資安技術真實流量實地評比---總計畫

Abstract

資安技術於使用者環境(Beta Site)進行測試以降低「顧客端發現問題(CFD)」的數量，是其產品化上市銷售之前測試流程中重要的一環，現今多樣化的網路環境與複雜化的產品設計使得實驗室測試(Lab Test)愈來愈難模擬出真實世界的網路環境來刺激(Stimulate)出產品的問題，這也讓Beta Site的測試更顯得重要。 此整合型計畫的目標在於提供資安技術一個良好的真實流量測試平台(RealFlow Test Platform)以降低顧客端發現問題的數量及評估誤擋漏擋率(False Positive/False Negative)，其中除了要建置實地測試(Field Test)所需要的Beta Site環境之外，同時也會發展重播測試(Replay Test)所需要的工具如錄製(capture)、重播(replay)、分類(classification)以及萃取(extraction)，我們將真實流量測試平台分為通用(Generic)以及特定(Specific)兩種範疇的發展方案(solutions)，通用方案(Generic solutions)是要提供基礎共通的環境與工具給所有類型的資安技術使用，其著眼點在於廣度，而特定方案(Specific solutions)是要提供給特定的、目前迫切需要的資安技術更完整深入的環境與工具，其著眼點在於深度，而這些特定迫切需要的資安技術包括了網頁應用程式防火牆(WAF)、反惡意軟體(Anti-Malware)、反殭屍網路(Anti-Botnet)、入侵防禦系統(IPS)、點對點應用控制(P2P Control)。 總計畫目標在於建置一個有別於傳統的Beta Site，對於資安技術開發者可以更方便地進行測試與除錯，同時對於網路使用者也能兼顧其網路使用品質，為了滿足產品開發者的需求預計要建置多「類型測試區域」、「遠端控制」、「流量分級」、「流量剖析」等環境與機制；為了滿足網路使用者的需求預計要建置「網路故障自動偵測、通報與復原機制」，除此之外對於召募Beta Site參加者的方式是以「募兵制」而非強制。預期在一年內可以設計與建置出六種不同的測試區域以提供各類型的資安產品進行實地測試，發表Beta Site架構設計相關之專利與論文，同時將執行至少上三件以上的資安產品測試案。

Testing on the Beta Site is important for security technologies to reduce the Customer Found Defects (CFDs). Now, it is paid much more attention since the security technologies themselves and the network environment are getting more complicated and diversified. Compared with testing on Beta Site, Lab Test can only stimulate and reproduce a small part of the CFDs. The goal of this integrated project is to provide security technologies with a RealFlow Test Platform to improve the quality, to reduce the number of CFDs and to evaluate False Positive/False Negative rates. This platform consists of environment and tools for Field Test and Replay Test, respectively. The environment for Field Test is actually the Beta Site, and the tools required by Replay Test are capture, replay, classification, and extraction. We develop the RealFlow Test Platform with two kinds of solutions, one is Generic and the other is Specific. Generic solutions cover the fundamental and common facilities for all kinds of security technologies while Specific solutions take care of the needs of particular security technologies such as WAF, Anti-Malware, Anti-Botnet, IPS, and P2P Control. The goal of the grand project is to establish a new type of Beta Site. For developers of security technologies, it is easy to do the test and debugging. For the network users, the network quality can remain as usual. We plan to develop several mechanisms on the Beta Site such as "various test zones", "remote control", "degrees of traffic volume", "traffic profiling", "auto detection, notification, and recovery", and "voluntarism". In a year, six different kinds of testing zones, the related patents and papers about Beta Sites, and at least three testing cases should be executed and completed.