CN104778073B - A kind of safe attacking and defending experiment porch of novel information and its implementation - Google Patents

A kind of safe attacking and defending experiment porch of novel information and its implementation Download PDF

Info

Publication number
CN104778073B
CN104778073B CN201510183912.1A CN201510183912A CN104778073B CN 104778073 B CN104778073 B CN 104778073B CN 201510183912 A CN201510183912 A CN 201510183912A CN 104778073 B CN104778073 B CN 104778073B
Authority
CN
China
Prior art keywords
attacking
layer
interface
module
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510183912.1A
Other languages
Chinese (zh)
Other versions
CN104778073A (en
Inventor
龙震岳
魏理豪
钱扬
崔磊
梁哲恒
李伟清
黄巨涛
杨汉彬
王骧龙
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Information Security Test And Appraisal Center Guangdong Province
Information Center of Guangdong Power Grid Co Ltd
Original Assignee
Information Security Test And Appraisal Center Guangdong Province
Information Center of Guangdong Power Grid Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Information Security Test And Appraisal Center Guangdong Province, Information Center of Guangdong Power Grid Co Ltd filed Critical Information Security Test And Appraisal Center Guangdong Province
Priority to CN201510183912.1A priority Critical patent/CN104778073B/en
Publication of CN104778073A publication Critical patent/CN104778073A/en
Application granted granted Critical
Publication of CN104778073B publication Critical patent/CN104778073B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses a kind of safe attacking and defending experiment porch of novel information and its implementation, attacking and defending experiment porch is divided into resource layer, data Layer, interface layer, four layerings of operation layer, and subsystem corresponding to formation respectively.By the linkage of each subsystem in attacking and defending experiment porch, efficient information gathering, quick formation attack and defense training virtual scene can be carried out, in the confrontation etc. safely of analog information thereon.Attacking and defending experiment porch of the present invention employs automatic configuration technology, virtualization technology and resource in resource layer and is abstracted management method, realize the unified resource management method to virtual hardware and entity combination of hardware, solving present in traditional experimental situation that hardware resource high investment, unmanageable, poor efficiency, high energy consumption, and flexibility ratio are low, invest repeatedly, are difficult to configure etc. can not meet that information security field quickly changes the realistic problem of requirement.

Description

A kind of safe attacking and defending experiment porch of novel information and its implementation
Technical field
The present invention relates to information security of computer network technical field, and in particular to a kind of attacking and defending experimental platform system, with And the method that attack and defense training is carried out using the plateform system.
Background technology
At present, network safety situation both domestic and external is increasingly serious, and China attaches great importance to network security, and information security is Lift national security aspect.But because acp chip, operating system, database, the network equipment and its core technology are most of Grasped and controlled by foreign countries, grave danger is caused to safety of China, and be even more as the power industry on the important people's livelihood basis of country Stand in the breach.In order to reduce the safety problem of Network and information system and hidden danger, the protective capacities of information security is improved, pole needs The technician of correlation is trained energetically, strengthens the safety inspection and evaluation ability to Network and information system, to tackle information peace The full deficiency for threatening and making up in core technology.
Attacking and defending experiment porch be assessment test is carried out to Network and information system, attack and defense training, the synthesis of talent training are put down Platform, but China relatively lags behind in the technical research of attacking and defending experimental platform system, although also there is some mechanisms to be carried out with company The technical research and development of similar network attacking and defending laboratory software platform is crossed, but without ripe, architectonical a, energy mould Intend the attacking and defending experimental platform system that emulation reappears live network.The construction of domestic network safety education training platform has risen at present Step, has there is the blank of some Attack Defence training systems, but its generally existing problems with:
1) it is single to resist platform service, lacks the thought of hardware and software platform, functional structure is unreasonable, it is difficult to formed with scale, High-precision, globality, high emulation platform;
2) safe attacking and defending experience and technology are lacked, the cross-cutting property and mysteriousness of information security make it difficult to build a set of total The knowledge hierarchy of body maturation, closer to reality;
3) platform environment degree of closure is not high, and some sensitive schemes, instrument in platform etc. are difficult to be limited in experiment to put down Used inside platform, technical know-how is poor;
4) platform border is not close, and the harmfulness in confrontation to attacking and defending laboratory in itself is very big;
5) system design is unreasonable, only realizes simple confrontation;
6) effect of rivalry-drilling relies on safe practice expert manual evaluation and check and correction, and automation, intelligence degree are very low;
7) platform environment solidifies, it is difficult to which flexible configuration, resource utilization is low, wastes time and energy.When a large amount of personnel need simultaneously When confrontation or training exercise, required human resources and material resources will be huger;
8) content design is unreasonable, it is difficult to allow these structures of knowledge of the grasp of user platform.
Practical, advanced, expansible, architectonical an attacking and defending laboratory software platform is developed in order to ensure, Reach expected application target, it is necessary to Improvement is carried out to attacking and defending experimental platform system, technology branch is provided for platform development Support and scientific basis.
The content of the invention
In view of the shortcomings of the prior art, the present invention is intended to provide a kind of safe attacking and defending experiment porch of novel information and its realization Method, by the reasonable setting and linkage being respectively layered in attacking and defending experiment porch, and the technology combined using actual situation, there is provided it is a kind of Efficiently, attacking and defending experimental platform system that is expansible, can highly reproducing true environment and the attack and defense training based on the plateform system Method.
To achieve these goals, the present invention adopts the following technical scheme that:
A kind of attacking and defending experiment porch, including resource layer, data Layer, interface layer and operation layer, each layering composition are as follows:
Resource layer includes virtual unit and true physical equipment based on virtualization technology, wherein, the actual physical is set It is standby to include entity host, the network equipment and safety means, such as IPS, interchanger.In resource layer, virtual unit and true thing Coexistence is managed, operation layer is by the management with virtual unit and true physical equipment and is combined with carrying out imitating in attack and defense training True scene quickly generates.Actual situation combine help to solve hardware resource high investment present in traditional Network Experiment Environment, Unmanageable, poor efficiency, high energy consumption, can not rapidly adapt to change and it is low it is available, investment, result of training can not meet under battle conditions repeatedly The realistic problem asked.
Data Layer is attached with interface layer and resource layer respectively, is provided with some resources banks, and the resources bank includes But it is not limited to tool storage room, scene configuration storehouse, courseware database, information bank, daily record storehouse, attack storehouse and platform library, wherein tool storage room For providing all kinds of attack tools for attacking and defending experiment, some typical information security attacking and defending scenes, class are stored in scene configuration storehouse Attacking and defending study course is stored in part storehouse, information bank is used to collecting and storing message, and daily record storehouse is then provided with daily record data memory cell With daily record data transmitting element, it is respectively used to store daily record data from each layer functions module of attacking and defending experiment porch and outwards Boundary sends daily record data, and attack storehouse is used to store typical attack, and platform library is then attacked for depositing information security The various information of anti-platform, including system asset information, thematic information, case information and curriculum information.The resource of unified integration Storehouse can provide effective data message guarantee for rapid deployment simulating scenes, quick progress attack and defense training and fast verification.
Operation layer carries the core business of whole attacking and defending experimental platform system, including simulating scenes management module, system Management module, task management module, tool management module, information management module, teaching-course manager module and attacking and defending display module:
The simulating scenes management module is responsible for scene configuration storehouse and structure simulating scenes, and can be with the scene Repository carries out data transmission.Carry out data transmission by the management to scene configuration storehouse and with it so that the simulating scenes Management module can be by information rapid deployment simulating scenes that scene configuration storehouse provides, there is provided simulated environment, and quick return Receive scenario resources;
The system management module is used to include user, authority, equipment, daily record and Report Server Management to attacking and defending experiment porch Each side inside is managed;
The tool management module is used for the database interface by interface layer, the work stored to instrument place in data Layer Tool is managed;
The information management module is used for the database interface by interface layer, the feelings stored to information place in data Layer Report is managed;
The courseware database of teaching-course manager module connection data Layer, for being managed to courseware database, and with the emulation Scene management module carries out data correlation;
The task management module is used to carry out each generic task the management including tracking, checking, and passes through knot Close information bank and tool storage room carries out mission dispatching.In the realization of attacking and defending experiment porch, there are many different tasks, such as teach , self-study, attacking and defending etc., these tasks can be managed by the task management module, including under task tracking, task Hair, task are checked, both can carry out single task management according to user, can also carry out multiple tasks centralized management by user's group;
The attacking and defending display module is provided with video monitor unit and playback unit.So operation maintenance personnel can not only be existed Carry out that checking for attacking and defending route and result can be carried out during attack and defense training in real time, but also can attacking and defending experiment porch carry out from Learn, training or watch the operational circumstances of student, the playback for carrying out attacking and defending route, the progressively behaviour such as analysis during teaching demonstration by recording a video Make.
Interface layer includes database interface and virtual platform interface, and wherein virtual platform interface includes authentication module, daily record Enquiry module and Reports module, three provide authentication interface, log query interface and form interface respectively, and the certification connects Mouth is used for user and enters attacking and defending experiment porch by third party system and third party system is authenticated when browsing current page, The log query interface is used to be authenticated third party system when user sends log query request to attacking and defending experiment porch, The daily record data that user wants to inquire about is sent to third party system by daily record storehouse according to specific encapsulation format after certification;It is and described Form interface is then used to be authenticated third party system when form is checked in user's request;The database interface is used for be other Hierarchical access data Layer provides interface;In addition, the resource layer is also interacted by connecting interface layer with operation layer.It is all Third party system all must be by recognizing before entering attacking and defending experiment porch and carrying out page browsing, log query or check form Card, can effectively ensure that the data safety of attacking and defending experiment porch.Operation layer is by interface layer to the virtual unit of resource layer and true Real physical equipment carries out the management of actual situation combination, helps to realize the accurate simulation of simulating scenes and fast construction.
Further illustrate, the system management module includes user management submodule, user right submodule, used Family list submodule, system module management submodule, equipment control submodule, daily record and Report Server Management submodule and mouthpiece Manage submodule:
User management submodule is used to the user of attacking and defending experiment porch or user's group are carried out including addition, modification or deleted Management inside.
User right submodule is used to every authority of attacking and defending experiment porch is configured and managed, every authority The including but not limited to independence of attacking and defending experiment porch logon rights, data access authority, the functional module being respectively layered and resources bank Access rights, form create authority and form checks authority and report writer authority.Because whole attacking and defending experiment porch is one Individual integrated attack and defense training environment, wherein have the instruments such as osmotic engine and the virus needed for attack and defense training and all kinds of scenes, And these scenes, instrument etc. must be used in limited range and controlled according to authority, can ensure to leak. Therefore, user right submodule is provided with the operation layer of the attacking and defending experiment porch, makes platform login, data access, function Module accesses, form, which are created, checked, editing etc., corresponding priority assignation and management, multi-level from many aspects to ensure The security of attacking and defending experiment porch business and data.
User list submodule is used to check User Status list, user right list and user role list, user Status list mainly includes account status list and user task status list.
System module management submodule is used to managing each functional module in attacking and defending experiment porch, including functional module Delete or close, the checking of functional module, the addition of functional module and the renewal of functional module.
Equipment control submodule is used to provide register interface, virtual unit and entity device for virtual unit and entity device After being registered, the equipment control submodule sends facility information to the scene configuration storehouse, for the simulating scenes Extraction is called when management module carries out scenario building.
Daily record connects the daily record storehouse in the data Layer with Report Server Management submodule, for the daily record data to multiple format Unified form is converted to after being collected, and is parsed and is classified, is stored in daily record storehouse;Also carry out daily record data in addition Storage, backup, recovery, delete and import and export.
Interface management submodule:It is managed for each interface in docking port layer.
It should be noted that set interface is divided into human-machine interface and machine-machine interactive interface in interface layer, wherein people- Machine interactive interface includes human-computer interaction interface and human-computer interaction interface and the interactive interface on backstage;Human-computer interaction interface uses html The mode combined with flash is shown, and is sent and asked to backstage using ajax forms, and return value is transmitted according to Json And explanation;Machine-machine interactive interface then uses Services Oriented Achitecture (SOA), and using RESTFUL Webservice associations View, the primary format using Json as transmission.
It should be noted that the operation layer is additionally provided with alarm module, pass through interface layer with the information bank in data Layer Database interface be connected, the information bank, which is collected, will notify the alarm module after newest message, alert mould Block sends alarm signal to system manager.
It should be noted that the tool storage room includes osmotic engine storehouse and network attack storehouse;Ooze in wherein osmotic engine storehouse Include but is not limited to information collection tool, automatic scanning instrument, password sniff and crack tool, vulnerability exploit work in saturating work Tool, privilege-escalation instrument, infiltration script;Network attack storehouse network then includes but is not limited to attack tool, host machine attack oozes Saturating instrument, database attack instrument and using attack tool.The effect of tool storage room is for the plateform system simulating scenes It is middle that various attack tools are provided, exist in the form of storehouse and help to ensure that instrument uses in controlled authority.
Based on the safe attacking and defending experiment porch of above- mentioned information, its implementation comprises the following steps:
S1 information gatherings and scene deployment:
1.1) information bank of data Layer collected newest leak information and to unite by internet in attacking and defending experiment porch After one form storage, the alarm module of operation layer is notified, the alarm module sends alarm signal to system manager;
1.2) after system manager receives alarm signal, the simulating scenes management module of operation layer is called;The emulation field Scape management module takes out corresponding leak information from the information bank of data Layer and carries out scene analysis, draws similar scene;
1.3) simulating scenes management module extracts the facility information in resource layer from the scene configuration storehouse, by money The virtual unit and true physical equipment of active layer be combined management generation simulating scenes, the simulating scenes include target machine and Operation machine;
The attack checking of S2 leaks:Operation maintenance personnel utilizes the operation machine in simulating scenes, by calling in data Layer tool storage room Attack tool the target machine of simulating scenes is attacked;
After S3 attacks terminate, attack result is recorded in the attacking and defending display module of operation layer, and operation maintenance personnel is attacked described Attack result is inquired about on anti-display module.
Explanation is needed further exist for, in the presence of the attack result in step S3 shows leak, performs following steps:
S4 reinforces task:Operation maintenance personnel calls the simulating scenes management module of operation layer, by being set to the virtual of resource layer Standby and true physical equipment is combined the simulating scenes in managing to resume step S1, then for corresponding leak to recovery after Simulating scenes carry out artificial reinforced;
S5 reinforces checking:Operation maintenance personnel is attacked the simulating scenes after reinforcing using step S2 method, attack knot Shu Hou, attack result are recorded in the attacking and defending display module of operation layer, and operation maintenance personnel inquires about attack on attacking and defending display module As a result, if attack failure, shows that the target machine can resist such attack.This shows that operation maintenance personnel can be according to step The reinforcing mode that rapid S4 is used completes the reinforcement to actual services main frame.
The implementation method based on attacking and defending experiment porch described above, including following step are utilized as another in the present invention Suddenly:
S1 operation maintenance personnels call the simulating scenes management module in operation layer, and are chosen from the scene configuration storehouse of data Layer Scene required for application upgrade checking;
S2 simulating scenes management module compares the corresponding scene information in scene configuration storehouse, passes through the virtual unit to resource layer Management deployment simulating scenes are combined with true physical equipment;
S3 operation maintenance personnels carry out the operation of application upgrade under the simulating scenes disposed, if operated successfully, Ke Yi Upgraded on real business main frame.
It should be noted that the implementation method of the safe attacking and defending experiment porch of above- mentioned information is respectively provided with the characteristics of information combines. Attack and defense training is carried out, this attacking based on information for the newest message that the information place of data Layer was collected Anti- rehearsal enables to actual services system to keep up with the development of Situation on Information Security in time and makes corresponding maintenance, upgrading And reinforcing, effectively keep out various invasions and attack.
The beneficial effects of the present invention are:
1st, the present invention is combined with virtual machine based on virtual technology and physical machine to carry out the structure of simulating scenes, and The configuration of resource is realized using visualization interface, the mode and visual configuration that actual situation combines not only can be as much as possible The true complicated network scenarios of simulation simultaneously makes the behavior quick playback in scene, and it is past to overcome existing attacking and defending experiment porch Scene Toward being single game scape, even the shortcomings that combine scenes are also simple virtualization combination, additionally it is possible to further realize simulating scenes Fast construction;
2nd, can realize information automatically analyze with resource rapid configuration, and support the fast of hardware environment and attacking and defending means Speed change;
3rd, operating environment, operation instrument are isolated from the outside, and platform login, data access, functional module access, form Create, check, editing etc. has corresponding priority assignation and management, and the information security of platform interior has been effectively ensured;
5th, attacking and defending experiment porch is not only the checking place that attacking and defending experiment provides newest attacking and defending means, but also in order to teach Learn training and provide the favourable condition such as courseware database and teaching-course manager module, attacking and defending display module so that attacking and defending is tested Platform be also equipped with attacking and defending teaching and demonstration function, it is possible to achieve single -step operation, automatic scoring, teacher help, process playback, Operation such as automatically analyzes at the operation.
6th, solve to deposit in traditional Network Experiment Environment using more complete virtualization technology and rapid configuration technology Hardware resource high investment, unmanageable, poor efficiency, high energy consumption and it is low it is available, investment, result of training can not meet under battle conditions repeatedly It is required that realistic problem;
7th, by virtualization technology, remote control technology, HTML5 technologies, Host behavior monitoring and audit technique, Honeypot Techniques Deng being organically fused in a set of management platform system, ensure that administrative staff can only spend shorter setup time can one The operations such as the deployment of experimental situation, the distribution of resource and the recovery of completion complexity of standing posture;Experiment operator can be to oneself Experimental implementation behavior carry out the later stage audit and be improved according to the scoring of assessment system come the experiment behavior to oneself;
8th, a set of hardware infrastructure can tackle the experiment of emulation attack and defense training, network maneuvers, security technology scheme And the plurality of application scenes such as technology evaluation and safety product test, and carried out simultaneously in the case where hardware resource allows.
Brief description of the drawings
Fig. 1 is total framework high-level schematic functional block diagram of plateform system of the present invention;
Fig. 2 is Fig. 1 interface layer high-level schematic functional block diagram;
Fig. 3 is the interaction schematic diagram of the Man Machine Interface of Fig. 1 interface layer;
Fig. 4 is the subscriber management function schematic diagram of system management module in Fig. 1 operation layers;
Fig. 5 is the module management functional schematic of system management module in Fig. 1 operation layers;
Fig. 6 is the equipment Management Function schematic diagram of system management module in Fig. 1 operation layers;
Fig. 7 is the log management function schematic diagram of system management module in Fig. 1 operation layers;
Fig. 8 is information gathering and environment deployment schematic flow sheet in intelligence channel linkage scene;
Fig. 9 is validating vulnerability or reinforcing checking schematic flow sheet in intelligence channel linkage scene;
Figure 10 is the reinforcing flow of task schematic diagram in intelligence channel linkage scene;
Figure 11 is that schematic flow sheet is verified in application upgrade;
Figure 12 is attack rehearsal schematic flow sheet;
Figure 13 is the reinforcing flow of task schematic diagram reinforced in rehearsal scene.
Embodiment
Below with reference to accompanying drawing, the invention will be further described, it is necessary to which explanation, the present embodiment is with this technology side Premised on case, detailed embodiment and specific operating process are provided, but protection scope of the present invention is not limited to this implementation Example.
As shown in figure 1, a kind of attacking and defending experimental platform system, is made up of some layerings, including resource layer, data Layer, interface Layer and operation layer;
(1) resource layer includes virtual machine and true physical equipment based on virtualization technology, the true physical equipment bag Entity host, the network equipment and safety means are included, such as IPS, interchanger, virtual machine and true physical equipment are total in resource layer Deposit.Actual situation combine help to solve hardware resource high investment present in traditional Network Experiment Environment, unmanageable, poor efficiency, High energy consumption and it is low it is available, investment, result of training can not meet the realistic problem required under battle conditions repeatedly.
(2) data Layer is attached with interface layer and resource layer respectively, is provided with some resources banks, the resources bank Including but not limited to tool storage room, scene configuration storehouse, courseware database, information bank, daily record storehouse, attack storehouse and platform library, wherein work Tool storehouse is used to provide corresponding instrument for attacking and defending experiment, and some typical information security attacking and defending fields are stored with scene configuration storehouse Scape, attacking and defending study course is stored with courseware database, information bank is used to collecting and storing message, and daily record storehouse is then deposited provided with daily record data Storage unit and daily record data transmitting element, it is respectively used to store the daily record data from each layer functions module of attacking and defending experiment porch Daily record data is outwardly sent, attack storehouse is used to store typical attack, and platform library is then used to deposit information The various information of safe attack-defence platform, including system asset information, thematic information, case information and curriculum information.Unified integration Resources bank can for rapid deployment simulating scenes, quick carry out attack and defense training and fast verification provide effective data message Ensure.
Wherein, the tool storage room includes osmotic engine storehouse and network attack storehouse;Wherein wrapped in osmotic engine storehouse infiltration work Include but be not limited to information collection tool, automatic scanning instrument, password sniff and crack tool, vulnerability exploit instrument, authority carry The instrument of liter, infiltration script;Network attack storehouse network then includes but is not limited to attack tool, host machine attack osmotic engine, number According to storehouse attack tool and using attack tool.The effect of tool storage room provided in for the plateform system simulating scenes it is various Attack tool, exist in the form of storehouse and help to ensure that instrument uses in controlled authority.
(3) interface layer includes database interface and virtual platform interface, wherein the virtual platform interface includes certification mould Block, log query module and Reports module, for providing external data-interface for attacking and defending experiment porch, respectively certification connects Mouth, log query interface and form interface;The database interface is used to provide interface for other hierarchical access data Layers;Separately Outside, the resource layer is also interacted by connecting interface layer with operation layer.Void of the operation layer by interface layer to resource layer The management that standby and true physical equipment carries out actual situation combination is proposed, helps to realize the accurate simulation of simulating scenes and quickly takes Build.
As shown in Fig. 2 in interface layer, user wants to enter attacking and defending experiment porch by third party system directly to access The existing page of platform, then need to log in by authentication interface and certification is successful;Form interface is responsible for and generating platform system On form, and user need access form when then need to be authenticated by form interface;When user needs searching platform system During the daily record of system, inquiry request is sent to the communication protocol that attacking and defending experiment porch provides by third party system, the daily record is looked into Interface is ask the result of inquiry just to be sent according to specific encapsulation format by the daily record storehouse in attacking and defending experiment porch after certification Checked to third party system for user.
Interface in the interface layer is divided into human-machine interface and machine-machine interactive interface.
As shown in figure 3, in terms of human-computer interaction interface, man-machine interaction circle is showed using common Web forms in a browser Face, interface is then by the way of html+flash.At present, html interactive mode is received by everybody, but html is multiple Showing for miscellaneous effect be there are problems that in efficiency.At this moment, using basic arbitrary ways of the flash as html, for complexity Show effect, carry out preferably showing achievement by flash, while show basic interactive interface using html, ensure that more Good system maintainability and scalability.
For human-computer interaction interface and the interface of background service, traditionally, combined closely using http request and backstage, So, close even summation of the front and back on deployment architecture is just brought.Therefore sent out in the present invention using ajax forms to backstage Request is sent, return value is transmitted and explained according to Json and general data standard.So, foreground (refers to html+css+ Javascript) isolate with backstage, independently can be disposed on static page as a part.Deployment is more flexible, And scalability is also better.
In whole attacking and defending experiment porch, there is the server of not only one, each server has oneself independent height The function of cohesion.Machine-machine interactive interface just refers to the interactive interface between these different servers.
These servers, every all has respective standalone feature, it is ensured that the high cohesion lower coupling of these servers is special Property, ensure to adapt to the flexible scalability of various networks and company's environment again, so present invention employs SOA design think of Road.In SOA, using total interface as external service, the people to needs is called.Meanwhile using SOA security system, It is that safety is controlled to ensure that the transmission of the calling and data of interface uses.
In traditional SOA, soap protocol is many times used, the webservice of soap protocol is very heavy, right It is bigger in performance impact, so, the RESTFUL Webservice than lighter are employed in the present invention, meanwhile, use Primary formats of the Json as transmission, reduce transmission digestion and data parsing consumption when big data quantity transmits.
In machine-machine interactive interface, data format has a set of data standard.The data format for meeting specification can By the unified performance consumption for identifying, avoiding Data Format Transform of all Servers-alls.
(4) operation layer carries the core business of whole plateform system, and its functional module mainly includes simulating scenes management Module, system management module, task management module, tool management module, information management module, teaching-course manager module and attacking and defending exhibition Show module:
The simulating scenes management module is used to manage scene configuration storehouse and structure simulating scenes, and can be with the scene Repository carries out data transmission.Carry out data transmission by the management to scene configuration storehouse and with it so that the simulating scenes Management module can be by information rapid deployment simulating scenes that scene configuration storehouse provides, there is provided simulated environment, and quick return Receive scenario resources;
The system management module is used to include user, authority, equipment, daily record and Report Server Management to attacking and defending experiment porch Each side inside is managed;
The tool management module is used for the database interface by interface layer, the work stored to instrument place in data Layer Tool is managed;
The information management module is used for the database interface by interface layer, the feelings stored to information place in data Layer Report is managed;
The courseware database of teaching-course manager module connection data Layer, for carrying out the management such as user's curricula-variable operation, and with institute State simulating scenes management module and carry out data correlation, such as associate contextual data therein;
The task management module possesses the detailed management function of variation, for carrying out including tracking to each generic task, looking into See, issue including management, wherein, mission dispatching, which needs to combine information bank and tool storage room, to be carried out.In the reality of attacking and defending experiment porch In existing, there are many different tasks, such as impart knowledge to students, learn by oneself, attacking and defending, can be to these tasks by the task management module It is managed, including task tracking, mission dispatching, task are checked, both can carry out single task management according to user, can also be by User's group carries out multiple tasks centralized management;It can also be carried out in addition to be categorized into teaching, study, maintenance, attacking and defending task dispatching Built-in usual task and custom task etc.;
The attacking and defending display module is provided with video monitor unit and playback unit.So operation maintenance personnel can not only be existed Carry out that checking for attacking and defending route and result can be carried out during attack and defense training in real time, but also can attacking and defending experiment porch carry out from Learn, training or watch the operational circumstances of student, the playback for carrying out attacking and defending route, the progressively behaviour such as analysis during teaching demonstration by recording a video Make.
Further, the system management module includes user management submodule, user right submodule, user list Module, system module management submodule, equipment control submodule, daily record and Report Server Management submodule and interface management submodule Block:
As shown in figure 4, user management submodule specifically the user in a manner of user data table to attacking and defending experiment porch or User's group carries out the management for including addition, being deleted or modified.
User right submodule is used to every authority of attacking and defending experiment porch is configured and managed, every authority The including but not limited to independence of attacking and defending experiment porch logon rights, data access authority, the functional module being respectively layered and resources bank Access rights, form create authority and form checks authority and report writer authority.Because whole attacking and defending experiment porch is one Individual integrated attack and defense training environment, wherein have the instruments such as osmotic engine and the virus needed for attack and defense training and all kinds of scenes, And these scenes, instrument etc. must be used in limited range and controlled according to authority, can ensure to leak. Therefore, user right submodule is provided with the operation layer of the attacking and defending experiment porch, makes platform login, data access, function Module accesses, form, which are created, checked, editing etc., corresponding priority assignation and management, multiple angles, many levels It ensure that the security of attacking and defending experiment porch business and data.
User list submodule is used to check User Status list, user right list and user role list, user Status list mainly includes account status list and user task status list.Check that operation specifically can be by multilist number Realized it is investigated that asking.
Because attacking and defending experiment porch can carry out modularization to its administrative function, it is divided into several modules, it is therefore desirable to system Module management submodule manages each functional module, as shown in figure 5, deletion or closing, function including functional module The checking of module, the addition of functional module and the renewal of functional module.Wherein, the process of increase or removing module is to list Existing module in the operation that is increased or deleted, then module list is updated.
As shown in fig. 6, equipment control submodule is used to carry for the true physical equipment such as virtual unit and router, interchanger , can be by together with virtual unit and true physical equipment registration for register interface.Virtual unit and true physical equipment are carried out After registration, facility information is sent to the scene configuration storehouse, scene configuration storehouse and can made by the equipment control submodule Simultaneous selection virtual machine and physical machine network consisting topology during simulating scenes.
Daily record connects the daily record storehouse in the data Layer with Report Server Management submodule, for the daily record data to multiple format Carry out being converted to unified form after collecting automatically, and parsed and classified, be stored in daily record storehouse;Also carry out daily record in addition The storages of data, backup, recovery, delete and import and export.The source of daily record is as shown in Figure 7.
Interface management submodule:It is managed for each interface in docking port layer.
Further, the operation layer is additionally provided with alarm module.Information bank in data Layer was collecting newest leakage After being notified that alarm module after the information of hole, alarm module sends alarm signal to system manager.
The implementation method of above-mentioned attacking and defending experiment porch mainly includes testing based on intelligence channel linkage scene, based on application upgrade Demonstrate,prove scene, based on attack rehearsal scene, the implementation method based on reinforcing rehearsal scene and based on training scene.
First, intelligence channel linkage scene
S1 information gatherings and environment deployment, as shown in Figure 8:
1.1) information bank of data Layer collected newest leak information and to unite by internet in attacking and defending experiment porch After one form storage, the alarm module of operation layer is notified, the alarm module sends alarm signal;
1.2) after system manager receives alarm signal, the simulating scenes management module of operation layer is called;The emulation field Scape management module takes out corresponding leak information from information bank and carries out scene analysis, draws similar scene;
1.3) simulating scenes management module extracts the facility information in resource layer from the scene configuration storehouse, by money The virtual unit and true physical equipment of active layer be combined management generation simulating scenes, the simulating scenes include target machine and Operation machine;
The attack checking of S2 leaks:As shown in figure 9, operation maintenance personnel utilizes the operation machine in simulating scenes, by calling data Instrument in layer tool storage room is attacked the target machine of simulating scenes;
After S3 attacks terminate, attack result is recorded in the attacking and defending display module of operation layer, and operation maintenance personnel is attacked described Attack result is inquired about on anti-display module.
Explanation is needed further exist for, in the presence of the attack result in step S3 shows leak, performs following steps:
S4 reinforces task:As shown in Figure 10, operation maintenance personnel calls the simulating scenes management module of operation layer, by resource The virtual unit and true physical equipment of layer are combined the simulating scenes in managing to resume step S1, then for corresponding leakage Hole carries out artificial reinforced to the simulating scenes after recovery;
S5 reinforces checking:Operation maintenance personnel is attacked the simulating scenes after reinforcing using step S2 method, attack knot Shu Hou, attack result are recorded in the attacking and defending display module of operation layer, and operation maintenance personnel inquires about attack on attacking and defending display module As a result, if attack failure, shows that the target machine can resist such attack.This shows that operation maintenance personnel can be according to step The reinforcing mode that rapid S4 is used completes the reinforcement to actual services main frame.
2nd, application upgrade checking scene
As shown in figure 11:
S1 operation maintenance personnels call the simulating scenes management module in operation layer, and are chosen from the scene configuration storehouse of data Layer Scene required for application upgrade checking;
S2 simulating scenes management module compares the corresponding scene information in scene configuration storehouse, passes through the virtual unit to resource layer Management deployment simulating scenes are combined with true physical equipment;
S3 operation maintenance personnels carry out the operation of application upgrade under the simulating scenes disposed, if operated successfully, Ke Yi Upgraded on real business main frame.
3rd, attack rehearsal scene
Similar to leak attack verification step in intelligence channel linkage scene, the implementation method based on attack rehearsal scene is such as Under, as shown in figure 12:
S1 operation maintenance personnels access simulating scenes management module, choose and Attack Scenarios are specified in scene configuration storehouse.Simulating scenes Management module establishes simulating scenes;
S2 operation maintenance personnels are launched a offensive by target machine of the operation machine into scene in attack and defense training region;
After S3 is attacked, operation maintenance personnel can inquire about attack result by attacking and defending display module.
4th, rehearsal scene is reinforced
Reinforcing task is included based on the implementation method for reinforcing rehearsal scene and reinforces checking two parts, implementation is with being based on Reinforcing task step in the implementation method of intelligence channel linkage scene is similar with verification step is reinforced.
Reinforcing task:
As shown in figure 13, operation maintenance personnel needs to obtain needs from scene configuration storehouse by simulating scenes management module first Scene information.Simulating scenes management module can establish simulating scenes automatically;Then operation maintenance personnel is entered under the scene established Row reinforces operation.
Reinforce checking:
Operation maintenance personnel is attacked the target machine of simulating scenes by the operation machine in attack and defense training region according to flow.Attack Hitting result can be recorded in attacking and defending display module.Operation maintenance personnel inquires about attack result on attacking and defending display module.If attack Failure, it was demonstrated that the target machine can resist such attack.It can be completed according to this reinforcing step to actual services main frame Reinforcement.
5th, scene is trained
Training scene mainly meets, to receiving student's systematic learning security knowledge of training and the demand of technical ability, to cover often See and classical attacking and defending scene, course content cover main frame, database, using etc. every aspect.
For those skilled in the art, technical scheme that can be more than and design, provide various corresponding Change and deform, and all these change and deformation should be construed as being included within the protection domain of the claims in the present invention.

Claims (8)

1. a kind of information security attacking and defending experiment porch, it is characterised in that including resource layer, data Layer, interface layer and operation layer, respectively Layering composition is as follows:
Resource layer includes virtual unit and true physical equipment based on virtualization technology, wherein, the true physical equipment bag Include entity host, safety means, the network equipment;
Data Layer is attached with interface layer and resource layer respectively, is provided with some resources banks, and the resources bank is included but not It is limited to tool storage room, scene configuration storehouse, courseware database, information bank, daily record storehouse, attack storehouse and platform library, wherein tool storage room is used for All kinds of attack tools are provided for attacking and defending experiment, some typical attacking and defending scenes are stored in scene configuration storehouse, stores and attacks in courseware database Anti- study course, information bank are used to collecting and storing message, and daily record storehouse is then provided with daily record data memory cell and daily record data is sent out Unit is sent, is respectively used to store the daily record data from each layer functions module of attacking and defending experiment porch and outwardly sends daily record number According to attack storehouse is then used to store typical attack, and platform library is then used to deposit information security attacking and defending experiment porch Various information, including system asset information, thematic information, case information and curriculum information;
Operation layer includes simulating scenes management module, system management module, task management module, tool management module, information pipe Manage module, teaching-course manager module and attacking and defending display module:
The simulating scenes management module is responsible for scene configuration storehouse and structure simulating scenes, and can be with the scene configuration Storehouse carries out data transmission;
The system management module is used for including including user, authority, equipment, daily record and Report Server Management to attacking and defending experiment porch Each side be managed;
The tool management module is used for the database interface by interface layer, and the instrument stored to instrument place in data Layer enters Row management;
The information management module is used for the database interface by interface layer, and the information stored to information place in data Layer enters Row management;
The courseware database of teaching-course manager module connection data Layer, for being managed to courseware database, and with the simulating scenes Management module carries out data correlation;
The task management module is used to carry out each generic task the management including tracking, checking, and by with reference to feelings Storehouse and tool storage room is reported to carry out mission dispatching;
The attacking and defending display module is provided with video monitor unit and playback unit;
Interface layer includes database interface and virtual platform interface, and wherein virtual platform interface includes authentication module, log query Module and Reports module, three provide authentication interface, log query interface and form interface respectively, and the authentication interface is used Third party system is authenticated when user enters attacking and defending experiment porch by third party system and browses current page;It is described Log query interface is used to be authenticated third party system when user sends log query request to attacking and defending experiment porch, certification Query Result is sent to third party system by daily record storehouse according to specific encapsulation format afterwards;And the form interface is then used for user Request is authenticated when checking form to third party system;The database interface is used to provide for other hierarchical access data Layers Interface;In addition, the resource layer is also interacted by connecting interface layer with operation layer.
A kind of 2. information security attacking and defending experiment porch according to claim 1, it is characterised in that the system management module Including user management submodule, user right submodule, user list submodule, system module management submodule, equipment control Submodule, daily record and Report Server Management submodule and interface management submodule:
User management submodule is used to carry out the user of attacking and defending experiment porch or user's group including addition, modification or deleting Management;
User right submodule is used to every authority of attacking and defending experiment porch is configured and managed, and every authority includes But it is not limited to the independent access of attacking and defending experiment porch logon rights, data access authority, the functional module being respectively layered and resources bank Authority, form create authority, form checks authority and report writer authority;
User list submodule is used to check User Status list, user right list and user role list, User Status List mainly includes account status list and user task status list;
System module management submodule is used to manage each functional module in attacking and defending experiment porch, includes the deletion of functional module Or close, the checking of functional module, the addition of functional module and the renewal of functional module;
Equipment control submodule is used to provide register interface, virtual unit and actual physical for virtual unit and true physical equipment After equipment is registered, the equipment control submodule sends facility information to the scene configuration storehouse, for the emulation Extraction is called when scene management module carries out scenario building;
Daily record connects the daily record storehouse in the data Layer with Report Server Management submodule, for the daily record data progress to multiple format Unified form is converted to after collection, and is parsed and is classified, is stored in daily record storehouse;Depositing for daily record data is also carried out in addition Store up, back up, recover, delete and import and export;
Interface management submodule:It is managed for each interface in docking port layer.
A kind of 3. information security attacking and defending experiment porch according to claim 1, it is characterised in that set interface in interface layer It is divided into human-machine interface and machine-machine interactive interface, wherein human-machine interface includes human-computer interaction interface and man-machine friendship The interactive interface at mutual interface and backstage;Human-computer interaction interface is shown by the way of html is combined with flash, and is used Ajax forms send to backstage and asked, and return value is transmitted and explained according to Json;Machine-machine interactive interface is then used towards clothes The architecture (SOA) of business, and RESTFUL Webservice agreements are used, transformat is mainly used as using Json.
4. a kind of information security attacking and defending experiment porch according to claim 1, it is characterised in that the operation layer is also set up There is alarm module, be connected with the information bank in data Layer by database interface in interface layer, the information bank was collected most The alarm module will be notified after new message, alarm module sends alarm signal to system manager.
5. a kind of information security attacking and defending experiment porch according to claim 1, it is characterised in that the tool storage room includes oozing Saturating tool storage room and network attack storehouse;Wherein osmotic engine storehouse include but is not limited to information collection tool, automatic scanning instrument, Password sniff and crack tool, vulnerability exploit instrument, privilege-escalation instrument, infiltration script;The network attack storehouse is included but not It is limited to attack tool, host machine attack osmotic engine, database attack instrument and using attack tool.
A kind of 6. information security attacking and defending experiment porch implementation method based on described in claim 1, it is characterised in that:
S1 information gatherings and scene deployment:
1.1) information bank of data Layer collected newest leak information and to unify by internet in attacking and defending experiment porch After form storage, the alarm module of operation layer is notified, the alarm module sends alarm signal to system manager;
1.2) after system manager receives alarm signal, the simulating scenes management module of operation layer is called;Simulating scenes manage mould Block takes out corresponding leak information from the information bank of data Layer and carries out scene analysis, draws similar scene;
1.3) simulating scenes management module extracts the facility information in resource layer from the scene configuration storehouse of data Layer, by money The virtual unit and true physical equipment of active layer are combined management generation simulating scenes, and simulating scenes include target machine and operation Machine;
The attack checking of S2 leaks:Operation maintenance personnel is using the operation machine in simulating scenes, in the tool storage room by calling data Layer Instrument is attacked the target machine of simulating scenes;
After S3 attacks terminate, attack result is recorded in the attacking and defending display module of operation layer, and operation maintenance personnel is in the attacking and defending exhibition Show and attack result is inquired about in module.
7. information security attacking and defending experiment porch implementation method according to claim 6, it is characterised in that when in step S3 In the presence of attack result shows leak, following steps are performed:
S4 reinforces task:Operation maintenance personnel calls the simulating scenes management module of operation layer, by the virtual unit to resource layer and True physical equipment is combined the simulating scenes in managing to resume step S1, then for corresponding leak to imitative after recovery True scene carries out artificial reinforced;
S5 reinforces checking:Operation maintenance personnel is attacked the simulating scenes after reinforcing using step S2 method, after attack terminates, Attack result is recorded in the attacking and defending display module of operation layer, and operation maintenance personnel inquires about attack result on attacking and defending display module, If attack failure, shows that the target machine can resist such attack.
8. the implementation method of the safe attacking and defending experiment porch of a kind of described information based on claim 1, it is characterised in that including such as Lower step:
S1 operation maintenance personnels call the simulating scenes management module in operation layer, and application is chosen from the scene configuration storehouse of data Layer Scene required for upgrading checking;
S2 simulating scenes management module compares the corresponding scene information in scene configuration storehouse, by the virtual unit to resource layer and very Real physical equipment is combined management deployment simulating scenes;
S3 operation maintenance personnels carry out the operation of application upgrade under the simulating scenes disposed, can be true if operated successfully Business main frame on upgraded.
CN201510183912.1A 2015-04-17 2015-04-17 A kind of safe attacking and defending experiment porch of novel information and its implementation Active CN104778073B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510183912.1A CN104778073B (en) 2015-04-17 2015-04-17 A kind of safe attacking and defending experiment porch of novel information and its implementation

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510183912.1A CN104778073B (en) 2015-04-17 2015-04-17 A kind of safe attacking and defending experiment porch of novel information and its implementation

Publications (2)

Publication Number Publication Date
CN104778073A CN104778073A (en) 2015-07-15
CN104778073B true CN104778073B (en) 2018-01-16

Family

ID=53619558

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510183912.1A Active CN104778073B (en) 2015-04-17 2015-04-17 A kind of safe attacking and defending experiment porch of novel information and its implementation

Country Status (1)

Country Link
CN (1) CN104778073B (en)

Families Citing this family (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105844449A (en) * 2016-04-08 2016-08-10 国家电网公司 IT equipment overall process management design method based on layered model
CN105976659A (en) * 2016-05-05 2016-09-28 成都世纪智慧科技有限公司 Internet-based information safety on-line open practical training platform
CN106776968B (en) * 2016-12-05 2020-10-23 广州谷得网络科技有限公司 Universal game data interface layer
CN106789260B (en) * 2016-12-26 2020-11-20 中国银联股份有限公司 System and method for high availability drilling of network devices
CN109147447A (en) * 2017-06-16 2019-01-04 云南电网有限责任公司信息中心 A kind of network-combination yarn target range actual combat system based on virtualization technology
CN107609070A (en) * 2017-08-30 2018-01-19 北京数聚万卷科技发展有限公司 NDF data fusion platforms
CN108833171A (en) * 2018-06-21 2018-11-16 国网福建省电力有限公司 A kind of electric power networks equipment teaching management implementation method based on Web
CN108922298A (en) * 2018-07-23 2018-11-30 贵州电网有限责任公司信息中心 A kind of electric power safety operation training system
CN109298855B (en) * 2018-10-16 2022-04-05 国网河北省电力有限公司电力科学研究院 Network target range management system, implementation method and device thereof, and storage medium
CN110166285B (en) * 2019-04-28 2021-08-03 北京航空航天大学 Network security experiment platform building method based on Docker
CN110047346A (en) * 2019-04-29 2019-07-23 惠州城市职业学院 The emulation mode and simulated teaching experience system of virtual emulation practice teaching platform
CN110132051B (en) * 2019-06-12 2019-12-13 广州锦行网络科技有限公司 virtual-real combined information security actual combat target range construction method
CN110378115B (en) * 2019-07-26 2022-08-30 深圳市三希软件科技有限公司 Data layer system of information security attack and defense platform
CN110880983A (en) * 2019-08-14 2020-03-13 奇安信科技集团股份有限公司 Penetration testing method and device based on scene, storage medium and electronic device
CN111193791A (en) * 2019-12-27 2020-05-22 成都烽创科技有限公司 Training system based on B/S architecture and information display method
CN111597525A (en) * 2020-06-05 2020-08-28 深圳华讯网络科技有限公司 Resource management system security platform
CN112258683B (en) * 2020-10-20 2022-07-01 云账户技术(天津)有限公司 Inspection method and device for business system
CN115225513B (en) * 2022-05-27 2024-01-30 湖南大佳数据科技有限公司 Network space actual combat training platform system and implementation method
CN115134127A (en) * 2022-06-09 2022-09-30 国网浙江省电力有限公司 Electric power monitoring network safety test system
CN115348126A (en) * 2022-07-26 2022-11-15 北京永信至诚科技股份有限公司 Network target range entity equipment access method, device and implementation system

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7020697B1 (en) * 1999-10-01 2006-03-28 Accenture Llp Architectures for netcentric computing systems
CN100403706C (en) * 2006-01-11 2008-07-16 西安电子科技大学 Network security emulation system and its emulation method
CN101699815B (en) * 2009-10-30 2012-08-15 华南师范大学 Network attack automatic execution/exhibition system and method
CN103701777B (en) * 2013-12-11 2016-08-31 长春理工大学 Based on virtualization and the telecommunication network attacking and defending dummy emulation system of cloud
CN104410617B (en) * 2014-11-21 2018-04-17 西安邮电大学 A kind of information security attacking & defending department framework of cloud platform

Also Published As

Publication number Publication date
CN104778073A (en) 2015-07-15

Similar Documents

Publication Publication Date Title
CN104778073B (en) A kind of safe attacking and defending experiment porch of novel information and its implementation
CN109147447A (en) A kind of network-combination yarn target range actual combat system based on virtualization technology
CN107295092A (en) A kind of people's livelihood service mobile solution platform system based on cloud computing
CN106355971A (en) Simulating training system for overhauling substation equipment
CN104657903A (en) Compressive guarantee system for equipment based on IETM
CN105976659A (en) Internet-based information safety on-line open practical training platform
CN106022713A (en) Cloud-platform-based method for establishing training platform rapidly
CN106354891A (en) Geographic information service inquiring method based on TGIS (temporal geographic information system)
CN104299464A (en) Simulating training system for electric safety skills
CN110211445A (en) A kind of distribution network load turns to apply training system for control
CN106202507A (en) Electric power first-aid rehearsal analogue system and method
Balon et al. Cybercompetitions: A survey of competitions, tools, and systems to support cybersecurity education
CN109903609A (en) Team safety training platform device and team safety training system
Khalsa et al. The GEOSS interoperability process pilot project (IP3)
Sun [Retracted] Interactive Knowledge Visualization Based on IoT and Augmented Reality
CN205581995U (en) Real teaching system that instructs of computer network emulation
Tena-Chollet et al. Design of a semi-virtual training environment (serious game) for decision-makers facing up a major crisis
Fawareh et al. Analysis of e-learning system in the presence of social requirement
Pfister et al. Design and implementation of a cyber physical testbed for security training
Hao The Exploration and Research of the Network Security Offense and Defense Laboratory Cooperated by Schools and Enterprises under the Background of New Engineeringu
Singh et al. Integration of IoT and big data technologies for higher education
Woo et al. Web-based ITS for training system managers on the computer intrusion
CN106157201A (en) A kind of Internet education relation among teaching construction method and system
Cui Online education based on distributed multi-layer data processing technology
Zhu et al. Building Resilience in Civil Infrastructure Systems: System-Level Biomimicry to Address Complex Managerial Challenges

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
EXSB Decision made by sipo to initiate substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant