CN115460297B - Automatic form verification method for network security protocol - Google Patents
Automatic form verification method for network security protocol Download PDFInfo
- Publication number
- CN115460297B CN115460297B CN202211083948.9A CN202211083948A CN115460297B CN 115460297 B CN115460297 B CN 115460297B CN 202211083948 A CN202211083948 A CN 202211083948A CN 115460297 B CN115460297 B CN 115460297B
- Authority
- CN
- China
- Prior art keywords
- path
- proving
- constraint
- selecting
- strategy
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/03—Protocol definition or specification
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N20/00—Machine learning
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/18—Protocol analysers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/02—Protocol performance
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Medical Informatics (AREA)
- Evolutionary Computation (AREA)
- Data Mining & Analysis (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Physics & Mathematics (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Artificial Intelligence (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses an automatic form verification method of a network security protocol, which comprises the following steps: 1. inputting a protocol model; 2. constructing an initial tree; selecting and executing six according to the static strategy path, otherwise executing three; 3. selecting a path according to a static strategy; 4. performing path inspection according to a static strategy; performing path circulation; completely and correctly outputting a verification result; execute five correctly but incompletely; 5. theorem tree merging, namely selecting and executing six according to a static strategy path, and executing three otherwise; 6. selecting a path according to a dynamic strategy; 7. performing path inspection according to the dynamic strategy; training a neural network optimization proof strategy during path circulation and returning to the second step; outputting a verification result when the path is complete and correct; executing eight when the path is correct but incomplete; 8. theorem tree merging: and combining theorem trees, wherein path selection is performed according to a static strategy, and otherwise, the path selection is performed. The invention has the advantages of automation in the whole process, high accuracy and high efficiency.
Description
Technical Field
The invention belongs to the technical field of computer network protocol security analysis, and particularly relates to an automatic form verification method of a network security protocol.
Background
The automatic verification of the network security protocol is an important target of the formalized method, and for the complex large-scale network security protocol, the feasibility of manual verification is smaller, and the computer is required to carry out auxiliary verification. Therefore, an automated analysis of network security protocols becomes necessary.
The formal verification technology is widely applied in the field of security analysis of network security protocols. ProVerif supports verification of unlimited round number protocols based on Prolog rules of the logical programming language in paper B.Blancet.An efficient cryptographic protocol verifier based on Prolog rules published in Proceedings of the 14th IEEE Computer Security Foundations Workshop (CSFW' 14). StatVerif in the paper StatVerif: verification of stateful processes published by Proceedings of the 24th IEEE Computer Security Foundations Symposium,CSF 2011, proVerif is extended to support global states. It is applicable to simple security protocols with less states. Set-pi in the paper Set membership p-calculus published by IEEE 28th Computer Security Foundations Symposium,CSF 2015,Verona, set-membership abstraction is used to represent global state, the tool is ProVerif-based and can automatically verify simple state transition protocols. The Maude-NPA supports an infinite session model in paper Cryptographic Protocol Analysis Modulo Equational Propertie published in Computer Aided Verification-25th International Conference, so that attack and vulnerability search can be realized, and security certification can be realized. Tamarin describes protocol flow based on multiple set rewrite rules in paper The TAMARIN prover for the symbolic analysis of security protocols published in Computer Aided Verification-25th International Conference,CAV 2013, and uses first-order logic to quantify protocol messages and time nodes, thereby realizing description of protocol attributes and supporting verification of protocols with complex control flows.
The above classes of tools, while capable of automated verification of partial protocols, still present a major problem: the verification process is based on static policies, which for certain protocols may prove incapable of being terminated due to state space explosion.
Currently, su Cheng in the doctor paper of the doctor paper, namely, a network protocol form verification technology based on reinforcement learning, proposes a network protocol form verification technology based on reinforcement learning, and solves the problem of state space explosion through a dynamic strategy. However, this technique has two problems: 1) For simple protocols, the reinforcement learning network needs to be trained, and compared with a static strategy, the verification efficiency is lower; 2) The method for judging the incorrect path is based on the text similarity, and has the problems of insufficient accuracy and universality, and the incorrect path judgment can cause that part of protocols cannot complete automatic verification.
In summary, the automatic form verification method of the network security protocol in the prior art can not well solve the automatic verification problem of the network security protocol.
Disclosure of Invention
The technical problem to be solved by the invention is to provide an automatic form verification method of a network security protocol, which comprehensively uses a static strategy and a dynamic strategy without manual intervention, and the whole process is automatically carried out, so that the problem of state space explosion is avoided, the correct verification result is ensured to be obtained in a limited time, and the automation of verification is ensured.
In order to solve the technical problems, the invention adopts the following technical scheme: a method of automated formal verification of a network security protocol, the method comprising the steps of:
step one, inputting a protocol model: inputting a network security protocol formalization model;
step two, constructing an initial tree: constructing a formal verification bottom framework, automatically extracting a proving target in a network security protocol formal model, and constructing an initial theorem tree; judging whether path selection is carried out according to the static strategy, if so, executing the step six, otherwise, executing the step three;
step three, selecting paths according to a static strategy: selecting a proving path according to a preset static strategy;
step four, path inspection is carried out according to a static strategy: judging the integrity and the correctness of the proving path by using a loop detection algorithm; returning to the execution step II when the loop exists in the proving path; when the path is proved to be complete and correct, the network security protocol successfully completes verification, the system is automatically terminated, and a verification result is output; executing the fifth step when the path is proved to be correct but incomplete;
step five, combining theorem trees: according to the current proving path, the information acquisition module is used for further constructing a new theorem subtree, combining the new theorem subtree with the theorem tree of the previous turn, and expanding the theorem tree; after the expansion is finished, judging whether path selection is carried out according to the static strategy, if yes, executing the step six, otherwise, returning to the step three;
step six, selecting paths according to the dynamic strategy: selecting a proving path according to a preset dynamic strategy;
step seven, carrying out path inspection according to a dynamic strategy: judging the integrity and the correctness of the proving path by using a loop detection algorithm; when the circulation exists in the proving path, the protocol verification process can not be stopped, the feedback is given to the proving path neural network, the neural network is trained to optimize the proving strategy, and the second step is executed again; when the path is proved to be complete and correct, the network security protocol successfully completes verification, the system is automatically terminated, and a verification result is output; when the path is proved to be correct but incomplete, executing the step eight;
step eight, combining theorem trees: according to the current proving path, the information acquisition module is used for further constructing a new theorem subtree, combining the new theorem subtree with the theorem tree of the previous turn, and expanding the theorem tree; after the expansion is completed, judging whether path selection is performed according to the static strategy, if yes, executing the step six, otherwise, returning to the step three.
In the above-mentioned automatic form verification method of network security protocol, in the step one, the network security protocol formalization model uses multiple sets of copying rules for representation.
The automatic form verification method of the network security protocol, wherein the preset static policy in the third step comprises any one of the following steps:
firstly, selecting proving path nodes according to the sequence of constraint introduction, and preferentially selecting proving path nodes corresponding to the constraint introduced first;
secondly, selecting proving path nodes according to constraint types, preferentially selecting proving path nodes corresponding to chain type constraints, secondarily selecting proving path nodes corresponding to extraction constraints, selecting proving path nodes corresponding to fact constraints or action constraints again, and finally selecting proving path nodes of relevant constraints of an attacker;
thirdly, preferentially selecting the proving path nodes corresponding to the chain type constraint, secondarily preferentially selecting the proving path nodes corresponding to the extraction constraint, remaining proving path nodes corresponding to the constraint of a plurality of types at the same priority, and selecting according to the order of introducing the constraint.
In the above automatic form verification method of network security protocol, in the sixth step, the preset dynamic policy is a DQN reinforcement learning network, a DDQN reinforcement learning network or a lasting DQN reinforcement learning network, when the selection of the verification path is performed according to the preset dynamic policy, the probability of successful completion of verification of each node of the theorem tree is evaluated according to the DQN reinforcement learning network, the DDQN reinforcement learning network or the lasting DQN reinforcement learning network, and the verification path is automatically selected according to the evaluation result.
The above-mentioned automatic form of network security protocol verifies the method, the said cyclic detection algorithm in step four and step seven is the cyclic detection algorithm based on constraint meaning, the method when adopting this cyclic detection algorithm to judge and prove the integrality and correctness of the route is: removing time point numbers and item numbers in the constraint to obtain a simplified constraint; and bypass special constraints that may exist in different meanings even if the simplified form is the same; when the two constraint simplified forms are the same, judging that the meanings of the two constraints are the same, and the influence on the verification process is similar; when such a constraint occurs a plurality of times in a certain certification path, it is determined that there is a loop in the certification path.
The automatic form verification method of the network security protocol, wherein even if the simplified form is the same, special constraints with different meanings can exist, including attacker related constraints, time point comparison constraints and time point introduction constraints.
In the above-mentioned automatic form verification method of network security protocol, when such constraint occurs in a certain proving path for a plurality of times, it is determined that there is a loop in the proving path, where the plurality of times is more than three times.
Compared with the prior art, the invention has the following advantages:
1. the invention provides a general automatic formal verification scheme aiming at a network security protocol, which comprehensively uses a static strategy and a dynamic strategy, and compared with a protocol formal verification tool using the static strategy, the scheme does not need manual intervention, the whole process is automatically carried out, the state space search is intelligently assisted by adopting a reinforcement learning technology, the state space explosion problem is avoided, the correct verification result is ensured to be obtained in a limited time, and the automation of verification is ensured.
2. Compared with a protocol formal verification tool using a dynamic strategy, the protocol formal verification tool can efficiently verify a simple protocol, can accurately identify an error path, and avoids proof failure caused by error identification as far as possible.
3. The invention uses the cyclic detection algorithm based on constraint meaning, is not fuzzy matching based on similarity, can accurately distinguish the cyclic path and the non-cyclic path, and has good universality for different network security protocols.
4. The invention has better universality for different network security protocols and higher verification efficiency for simple protocols.
5. The invention comprehensively uses dynamic and static strategies, provides three static strategies, can avoid long-time network construction and training when facing to simple protocols, rapidly obtains verification results, guides the verification process through reinforcement learning technology when facing to complex protocols which cannot be verified by the static strategies, finally achieves the effect of completing verification within limited time, does not need manual participation in the whole process, has higher verification efficiency than tools using dynamic strategies, and can save labor cost and time cost.
6. The invention solves the problem that when the existing tool using static strategy faces part of complex protocol, verification can not be completed, and personnel with relevant professional knowledge is required to manually verify; the method solves the problems that when the existing tool for using the dynamic strategy faces a simple protocol, a reinforcement learning network is required to be constructed and a plurality of rounds of training are required to be carried out, the efficiency is not enough, meanwhile, due to the dynamic strategy of using a circular detection algorithm based on text similarity, the condition that verification cannot be completed still occurs when some special protocols are encountered, the use effect is good, and the popularization and the use are convenient.
The technical scheme of the invention is further described in detail through the drawings and the embodiments.
Drawings
FIG. 1 is a schematic block diagram of the method of the present invention;
FIG. 2 is a formal model of an input network security protocol in an embodiment of the invention;
FIG. 3 is a diagram of an theorem tree that may be obtained in step eight according to the embodiment of the present invention;
fig. 4 is a diagram of a correct proof path of output in an embodiment of the present invention.
Detailed Description
As shown in fig. 1, the automatic form verification method of the network security protocol of the present invention comprises the steps of:
step one, inputting a protocol model: inputting a network security protocol formalization model;
in this embodiment, the network security protocol formalized model in step one uses multiple set replication rule representation; the input network security protocol formalization model is shown in fig. 2;
step two, constructing an initial tree: constructing a formal verification bottom framework, automatically extracting a proving target in a network security protocol formal model, and constructing an initial theorem tree; judging whether path selection is carried out according to the static strategy, if so, executing the step six, otherwise, executing the step three;
step three, selecting paths according to a static strategy: selecting a proving path according to a preset static strategy;
in this embodiment, the preset static policy in the third step includes any one of the following:
firstly, selecting proving path nodes according to the sequence of constraint introduction, and preferentially selecting proving path nodes corresponding to the constraint introduced first;
secondly, selecting proving path nodes according to constraint types, preferentially selecting proving path nodes corresponding to chain type constraints, secondarily selecting proving path nodes corresponding to extraction constraints, selecting proving path nodes corresponding to fact constraints or action constraints again, and finally selecting proving path nodes of relevant constraints of an attacker;
thirdly, integrating the first static strategy and the second static strategy, preferentially selecting the proving path nodes corresponding to the chain type constraint, secondarily selecting the proving path nodes corresponding to the extraction constraint, and selecting the proving path nodes corresponding to the constraint of the remaining types according to the order of introducing the constraint, wherein the proving path nodes corresponding to the constraint of the remaining types are in the same priority.
Step four, path inspection is carried out according to a static strategy: judging the integrity and the correctness of the proving path by using a loop detection algorithm; returning to the execution of the second step when the loop (i.e. the incorrect) exists in the proving path; when the path is proved to be complete and correct, the network security protocol successfully completes verification, the system is automatically terminated, and a verification result is output; executing the fifth step when the path is proved to be correct but incomplete;
step five, combining theorem trees: according to the current proving path, the information acquisition module is used for further constructing a new theorem subtree, combining the new theorem subtree with the theorem tree of the previous turn, and expanding the theorem tree; after the expansion is finished, judging whether path selection is carried out according to the static strategy, if yes, executing the step six, otherwise, returning to the step three;
step six, selecting paths according to the dynamic strategy: selecting a proving path according to a preset dynamic strategy;
in this embodiment, the preset dynamic policy in the step six is a DQN reinforcement learning network, a DDQN reinforcement learning network or a lasting DQN reinforcement learning network, and when the selection of the proving path is performed according to the preset dynamic policy in the step six, the probability of successful completion of the verification of each node of the theorem tree is evaluated according to the DQN reinforcement learning network, the DDQN reinforcement learning network or the lasting DQN reinforcement learning network, and the proving path is automatically selected according to the evaluation result.
In particular implementations, the initial selection strategy of the DQN reinforcement learning network, the DDQN reinforcement learning network, or the Dueling DQN reinforcement learning network is random.
Step seven, carrying out path inspection according to a dynamic strategy: judging the integrity and the correctness of the proving path by using a loop detection algorithm; when a loop (i.e. incorrect) exists in the proving path, the protocol verification process may not be terminated, the proving path neural network is given feedback (negative feedback), the neural network is trained to optimize the proving strategy, and the second step is executed again; when the path is proved to be complete and correct, the network security protocol successfully completes verification, the system is automatically terminated, and a verification result is output; when the path is proved to be correct but incomplete, executing the step eight;
step eight, combining theorem trees: according to the current proving path, the information acquisition module is used for further constructing a new theorem subtree, combining the new theorem subtree with the theorem tree of the previous turn, and expanding the theorem tree; after the expansion is completed, judging whether path selection is performed according to the static strategy, if yes, executing the step six, otherwise, returning to the step three.
In this embodiment, the theorem tree diagram possibly obtained in the step eight is shown in fig. 3, and the output correct proof path diagram is shown in fig. 4.
In this embodiment, the loop detection algorithm in the fourth step and the seventh step is a loop detection algorithm based on constraint meaning, and the method for judging the integrity and the correctness of the proving path by adopting the loop detection algorithm is as follows: removing time point numbers and item numbers in the constraint to obtain a simplified constraint; and bypass special constraints that may exist in different meanings even if the simplified form is the same; when the two constraint simplified forms are the same, judging that the meanings of the two constraints are the same, and the influence on the verification process is similar; when such a constraint occurs multiple times in a proving path, it is determined that there is a loop in the proving path (i.e., incorrect).
In this embodiment, the special constraints that may have different meanings even though the simplified forms are the same include an attacker-related constraint, a time point comparison constraint, and a time point introduction constraint.
In this embodiment, when such constraint occurs multiple times in a certain proving path, it is determined that there are loops in the proving path, where multiple times are more than three times.
The invention adopts the constraint meaning-based cycle detection algorithm to judge the integrity and the correctness of the proving path, and compared with the prior art that the text similarity-based cycle detection algorithm is adopted to judge the integrity and the correctness of the proving path, the accuracy is higher.
In specific implementation, the loop detection algorithm program based on constraint meaning is expressed as follows:
input: constraint sequences (t 1, t2, …, tk)
count=0;i=m;j=m;k=m-1
whi le j>0do
match=FALSE
if skip(ti)or k==0then
count=0;j-=1;i=j;k=i-1
continue
else if f(ti)==f(tk)then
match=TRUE
if match==TRUE then
count+=1;i=k;
if count>=δthen
Return FALSE
else
k-=1
Return FALSE
In the program, the function f represents the time point number and the item number in the removed constraint, so that the simplified constraint is obtained; the function skip is used to skip three special constraints, namely an attacker-related constraint, a time point comparison constraint and a time point introduction constraint.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The foregoing descriptions of specific exemplary embodiments of the present invention are presented for purposes of illustration and description. It is not intended to limit the invention to the precise form disclosed, and obviously many modifications and variations are possible in light of the above teaching. The exemplary embodiments were chosen and described in order to explain the specific principles of the invention and its practical application to thereby enable one skilled in the art to make and utilize the invention in various exemplary embodiments and with various modifications as are suited to the particular use contemplated. It is intended that the scope of the invention be defined by the claims and their equivalents.
Claims (6)
1. A method for automatic formal verification of a network security protocol, the method comprising the steps of:
step one, inputting a protocol model: inputting a network security protocol formalization model;
step two, constructing an initial tree: constructing a formal verification bottom framework, automatically extracting a proving target in a network security protocol formal model, and constructing an initial theorem tree; judging whether path selection is carried out according to the static strategy, if so, executing the step six, otherwise, executing the step three;
step three, selecting paths according to a static strategy: selecting a proving path according to a preset static strategy;
the preset static strategy in the third step comprises any one of the following steps:
firstly, selecting proving path nodes according to the sequence of constraint introduction, and preferentially selecting proving path nodes corresponding to the constraint introduced first;
secondly, selecting proving path nodes according to constraint types, preferentially selecting proving path nodes corresponding to chain type constraints, secondarily selecting proving path nodes corresponding to extraction constraints, selecting proving path nodes corresponding to fact constraints or action constraints again, and finally selecting proving path nodes of relevant constraints of an attacker;
thirdly, preferentially selecting the proving path nodes corresponding to the chain type constraint, secondarily preferentially selecting the proving path nodes corresponding to the extraction constraint, and selecting the proving path nodes corresponding to the constraint of a plurality of types according to the order of introducing the constraint, wherein the proving path nodes corresponding to the constraint of a plurality of types are left in the same priority;
step four, path inspection is carried out according to a static strategy: judging the integrity and the correctness of the proving path by using a loop detection algorithm; returning to the execution step II when the loop exists in the proving path; when the path is proved to be complete and correct, the network security protocol successfully completes verification, the system is automatically terminated, and a verification result is output; executing the fifth step when the path is proved to be correct but incomplete;
step five, combining theorem trees: according to the current proving path, the information acquisition module is used for further constructing a new theorem subtree, combining the new theorem subtree with the theorem tree of the previous turn, and expanding the theorem tree; after the expansion is finished, judging whether path selection is carried out according to the static strategy, if yes, executing the step six, otherwise, returning to the step three;
step six, selecting paths according to the dynamic strategy: selecting a proving path according to a preset dynamic strategy;
step seven, carrying out path inspection according to a dynamic strategy: judging the integrity and the correctness of the proving path by using a loop detection algorithm; when the circulation exists in the proving path, the protocol verification process can not be stopped, the feedback is given to the proving path neural network, the neural network is trained to optimize the proving strategy, and the second step is executed again; when the path is proved to be complete and correct, the network security protocol successfully completes verification, the system is automatically terminated, and a verification result is output; when the path is proved to be correct but incomplete, executing the step eight;
step eight, combining theorem trees: according to the current proving path, the information acquisition module is used for further constructing a new theorem subtree, combining the new theorem subtree with the theorem tree of the previous turn, and expanding the theorem tree; after the expansion is completed, judging whether path selection is performed according to the static strategy, if yes, executing the step six, otherwise, returning to the step three.
2. An automated formal verification method of a network security protocol according to claim 1, wherein: in the first step, the network security protocol formalization model is represented by using multiple sets of copying rules.
3. An automated formal verification method of a network security protocol according to claim 1, wherein: and step six, when the preset dynamic strategy is the DQN reinforcement learning network, the DDQN reinforcement learning network or the DuelingDQN reinforcement learning network, and the selection of the proving path is carried out according to the preset dynamic strategy, the probability of successful completion of the verification of each node of the theorem tree is evaluated according to the DQN reinforcement learning network, the DDQN reinforcement learning network or the DuelingDQN reinforcement learning network, and the proving path is automatically selected according to the evaluation result.
4. An automated formal verification method of a network security protocol according to claim 1, wherein: the loop detection algorithm in the fourth step and the seventh step is a loop detection algorithm based on constraint meaning, and the method for judging the integrity and the correctness of the proving path by adopting the loop detection algorithm is as follows: removing time point numbers and item numbers in the constraint to obtain a simplified constraint; and bypass special constraints that may exist in different meanings even if the simplified form is the same; when the two constraint simplified forms are the same, judging that the meanings of the two constraints are the same, and the influence on the verification process is similar; when such a constraint occurs a plurality of times in a certain certification path, it is determined that there is a loop in the certification path.
5. An automated formal verification method of a network security protocol according to claim 4, wherein: the special constraints, which may have different meanings even though the simplified forms are the same, include attacker-related constraints, point-in-time comparison constraints, and point-in-time introduction constraints.
6. An automated formal verification method of a network security protocol according to claim 4, wherein: when such constraint occurs a plurality of times in a certain proving path, it is determined that there are loops in the proving path, wherein the plurality of times is more than three times.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211083948.9A CN115460297B (en) | 2022-09-06 | 2022-09-06 | Automatic form verification method for network security protocol |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211083948.9A CN115460297B (en) | 2022-09-06 | 2022-09-06 | Automatic form verification method for network security protocol |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115460297A CN115460297A (en) | 2022-12-09 |
| CN115460297B true CN115460297B (en) | 2023-06-30 |
Family
ID=84303501
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211083948.9A Active CN115460297B (en) | 2022-09-06 | 2022-09-06 | Automatic form verification method for network security protocol |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115460297B (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6202157B1 (en) * | 1997-12-08 | 2001-03-13 | Entrust Technologies Limited | Computer network security system and method having unilateral enforceable security policy provision |
| AU2013263777A1 (en) * | 2012-12-11 | 2014-06-26 | Capital Normal University | A formal method of verification and performance analysis for highly reliable communication system |
| CN109150833A (en) * | 2018-07-19 | 2019-01-04 | 华东交通大学 | A kind of Secure Protocol Formal Verification Method based on model inspection |
| CN110989997A (en) * | 2019-12-04 | 2020-04-10 | 电子科技大学 | Formal verification method based on theorem verification |
| AU2020101863A4 (en) * | 2020-08-17 | 2020-09-24 | Dr. B. Madhuravani (Professor) | IoT-Based Micropayment Protocol for Wearable Devices with Unique Verification |
| WO2020230137A1 (en) * | 2019-05-16 | 2020-11-19 | B.G. Negev Technologies And Applications Ltd., At Ben-Gurion University | System and method for automated multi-objective policy implementation, using reinforcement learning |
| CN112153030A (en) * | 2020-09-15 | 2020-12-29 | 杭州弈鸽科技有限责任公司 | Internet of things protocol security automatic analysis method and system based on formal verification |
| CN114297063A (en) * | 2021-12-28 | 2022-04-08 | 中国科学技术大学 | Method and system for automated formal modeling and verification of source code |
-
2022
- 2022-09-06 CN CN202211083948.9A patent/CN115460297B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6202157B1 (en) * | 1997-12-08 | 2001-03-13 | Entrust Technologies Limited | Computer network security system and method having unilateral enforceable security policy provision |
| AU2013263777A1 (en) * | 2012-12-11 | 2014-06-26 | Capital Normal University | A formal method of verification and performance analysis for highly reliable communication system |
| CN109150833A (en) * | 2018-07-19 | 2019-01-04 | 华东交通大学 | A kind of Secure Protocol Formal Verification Method based on model inspection |
| WO2020230137A1 (en) * | 2019-05-16 | 2020-11-19 | B.G. Negev Technologies And Applications Ltd., At Ben-Gurion University | System and method for automated multi-objective policy implementation, using reinforcement learning |
| CN110989997A (en) * | 2019-12-04 | 2020-04-10 | 电子科技大学 | Formal verification method based on theorem verification |
| AU2020101863A4 (en) * | 2020-08-17 | 2020-09-24 | Dr. B. Madhuravani (Professor) | IoT-Based Micropayment Protocol for Wearable Devices with Unique Verification |
| CN112153030A (en) * | 2020-09-15 | 2020-12-29 | 杭州弈鸽科技有限责任公司 | Internet of things protocol security automatic analysis method and system based on formal verification |
| CN114297063A (en) * | 2021-12-28 | 2022-04-08 | 中国科学技术大学 | Method and system for automated formal modeling and verification of source code |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115460297A (en) | 2022-12-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Gambini et al. | Automated error correction of business process models | |
| Codish et al. | Twenty-five comparators is optimal when sorting nine inputs (and twenty-nine for ten) | |
| CA3004594C (en) | Cause backtracing method | |
| CN115460297B (en) | Automatic form verification method for network security protocol | |
| CN104750608A (en) | Automatic error locating method based on dynamic symbol operation in procedure | |
| CN112463133B (en) | Coq-based verification method for time sequence safety of robot control system | |
| CN102982282B (en) | The detection system of bug and method | |
| CN116069514B (en) | Deadlock avoidance method for flexible manufacturing system containing unreliable resources | |
| US9178902B1 (en) | System and method for determining enterprise information security level | |
| CN114780967B (en) | Mining evaluation method based on big data vulnerability mining and AI vulnerability mining system | |
| Ghiduk et al. | Reducing the cost of higher-order mutation testing | |
| BELL et al. | Model-based mutation testing using pushdown automata | |
| Katz et al. | Synthesizing solutions to the leader election problem using model checking and genetic programming | |
| CN111221731B (en) | Method for quickly acquiring test cases reaching specified points of program | |
| CN113553246A (en) | System evaluation device for computing platform | |
| CN113918474B (en) | Test case management method and device based on data mode | |
| Van Nho et al. | A solution for improving the effectiveness of higher order mutation testing | |
| CN113553044B (en) | Generation method of time automaton model combining PAC learning theory and active learning | |
| CN111061640B (en) | Software reliability test case screening method and system | |
| CN115185853A (en) | Defect program repairing method and device | |
| Shabaan et al. | Effects of FSM minimization techniques on number of test paths in mobile applications MBT | |
| Lindsay et al. | Incremental Domain Model Acquisition with a Human in the Loop | |
| US20240232058A9 (en) | Method, device, and computer program product for generating test case | |
| US20240134780A1 (en) | Method, device, and computer program product for generating test case | |
| Uzunbayir et al. | Leveraging Genetic Algorithms for Efficient Search-Based Higher Order Mutation Testing |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |