CN105024990A - Deployment method and device for network security attack and defense exercise environment - Google Patents
Deployment method and device for network security attack and defense exercise environment Download PDFInfo
- Publication number
- CN105024990A CN105024990A CN201510144905.0A CN201510144905A CN105024990A CN 105024990 A CN105024990 A CN 105024990A CN 201510144905 A CN201510144905 A CN 201510144905A CN 105024990 A CN105024990 A CN 105024990A
- Authority
- CN
- China
- Prior art keywords
- network
- main frame
- security attack
- network security
- defense training
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a deployment method and a deployment device based on a software-defined network for network security attack and defense exercise environments, which can solve the problem that resource allocation of the existing network security attack and defense exercise target range system is complex. The deployment method comprises the steps of: establishing a target range network based on a software-defined network according to network security attack and defense exercise requirements, wherein the target range network comprises a controller system, a switch system and at least one host; determining a flow table corresponding to the network security attack and defense exercise requirements; issuing the flow table corresponding to the network security attack and defense exercise requirements to the switch system via the controller system, and forwarding data according to the issued flow table via the switch system; and deploying operating systems and/or target range systems of the hosts in the target range network through automatic deployment codes.
Description
Technical field
The present invention relates to technical field of network security, be specifically related to a kind of network security attack and defense training Ministry of environment's arranging method based on software defined network and device.
Background technology
Network security attack and defense training target range system is a kind of online application deployment providing actual attacking and defending environment, for user provides multi-functional, diversified network security scene under battle conditions.Answer from simple exercise question, file is reverse to be cracked, and leak analysis utilizes, network penetration, the network-combination yarn battle under real network environment, user of service is by the safe attack and defense training Range Environment of different levels, promote network security skills of actual combat, deepen the understanding to network security.
Current network security target range system, in implementation procedure, mainly contains following several scheme:
(1) based on the scheme of software emulation.This programme employing software provides the authentic simulated environment to factual information system, and advantage is can exist independent of real network environment, avoids impacting actual environment.But disconnect comparatively large with true environment, practical value is difficult to assessment.
(2) based on the deployment scheme that hardware is piled up.Involved by this programme, system all adopts hardware device, comprises the server required for the deployment of attacking and defending system and storage system, meets the network equipment that attacking and defending network environment requires, and for strengthening the safety means of system safety.The advantage of this programme is that resource is sufficient, and stability is high, but expends comparatively large, and simultaneity factor utilance is very low, is difficult to expansion, repeatedly disposes.
(3) based on the deployment scheme of virtual machine.During system is disposed by this programme, the resource that repeatability is higher, as server and storage system, adopts Intel Virtualization Technology, is made as the virtual machine of uniform template, makes Account Dept be deployed in the middle of virtualized environment, be convenient to centralized management.The advantage of this programme is that system virtualization degree is higher, and all resources meet at the management of virtual machine control centre, considerably reduces the manpower consumption in system deployment.In small-scale network security attacking and defending practice, this programme can meet attacking and defending demand preferably, possesses good autgmentability simultaneously, is easy to repeatedly dispose.But along with participate in number, service, system resource increase, the program can encounter the bottleneck of hardware performance aspect.
(4) deployment scheme that is combined with software virtual machine of the network hardware.When resources of virtual machine reaches certain scale, the demand of system to network increases gradually, and virtual machine control centre is all difficult to from scale and aspect of performance the complicated requirement meeting grid.Therefore coupling system is needed to dispose, divide corresponding network area (job network distinguish, VLAN split), introduce two layers, the network equipment such as three-tier switch and router fire compartment wall, the extensibility of raising system, meets complicated network demand.This programme is use more technical scheme in current network security attacking and defending environment, has higher applicability.But exist in a large number due to virtual equipment and physical hardware devices, cause target range system environments complicated, maintenance difficulties increases, higher to the experience of operation maintenance personnel, skill set requirements. simultaneously
Summary of the invention
The object of the invention is to, complicated for the resource distribution in network security attack and defense training Range Environment, the problems such as manual maintenance workload is large, a kind of network security attack and defense training Ministry of environment's arranging method based on software defined network and device are provided, the method significantly can improve rehearsal environment and dispose efficiency, increase system automation operating mechanism, reduce unnecessary manpower repeated work, save hardware resource.
For this purpose, the present invention proposes a kind of network security attack and defense training Ministry of environment arranging method based on software defined network, comprising:
The range network based on software defined network is set up according to network security attack and defense training demand; Wherein, described range network comprises controller system, switch system and at least one main frame;
Determine the stream table corresponding to described network security attack and defense training demand;
Make described controller system by the stream table corresponding to described network security attack and defense training demand is handed down to described switch system, with make described switch system according to described in the stream table that issues carry out data retransmission;
Operating system and/or the target range system that code portions affixes one's name to each main frame in this range network is disposed by automation.
On the other hand, the present invention proposes a kind of network security attack and defense training environment deployment devices based on software defined network, comprising:
Network sets up unit, for setting up the range network based on software defined network according to network security attack and defense training demand; Wherein, described range network comprises controller system, switch system and at least one main frame;
First determining unit, for determining the stream table corresponding to described network security attack and defense training demand;
Stream table issues unit, for making described controller system by the stream table corresponding to described network security attack and defense training demand is handed down to described switch system, with make described switch system according to described in the stream table that issues carry out data retransmission;
Deployment unit, for disposing by automation operating system and/or the target range system that code portions affixes one's name to each main frame in this range network.
The network security attack and defense training Ministry of environment's arranging method based on software defined network described in the embodiment of the present invention and device, can according to rehearsal demand, automatic renewal is based on the range network of software defined network, and operating system and the target range system of each main frame in code portions administration range network is disposed by automation, compare traditional deployed environment based on hardware net equipment, the network operation workload that operation maintenance personnel is brought because rehearsal demand changes can be reduced greatly, rehearsal environment can be improved and dispose efficiency, avoid labor intensive one by one main frame manually dispose, increase system automation operating mechanism, and, this range network is based on software defined network, thus the controller in this range network and switch all realize with the form of software code in virtual machine, hardware resource can be saved to greatest extent, and, because the network switching equipment (controller and switch) is that software implementation realizes, so add or sweep equipment, and renewal network configuration ratio is easier to.
Accompanying drawing explanation
Fig. 1 is the schematic flow sheet of network security attack and defense training Ministry of environment arranging method one embodiment that the present invention is based on software defined network;
Fig. 2 is the frame structure schematic diagram of network security attack and defense training environment deployment devices one embodiment that the present invention is based on software defined network.
Embodiment
For making the object of the embodiment of the present invention, technical scheme and advantage clearly, below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly described, obviously, described embodiment is the present invention's part embodiment, instead of whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, belong to the scope of protection of the invention.
As shown in Figure 1, the present embodiment discloses a kind of network security attack and defense training Ministry of environment arranging method based on software defined network, comprising:
S1, set up based on the range network of software defined network according to network security attack and defense training demand; Wherein, described range network comprises controller system, switch system and at least one main frame;
S2, the stream table determining corresponding to described network security attack and defense training demand;
S3, make described controller system by the stream table corresponding to described network security attack and defense training demand is handed down to described switch system, with make described switch system according to described in the stream table that issues carry out data retransmission;
The Rapid Implementation of the extensive automation deployment scheme of S4, conveniently later stage, disposes by automation operating system and/or the target range system that code portions affixes one's name to each main frame in this range network.
In the embodiment of the present invention, in advance by conventional network plan writing controller, controller, according to specifically drilling demand, is automatically selected the network matched, is issued stream table, realize network and automatically upgrade, thus does not need webmaster personnel to configure again.
According to fixed rehearsal pattern and network demand, the existing stream satiable COS of table of analyzer-controller and fields match information, judge whether to need to generate new stream table content, to meet current network conditions demand.As created new stream table, the process creating new stream table is as follows:
Steps A: according to network demand, selects to generate single or multilevel flow table.
Step B: according to progression order from low to high, arranges each field (highest stream list item does not arrange and transmits instruction) of the stream list item of stream table at different levels.Each stream table comprises multiple stream list item, every bar stream list item comprises matching domain respectively and (includes port, metadata, source/destination media access control address, source/destination IP, IP agreement, source/destination port, VLAN ID, the common fields of data packet messages such as VLAN priority, the accurate coupling to packet can be realized), priority, counter, transmit instruction (when OpenFlow switch memory is at multiple stream table, transmission instruction is all had in all stream tables except last stream off-balancesheet, be responsible to define the stream table matching order of packet), (action collection realizes the various management and control operations to matched data bag to action collection, comprise packet content amendment, the actions such as appointed output terminal mouth) etc. field.Packet is mated with stream list item by matching domain, and perform stream list item dependent instruction afterwards, OpenFlow switch carries out management and control to data Packet forwarding direction thus.
In the embodiment of the present invention, after step s4, the ruuning situation of whole target range system can also be tested, guarantee the normal on-line running of all services, and recover failed host service in time.
The network security attack and defense training Ministry of environment arranging method based on software defined network described in the embodiment of the present invention, can according to rehearsal demand, automatic renewal is based on the range network of software defined network, and operating system and the target range system of each main frame in code portions administration range network is disposed by automation, compare traditional deployed environment based on hardware net equipment, the network operation workload that operation maintenance personnel is brought because rehearsal demand changes can be reduced greatly, rehearsal environment can be improved and dispose efficiency, avoid labor intensive one by one main frame manually dispose, increase system automation operating mechanism, and, this range network is based on software defined network, thus the controller in this range network and switch all realize with the form of software code in virtual machine, hardware resource can be saved to greatest extent, and, because the network switching equipment (controller and switch) is that software implementation realizes, so add or sweep equipment, and renewal network configuration ratio is easier to.
Alternatively, in another embodiment of network security attack and defense training Ministry of environment arranging method that the present invention is based on software defined network, describedly to set up based on the range network of software defined network according to network security attack and defense training demand, comprising:
Run in order to ensure network environment stable support target range, according to described network security attack and defense training demand, and set up the network topology structure of range network based on software defined network; Wherein, described network topology structure comprises attack plane subnet system, target drone subnet system and control centre's subnet system, and described control centre subnet system comprises controller system;
According to described network topology structure, generate the OpenFlow software switch system of each subnet system in described network topology structure.
In the embodiment of the present invention, target range system platform is made up of multiple virtual server, comprises target drone, attack plane, exercise question environment etc., is all made up of multiple virtual machine server.Virtual machine server is placed in physical server.Network interworking between virtual machine server, being then the virtual switch (SDN controller, SDN switch) by being placed on physical server, realizing using physical server network interface card as medium.
Alternatively, in another embodiment of network security attack and defense training Ministry of environment arranging method that the present invention is based on software defined network, the described stream table determined corresponding to described network security attack and defense training demand, comprising:
Show corresponding with the relation of stream table of network security attack and defense training demand prestored by inquiring about described control centre subnet system determines the stream table corresponding to described network security attack and defense training demand.
Alternatively, in another embodiment of network security attack and defense training Ministry of environment arranging method that the present invention is based on software defined network, described dispose the code portions operating system of affixing one's name to each main frame in this range network and/or target range system by automation before, also comprise:
By inquiring about, network security attack and defense training demand that described control centre subnet system prestores is corresponding with the relation of operating system mirror image to be shown and/or network security attack and defense training demand and the relation of target range system are corresponding shows to determine the operating system mirror image that each main frame in described range network needs to dispose and/or service.
Alternatively, in another embodiment of network security attack and defense training Ministry of environment arranging method that the present invention is based on software defined network, described operating system and/or target range system of being affixed one's name to each main frame in this range network by automation deployment code portions, being comprised:
When each main frame described in each main frame described is previously stored with needs operating system mirror image and/or the service of deployment, disposing code by automation needs the operating system mirror image of deployment and/or service arrangement on each main frame corresponding in each main frame described in described each main frame storage;
When each main frame described not storing each main frame described and needing operating system mirror image and/or the service of deployment, issue to each main frame described the operating system mirror image and/or service that each main frame described needs to dispose by described control centre subnet system, and dispose operating system mirror image and/or service arrangement that each main frame described in issuing to need to dispose by code on each main frame corresponding by automation.
In Network Security Exercise Range Environment, attack plane and target drone all will run corresponding program and go respective role, as the various attack software such as network sweep, penetration testing, leak analysis based on attack plane, containing leaky or by the service of attacking, one can being formed thus and comprise the complete Range Environment of attacking with leak based on target drone.
In the embodiment of the present invention, when each main frame being previously stored with each main frame described and needing operating system mirror image and the service of deployment, arrange according to each main frame function, dispose corresponding operating system mirror image, network attack service (attack plane), network hole service (target drone) etc. respectively, completion system deployment task; When each main frame not storing each main frame described and needing operating system mirror image and the service of deployment, according to concrete user demand, determine the operating system mirror image of the required deployment in relevant target drone, attack plane and various relevant virtual hardware resource, and by virtual management and control central platform, batch disposes mainframe host computer.
In the embodiment of the present invention, target range system can be pre-installed and multiplely include various service, can meet the operating system mirror image of attack plane and all kinds of demand of target drone.Meanwhile, target range system is also supported to customize based on the mirror image of particular demands, possesses certain flexibility.
As shown in Figure 2, the present embodiment discloses a kind of network security attack and defense training environment deployment devices based on software defined network, comprising:
Network sets up unit 1, for setting up the range network based on software defined network according to network security attack and defense training demand; Wherein, described range network comprises controller system, switch system and at least one main frame;
First determining unit 2, for determining the stream table corresponding to described network security attack and defense training demand;
Stream table issues unit 3, for making described controller system by the stream table corresponding to described network security attack and defense training demand is handed down to described switch system, with make described switch system according to described in the stream table that issues carry out data retransmission;
Deployment unit 4, for disposing by automation operating system and/or the target range system that code portions affixes one's name to each main frame in this range network.
The network security attack and defense training environment deployment devices based on software defined network described in the embodiment of the present invention, can according to rehearsal demand, automatic renewal is based on the range network of software defined network, and operating system and the target range system of each main frame in code portions administration range network is disposed by automation, compare traditional deployed environment based on hardware net equipment, the network operation workload that operation maintenance personnel is brought because rehearsal demand changes can be reduced greatly, rehearsal environment can be improved and dispose efficiency, avoid labor intensive one by one main frame manually dispose, increase system automation operating mechanism, and, this range network is based on software defined network, thus the controller in this range network and switch all realize with the form of software code in virtual machine, hardware resource can be saved to greatest extent, and, because the network switching equipment (controller and switch) is that software implementation realizes, so add or sweep equipment, and renewal network configuration ratio is easier to.
Alternatively, in another embodiment of network security attack and defense training environment deployment devices that the present invention is based on software defined network, described network sets up unit, comprising:
Subelement set up by topological structure, for according to described network security attack and defense training demand, and sets up the network topology structure of range network based on software defined network; Wherein, described network topology structure comprises attack plane subnet system, target drone subnet system and control centre's subnet system, and described control centre subnet system comprises controller system;
Switch system generates subelement, for according to described network topology structure, generates the OpenFlow software switch system of each subnet system in described network topology structure.
Alternatively, in another embodiment of network security attack and defense training environment deployment devices that the present invention is based on software defined network, described first determining unit, determines the stream table corresponding to described network security attack and defense training demand for show corresponding with the relation of stream table of network security attack and defense training demand prestored by inquiry described control centre subnet system.
Alternatively, in another embodiment of network security attack and defense training environment deployment devices that the present invention is based on software defined network, also comprise:
Second determining unit, before disposing the code portions operating system of affixing one's name to each main frame in this range network and/or target range system at described deployment unit by automation, by inquiring about, network security attack and defense training demand that described control centre subnet system prestores is corresponding with the relation of operating system mirror image to be shown and/or network security attack and defense training demand and the relation of target range system are corresponding shows to determine the operating system mirror image that each main frame in described range network needs to dispose and/or service.
Alternatively, in another embodiment of network security attack and defense training environment deployment devices that the present invention is based on software defined network, described deployment unit, comprising:
First disposes subelement, during for needing operating system mirror image and/or the service of deployment when each main frame described in each main frame described is previously stored with, disposing code by automation needs the operating system mirror image of deployment and/or service arrangement on each main frame corresponding in each main frame described in described each main frame storage;
Second disposes subelement, for when each main frame described not storing each main frame described and needing operating system mirror image and/or the service of deployment, issue to each main frame described the operating system mirror image and/or service that each main frame described needs to dispose by described control centre subnet system, and dispose operating system mirror image and/or service arrangement that each main frame described in issuing to need to dispose by code on each main frame corresponding by automation.
OpenFlow is a kind of network exchange model, and OpenFlow switch is the core component of whole OpenFlow network (being made up of OpenFlow switch, network virtualization layer and controller three part), the forwarding of main management data layer.
Although describe embodiments of the present invention by reference to the accompanying drawings, but those skilled in the art can make various modifications and variations without departing from the spirit and scope of the present invention, such amendment and modification all fall into by within claims limited range.
Claims (10)
1., based on a network security attack and defense training Ministry of environment arranging method for software defined network, it is characterized in that, comprising:
The range network based on software defined network is set up according to network security attack and defense training demand; Wherein, described range network comprises controller system, switch system and at least one main frame;
Determine the stream table corresponding to described network security attack and defense training demand;
Make described controller system by the stream table corresponding to described network security attack and defense training demand is handed down to described switch system, with make described switch system according to described in the stream table that issues carry out data retransmission;
Operating system and/or the target range system that code portions affixes one's name to each main frame in this range network is disposed by automation.
2. the network security attack and defense training Ministry of environment arranging method based on software defined network according to claim 1, is characterized in that, describedly sets up based on the range network of software defined network according to network security attack and defense training demand, comprising:
According to described network security attack and defense training demand, and set up the network topology structure of range network based on software defined network; Wherein, described network topology structure comprises attack plane subnet system, target drone subnet system and control centre's subnet system, and described control centre subnet system comprises controller system;
According to described network topology structure, generate the OpenFlow software switch system of each subnet system in described network topology structure.
3. the network security attack and defense training Ministry of environment arranging method based on software defined network according to claim 2, is characterized in that, the described stream table determined corresponding to described network security attack and defense training demand, comprising:
Show corresponding with the relation of stream table of network security attack and defense training demand prestored by inquiring about described control centre subnet system determines the stream table corresponding to described network security attack and defense training demand.
4. the network security attack and defense training Ministry of environment arranging method based on software defined network according to Claims 2 or 3, it is characterized in that, described dispose the code portions operating system of affixing one's name to each main frame in this range network and/or target range system by automation before, also comprise:
By inquiring about, network security attack and defense training demand that described control centre subnet system prestores is corresponding with the relation of operating system mirror image to be shown and/or network security attack and defense training demand and the relation of target range system are corresponding shows to determine the operating system mirror image that each main frame in described range network needs to dispose and/or service.
5. the network security attack and defense training Ministry of environment arranging method based on software defined network according to claim 1, is characterized in that, described operating system and/or target range system of being affixed one's name to each main frame in this range network by automation deployment code portions, being comprised:
When each main frame described in each main frame described is previously stored with needs operating system mirror image and/or the service of deployment, disposing code by automation needs the operating system mirror image of deployment and/or service arrangement on each main frame corresponding in each main frame described in described each main frame storage;
When each main frame described not storing each main frame described and needing operating system mirror image and/or the service of deployment, issue to each main frame described the operating system mirror image and/or service that each main frame described needs to dispose by described control centre subnet system, and dispose operating system mirror image and/or service arrangement that each main frame described in issuing to need to dispose by code on each main frame corresponding by automation.
6., based on a network security attack and defense training environment deployment devices for software defined network, it is characterized in that, comprising:
Network sets up unit, for setting up the range network based on software defined network according to network security attack and defense training demand; Wherein, described range network comprises controller system, switch system and at least one main frame;
First determining unit, for determining the stream table corresponding to described network security attack and defense training demand;
Stream table issues unit, for making described controller system by the stream table corresponding to described network security attack and defense training demand is handed down to described switch system, with make described switch system according to described in the stream table that issues carry out data retransmission;
Deployment unit, for disposing by automation operating system and/or the target range system that code portions affixes one's name to each main frame in this range network.
7. the network security attack and defense training environment deployment devices based on software defined network according to claim 6, it is characterized in that, described network sets up unit, comprising:
Subelement set up by topological structure, for according to described network security attack and defense training demand, and sets up the network topology structure of range network based on software defined network; Wherein, described network topology structure comprises attack plane subnet system, target drone subnet system and control centre's subnet system, and described control centre subnet system comprises controller system;
Switch system generates subelement, for according to described network topology structure, generates the OpenFlow software switch system of each subnet system in described network topology structure.
8. the network security attack and defense training environment deployment devices based on software defined network according to claim 7, it is characterized in that, described first determining unit, determines the stream table corresponding to described network security attack and defense training demand for show corresponding with the relation of stream table of network security attack and defense training demand prestored by inquiry described control centre subnet system.
9. the network security attack and defense training environment deployment devices based on software defined network according to claim 7 or 8, is characterized in that, also comprise:
Second determining unit, before disposing the code portions operating system of affixing one's name to each main frame in this range network and/or target range system at described deployment unit by automation, by inquiring about, network security attack and defense training demand that described control centre subnet system prestores is corresponding with the relation of operating system mirror image to be shown and/or network security attack and defense training demand and the relation of target range system are corresponding shows to determine the operating system mirror image that each main frame in described range network needs to dispose and/or service.
10. the network security attack and defense training environment deployment devices based on software defined network according to claim 6, it is characterized in that, described deployment unit, comprising:
First disposes subelement, during for needing operating system mirror image and/or the service of deployment when each main frame described in each main frame described is previously stored with, disposing code by automation needs the operating system mirror image of deployment and/or service arrangement on each main frame corresponding in each main frame described in described each main frame storage;
Second disposes subelement, for when each main frame described not storing each main frame described and needing operating system mirror image and/or the service of deployment, issue to each main frame described the operating system mirror image and/or service that each main frame described needs to dispose by described control centre subnet system, and dispose operating system mirror image and/or service arrangement that each main frame described in issuing to need to dispose by code on each main frame corresponding by automation.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510144905.0A CN105024990A (en) | 2015-03-30 | 2015-03-30 | Deployment method and device for network security attack and defense exercise environment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510144905.0A CN105024990A (en) | 2015-03-30 | 2015-03-30 | Deployment method and device for network security attack and defense exercise environment |
Publications (1)
Publication Number | Publication Date |
---|---|
CN105024990A true CN105024990A (en) | 2015-11-04 |
Family
ID=54414700
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510144905.0A Pending CN105024990A (en) | 2015-03-30 | 2015-03-30 | Deployment method and device for network security attack and defense exercise environment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105024990A (en) |
Cited By (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107483484A (en) * | 2017-09-13 | 2017-12-15 | 北京椰子树信息技术有限公司 | One kind attack protection drilling method and device |
CN107835136A (en) * | 2017-12-14 | 2018-03-23 | 中国科学技术大学苏州研究院 | Existing network is disposed to the interchanger of software defined network transition and method for routing |
CN109543933A (en) * | 2018-10-08 | 2019-03-29 | 中国科学院信息工程研究所 | A kind of net peace personnel technical ability evaluation system |
CN110132051A (en) * | 2019-06-12 | 2019-08-16 | 广州锦行网络科技有限公司 | A kind of information security actual combat target range construction method that actual situation combines |
CN111464567A (en) * | 2020-06-16 | 2020-07-28 | 鹏城实验室 | Configuration method and device of attack and defense shooting range system and storage medium |
CN111488306A (en) * | 2020-03-26 | 2020-08-04 | 浙江口碑网络技术有限公司 | Attack and defense architecture system and construction method thereof |
CN111711703A (en) * | 2020-08-20 | 2020-09-25 | 南京赛宁信息技术有限公司 | Equipment library self-adaption system and method for network target range actual combat drilling scene |
CN111726421A (en) * | 2020-07-01 | 2020-09-29 | 哈尔滨工业大学(威海) | Method and device for realizing interconnection of network target range and industrial control equipment |
CN111786832A (en) * | 2020-07-01 | 2020-10-16 | 哈尔滨工业大学(威海) | Method and device for interconnecting attack and defense platform and various industrial control scenes |
CN112153010A (en) * | 2020-08-31 | 2020-12-29 | 北京全路通信信号研究设计院集团有限公司 | Network security shooting range system and operation method thereof |
CN114915467A (en) * | 2022-04-21 | 2022-08-16 | 南京联成科技发展股份有限公司 | System and method for realizing network security attack and defense drilling |
CN116155582A (en) * | 2023-02-01 | 2023-05-23 | 广东为辰信息科技有限公司 | Automobile network target range attack and defense competition and drill access method and system |
CN117319094A (en) * | 2023-11-30 | 2023-12-29 | 西安辰航卓越科技有限公司 | SDN network attack and defense target range platform system |
CN117459402A (en) * | 2023-10-09 | 2024-01-26 | 北京五一嘉峪科技有限公司 | Cloud target range competition system |
CN117852048A (en) * | 2024-03-08 | 2024-04-09 | 华中科技大学 | Multi-dimensional attack vector-based soft and hard combined Internet of vehicles shooting range construction method |
CN118368148A (en) * | 2024-06-19 | 2024-07-19 | 鹏城实验室 | Data scanning method and device for network target range, electronic equipment and storage medium |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1614941A (en) * | 2004-12-02 | 2005-05-11 | 上海交通大学 | Method for establishing complex network running environmental analog stimulative platform |
CN1805385A (en) * | 2006-01-11 | 2006-07-19 | 西安电子科技大学 | Network security emulation system and its emulation method |
CN101188493A (en) * | 2007-11-14 | 2008-05-28 | 吉林中软吉大信息技术有限公司 | Teaching and testing device for network information security |
CN103095583A (en) * | 2012-11-09 | 2013-05-08 | 盛科网络(苏州)有限公司 | Method achieving Open flow two-stage flow table through chip loopback and system thereof |
CN103236945A (en) * | 2013-04-08 | 2013-08-07 | 北京天地互连信息技术有限公司 | OpenFlow-based FlowVisor network system |
CN103701777A (en) * | 2013-12-11 | 2014-04-02 | 长春理工大学 | Remote network attack and defense virtual simulation system based on virtualization and cloud technology |
CN104168222A (en) * | 2014-07-15 | 2014-11-26 | 杭州华三通信技术有限公司 | Message transmission method and device |
CN104301813A (en) * | 2014-11-18 | 2015-01-21 | 上海斐讯数据通信技术有限公司 | Ethernet passive optical network system and configuration method |
WO2015027506A1 (en) * | 2013-08-31 | 2015-03-05 | 华为技术有限公司 | Method and device for processing operation request in storage system |
-
2015
- 2015-03-30 CN CN201510144905.0A patent/CN105024990A/en active Pending
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1614941A (en) * | 2004-12-02 | 2005-05-11 | 上海交通大学 | Method for establishing complex network running environmental analog stimulative platform |
CN1805385A (en) * | 2006-01-11 | 2006-07-19 | 西安电子科技大学 | Network security emulation system and its emulation method |
CN101188493A (en) * | 2007-11-14 | 2008-05-28 | 吉林中软吉大信息技术有限公司 | Teaching and testing device for network information security |
CN103095583A (en) * | 2012-11-09 | 2013-05-08 | 盛科网络(苏州)有限公司 | Method achieving Open flow two-stage flow table through chip loopback and system thereof |
CN103236945A (en) * | 2013-04-08 | 2013-08-07 | 北京天地互连信息技术有限公司 | OpenFlow-based FlowVisor network system |
WO2015027506A1 (en) * | 2013-08-31 | 2015-03-05 | 华为技术有限公司 | Method and device for processing operation request in storage system |
CN103701777A (en) * | 2013-12-11 | 2014-04-02 | 长春理工大学 | Remote network attack and defense virtual simulation system based on virtualization and cloud technology |
CN104168222A (en) * | 2014-07-15 | 2014-11-26 | 杭州华三通信技术有限公司 | Message transmission method and device |
CN104301813A (en) * | 2014-11-18 | 2015-01-21 | 上海斐讯数据通信技术有限公司 | Ethernet passive optical network system and configuration method |
Non-Patent Citations (2)
Title |
---|
ZHANG HENG-RU: "Research and Design of Network Attack and Defense", 《2010 INTERNATIONAL CONFERENCE ON COMPUTATIONAL AND INFORMATION SCIENCES》 * |
孙红山: "基于SITL的网络攻防仿真平台的设计与实现", 《计算机应用研究》 * |
Cited By (21)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107483484A (en) * | 2017-09-13 | 2017-12-15 | 北京椰子树信息技术有限公司 | One kind attack protection drilling method and device |
CN107835136A (en) * | 2017-12-14 | 2018-03-23 | 中国科学技术大学苏州研究院 | Existing network is disposed to the interchanger of software defined network transition and method for routing |
CN109543933A (en) * | 2018-10-08 | 2019-03-29 | 中国科学院信息工程研究所 | A kind of net peace personnel technical ability evaluation system |
CN109543933B (en) * | 2018-10-08 | 2021-10-22 | 中国科学院信息工程研究所 | Network security personnel skill evaluation system |
CN110132051A (en) * | 2019-06-12 | 2019-08-16 | 广州锦行网络科技有限公司 | A kind of information security actual combat target range construction method that actual situation combines |
CN111488306A (en) * | 2020-03-26 | 2020-08-04 | 浙江口碑网络技术有限公司 | Attack and defense architecture system and construction method thereof |
CN111464567A (en) * | 2020-06-16 | 2020-07-28 | 鹏城实验室 | Configuration method and device of attack and defense shooting range system and storage medium |
CN111726421A (en) * | 2020-07-01 | 2020-09-29 | 哈尔滨工业大学(威海) | Method and device for realizing interconnection of network target range and industrial control equipment |
CN111786832A (en) * | 2020-07-01 | 2020-10-16 | 哈尔滨工业大学(威海) | Method and device for interconnecting attack and defense platform and various industrial control scenes |
CN111786832B (en) * | 2020-07-01 | 2022-06-07 | 哈尔滨工业大学(威海) | Method and device for interconnecting attack and defense platform and various industrial control scenes |
CN111711703A (en) * | 2020-08-20 | 2020-09-25 | 南京赛宁信息技术有限公司 | Equipment library self-adaption system and method for network target range actual combat drilling scene |
CN112153010A (en) * | 2020-08-31 | 2020-12-29 | 北京全路通信信号研究设计院集团有限公司 | Network security shooting range system and operation method thereof |
CN114915467A (en) * | 2022-04-21 | 2022-08-16 | 南京联成科技发展股份有限公司 | System and method for realizing network security attack and defense drilling |
CN116155582A (en) * | 2023-02-01 | 2023-05-23 | 广东为辰信息科技有限公司 | Automobile network target range attack and defense competition and drill access method and system |
CN117459402A (en) * | 2023-10-09 | 2024-01-26 | 北京五一嘉峪科技有限公司 | Cloud target range competition system |
CN117319094A (en) * | 2023-11-30 | 2023-12-29 | 西安辰航卓越科技有限公司 | SDN network attack and defense target range platform system |
CN117319094B (en) * | 2023-11-30 | 2024-03-15 | 西安辰航卓越科技有限公司 | SDN network attack and defense target range platform system |
CN117852048A (en) * | 2024-03-08 | 2024-04-09 | 华中科技大学 | Multi-dimensional attack vector-based soft and hard combined Internet of vehicles shooting range construction method |
CN117852048B (en) * | 2024-03-08 | 2024-06-07 | 华中科技大学 | Multi-dimensional attack vector-based soft and hard combined Internet of vehicles shooting range construction method |
CN118368148A (en) * | 2024-06-19 | 2024-07-19 | 鹏城实验室 | Data scanning method and device for network target range, electronic equipment and storage medium |
CN118368148B (en) * | 2024-06-19 | 2024-09-17 | 鹏城实验室 | Data scanning method and device for network target range, electronic equipment and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105024990A (en) | Deployment method and device for network security attack and defense exercise environment | |
CN108768685B (en) | Large-scale information communication network real-time simulation system | |
CN109802852B (en) | Method and system for constructing network simulation topology applied to network target range | |
US9628339B1 (en) | Network testbed creation and validation | |
CN103026660B (en) | Network policy configuration method, management equipment and network management centre device | |
CN103685250A (en) | Virtual machine security policy migration system and method based on SDN | |
CN106254178B (en) | network test platform NFVNTP based on NFV and test method thereof | |
CN110351271A (en) | Network-combination yarn experimental system building method, system, device and storage medium | |
CN110290045A (en) | A kind of soft or hard binding model construction method in cloud framework lower network target range | |
CN109768892A (en) | A kind of network security experimental system of micro services | |
CN103338210A (en) | AP (Access Point) emulation analog system based on CAPWAP (Control and Provisioning of Wireless Access Points) protocol | |
CN106330786A (en) | MAC address synchronization method, apparatus and system | |
CN107846304A (en) | A kind of automation engine of mixing cloud service architecture centralized management | |
CN104735176A (en) | PXE booting method and device and server single board | |
CN109474443A (en) | A kind of configuration method, device, system and the communication equipment of newly-increased server | |
CN115118607A (en) | SDN-based automatic virtual network topology construction method | |
CN106878095A (en) | A kind of network collocating method and system based on scenario distributed emulation | |
Tagliacane et al. | Network simulations and future technologies in teaching networking courses: Development of a laboratory model with Cisco Virtual Internet Routing Lab (Virl) | |
CN103401954B (en) | The implementation method of virtual DHCP | |
CN115348126A (en) | Network target range entity equipment access method, device and implementation system | |
CN110535764B (en) | Method for realizing spatial information network large-scale link simulator | |
CN112217680A (en) | Controller capability benchmark test method and device based on software-defined wide area network | |
CN107800802A (en) | A kind of Rack whole machine cabinets write-in and the method for reading UUID | |
CN104579778A (en) | Simple implementation method for enterprise internal network virtualization | |
CN110493210A (en) | A kind of configurable network security experimental system based on SDN |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20151104 |