CN103401886A - Implementation method of information security attack-defense confrontation - Google Patents
Implementation method of information security attack-defense confrontation Download PDFInfo
- Publication number
- CN103401886A CN103401886A CN2013103631839A CN201310363183A CN103401886A CN 103401886 A CN103401886 A CN 103401886A CN 2013103631839 A CN2013103631839 A CN 2013103631839A CN 201310363183 A CN201310363183 A CN 201310363183A CN 103401886 A CN103401886 A CN 103401886A
- Authority
- CN
- China
- Prior art keywords
- information
- module
- user
- master server
- implementation method
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Computer And Data Communications (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses an implementation method of information security attack-defense confrontation, which comprises the following steps that a), a system master server is set up and used for verifying a user request, and a mode selection module is allocated in the master server; b), a master control module is allocated in the system master server and used for controlling roles of various modules and a process authority strategy; c), an administrator module is allocated in the system master server for authority distribution; d), an attack-defense confrontation control module is allocated in the system master server; e), a monitoring video receiving module, a scheduling module and a reporting module are allocated in the system master server; and f), a system database server and a cluster server-side are set up. According to the implementation method of the information security attack-defense confrontation, the information attack-defense confrontation can be achieved by using a true environment under the condition of full control; a process of the whole information security attack-defense confrontation can be traced back; conversion between the roles of attack and defense is achieved; and the data security in a communication process is ensured.
Description
Technical field
The present invention relates to a kind of information security implementation method, relate in particular to a kind of implementation method of information security Attack Defence.
Background technology
fast development along with the mobile Internet epoch, network safety prevention action more object platform type business and internet, applications, except carry out necessary normalization security protection management by existing security protection means, also need regularly by higher artificial safety infiltration professional skill, operation system and applied host machine to be carried out security evaluation, could effectively find more comprehensively and whole profound potential safety hazard of attacking the system existence, information security specialty has obtained development fast in recent years, but do not have up to now the information security Attack Defence platform of specialty to cultivate for Talents for Information Security, research and actual combat, the present invention realizes a kind of Attack Defence method in true environment, be used for the cultivation of Talents for Information Security, training and competition.
The platform of information security antagonism both at home and abroad has two kinds at present, and a kind of leak of the WEB of the being based on page is searched, the simulation penetration testing; A kind of is to build hardware platform, by the deployment of safety product, and the ability of test safety engineer invasion and the ability of protection; The limitation of the first implementation is function singleness, similarly be more that the simulation that a kind of page game can only be cultivated the WEB leak is searched, can not check comprehensively that the engineer utilizes ability and invasive ability to the comprehensive leak of host data base etc., and simulated environment and actual environment have a certain distance, integration capability that can not the exercise information safety engineer; The second implementation is the study of safety product, can not learn attacking and defending rudimentary knowledge and the warfighting capabilities of information security, and the tendentiousness of producer's equipment application is serious.Therefore, be necessary to provide a kind of method that realizes the information security Attack Defence,, by building real system attacking and defending environment under battle conditions, realize that the user carries out study, research and the match of information system attacking and defending in legal real putting down.
Summary of the invention
Technical problem to be solved by this invention is to provide a kind of implementation method of information security Attack Defence, can realize the information security Attack Defence of different application environment, realize to attack with the role transforming of defence and guarantees data security in communication process.
The present invention solves the problems of the technologies described above the technical scheme that adopts to be to provide a kind of implementation method of information security Attack Defence, comprise the steps: a) to build the system master server and be used for the authentication of users request, and dispose mode selection module in master server; B) dispose main control module in the system master server, be used for controlling role and the control of process authorization policy of each module, and carry out functional module according to user's request and carry out control: c) dispose administrator module in the system master server, be used for the right assignment of using at platform: d) dispose the Attack Defence control module in the system master server, time and role transforming while being used for being controlled at the defence of antagonism pattern and antagonism are controlled; E) dispose monitoring video receiver module, scheduler module and Reports module in the system master server, for the information evidence obtaining after process displaying, supervision and the use of user's usage platform; F) build system database server and cluster service end, dispose the Attack Defence entity.
The implementation method of above-mentioned information security Attack Defence, wherein, described step a) in before the request that receives the user, first verify user's legal identity information, and user's logon information is write, then use multithreading asynchronous operation respond services and safety filtering is carried out in user's request.
The implementation method of above-mentioned information security Attack Defence, wherein, described step a) middle mode selection module comprises make a breakthrough mode mixture pattern, antagonism pattern and existential mode.
The implementation method of above-mentioned information security Attack Defence, wherein, described step e) comprise following process: in information security Attack Defence process, the user submits the video recording data by cryptographic algorithm to from trend system master server, at first in service end, generates the video record of whole antagonism; Then the relevant information in the whole antagonistic process of backstage real-time exhibition.
The implementation method of above-mentioned information security Attack Defence, wherein, described step f) in the system database server disposition is at area of isolation, by Access Control List (ACL) policy constraints access originator, and in database server the relevant information of storage in whole antagonistic process.
The implementation method of above-mentioned information security Attack Defence, wherein, the relevant information in described antagonistic process comprises closes card information, subscriber identity information, access strategy information, Attack Defence process logs, each functional module control information and antagonism object information.
The present invention contrasts prior art following beneficial effect: the implementation method of information security Attack Defence provided by the invention, realize the information security Attack Defence of different application environment by independently disposing the difference in functionality module, can be in the situation that the true environment of using of controlling fully realizes the information Attack Defence, and can recall the process of whole information security Attack Defence, realize to attack with the role transforming of defence and guarantee data security in communication process.
Description of drawings
Fig. 1 is that information security Attack Defence of the present invention is realized configuration diagram.
Embodiment
The invention will be further described below in conjunction with drawings and Examples.
Fig. 1 is that information of the present invention is sent out Attack Defence complete and realized configuration diagram.
See also Fig. 1, the implementation method of information security Attack Defence provided by the invention comprises the steps:
The first step: by writing the MainServer method, set up main service side used solicited message for response user submission, before receiving again user's request, write CheckUser method validation user legal identity information, and user's logon information is write the LogService log services.Wherein MainServer adopts Python to write, realizing on the function of respond services using the multithreading asynchronous operation, and safety filtering is carried out in user's request, submit SQL injection attacks script, XSS cross-site attack script, malicious code execution etc. to as the user, MainServer can refuse this user's request, and attack is write the LogService log services.Secondly LogService also adopts Python to write, essential record system running state information, and user access information, security exception information etc., the HDFS distributed file system by the Hadoop framework is with the log information distributed storage; The identity information of submitting to when last CheckUser method is used for the first login system of authentication of users also returns to the result, and validated user,, according to group and the operating right at user place, limit the access rights of user in system in this way.
Second step: use Mysql to set up self contained data base NineDB, be used for the storage pass card information relevant with the information security Attack Defence, subscriber identity information, access strategy information, Attack Defence process logs, each functional module control shape breath, antagonism object information etc.; Wherein close card information and relate to each Attack Defence module relevant pass used card information, as: outpost of the tax office numbering, outpost of the tax office difficulty, outpost of the tax office physical address, make a breakthrough prompting and the conditional information etc. that reaches a standard; Subscriber identity information comprises that the user finishes, user name, user password, place group and access rights thereof etc.; Access strategy information comprises strategy numbering, pattern and detailed strategy information etc. under strategy: the Attack Defence process logs is mainly the numbering that comprises the information that the user submits to, content, time etc.; Each functional module control information comprises whether numbering, module introduction, the module of module are opened, open duration etc.; The antagonism object information mainly comprises the ranking information of each module antagonism result.
the 3rd the step: in main service side used by writing mode selection module Selection-Switch, the user right information designated user that returns according to CheckUser method in the first step enters different attacking and defending patterns, and the attacking and defending pattern has comprised: the pattern of making a breakthrough, antagonism pattern, existential mode, attacking and defending pattern, wherein the pattern of making a breakthrough has been set the different outposts of the tax office, the user only can make a breakthrough successively, by the outpost of the tax office of writing MissionTunnerl function judgement active user place and the information of returning to its outpost of the tax office, the user needs to make a breakthrough according to information: the antagonism pattern belongs to " tangled warfare pattern " and does not have any information, after the user enters the attacking and defending environment, can only find the password of being open to the custom according to oneself judgement and operation, existential mode belongs to " sports pattern " in the situation that without the prompting of any outpost of the tax office, find the password and to fight for submitter's identity at first, winning of being open to the custom, each password of being open to the custom of submitting to, the limiting time of present mode can whole (all users) descend 10%: the attacking and defending pattern is attacked afterwards for first preventing, adopt security gateway function SECGATE to limit racer's access rights, the entrant only can access the environment of oneself in the defence time range, the environment of oneself is analyzed and reinforced, the defence stage enters phase of the attack after finishing, after entering phase of the attack, the environment of the equal inaccessible of entrant oneself, by attacking and permeate other players' environment acquisition score.All patterns limit the sports time of each attacking and defending pattern by writing time management module TimeManage.
The 4th step: set up CheckSession (checking the Session that the user submits to) method and judge whether login user is the disabled user in the main system service end, if the disabled user blames the prompting error message, if validated user, carry out superencipher by writing the SessionChange function to getting user Session, then by writing main control module MainControl-Moudel monitoring user operation, attacking and defending progress, and the guiding user enters the attacking and defending environment.Wherein CheckSession is mainly used in checking that the user uses the entrained SessionID of Cookie value in browser, the SessionID that stores by MainServer in the coupling first step determines the active user stores in Session user name password, and the self contained data base NineDB that sets up by the access second step confirms whether the username and password that obtains before is legal.SessionChange carries out superencipher to the username and password that obtains in CheckSession, the method of encrypting be user name password+creation-time by md5 encryption, add afterwards the data after the Sec field is used for storage encryption in the Session data: Session (Sec)=(Username+Password+date) MD5; The MainContro1-Moudel mode selection module is by checking that in data and the Session in Session (Sec), the user name password is encrypted coupling, if coupling, the competition model by inspection NineDB active user place and carry out redirect.
The 5th step: normally enter pattern the user, the rule that the user formulates according to present mode, use cimer-encryption to submit the password of being open to the custom to.By writing the password of being open to the custom that the CheckAnswer function receives and authentication of users is submitted to, if the password mistake ejects password false alarm frame by the alert in the JS script, if password correctly is committed to the Tunner function with user data and the current outpost of the tax office, Tunner is mainly for the treatment of the processing of the outpost of the tax office, place and scores accumulated in user profile.Wherein cimer-encryption uses the JavaScript language compilation, and the Post data are carried out md5 encryption, and uses random code to trail the md5 encryption value for the Brute Force that prevents for MD5 in the element of encrypting.
The 6th step: set up administrator module Admin-Moudel in the main system service end, the behavior that judges by writing DDos-C Python script whether the user exists DDos to attack, if there is the behavior in the user, automatically identify User IP and user identity, and the User Violations operation behavior is committed to Admin-Moudel.Judge that by writing the Bforoe-CPython script whether the user exists for the outpost of the tax office yard Brute Force behavior of being open to the custom, and, if there is the behavior in the user, automatically identifies User IP and user identity, and the User Violations operation behavior is committed to Admin-Moudel.Receive the User Violations information of scripts pass at Admin-Moudel after, user's unlawful practice is punished accordingly, according to the abominable degree of User Violations behavior character, whether exist violation operation history to make different penaltys, as forbidding user use system 5 minutes, permanent stopped account, fall minute, ejection etc.
the 7th step: by writing Attack Defence control module Def-Att-Control, this module is mainly used and the conversion of collocation strategy scheduling with attack and defense in the attacking and defending pattern, and according to the access rights between the policy control environment, the NioeDB data of Def-Att-Control by setting up in the access second step, extract the both sides' personal information UserInfo that participates in the match of attacking and defending pattern, attack time AttackTime, defence time D efenceTime, fixture TimeTotal, all accessed information are committed to the Sec-Exchange function, Sec-Exchange is according to the TimeTotal timing initialization access control policy of submitting to, and according to defence time D efenceTime and attack time AttackTime revise access control policy reached before the attacking and defending match opposing teams can't access system, after entering the defence stage, opposing teams only can access the system at own place, after entering phase of the attack, opposing teams only can access method, system.
The 8th step:, by writing VideoPack film recording module, be used for capturing user's every operation; Set up monitoring video receiver module Monnitor-Video in the main system service end, be used for video acquisition under battle conditions; The VideoPack module uses Python to write, and capturing video code rate was 10 frame/seconds; The Monitor-Video module uses Python to write, and the interface of VideoPack uploaded videos mainly is provided, and the video that will receive deposits video server in and files by user profile.
The 9th step: use Exsi to set up the cluster service end, be used for disposing the Attack Defence entity, this entity is the true environment in practical application, is the operand of Attack Defence infiltration and protection;
The tenth step: set up environment scheduler module Arrange-Moudel in the main system service end, be used in main system service end scheduling cluster service end physical surroundings; The Arrange-Moudel module uses Python to write, and for the physical surroundings that the match of different mode applies to, carries out operation in batches and the scheduling of plan target, and the operation of calling has unlatching, closes, uses the system snapshot, recovers snapshot etc.;
The 11 step: set up real-time Reports module Table-Generator in the main system service end, be used for generating fast the real-time results of Attack Defence: the Table-Generator module uses Python to write, and the form that the Table-Generator module generates has whole result of the match, team's rank form, individual rank form, score/time rank form, team's contribution margin form, individual score form: wherein whole result of the match is pressed the integrate score rank: team's rank form is according to team's score rank; Individual's rank form is by individual score rank; Score/time rank form is according to the whole contestant institute score rank of each time period during the games; Team's contribution margin form refers to Team Member's score rank in team's contest; Individual's score list is taken in competition into the individual score rank of member according to all.
Therefore, the implementation method of information provided by the invention, safe Attack Defence, realize the information security Attack Defence of different application environment by independently disposing the difference in functionality module, can realize the information Attack Defence in the situation that control the use true environment fully, and can recall the process of whole information security Attack Defence, realize to attack with the role transforming of defence and guarantee data security in communication process.Concrete advantage is as follows: 1. use actual environment fully, the safety problem that may exist in the practical application of comprehensively fitting (as operating system, data, application and development etc.), can realize multiple test environment, simulates possible application in nearly all actual life; 2. many kinds of application models, guarantee the variation of study, make a breakthrough pattern, antagonism pattern, mixed mode and existential mode in this invention, multiple study and wire examination method: 3. real-time exhibition penetration testing process, when the user is using this platform to carry out penetration testing under battle conditions the time, backstage real-time exhibition process and result, be convenient to monitoring; 4. process evidence obtaining, system Monitor-Video module, be convenient to process playback and evidence obtaining; 5. adopt communication encryption algorithm Cimer-encryption, in consolidated network, each user communication data secrecy transmission, stop the problem of communication data intercepting in antagonistic process, real-time guard data, the preciseness of assurance result; 6. it is convenient to dispose, and convenient management can restore by a key.
Although the present invention discloses as above with preferred embodiment; so it is not in order to limit the present invention, any those skilled in the art, without departing from the spirit and scope of the present invention; when doing a little modification and perfect, so protection scope of the present invention is worked as with being as the criterion that claims were defined.
Claims (6)
1. the implementation method of an information security Attack Defence, is characterized in that, comprises the steps:
A) build the system master server and be used for the authentication of users request, and dispose mode selection module in master server;
B) dispose main control module in the system master server, be used for controlling role and the control of process authorization policy of each module, and carry out the functional module execution according to user's request and control;
C) dispose administrator module in the system master server, be used for the right assignment of using at platform;
D) dispose the Attack Defence control module in the system master server, time and role transforming while being used for being controlled at the defence of antagonism pattern and antagonism are controlled;
E) dispose monitoring video receiver module, scheduler module and Reports module in the system master server, for the information evidence obtaining after process displaying, supervision and the use of user's usage platform;
F) build system database server and cluster service end, dispose the Attack Defence entity.
2. the implementation method of information security Attack Defence as claimed in claim 1, it is characterized in that, described step a) in before the request that receives the user, first verify user's legal identity information, and user's logon information is write, then use multithreading asynchronous operation respond services and safety filtering is carried out in user's request.
3. the implementation method of information security Attack Defence as claimed in claim 1, is characterized in that, described step a) middle mode selection module comprises the pattern of making a breakthrough, mixed mode, antagonism pattern and existential mode.
4. the implementation method of information security Attack Defence as claimed in claim 1, it is characterized in that, described step e) comprise following process: in information security Attack Defence process, the user submits the video recording data by cryptographic algorithm to from trend system master server, at first in service end, generates the video record of whole antagonism; And then the relevant information in the whole antagonistic process of backstage real-time exhibition.
5. the implementation method of information security Attack Defence as claimed in claim 1, it is characterized in that, described step f) in, the system database server disposition is at area of isolation, by Access Control List (ACL) policy constraints access originator, and in database server the relevant information of storage in whole antagonistic process.
6. the implementation method of information security Attack Defence as described in claim 4 or 5, it is characterized in that, the relevant information in described antagonistic process comprises closes card information, subscriber identity information, access strategy information, Attack Defence process logs, each functional module control information and antagonism object information.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2013103631839A CN103401886A (en) | 2013-08-20 | 2013-08-20 | Implementation method of information security attack-defense confrontation |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2013103631839A CN103401886A (en) | 2013-08-20 | 2013-08-20 | Implementation method of information security attack-defense confrontation |
Publications (1)
Publication Number | Publication Date |
---|---|
CN103401886A true CN103401886A (en) | 2013-11-20 |
Family
ID=49565411
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN2013103631839A Pending CN103401886A (en) | 2013-08-20 | 2013-08-20 | Implementation method of information security attack-defense confrontation |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103401886A (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108874864A (en) * | 2018-04-19 | 2018-11-23 | 北京立思辰计算机技术有限公司 | file recovery method and system |
CN110378115A (en) * | 2019-07-26 | 2019-10-25 | 丁菊仙 | A kind of data layer system of information security attack-defence platform |
CN112346810A (en) * | 2020-11-24 | 2021-02-09 | 中信银行股份有限公司 | Non-invasive operation interface switching method and system |
WO2021136313A1 (en) * | 2019-12-30 | 2021-07-08 | 论客科技(广州)有限公司 | Attack and defense confrontation-based e-mail system security evaluation method and apparatus |
CN114048370A (en) * | 2021-12-02 | 2022-02-15 | 黄昇 | Python-based archive file processing, storage and one-stop management platform |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102333090A (en) * | 2011-09-28 | 2012-01-25 | 辽宁国兴科技有限公司 | Internal control bastion host and security access method of internal network resources |
CN102946328A (en) * | 2012-12-10 | 2013-02-27 | 中国电子科技集团公司第二十八研究所 | Network attack and defense test resource deployment method based on mobile agent |
US20130133026A1 (en) * | 2005-11-16 | 2013-05-23 | Shelia Jean Burgess | System, method, and apparatus for data, data structure, or encryption cognition incorporating autonomous security protection |
-
2013
- 2013-08-20 CN CN2013103631839A patent/CN103401886A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20130133026A1 (en) * | 2005-11-16 | 2013-05-23 | Shelia Jean Burgess | System, method, and apparatus for data, data structure, or encryption cognition incorporating autonomous security protection |
CN102333090A (en) * | 2011-09-28 | 2012-01-25 | 辽宁国兴科技有限公司 | Internal control bastion host and security access method of internal network resources |
CN102946328A (en) * | 2012-12-10 | 2013-02-27 | 中国电子科技集团公司第二十八研究所 | Network attack and defense test resource deployment method based on mobile agent |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108874864A (en) * | 2018-04-19 | 2018-11-23 | 北京立思辰计算机技术有限公司 | file recovery method and system |
CN108874864B (en) * | 2018-04-19 | 2023-05-30 | 北京立思辰计算机技术有限公司 | File recycling method and system |
CN110378115A (en) * | 2019-07-26 | 2019-10-25 | 丁菊仙 | A kind of data layer system of information security attack-defence platform |
CN110378115B (en) * | 2019-07-26 | 2022-08-30 | 深圳市三希软件科技有限公司 | Data layer system of information security attack and defense platform |
WO2021136313A1 (en) * | 2019-12-30 | 2021-07-08 | 论客科技(广州)有限公司 | Attack and defense confrontation-based e-mail system security evaluation method and apparatus |
CN112346810A (en) * | 2020-11-24 | 2021-02-09 | 中信银行股份有限公司 | Non-invasive operation interface switching method and system |
CN112346810B (en) * | 2020-11-24 | 2024-06-25 | 中信银行股份有限公司 | Non-invasive operation interface switching method and system |
CN114048370A (en) * | 2021-12-02 | 2022-02-15 | 黄昇 | Python-based archive file processing, storage and one-stop management platform |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Sommestad et al. | Cyber security exercises and competitions as a platform for cyber security experiments | |
CN107659543B (en) | Protection method for APT (android packet) attack of cloud platform | |
Harilal et al. | Twos: A dataset of malicious insider threat behavior based on a gamified competition | |
CN112448857A (en) | Construction method, device and equipment of target range and storage medium | |
Antonioli et al. | Gamifying ICS security training and research: Design, implementation, and results of S3 | |
KR101534194B1 (en) | cybersecurity practical training system and method that reflects the intruder behavior patterns | |
Doupé et al. | Hit'em where it hurts: a live security exercise on cyber situational awareness | |
Davis et al. | The fun and future of {CTF} | |
US20140157415A1 (en) | Information security analysis using game theory and simulation | |
CN103401886A (en) | Implementation method of information security attack-defense confrontation | |
Valluripally et al. | Modeling and defense of social virtual reality attacks inducing cybersickness | |
CN106850690A (en) | A kind of honey jar building method and system | |
CN109589607A (en) | A kind of game anti-cheating method and game anti-cheating system based on block chain | |
Yamin et al. | Make it and break it: An iot smart home testbed case study | |
CN107231345A (en) | Networks congestion control methods of risk assessment based on AHP | |
Reynolds | Performing information manoeuvre through persistent engagement | |
Van Haaster et al. | Cyber guerilla | |
Kirkbride et al. | Game-like captchas for intrusion detection | |
JP2013236687A (en) | Computer game | |
Chindrus et al. | Development and testing of a core system for red and blue scenario in cyber security incidents | |
Shandilya et al. | On a generic security game model | |
Burke et al. | Automating cyber offensive operations for cyber challenges | |
Chaskos | Cyber-security training: a comparative analysis of cyberranges and emerging trends | |
Bailey et al. | Evaluating self-adaptive authorisation infrastructures through gamification | |
CN106603624A (en) | Data mining system and realization method thereof |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20131120 |