CN112261045A - Network attack data automatic generation method and system based on attack principle - Google Patents
Network attack data automatic generation method and system based on attack principle Download PDFInfo
- Publication number
- CN112261045A CN112261045A CN202011136352.1A CN202011136352A CN112261045A CN 112261045 A CN112261045 A CN 112261045A CN 202011136352 A CN202011136352 A CN 202011136352A CN 112261045 A CN112261045 A CN 112261045A
- Authority
- CN
- China
- Prior art keywords
- attack
- data
- network
- principle
- model
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 69
- 230000007123 defense Effects 0.000 claims abstract description 58
- 238000012549 training Methods 0.000 claims abstract description 43
- 238000012795 verification Methods 0.000 claims description 16
- 238000004590 computer program Methods 0.000 claims description 12
- 238000003860 storage Methods 0.000 claims description 8
- 238000012360 testing method Methods 0.000 abstract description 17
- 238000005516 engineering process Methods 0.000 description 20
- 238000004458 analytical method Methods 0.000 description 15
- 230000008569 process Effects 0.000 description 7
- 238000013473 artificial intelligence Methods 0.000 description 6
- 238000011160 research Methods 0.000 description 5
- 238000013461 design Methods 0.000 description 4
- 230000000694 effects Effects 0.000 description 4
- 230000009286 beneficial effect Effects 0.000 description 3
- 238000011161 development Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 241000282326 Felis catus Species 0.000 description 2
- 238000009825 accumulation Methods 0.000 description 2
- 238000001514 detection method Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000010801 machine learning Methods 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 239000000463 material Substances 0.000 description 2
- 238000005457 optimization Methods 0.000 description 2
- 239000000047 product Substances 0.000 description 2
- 239000013589 supplement Substances 0.000 description 2
- 244000035744 Hura crepitans Species 0.000 description 1
- 230000009471 action Effects 0.000 description 1
- 238000013528 artificial neural network Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000012937 correction Methods 0.000 description 1
- 238000013135 deep learning Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000009826 distribution Methods 0.000 description 1
- 238000011156 evaluation Methods 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 230000002779 inactivation Effects 0.000 description 1
- 238000002372 labelling Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 238000005381 potential energy Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N20/00—Machine learning
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
Abstract
The invention provides a network attack data automatic generation method and a system based on an attack principle, wherein the method comprises the following steps: establishing an attack principle model according to the network attack public information; wherein the network attack disclosure information includes: analyzing code data and public report of network attack; establishing a data generation system based on an attack principle according to the attack principle model; and training a network security defense model through data generated by the data generation system based on the attack principle. According to the method, the vivid and effective target data can be generated in a large-scale customized manner by editing the configuration files, the data requirements of the network security defense AI model in the training and testing stages can be met, the generation system is designed and implemented according to the method, and a user of the network security defense AI model can generate a large amount of target attack data in a customized manner by simply editing the configuration files for model training and testing.
Description
Technical Field
The invention relates to the technical field of network security, in particular to a network attack data automatic generation method and system based on an attack principle.
Background
In recent years, rapidly developed artificial intelligence technology is widely applied in various fields. Similarly, the artificial intelligence technology assists in network security defense, and the potential energy of a defense party can be effectively improved. At present, partial network security products applying artificial intelligence technology exist, and the security defense capability and the industry competitiveness of the products are remarkably improved. As is well known, the traditional artificial intelligence models (AI models) such as machine learning, neural network and deep learning not only need relevant theoretical basis, but also do not need to be supported by a data set. It is noteworthy that the preconditions on which the AI model can produce a great beneficial effect when applied to solve practical problems are: there are a large number of complete sets of available data. The particularity of the network security field, however, makes the problem of shortage of available data sets of the model especially prominent. The particularity of the network security field, including but not limited to network attack event discovery lag, attack event complexity, analysis traceability difficulty, and the like, makes the existing AI models of the network attack detection class face a common challenge, namely, possess sufficient and complete available data to support the training and testing of the models.
The current AI model users, using much of the real attack data that is publicly available. Most of the data are from traced real network attacks, and the problems of rare publicly available data, time lag and insufficient completeness exist. In terms of application research, the model in more papers also adopts another alternative solution: taking flow data of specific networks such as an enterprise intranet, a campus network, an IPS (cooperative service plane switching) and the like as a background (white sample), and running a small number of malicious samples in a sandbox; or directly using partial red-blue competition, CTF competition data, to construct a data set. Although this solution of capturing rerun classes may make available datasets for AI models, most paper authors do not disclose the datasets they work with, and therefore the credibility, authenticity and availability of such datasets have begun to be questioned, and the actual performance of AI models trained based on such datasets in a production environment has not been verified.
Similar research mainly includes GAN method generation and data enhancement technologies, referring to ideas for solving data set problems in other fields. Automatically generating network attack data by utilizing GAN, namely designing a generator to learn characteristics of input malicious sample data, and generalizing on the basis to obtain more data; the method is carried out based on machine learning characteristic level, and based on the characteristic generalization characteristic parameter values, the data generated by the method is limited by the processing of characteristic engineering. In addition, data enhancement has achieved a good effect in solving the problems of picture data and text data; however, the method is specifically applied to network attack data enhancement, and the assumption of enhanced assurance requires that the enhanced sample data and the original data keep consistency of main characteristics and distribution characteristics, and the method corresponding to the network attack data enhancement is represented as follows: the enhanced sample data can still achieve the original attack intention and still follow the basic attack principle; however, this is difficult to accomplish with the prior art. Moreover, both the GAN network generation method and the data enhancement method have a problem that it is difficult to verify the validity and consistency of the obtained sample data.
Disclosure of Invention
The invention provides a network attack data automatic generation method and a system based on an attack principle, the method can generate a large amount of vivid network attack data with controllable and adjustable completeness in a customized manner according to the user requirements of an AI model, and the data is used for meeting the requirements of the AI model on the quality and quantity of training and testing data; and finally, real and available attack data are taken as verification data of the model obtained by training, so that the problems of shortage and insufficient completeness of available data in the current AI model training process are solved.
An embodiment of the present invention provides a network attack data automatic generation method based on an attack principle, including:
establishing an attack principle model according to the network attack public information; wherein the network attack disclosure information includes: analyzing code data and public report of network attack;
establishing a data generation system based on an attack principle according to the attack principle model;
and training a network security defense model through data generated by the data generation system based on the attack principle.
Further, after the training of the network security defense model, the method further includes:
and verifying the performance of the network security defense model according to the acquired real attack data.
Further, the data generated by the data generation system based on the attack principle includes:
and generating data for meeting the requirements of a training network security defense model according to the configuration rule of the data generation system based on the attack principle.
Further, before the establishing of the attack principle model according to the network attack public information, the method further comprises:
acquiring network attack public information according to a preset period; wherein the network attack disclosure information includes: and analyzing the code data and the public report of the network attack.
The embodiment of the invention also provides a network attack data automatic generation system based on the attack principle, which comprises the following steps:
the attack principle model establishing module is used for establishing an attack principle model according to the network attack public information; wherein the network attack disclosure information includes: analyzing code data and public report of network attack;
the data generation system establishing module is used for establishing a data generation system based on an attack principle according to the attack principle model;
and the network security defense model training module is used for training the network security defense model through the data generated by the data generation system based on the attack principle.
Further, the system for automatically generating network attack data based on the attack principle further comprises:
and the network security defense model verification module is used for verifying the performance of the network security defense model according to the obtained real attack data.
Further, the network security defense model training module is further configured to:
and generating data for meeting the requirements of a training network security defense model according to the configuration rule of the data generation system based on the attack principle.
Further, the system for automatically generating network attack data based on the attack principle further comprises:
the network attack public information acquisition module is used for acquiring network attack public information according to a preset period; wherein the network attack disclosure information includes: and analyzing the code data and the public report of the network attack.
An embodiment of the present invention further provides an electronic apparatus, which includes a processor, a memory, and a computer program stored in the memory and configured to be executed by the processor, where the processor implements any one of the network attack data automatic generation methods based on the attack principle when executing the computer program.
An embodiment of the present invention further provides a computer-readable storage medium, where the computer-readable storage medium includes a stored computer program, and when the computer program runs, the device where the computer-readable storage medium is located is controlled to execute any one of the network attack data automatic generation methods based on the attack principle.
Compared with the prior art, the embodiment of the invention has the beneficial effects that:
1. the invention provides a network attack data automatic generation method based on an attack principle, a data generation system is designed and realized based on the network attack principle, generated target data are applied to training and testing of a network security defense AI model, and a small amount of real attack data are used for model verification. The bottleneck problems of shortage of available data and insufficient completeness in the current artificial intelligence technology assisted network security defense process can be solved.
2. The invention provides an automatic generation method of network attack data based on an attack principle, which enables a network security defense AI model user to simply edit a configuration file as required, namely, a large amount of data required by model training and testing can be generated in a customized manner; therefore, the requirements of the network security defense AI model on large-scale data in training and testing stages are met, and the problem of shortage of available data caused by difficulty in acquiring real attack data can be solved.
3. The network attack data automatic generation method based on the attack principle provided by the invention is designed and realized by taking the attack principle as a theoretical basis, namely, the generated target data conforms to the basic attack principle, thereby ensuring the validity and easy verification of the generated data. And each key technology in the attack principle can be basically covered by configuration file editing, so that the generated target data is more representative, namely the quality of the generated target data is improved.
4. The generation system mentioned in the method is highly extensible, namely, the attack principle can be perfected by continuously following the public analysis report, and the latest attack case research result is added into the generation system based on the extension, so that the generated target data keeps good timeliness, and the generated data can cover a new attack technology of iterative development as far as possible.
5. The design and development work of a data generation system can be completed by professional security researchers, and target data can be generated in a customized and large-batch manner only by simply editing a configuration file by a network security defense AI model user. The division work cooperation in each research field can effectively improve the safety defense effect of the artificial intelligence technology assisted network.
Drawings
In order to more clearly illustrate the technical solution of the present invention, the drawings needed to be used in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a flowchart of a method for automatically generating network attack data based on an attack principle according to an embodiment of the present invention;
fig. 2 is a flowchart of a method for automatically generating network attack data based on an attack principle according to another embodiment of the present invention;
fig. 3 is a flowchart of a method for automatically generating network attack data based on an attack principle according to another embodiment of the present invention;
fig. 4 is a flowchart of a method for automatically generating network attack data based on an attack principle according to another embodiment of the present invention;
fig. 5 is a device diagram of an automatic network attack data generation system based on an attack principle according to an embodiment of the present invention;
fig. 6 is a device diagram of a network attack data automatic generation system based on an attack principle according to another embodiment of the present invention;
fig. 7 is a device diagram of an automatic network attack data generation system based on an attack principle according to yet another embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be understood that the step numbers used herein are for convenience of description only and are not intended as limitations on the order in which the steps are performed.
It is to be understood that the terminology used in the description of the invention herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in the specification of the present invention and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
The terms "comprises" and "comprising" indicate the presence of the described features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
The term "and/or" refers to and includes any and all possible combinations of one or more of the associated listed items.
In order to solve the problem of data sets faced in the training process of the network security defense AI model, the existing several main solutions cannot be well solved. Due to the particularity of the network security field, real attack data is often difficult to obtain, so that publicly available real public data is rare; although many network security experts and teams at home and abroad are dedicated to attack discovery and traceability analysis, most of them only share a case analysis report with detailed content and do not disclose relevant attack data after processing, that is, such precious analysis data resources cannot be used as a data set for model training and testing by other network security defense AI model users. For network security defense AI model users, the existing disclosures have few real attack data and are difficult to support the better completion of training and testing of the network security defense AI model. In addition to this, there are some limitations to the disclosed data sets. Firstly, such real attack data is only attack data of a very small part of samples in the same type of attack, so that such data sets are not representative enough. Secondly, due to network attack discovery lag, complete analysis and tracing difficulty and the like, all attack data of all attack processes are probably difficult to acquire, namely the acquired data are very likely to be one-sided and incomplete. Thirdly, the problem of the data time lag is prominent, although the public data sets are real attack data, the public and updating time lags behind 2-3 years or even longer, which means that the technology used in the obtained data cannot keep up with the updating iteration of the attack and defense technology; if the AI model user of cyber-security defense is still trained using this stale data, the resulting model is difficult to handle in a production environment with the latest cyber attacks. Finally, the concomitant nature of network security technology makes subdivided network security oriented in a large number of directions, and when a user wishes to practice the AI model for network security defense in a certain subdivided domain, no publicly available targeted dataset is currently available in more subdivided domains.
For capturing rerun data widely used in academic papers, the diversity of malicious samples directly determines the quality and quantity of the data, and the problems of sample inactivation, harsh operating environment and the like are encountered when rerun the malicious samples, so that the operating data for capturing the inactivated samples lose the original value. For the AI model user of network security defense, capturing a complete target type attack sample requires a very high attack and defense countervailing basis, and re-running the sample and capturing effective data requires higher network security literacy; moreover, in the large environment of "assumed collapse", due to the lack of guidance of the network attack principle, the reliability, completeness and persuasion of such construction data are generally low.
When the GAN method and the data enhancement technology are applied to network attack data enhancement, the first problem is validity verification of the obtained data. The GAN method mainly completes data generation through a designed Generator (Generator), that is, data obtained by the GAN-based data set generation method is limited by the completeness of feature extraction; meanwhile, verification of generated data depends on the design of a Discriminator (Discriminator), however, the current technology for automatic verification and function evaluation of computer binary data is still about to break through, so the current GAN network is mostly used for generation of countermeasure samples aiming at the purpose of 'cheating' Discriminator, and is difficult to be applied to solve the problems of shortage and insufficient completeness of the current data set. Also, the effect of data enhancement in processing text data and picture data is apparent. Taking image data enhancement as an example, a plurality of images of the cat can be obtained by simply rotating and zooming one image of the cat, and labeling work and validity verification are completed simultaneously. However, when the method is applied to network attack data enhancement, the tiny modification of the binary data can cause the great change of the function represented by the data, and the verification of the enhanced data still follows the basic attack principle, can achieve the original attack intention, and cannot be achieved by the prior art.
In a comprehensive view, in the face of the problem of data sets faced by network security defense AI model users, the existing solution has obvious defects, and real attack data is limited by timely discovery, comprehensive capture, complete analysis and the like of network attack events, so that the data has the problems of time lag, insufficient completeness and the like; when a user captures a malicious sample by himself to construct re-operation type data, extremely high requirements are put forward on the safe attack and defense literacy of the user, and the completeness and the reliability of the type of data are easy to question. The data generated by the GAN method is limited to the completeness of the characteristic engineering of the generator to a large extent, and it is difficult to design a discriminator capable of automatically verifying the validity of the binary data in the prior art. Similarly, the application data enhancement method also faces the problem that the validity verification of the enhanced network attack data is difficult.
Based on the above, the invention aims to provide an automatic generation method of network attack data based on an attack principle, which can generate a large amount of vivid network attack data with controllable and adjustable completeness in a customized manner according to the user requirements of a network security defense AI model, wherein the data are used for meeting the requirements of the network security defense AI model on the quality and quantity of training and test data; and finally, real and available attack data are taken as verification data of the model obtained by training, so that the problems of available data shortage and insufficient completeness in the current network security defense AI model training process are solved.
A first aspect.
Referring to fig. 1 to 3, an embodiment of the present invention provides a method for automatically generating network attack data based on an attack principle, including:
s10, establishing an attack principle model according to the network attack public information; wherein the network attack disclosure information includes: and analyzing the code data and the public report of the network attack.
In recent years, network security gradually gains attention from domestic and foreign institutions, enterprises and the public, and tracking, analysis and tracing of network attack events are gradually deepened under the common efforts of domestic and foreign security manufacturers, network security communities, white cap organizations and the like; meanwhile, the analysis, the exposure network attack, the attack details of the malicious organization and the public report of the attack technology form a certain scale, and the attack principle, the attack strategy and the like in the malicious network attack which is analyzed and tracked are basically shown. These high value public reports should become the high value data of network security defense practitioners, we will use these materials to help analyze, comb the attack mechanism, then build the attack model; on the basis, the similar public reports are continuously followed to correct the attack principle and the knowledge system of the similar attack, and finally the expert knowledge system of the similar attack is formed.
Open source communities and open source platforms at home and abroad are used as important platforms for technology sharing and communication, and network security verification type and rapid test type open source projects are widely established on each platform. The project partially realizes the basic process of the network attack and can simulate and reproduce partial network attack. The open source items can be used as the realization basis of the system, the completeness modification, the optimization and the continuous supplementary updating are carried out by referring to a network attack principle on the basis, and a related variant set can be formed through dynamic parameter configuration to realize the batch generation of attack data.
And S20, establishing a data generation system based on the attack principle according to the attack principle model.
In a specific embodiment, the S20, building a data generating system based on the attack principle according to the attack principle model, further includes:
and S21, generating data for meeting the requirements of training a network security defense model according to the configuration rules of the data generation system based on the attack principle.
Technology accumulation is carried out through open analysis report combing, and a customized generation system is designed and realized by referring to an open source tool. The system realizes high extensibility through customizing the configuration file, and an AI model user only needs to edit the configuration file according to the self requirement, so that a large amount of vivid target data with controllable and adjustable completeness can be generated in a customized manner. The validity of the generated data can be directly verified through the operation result of the system. Meanwhile, the open analysis report is continuously followed, the latest attack technology is analyzed and summarized, and the latest attack technology is updated to the existing attack model, so that the generation system is guided to expand and realize the latest attack technology point, and the completeness and the timeliness of the generated data are ensured.
And S30, training a network security defense model through the data generated by the data generation system based on the attack principle.
In a specific embodiment, after the S30 training the network security defense model through the data generated by the data generation system based on the attack principle, the method further includes:
and S40, verifying the performance of the network security defense model according to the acquired real attack data.
In a specific embodiment, before the S10 building the attack principle model according to the network attack public information, the method further includes:
s01, acquiring network attack public information according to a preset period; wherein the network attack disclosure information includes: and analyzing the code data and the public report of the network attack.
Through open report follow-up and combing analysis, the essence of the network attack is discovered in principle; therefore, the basic principle of the target type network attack is summarized, and even the network attack model can be abstracted, so that the realization, the expansion and the optimization of the generating system are guided. Meanwhile, the updated public report follow-up and the technical research deposit can continuously improve the attack principle, guide the modification and supplement of the existing network attack model, and further ensure the completeness and timeliness of the expert knowledge system.
The problems of shortage and insufficient completeness of available data sets are faced in the AI model training and testing stage, and the problems directly influence the actual performance and effect of the power-assisted network security defense. The data generation and application scheme provided by the method of the invention can produce the following beneficial effects:
the proposal provided by the method can meet the requirement of the AI model on a large amount of data in the training and testing stages. According to the generation system designed and realized by the method, an AI model user can customize and generate a large amount of target attack data for model training and testing by simply editing the configuration file.
By the method, users can customize and generate vivid and effective target data by editing the configuration file. The design of the generating system in the method is realized by taking the attack principle as theoretical support, so that the generated data conforms to the basic attack principle, and the verification of the attack purpose is simple.
The generation system mentioned in the method is highly expandable, so that the generated data is controllable and adjustable in completeness, and the timeliness of the generated data is guaranteed to a certain extent. Thanks to the high scalability of the system, with reference to the continuous follow-up of materials such as open reports, open source tools, etc., the latest attack techniques, including but not limited to the attack techniques already in the security analysis, the attack data predicted to be feasible by researchers, etc., can be added to the generation system in a targeted extension. Through the continuous supplement and the dynamic generalization, the iterative development of the generated data following the attack technology is also ensured to a certain extent.
In a specific embodiment, please refer to fig. 4, in order to solve the problems of shortage and insufficient completeness of available data sets in the training and testing stages of the AI model, the present invention provides an automatic network attack data generation method based on the attack principle for the first time, and the main components of the method and the action points in the training and testing processes of the AI model are shown in fig. 1.
The method of the invention provides a complete data generation and application scheme thereof.
Firstly, referring to the analysis traceability, the public analysis report, the expert knowledge and the like of the real network attack, and carrying out attack principle accumulation and attack modeling, thereby reproducing the target technical points as comprehensively as possible in a generating system with high expansibility; then, a large amount of vivid attack data with controllable and adjustable completeness are generated in a customized mode by using a generation system based on an attack principle, and the generated data with effectiveness and completeness guarantee can be used for training and testing a target AI model; and then, performing performance verification on the trained model by using a small amount of real attack data, and continuously feeding back and guiding the attack principle/model correction and the perfection of a generating system. And finally, after the expected performance index is reached, the target model can be deployed and applied to the real network attack detection environment.
A second aspect.
Referring to fig. 5 to 7, an embodiment of the present invention further provides a system for automatically generating network attack data based on an attack principle, including:
an attack principle model establishing module 10, configured to establish an attack principle model according to the network attack public information; wherein the network attack disclosure information includes: and analyzing the code data and the public report of the network attack.
And the data generation system establishing module 20 is used for establishing a data generation system based on the attack principle according to the attack principle model.
And the network security defense model training module 30 is used for training the network security defense model through the data generated by the data generation system based on the attack principle.
In a specific embodiment, the network security defense model training module 30 is further configured to:
and generating data for meeting the requirements of a training network security defense model according to the configuration rule of the data generation system based on the attack principle.
In a specific embodiment, the method further comprises:
and the network security defense model verification module 40 is used for verifying the performance of the network security defense model according to the obtained real attack data.
In a specific embodiment, the method further comprises:
a network attack disclosure information acquisition module 50, configured to acquire network attack disclosure information according to a preset period; wherein the network attack disclosure information includes: and analyzing the code data and the public report of the network attack.
In a third aspect.
An embodiment of the present invention provides an electronic apparatus, which includes a processor, a memory, and a computer program stored in the memory and configured to be executed by the processor, and when the processor executes the computer program, the processor implements the method for automatically generating network attack data based on an attack principle described in any one of the above.
A fourth aspect.
An embodiment of the present invention provides a computer-readable storage medium, where the computer-readable storage medium includes a stored computer program, where when the computer program runs, a device where the computer-readable storage medium is located is controlled to execute any one of the above described network attack data automatic generation methods based on the attack principle.
Claims (10)
1. A network attack data automatic generation method based on an attack principle is characterized by comprising the following steps:
establishing an attack principle model according to the network attack public information; wherein the network attack disclosure information includes: analyzing code data and public report of network attack;
establishing a data generation system based on an attack principle according to the attack principle model;
and training a network security defense model through data generated by the data generation system based on the attack principle.
2. The method for automatically generating network attack data based on the attack principle as claimed in claim 1, wherein after training the network security defense model, the method further comprises:
and verifying the performance of the network security defense model according to the acquired real attack data.
3. The method for automatically generating network attack data based on the attack principle as claimed in claim 1, wherein the data generated by the data generating system based on the attack principle comprises:
and generating data for meeting the requirements of a training network security defense model according to the configuration rule of the data generation system based on the attack principle.
4. The method for automatically generating network attack data based on the attack principle according to claim 1, wherein before the establishing of the attack principle model according to the network attack public information, the method further comprises:
acquiring network attack public information according to a preset period; wherein the network attack disclosure information includes: and analyzing the code data and the public report of the network attack.
5. A network attack data automatic generation system based on attack principle is characterized by comprising:
the attack principle model establishing module is used for establishing an attack principle model according to the network attack public information; wherein the network attack disclosure information includes: analyzing code data and public report of network attack;
the data generation system establishing module is used for establishing a data generation system based on an attack principle according to the attack principle model;
and the network security defense model training module is used for training the network security defense model through the data generated by the data generation system based on the attack principle.
6. The system for automatically generating network attack data based on the attack principle as claimed in claim 5, further comprising:
and the network security defense model verification module is used for verifying the performance of the network security defense model according to the obtained real attack data.
7. The system for automatically generating cyber attack data according to claim 5, wherein the cyber security defense model training module is further configured to:
and generating data for meeting the requirements of a training network security defense model according to the configuration rule of the data generation system based on the attack principle.
8. The system for automatically generating network attack data based on the attack principle as claimed in claim 5, further comprising:
the network attack public information acquisition module is used for acquiring network attack public information according to a preset period; wherein the network attack disclosure information includes: and analyzing the code data and the public report of the network attack.
9. An electronic device comprising a processor, a memory, and a computer program stored in the memory and configured to be executed by the processor, wherein the processor implements the method for automatically generating network attack data based on the principle of attack according to any one of claims 1 to 4 when executing the computer program.
10. A computer-readable storage medium, comprising a stored computer program, wherein when the computer program runs, the computer-readable storage medium is controlled by a device to execute the method for automatically generating network attack data based on the attack principle according to any one of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011136352.1A CN112261045A (en) | 2020-10-22 | 2020-10-22 | Network attack data automatic generation method and system based on attack principle |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011136352.1A CN112261045A (en) | 2020-10-22 | 2020-10-22 | Network attack data automatic generation method and system based on attack principle |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112261045A true CN112261045A (en) | 2021-01-22 |
Family
ID=74263894
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011136352.1A Pending CN112261045A (en) | 2020-10-22 | 2020-10-22 | Network attack data automatic generation method and system based on attack principle |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112261045A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114266050A (en) * | 2022-03-03 | 2022-04-01 | 西南石油大学 | Cross-platform malicious software countermeasure sample generation method and system |
| CN114615092A (en) * | 2022-05-11 | 2022-06-10 | 安徽华云安科技有限公司 | Network attack sequence generation method, device, equipment and storage medium |
| CN115086059A (en) * | 2022-06-30 | 2022-09-20 | 北京永信至诚科技股份有限公司 | Deception scene description file generation method and device based on specific language of deception domain |
Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20150244681A1 (en) * | 2014-02-21 | 2015-08-27 | TruSTAR Technology, LLC | Anonymous information sharing |
| US20170061322A1 (en) * | 2015-08-31 | 2017-03-02 | International Business Machines Corporation | Automatic generation of training data for anomaly detection using other user's data samples |
| CN108259494A (en) * | 2018-01-17 | 2018-07-06 | 北京邮电大学 | A kind of network attack detecting method and device |
| CN108718290A (en) * | 2018-01-12 | 2018-10-30 | 北京理工大学 | A method of generating network attack data |
| US20180330253A1 (en) * | 2017-05-10 | 2018-11-15 | Intel Corporation | Methods and apparatus to generate anomaly detection datasets |
| CN109495520A (en) * | 2019-01-11 | 2019-03-19 | 北京中睿天下信息技术有限公司 | Integrated network attack evidence obtaining source tracing method, system, equipment and storage medium |
| WO2019146315A1 (en) * | 2018-01-29 | 2019-08-01 | 株式会社日立製作所 | Abnormality detection system, abnormality detection method, and program |
| CN110505241A (en) * | 2019-09-17 | 2019-11-26 | 武汉思普崚技术有限公司 | A kind of network attack face detection method and system |
| CN110535874A (en) * | 2019-09-17 | 2019-12-03 | 武汉思普崚技术有限公司 | A kind of network attack detecting method and system of antagonism network |
| US20190370395A1 (en) * | 2018-05-29 | 2019-12-05 | Agency For Defense Development | Apparatus and method for classifying attack groups |
| US20200034750A1 (en) * | 2018-07-26 | 2020-01-30 | Sap Se | Generating artificial training data for machine-learning |
| CN110751285A (en) * | 2018-07-23 | 2020-02-04 | 第四范式(北京)技术有限公司 | Training method and system and prediction method and system of neural network model |
-
2020
- 2020-10-22 CN CN202011136352.1A patent/CN112261045A/en active Pending
Patent Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20150244681A1 (en) * | 2014-02-21 | 2015-08-27 | TruSTAR Technology, LLC | Anonymous information sharing |
| US20170061322A1 (en) * | 2015-08-31 | 2017-03-02 | International Business Machines Corporation | Automatic generation of training data for anomaly detection using other user's data samples |
| US20180330253A1 (en) * | 2017-05-10 | 2018-11-15 | Intel Corporation | Methods and apparatus to generate anomaly detection datasets |
| CN108718290A (en) * | 2018-01-12 | 2018-10-30 | 北京理工大学 | A method of generating network attack data |
| CN108259494A (en) * | 2018-01-17 | 2018-07-06 | 北京邮电大学 | A kind of network attack detecting method and device |
| WO2019146315A1 (en) * | 2018-01-29 | 2019-08-01 | 株式会社日立製作所 | Abnormality detection system, abnormality detection method, and program |
| US20190370395A1 (en) * | 2018-05-29 | 2019-12-05 | Agency For Defense Development | Apparatus and method for classifying attack groups |
| CN110751285A (en) * | 2018-07-23 | 2020-02-04 | 第四范式(北京)技术有限公司 | Training method and system and prediction method and system of neural network model |
| US20200034750A1 (en) * | 2018-07-26 | 2020-01-30 | Sap Se | Generating artificial training data for machine-learning |
| CN109495520A (en) * | 2019-01-11 | 2019-03-19 | 北京中睿天下信息技术有限公司 | Integrated network attack evidence obtaining source tracing method, system, equipment and storage medium |
| CN110505241A (en) * | 2019-09-17 | 2019-11-26 | 武汉思普崚技术有限公司 | A kind of network attack face detection method and system |
| CN110535874A (en) * | 2019-09-17 | 2019-12-03 | 武汉思普崚技术有限公司 | A kind of network attack detecting method and system of antagonism network |
Non-Patent Citations (12)
| Title |
|---|
| 傅建明等: "" 基于GAN的网络攻击检测研究综述"", 《信息网络安全》 * |
| 傅建明等: "" 基于GAN的网络攻击检测研究综述"", 《信息网络安全》, no. 2, 28 February 2019 (2019-02-28), pages 1 - 9 * |
| 宋文纳等: ""恶意代码演化与溯源技术研究"", 《软件学报》 * |
| 宋文纳等: ""恶意代码演化与溯源技术研究"", 《软件学报》, vol. 30, no. 08, 22 January 2019 (2019-01-22), pages 2229 - 2267 * |
| 张蕾等: ""机器学习在网络空间安全研究中的应用"", 《计算机学报》 * |
| 张蕾等: ""机器学习在网络空间安全研究中的应用"", 《计算机学报》, vol. 41, no. 9, 5 March 2018 (2018-03-05), pages 1943 - 19756 * |
| 彭中联等: "基于改进CGANs的入侵检测方法研究", 《信息网络安全》 * |
| 彭中联等: "基于改进CGANs的入侵检测方法研究", 《信息网络安全》, no. 05, 10 May 2020 (2020-05-10), pages 53 - 62 * |
| 柴梦婷等: ""生成式对抗网络研究与应用进展"", 《计算机工程》 * |
| 柴梦婷等: ""生成式对抗网络研究与应用进展"", 《计算机工程》, vol. 45, no. 9, 15 September 2019 (2019-09-15), pages 222 - 234 * |
| 王永杰等: "一种网络攻击流量生成器的设计与实现", 《计算机科学》 * |
| 王永杰等: "一种网络攻击流量生成器的设计与实现", 《计算机科学》, no. 02, 25 February 2007 (2007-02-25), pages 68 - 71 * |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114266050A (en) * | 2022-03-03 | 2022-04-01 | 西南石油大学 | Cross-platform malicious software countermeasure sample generation method and system |
| CN114266050B (en) * | 2022-03-03 | 2022-10-04 | 西南石油大学 | Cross-platform malicious software countermeasure sample generation method and system |
| CN114615092A (en) * | 2022-05-11 | 2022-06-10 | 安徽华云安科技有限公司 | Network attack sequence generation method, device, equipment and storage medium |
| CN114615092B (en) * | 2022-05-11 | 2022-08-02 | 安徽华云安科技有限公司 | Network attack sequence generation method, device, equipment and storage medium |
| CN115086059A (en) * | 2022-06-30 | 2022-09-20 | 北京永信至诚科技股份有限公司 | Deception scene description file generation method and device based on specific language of deception domain |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112261045A (en) | Network attack data automatic generation method and system based on attack principle | |
| US11487772B2 (en) | Multi-party data joint query method, device, server and storage medium | |
| CN110855676B (en) | Network attack processing method and device and storage medium | |
| US20210081847A1 (en) | Method of training random forest model, electronic device and storage medium | |
| CN105187395B (en) | The method and system of Malware network behavior detection are carried out based on couple in router | |
| CN107463839A (en) | A kind of system and method for managing application program | |
| CN104239041B (en) | A kind of method and apparatus generating processing scheme and configuration | |
| CN106874768A (en) | The method and device of penetration testing | |
| CN108229170B (en) | Software analysis method and apparatus using big data and neural network | |
| CN114090406A (en) | Electric power Internet of things equipment behavior safety detection method, system, equipment and storage medium | |
| CN111309589A (en) | Code security scanning system and method based on code dynamic analysis | |
| CN102982282B (en) | The detection system of bug and method | |
| CN110442582B (en) | Scene detection method, device, equipment and medium | |
| CN112508541A (en) | Portable mobile phone acquisition software system based on training trainee information data acquisition | |
| Pascariu et al. | Dynamic analysis of malware using artificial neural networks: Applying machine learning to identify malicious behavior based on parent process hirarchy | |
| CN116402325A (en) | Automatic business process processing method and device | |
| CN111507477A (en) | Automatic machine learning platform based on block chain | |
| WO2022099569A1 (en) | Application processing program dynamic loading method for brain-like computer operating system | |
| Aarya et al. | Web scanning: existing techniques and future | |
| CN111627134B (en) | Task processing method, device, server, equipment and medium | |
| CN114513329A (en) | Industrial Internet information security assessment method and device | |
| CN104980310B (en) | Internet of Things instant communication information real-time monitoring system | |
| CN108762752B (en) | A kind of the Android application program function class drawing generating method and device of combination dynamic and static code analysis technology | |
| CN110517010A (en) | A kind of data processing method, system and storage medium | |
| Hemmer et al. | A Process Mining Tool for Supporting IoT Security |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210122 |