CN101835144A

Movatterモバイル変換

Info

Publication number: CN101835144A
Application number: CN201010181872A
Authority: CN
Inventors: 赵宝华; 刘振华; 周颢; 章志燮; 李培龙
Original assignee: University of Science and Technology of China USTC
Current assignee: University of Science and Technology of China USTC
Priority date: 2010-05-25
Filing date: 2010-05-25
Publication date: 2010-09-15

Abstract

The embodiment of the invention provides a method and a device for carrying out safety detection on a wireless network. The method mainly comprises the following steps of: setting an active attack script for safety detection; generating a test message according to the active attack script; transmitting the test message in the wireless network; receiving a response message transmitted after a test terminal in the wireless network processes the test message, and calculating and analyzing the response message to obtain a statistical result and an analyzing result of the response message; and carrying out comprehensive analysis on the active attack script according to the statistical result and the analyzing result to obtain a safety detection result of the wireless network. The embodiment of the invention carries out active attack on the wireless network by utilizing the test message to detect a safety flaw probably existing in the wireless network, comprehensively and effectively carries out safety analysis on the wireless network to provide comprehensive analysis evaluating data for the safety guide of the wireless network, and can improve the safety of the wireless network to a great extent.

Description

Wireless network is carried out the method and apparatus of safety detection

Technical field

The present invention relates to wireless communication technology field, relate in particular to a kind of method and apparatus that wireless network is carried out safety detection.

Background technology

WLAN (Wireless local area network, WLAN (wireless local area network)) is the product that computer network and wireless communication technology combine, WLAN utilizes RF (Radio Frequency, radio frequency) technology is carried out transfer of data, avoided of the constraint of cable network cable to the user, make the user can be at any time, access network everywhere, thereby can utilize Internet resources easily.

Along with WLAN (wireless local area network) use increasingly extensive, its safety problem also more and more is subjected to people's attention.For cable network, to specific destination, under the situation that physical link is destroyed, just might reveal usually by data by cable transmission for data.And in WLAN (wireless local area network), data are aloft to propagate, as long as in the scope that WAP (wireless access point) covers, terminal can receive wireless signal, and WAP (wireless access point) can not be directed to signal a specific receiving equipment.The publicity of transmission medium has brought WLAN easier to be under attack in this WLAN (wireless local area network), so the safety problem of WLAN (wireless local area network) seems particularly outstanding.

In order to guarantee secure communication, worked out corresponding safety standard in the WLAN (wireless local area network), but the safety standard of working out in the WLAN (wireless local area network) also can not guarantee the fail safe of WLAN (wireless local area network) fully, has multiple safety problem.

A kind of method that WLAN is carried out safety detection of the prior art is: utilize the catching of message, decoding and specific character string filtering function to find WAP (wireless access point) and client among the WLAN, message to described WAP (wireless access point) and client carries out multianalysis, thereby detect and orient the malice access point, reach the purpose of the fail safe that detects WLAN.

In realizing process of the present invention, the inventor finds of the prior artly WLAN to be carried out the method for safety detection there are the following problems at least: although can detect and orient malice access point among the WLAN, but this scheme is primarily aimed at WLAN carries out the passive security detection, can not carry out safety detection to WLAN all sidedly.

Summary of the invention

Embodiments of the invention provide a kind of wireless network have been carried out the method and apparatus of safety detection, to realize that wireless network is carried out safety detection initiatively.

A kind of wireless network is carried out the device of safety detection, comprising:

Management control module is used to be provided for the active attack script of safety detection, and the management control command of carrying described active attack script is handed down to analysis and processing module;

Analysis and processing module is used for being provided with according to described management control command the value of each special domain of test packet, generates corresponding test packet, and described test packet is sent to the packet sending and receiving processing module;

The packet sending and receiving processing module is used for described test packet is sent to wireless network, and the test terminal in the reception wireless network generates response message after described test packet is handled, and described response message is sent to analysis and processing module;

Described analysis and processing module also is used for the statistics and the parsing of described response message, obtains the statistics and the analysis result of response message, and described statistics and analysis result are sent to management control module;

Described management control module also is used for statistics and analysis result according to described message, and described active attack script carries out analysis-by-synthesis, obtains the safety detection result of described wireless network.

A kind of wireless network is carried out the method for safety detection, comprising:

Be provided for the active attack script of safety detection, generate test packet, described test packet is sent in the wireless network according to described active attack script;

The response message that the back sends is handled to described test packet in the test terminal that receives in the wireless network, and described response message is added up and resolved, and obtains the statistics and the analysis result of response message;

According to described statistics and analysis result, and described active attack script carries out analysis-by-synthesis, obtains the safety detection result of described wireless network.

The technical scheme that is provided by the embodiment of the invention described above as can be seen, the embodiment of the invention utilizes test packet that wireless network is carried out active attack, the security breaches that may exist with the detection wireless network, comprehensively and effectively to wireless network safety analysis, and then provide comprehensive analysis evaluation and test data, the fail safe that can improve wireless network largely for the safely instruction of wireless network.

Description of drawings

In order to be illustrated more clearly in the technical scheme of the embodiment of the invention, the accompanying drawing of required use is done to introduce simply in will describing embodiment below, apparently, accompanying drawing in describing below only is some embodiments of the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain other accompanying drawing according to these accompanying drawings.

A kind of structure chart that wireless network is carried out the device of safety detection initiatively that Fig. 1 provides for the embodiment of the invention one;

A kind of process chart that wireless network is carried out the method for safety detection initiatively that Fig. 2 provides for the embodiment of the invention two.

Embodiment

In the embodiment of the invention, be provided for the active attack script of safety detection, generate test packet, described test packet is sent in the wireless network according to described active attack script.The response message that the back sends is handled to described test packet in the test terminal that receives in the wireless network, described response message is added up and resolved, obtain the statistics and the analysis result of response message, according to described statistics and analysis result, and described active attack script carries out analysis-by-synthesis, obtains the safety detection result of described wireless network.

For ease of understanding, be that example is further explained explanation below in conjunction with accompanying drawing with several specific embodiments, and each embodiment does not constitute the qualification to the embodiment of the invention to the embodiment of the invention.

Embodiment one

This embodiment provides a kind of wireless network has been carried out the device of safety detection initiatively, and this device can be the main controlled node in the wireless network.This device generates test packet by the active attack script that sets in advance, and utilizes test packet that wireless network is carried out active attack, obtains the safety detection result of wireless network.

The structure of the above-mentioned device that wireless network is carried out safety detection initiatively comprises following module: management control module 11, rule parsing module 12, analysis and processing module 13 and packet sending and receiving processing module 14 as shown in Figure 1.

Management control module 11 is used to be provided for the active attack script of safety detection, and the management control command of carrying described active attack script is handed down to the rule parsing module, and analysis and processing module is carried out the control corresponding bookkeeping.The statistics and the analysis result of the response message that sends according to analysis and processing module, and the test result of active attack carries out analysis-by-synthesis, obtains the safety detection result of described wireless network.

Rule parsing module 12, be used for the management control command that the receiving management control module sends, the call instruction resolver is resolved described management control command, and the mapping ruler according to analysis result generation message sends to analysis and processing module and management control module with this mapping ruler.

Analysis and processing module 13 is used for being provided with according to described mapping ruler the value of each special domain of test packet, constructs corresponding test packet, and described test packet is sent to the packet sending and receiving processing module.The response message that described packet sending and receiving processing module is sent carries out preliminary treatment, statistics and parsing, obtains the statistics and the analysis result of response message, and described statistics and analysis result are sent to management control module;

Packet sending and receiving processing module 14 is used for described test packet is sent to wireless network, and the response message that the back sends is handled to described test packet in the test terminal that receives in the wireless network, and described response message is sent to analysis and processing module.

Described management control module 11 specifically comprises:

The management control command issues module 111, be used for the active attack script that topological structure and network state according to wireless network are provided for safety detection, the management control command of carrying described active attack script is handed down to described rule parsing module and analysis and processing module;

Safety detection result acquisition module 112 is used for statistics and analysis result according to the message of described analysis and processing module transmission, and described active attack script and mapping ruler, carries out analysis-by-synthesis, evaluation, obtains the safety detection result of wireless network.

Described analysis and processing module 13 specifically comprises:

Test packet generation module 131 is used for being provided with according to the mapping ruler that described rule parsing module sends the value of each special domain of test packet, constructs corresponding test packet, and described test packet is sent to the packet sending and receiving processing module;

Response message processing module 132, be used for the response message that receives is filtered and buffer memory, response message to described buffer memory is added up according to speed, protocol type, type of message, obtain the statistics of response message, according to described mapping ruler the response message of buffer memory is resolved, read the value of each special domain in the response message, obtain the analysis result of response message, the statistics and the analysis result of described response message sent to management control module.

Wireless network analysis module 133, be used for the message of the wireless network that receives is analyzed, set up the topological structure and the network state of wireless network according to analysis result, the topological structure and the network state of this wireless network sent to described management control module.

Embodiment two

Shown in Figure 1 wireless network is carried out the device of safety detection initiatively based on above-mentioned, the handling process of a kind of method of wireless network being carried out safety detection initiatively that this embodiment provides comprises following treatment step as shown in Figure 2:

The management control command thatstep 21, management control module will carry active attack script is handed down to the rule parsing module.

After the above-mentioned device that wireless network is carried out safety detection initiatively starts, the packet sending and receiving processing module in the said apparatus will be caught the message in the interior wireless network of certain limit, and the message of catching is sent to analysis and processing module.Analysis and processing module is analyzed the message that receives, set up the topological structure and the network state of wireless network according to analysis result, the topological structure of this wireless network and network state are sent to management control module in the device, and management control module carries out simple internet security assessment according to the topological structure and the network state of the wireless network that receives to wireless network.

Then, above-mentioned management control module is according to the topological structure and the network state of existing wireless network, and the internet security assessment result is provided for the active attack script of safety detection, and the management control command of carrying above-mentioned active attack script is handed down to rule parsing module in the said apparatus.

Step 22, rule parsing module generate corresponding test packet according to the management control command that receives, and by the packet sending and receiving processing module above-mentioned test packet are sent in the wireless network.

Above-mentioned rule parsing module invokes command analysis device is resolved above-mentioned management control command, and the mapping ruler according to the generation of the active attack script in above-mentioned management control command message sends to analysis and processing module and management control module with this mapping ruler.

The mapping ruler that analysis and processing module sends according to above-mentioned rule parsing module is provided with the value of each special domain of test packet, constructs corresponding test packet.Then, by the packet sending and receiving processing module in the said apparatus above-mentioned test packet is sent in the wireless network.

Step 23, packet sending and receiving processing module are carried out preliminary treatment, statistics and parsing to the response message that receives, and the statistics and the analysis result of the response message that obtains sent to management control module.

The test packet that packet sending and receiving processing module in the said apparatus sends is received by the test terminal in the wireless network, and above-mentioned test terminal sends to response message in the wireless network again after test packet is handled accordingly.

Packet sending and receiving processing module in the said apparatus is caught the message in the interior wireless network of certain limit once more, and the response message that the above-mentioned test terminal that captures is sent sends to analysis and processing module.

Above-mentioned analysis and processing module is carried out preliminary treatment to the response message that receives, and this preliminary treatment mainly comprises: according to the filtering rule that sets in advance the response message that receives is filtered, the response message that obtains after filtering is carried out buffer memory.

Above-mentioned analysis and processing module is added up according to different types such as speed, protocol type, type of messages the response message of above-mentioned buffer memory, obtains the statistics of response message.Above-mentioned analysis and processing module is also resolved the response message of buffer memory according to above-mentioned mapping ruler, reads the value of each special domain in the response message, obtains the analysis result of response message.Above-mentioned analysis and processing module sends to management control module with the statistics and the analysis result of above-mentioned response message.

Step 24, management control module are according to the statistics and the analysis result of above-mentioned message, and above-mentioned active attack script and mapping ruler, obtain the safety detection result of wireless network.

Management control module is according to the statistics and the analysis result of the message of above-mentioned analysis and processing module transmission, and the test result of above-mentioned active attack script and mapping ruler, active attack, carry out analysis-by-synthesis, evaluation, obtain the safety detection result of wireless network.

Testing process among the above-mentioned steps 21-24 can be carried out repeatedly, obtains a plurality of safety detection result of above-mentioned wireless network.At last, a plurality of safety detection result of management control module analysis-by-synthesis wireless network are obtained the final safety detection result of wireless network.

The described method and apparatus that wireless network is carried out safety detection initiatively of the invention described above embodiment goes for wireless networks such as WLAN.

One of ordinary skill in the art will appreciate that all or part of flow process that realizes in the foregoing description method, be to instruct relevant hardware to finish by computer program, described program can be stored in the computer read/write memory medium, this program can comprise the flow process as the embodiment of above-mentioned each side method when carrying out.Wherein, described storage medium can be magnetic disc, CD, read-only storage memory body (Read-Only Memory, ROM) or at random store memory body (Random AccessMemory, RAM) etc.

In sum, the embodiment of the invention has proposed a kind of method and apparatus that more fully wireless networks such as WLAN is carried out safety detection initiatively at the deficiency of existing wireless LAN safety analytic product.The embodiment of the invention is carried out active attack by utilizing test packet to wireless network, the security breaches that may exist with the detection wireless network, can be fully and effectively to wireless network safety analysis, and then provide comprehensive analysis evaluation and test data, the fail safe that can improve wireless network largely for the safely instruction of wireless network.

The embodiment of the invention can adapt to multiple Radio Link, supports active safety analysis and passive security analytic function simultaneously, and supports the Wi-Fi protocol suite, is with good expansibility, and can implement the analysis strategy of user's design.

The above; only for the preferable embodiment of the present invention, but protection scope of the present invention is not limited thereto, and anyly is familiar with those skilled in the art in the technical scope that the present invention discloses; the variation that can expect easily or replacement all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection range of claim.

Claims

Translated fromChinese

1.一种对无线网络进行安全检测的装置，其特征在于，包括：1. A device for performing security detection on a wireless network, comprising:

管理控制模块，用于设置用于安全检测的主动攻击脚本，将携带所述主动攻击脚本的管理控制命令下发给分析处理模块；The management control module is used to set the active attack script used for security detection, and sends the management control command carrying the active attack script to the analysis and processing module;

分析处理模块，用于根据所述管理控制命令设置测试报文的各个特定域的值，生成相应的测试报文，将所述测试报文发送给报文收发处理模块；The analysis processing module is used to set the value of each specific field of the test message according to the management control command, generate a corresponding test message, and send the test message to the message sending and receiving processing module;

报文收发处理模块，用于将所述测试报文发送到无线网络中，接收无线网络中的测试终端对所述测试报文进行处理之后生成并发送的响应报文，并将所述响应报文发送给分析处理模块；A message sending and receiving processing module, configured to send the test message to the wireless network, receive a response message generated and sent by the test terminal in the wireless network after processing the test message, and send the response message The text is sent to the analysis and processing module;

所述的分析处理模块，还用于所述响应报文的统计和解析，获取响应报文的统计结果和解析结果，将所述统计结果和解析结果发送给管理控制模块；The analysis and processing module is also used for statistics and analysis of the response message, obtaining the statistical result and analysis result of the response message, and sending the statistical result and analysis result to the management control module;

所述的管理控制模块，还用于根据所述报文的统计结果和分析结果，以及所述主动攻击脚本进行综合分析，获取所述无线网络的安全检测结果。The management control module is further configured to perform comprehensive analysis according to the statistics and analysis results of the message and the active attack script, and obtain the security detection result of the wireless network.

2.根据权利要求1所述的对无线网络进行安全检测的装置，其特征在于，所述的装置还包括：2. The device for performing security detection on a wireless network according to claim 1, wherein the device further comprises:

规则解析模块，用于接收管理控制模块发送的管理控制命令，调用命令解析器对所述管理控制命令进行解析，根据解析结果生成测试报文的映射规则，将该映射规则发送给分析处理模块和管理控制模块。The rule analysis module is used to receive the management control command sent by the management control module, call the command parser to analyze the management control command, generate a mapping rule for the test message according to the analysis result, and send the mapping rule to the analysis processing module and Management control module.

3.根据权利要求2所述的对无线网络进行安全检测的装置，其特征在于，所述的管理控制模块，具体包括：3. The device for performing security detection on a wireless network according to claim 2, wherein the management control module specifically includes:

管理控制命令下发模块，用于根据无线网络的拓扑结构和网络状态设置安全检测的主动攻击脚本，将携带所述主动攻击脚本的管理控制命令下发给所述规则解析模块和分析处理模块；A management control command issuing module, configured to set an active attack script for security detection according to the topology structure and network status of the wireless network, and issue the management control command carrying the active attack script to the rule analysis module and the analysis processing module;

安全检测结果获取模块，用于根据所述分析处理模块发送的报文的统计结果和分析结果，以及所述主动攻击脚本和映射规则，进行综合分析、评价，获取无线网络的安全检测结果。The security detection result acquisition module is used to perform comprehensive analysis and evaluation according to the statistics and analysis results of the messages sent by the analysis and processing module, as well as the active attack script and mapping rules, and obtain the security detection results of the wireless network.

4.根据权利要求2或3所述的对无线网络进行安全检测的装置，其特征在于，所述的分析处理模块，具体包括：4. The device for performing security detection on a wireless network according to claim 2 or 3, wherein the analysis and processing module specifically includes:

测试报文生成模块，用于根据所述规则解析模块发送的映射规则设置测试报文的各个特定域的值，构造相应的测试报文，将所述测试报文发送给报文收发处理模块；The test message generation module is used to set the value of each specific field of the test message according to the mapping rule sent by the rule analysis module, construct a corresponding test message, and send the test message to the message sending and receiving processing module;

响应报文处理模块，用于对接收到的响应报文进行过滤和缓存，对所述缓存的响应报文按照速率、协议类型、报文类型进行统计，获取响应报文的统计结果，根据所述映射规则对缓存的响应报文进行解析，读取响应报文中的各个特定域的值，获取响应报文的解析结果，将所述响应报文的统计结果和分析结果发送给管理控制模块。The response message processing module is used to filter and cache the received response message, perform statistics on the cached response message according to the rate, protocol type, and message type, and obtain the statistical result of the response message. The above mapping rules analyze the cached response message, read the value of each specific field in the response message, obtain the analysis result of the response message, and send the statistical result and analysis result of the response message to the management control module .

5.根据权利要求4所述的对无线网络进行安全检测的装置，其特征在于，所述的分析处理模块，还包括：5. The device for performing security detection on a wireless network according to claim 4, wherein the analysis and processing module further comprises:

无线网络分析模块，用于对接收到的无线网络中的报文进行分析，根据分析结果建立无线网络的拓扑结构和网络状态，将该无线网络的拓扑结构和网络状态发送给所述管理控制模块。The wireless network analysis module is used to analyze the received message in the wireless network, establish the topology structure and network status of the wireless network according to the analysis results, and send the topology structure and network status of the wireless network to the management control module .

6.一种对无线网络进行安全检测的方法，其特征在于，包括：6. A method for performing security detection on a wireless network, comprising:

设置用于安全检测的主动攻击脚本，根据所述主动攻击脚本生成测试报文，将所述测试报文发送到无线网络中；An active attack script used for security detection is set, a test message is generated according to the active attack script, and the test message is sent to the wireless network;

接收无线网络中的测试终端对所述测试报文进行处理之后生成并发送的响应报文，对所述响应报文进行统计和解析，获取响应报文的统计结果和解析结果；Receiving a response message generated and sent by the test terminal in the wireless network after processing the test message, performing statistics and analysis on the response message, and obtaining statistical results and analysis results of the response message;

根据所述统计结果和分析结果，以及所述主动攻击脚本进行综合分析，获取所述无线网络的安全检测结果。A comprehensive analysis is performed according to the statistical results and analysis results, as well as the active attack script, to obtain a security detection result of the wireless network.

7.根据权利要求6所述的对无线网络进行安全检测的方法，其特征在于，所述的设置用于安全检测的主动攻击脚本，具体包括：7. The method for performing security detection on a wireless network according to claim 6, wherein the active attack script that is set for security detection specifically includes:

对接收到的无线网络中的报文进行分析，根据分析结果建立无线网络的拓扑结构和网络状态，根据无线网络的拓扑结构和网络状态设置用于安全检测的主动攻击脚本，并构造携带所述主动攻击脚本的管理控制命令。Analyze the received message in the wireless network, establish the topology structure and network status of the wireless network according to the analysis results, set the active attack script for security detection according to the topology structure and network status of the wireless network, and construct the Administrative control commands for active attack scripts.

8.根据权利要求7所述的对无线网络进行安全检测的方法，其特征在于，所述的根据所述主动攻击脚本生成测试报文，将所述测试报文发送到无线网络中，具体包括：8. The method for performing security detection on a wireless network according to claim 7, wherein said generating a test message according to said active attack script, and sending said test message to a wireless network, specifically comprising :

通过命令解析器对携带所述主动攻击脚本的管理控制命令进行解析，根据解析结果生成报文的映射规则，根据所述映射规则设置测试报文的各个特定域的值，构造相应的测试报文。Analyzing the management control command carrying the active attack script by the command parser, generating a mapping rule of the message according to the analysis result, setting the value of each specific domain of the test message according to the mapping rule, and constructing a corresponding test message .

9.根据权利要求8所述的对无线网络进行安全检测的方法，其特征在于，所述的对所述响应报文进行统计和解析，获取响应报文的统计结果和解析结果，具体包括：9. The method for performing security detection on a wireless network according to claim 8, wherein said performing statistics and analysis on said response message, and obtaining the statistical result and analysis result of the response message specifically include:

对所述响应报文进行过滤和缓存，对所述缓存的响应报文按照速率、协议类型、报文类型进行统计，获取响应报文的统计结果，根据所述映射规则对缓存的响应报文进行解析，读取响应报文中的各个特定域的值，获取响应报文的解析结果。Filtering and caching the response message, performing statistics on the cached response message according to the rate, protocol type, and message type, obtaining statistical results of the response message, and processing the cached response message according to the mapping rule Perform parsing, read the value of each specific field in the response message, and obtain the analysis result of the response message.

10.根据权利要求8或9所述的对无线网络进行安全检测的方法，其特征在于，所述的根据所述统计结果和分析结果，以及所述主动攻击脚本进行综合分析，获取所述无线网络的安全检测结果，具体包括：10. The method for performing security detection on a wireless network according to claim 8 or 9, wherein said comprehensive analysis is performed according to said statistical results and analysis results, and said active attack script to obtain said wireless network Network security detection results, including:

根据所述统计结果和分析结果，以及所述主动攻击脚本和映射规则，进行综合分析、评价，获取无线网络的安全检测结果；Perform comprehensive analysis and evaluation according to the statistical results and analysis results, as well as the active attack script and mapping rules, and obtain the security detection results of the wireless network;

发送多个所述测试报文，根据接收到的多个响应报文获取所述无线网络的多个安全检测结果，综合分析所述多个安全检测结果，获取无线网络的最终的安全检测结果。Sending a plurality of test messages, obtaining multiple security detection results of the wireless network according to the multiple received response messages, comprehensively analyzing the multiple security detection results, and obtaining the final security detection result of the wireless network.