plane Development kit is realized;
    The virtual laboratory extracts the target data corresponding to the data acquisition instructions from the user data.
  4. 4. according to the method for claim 3, it is characterised in that when it is determined that the experiment algorithm routine is infeasible, exploitation After personnel optimize to the experiment algorithm routine, methods described also includes:
    The control system reacquires new data acquisition instructions, and the new data acquisition instructions are that developer is checking What the Optimal Experimental algorithm routine after optimization was set;
    Step 1 as claimed in claim 2 is repeated to step 3, the feasibility of the Optimal Experimental algorithm routine is carried out tentatively Checking.
  5. 5. method according to any one of claim 1 to 4, it is characterised in that the virtual laboratory is use Docker container techniques are deployed in the application program of user terminal.
  6. 6. method according to any one of claim 1 to 4, it is characterised in that also include:
    Control system monitors the state of virtual laboratory, to determine available virtual laboratory.
  7. A kind of 7. control system, it is characterised in that including:
    Update module, data acquisition module, data analysis module, wherein,
    The update module is used to send experiment algorithm routine to the multiple virtual laboratories for being distributed in different user terminals respectively;
    The data acquisition module is used for the operational factor for receiving the experiment algorithm routine of the virtual laboratory feedback;
    The data analysis module, for being analyzed the operational factor with the feasibility of confirmatory experiment algorithm routine.
  8. 8. system according to claim 7, it is characterised in that
    The data acquisition module is additionally operable to adopt to the multiple virtual laboratories transmission data for being distributed in different user terminals respectively Collection instruction, and receive the target data of the virtual laboratory feedback;
    The data analysis module is additionally operable to when collecting the target data more than preset quantity, according to the number of targets According to the feasibility of preliminary identification experiment algorithm routine.
  9. 9. the system according to claim 7 or 8, it is characterised in that also include:
    Monitoring module, for monitoring the state of virtual laboratory, to determine available virtual laboratory.
  10. 10. one kind experiment node, is deployed in user terminal, it is characterised in that including:
    Virtual laboratory, network security product, wherein,
    The network security product is used to customer flow is cleaned and detected, to protect the safety of user network;
    The virtual laboratory is used in user terminal running experiment algorithm routine, and feeds back the experiment algorithm to control system The operational factor of program, when finally determining that the experiment algorithm routine is feasible, by the experiment algorithm routine renewal described in In the network security product of user terminal.
  11. 11. experiment node according to claim 10, it is characterised in that be also used to gather user including data forwarding plane Data, the data forwarding plane are realized based on Intel DPDK datum planes development kit;
    The virtual laboratory is additionally operable to receive the data acquisition instructions that control system is sent;
    The virtual laboratory gathers from the user data target data according to the data acquisition instructions and passes to institute State control system.
  12. 12. the experiment node according to claim 10 or 11, it is characterised in that the virtual laboratory is using Docker Container technique is deployed in the application program of user terminal.
  13. 13. a kind of system for updating network security product, it is characterised in that including as any one of claim 7 to 9 Control system and the experiment node as any one of claim 10 to 12.
CN201710581279.0A 2017-07-17 2017-07-17 A kind of method for updating network security product, experiment node and related system Pending CN107395586A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710581279.0A CN107395586A (en) 2017-07-17 2017-07-17 A kind of method for updating network security product, experiment node and related system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710581279.0A CN107395586A (en) 2017-07-17 2017-07-17 A kind of method for updating network security product, experiment node and related system

Publications (1)

Publication Number Publication Date
CN107395586A true CN107395586A (en) 2017-11-24

Family

ID=60340723

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710581279.0A Pending CN107395586A (en) 2017-07-17 2017-07-17 A kind of method for updating network security product, experiment node and related system

Country Status (1)

Country Link
CN (1) CN107395586A (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101521899A (en) * 2009-03-31 2009-09-02 大连海事大学 System and method for on-computer test of mobile applications
US20110225217A1 (en) * 2010-03-15 2011-09-15 Salesforce.Com, Inc. System, method and computer program product for deploying an update between environments of a multi-tenant on-demand database system
CN102567198A (en) * 2010-12-30 2012-07-11 ***通信集团公司 System and method for testing application program in physical system environment
CN103377120A (en) * 2012-04-24 2013-10-30 深圳市财付通科技有限公司 Test method and device for application programs

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101521899A (en) * 2009-03-31 2009-09-02 大连海事大学 System and method for on-computer test of mobile applications
US20110225217A1 (en) * 2010-03-15 2011-09-15 Salesforce.Com, Inc. System, method and computer program product for deploying an update between environments of a multi-tenant on-demand database system
CN102567198A (en) * 2010-12-30 2012-07-11 ***通信集团公司 System and method for testing application program in physical system environment
CN103377120A (en) * 2012-04-24 2013-10-30 深圳市财付通科技有限公司 Test method and device for application programs

Similar Documents

Publication Publication Date Title
CN105206114B (en) Fly control, license, security maintenance method and apparatus, server, aircraft
CN105022960B (en) Multiple features mobile terminal from malicious software detecting method and system based on network traffics
CN107211011A (en) System and method for Malicious Code Detection
CN105100092B (en) Client is controlled to access detection method, the device and system of network
CN106708700B (en) A kind of O&M monitoring method and device applied to server-side
CN106295348A (en) The leak detection method of application program and device
CN110198303A (en) Threaten the generation method and device, storage medium, electronic device of information
CN109615015A (en) A kind of data preprocessing method based on block chain intelligence contract and machine learning
CN110399720A (en) A kind of method and relevant apparatus of file detection
CN110188538A (en) Using the method and device of sandbox cluster detection data
CN107545178A (en) The detection method and cloud application detection means of a kind of cloud application
CN107229497A (en) Server test method and server test device
CN109992969A (en) A kind of malicious file detection method, device and detection platform
CN106067879B (en) The detection method and device of information
CN107231360A (en) Network virus protection method, safe wireless router and system based on cloud network
CN110457903A (en) A kind of virus analysis method, apparatus, equipment and medium
CN107395586A (en) A kind of method for updating network security product, experiment node and related system
CN109460930A (en) A kind of method and relevant device of determining adventure account
CN106571971A (en) Empty shell website detection method, device and system
CN115348117B (en) User level unauthorized behavior determination method and device
CN108205496A (en) For the verification process of cloud platform
CN110401626B (en) Hacker attack grading detection method and device
CN109727674A (en) A kind of deciphering method and device of genetic test report
CN115525897A (en) System detection method and device for terminal equipment, electronic device and storage medium
US20210377313A1 (en) Threat Mitigation System and Method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20171124

RJ01 Rejection of invention patent application after publication