CN105024990A - Deployment method and device for network security attack and defense exercise environment - Google Patents

Deployment method and device for network security attack and defense exercise environment Download PDF

Info

Publication number
CN105024990A
CN105024990A CN201510144905.0A CN201510144905A CN105024990A CN 105024990 A CN105024990 A CN 105024990A CN 201510144905 A CN201510144905 A CN 201510144905A CN 105024990 A CN105024990 A CN 105024990A
Authority
CN
China
Prior art keywords
network
main frame
security attack
network security
defense training
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201510144905.0A
Other languages
Chinese (zh)
Inventor
李晗
诸葛建伟
姚珊
马新磊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tsinghua University
National Computer Network and Information Security Management Center
Original Assignee
Tsinghua University
National Computer Network and Information Security Management Center
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tsinghua University, National Computer Network and Information Security Management Center filed Critical Tsinghua University
Priority to CN201510144905.0A priority Critical patent/CN105024990A/en
Publication of CN105024990A publication Critical patent/CN105024990A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a deployment method and a deployment device based on a software-defined network for network security attack and defense exercise environments, which can solve the problem that resource allocation of the existing network security attack and defense exercise target range system is complex. The deployment method comprises the steps of: establishing a target range network based on a software-defined network according to network security attack and defense exercise requirements, wherein the target range network comprises a controller system, a switch system and at least one host; determining a flow table corresponding to the network security attack and defense exercise requirements; issuing the flow table corresponding to the network security attack and defense exercise requirements to the switch system via the controller system, and forwarding data according to the issued flow table via the switch system; and deploying operating systems and/or target range systems of the hosts in the target range network through automatic deployment codes.

Description

Network security attack and defense training Ministry of environment's arranging method and device
Technical field
The present invention relates to technical field of network security, be specifically related to a kind of network security attack and defense training Ministry of environment's arranging method based on software defined network and device.
Background technology
Network security attack and defense training target range system is a kind of online application deployment providing actual attacking and defending environment, for user provides multi-functional, diversified network security scene under battle conditions.Answer from simple exercise question, file is reverse to be cracked, and leak analysis utilizes, network penetration, the network-combination yarn battle under real network environment, user of service is by the safe attack and defense training Range Environment of different levels, promote network security skills of actual combat, deepen the understanding to network security.
Current network security target range system, in implementation procedure, mainly contains following several scheme:
(1) based on the scheme of software emulation.This programme employing software provides the authentic simulated environment to factual information system, and advantage is can exist independent of real network environment, avoids impacting actual environment.But disconnect comparatively large with true environment, practical value is difficult to assessment.
(2) based on the deployment scheme that hardware is piled up.Involved by this programme, system all adopts hardware device, comprises the server required for the deployment of attacking and defending system and storage system, meets the network equipment that attacking and defending network environment requires, and for strengthening the safety means of system safety.The advantage of this programme is that resource is sufficient, and stability is high, but expends comparatively large, and simultaneity factor utilance is very low, is difficult to expansion, repeatedly disposes.
(3) based on the deployment scheme of virtual machine.During system is disposed by this programme, the resource that repeatability is higher, as server and storage system, adopts Intel Virtualization Technology, is made as the virtual machine of uniform template, makes Account Dept be deployed in the middle of virtualized environment, be convenient to centralized management.The advantage of this programme is that system virtualization degree is higher, and all resources meet at the management of virtual machine control centre, considerably reduces the manpower consumption in system deployment.In small-scale network security attacking and defending practice, this programme can meet attacking and defending demand preferably, possesses good autgmentability simultaneously, is easy to repeatedly dispose.But along with participate in number, service, system resource increase, the program can encounter the bottleneck of hardware performance aspect.
(4) deployment scheme that is combined with software virtual machine of the network hardware.When resources of virtual machine reaches certain scale, the demand of system to network increases gradually, and virtual machine control centre is all difficult to from scale and aspect of performance the complicated requirement meeting grid.Therefore coupling system is needed to dispose, divide corresponding network area (job network distinguish, VLAN split), introduce two layers, the network equipment such as three-tier switch and router fire compartment wall, the extensibility of raising system, meets complicated network demand.This programme is use more technical scheme in current network security attacking and defending environment, has higher applicability.But exist in a large number due to virtual equipment and physical hardware devices, cause target range system environments complicated, maintenance difficulties increases, higher to the experience of operation maintenance personnel, skill set requirements. simultaneously
Summary of the invention
The object of the invention is to, complicated for the resource distribution in network security attack and defense training Range Environment, the problems such as manual maintenance workload is large, a kind of network security attack and defense training Ministry of environment's arranging method based on software defined network and device are provided, the method significantly can improve rehearsal environment and dispose efficiency, increase system automation operating mechanism, reduce unnecessary manpower repeated work, save hardware resource.
For this purpose, the present invention proposes a kind of network security attack and defense training Ministry of environment arranging method based on software defined network, comprising:
The range network based on software defined network is set up according to network security attack and defense training demand; Wherein, described range network comprises controller system, switch system and at least one main frame;
Determine the stream table corresponding to described network security attack and defense training demand;
Make described controller system by the stream table corresponding to described network security attack and defense training demand is handed down to described switch system, with make described switch system according to described in the stream table that issues carry out data retransmission;
Operating system and/or the target range system that code portions affixes one's name to each main frame in this range network is disposed by automation.
On the other hand, the present invention proposes a kind of network security attack and defense training environment deployment devices based on software defined network, comprising:
Network sets up unit, for setting up the range network based on software defined network according to network security attack and defense training demand; Wherein, described range network comprises controller system, switch system and at least one main frame;
First determining unit, for determining the stream table corresponding to described network security attack and defense training demand;
Stream table issues unit, for making described controller system by the stream table corresponding to described network security attack and defense training demand is handed down to described switch system, with make described switch system according to described in the stream table that issues carry out data retransmission;
Deployment unit, for disposing by automation operating system and/or the target range system that code portions affixes one's name to each main frame in this range network.
The network security attack and defense training Ministry of environment's arranging method based on software defined network described in the embodiment of the present invention and device, can according to rehearsal demand, automatic renewal is based on the range network of software defined network, and operating system and the target range system of each main frame in code portions administration range network is disposed by automation, compare traditional deployed environment based on hardware net equipment, the network operation workload that operation maintenance personnel is brought because rehearsal demand changes can be reduced greatly, rehearsal environment can be improved and dispose efficiency, avoid labor intensive one by one main frame manually dispose, increase system automation operating mechanism, and, this range network is based on software defined network, thus the controller in this range network and switch all realize with the form of software code in virtual machine, hardware resource can be saved to greatest extent, and, because the network switching equipment (controller and switch) is that software implementation realizes, so add or sweep equipment, and renewal network configuration ratio is easier to.
Accompanying drawing explanation
Fig. 1 is the schematic flow sheet of network security attack and defense training Ministry of environment arranging method one embodiment that the present invention is based on software defined network;
Fig. 2 is the frame structure schematic diagram of network security attack and defense training environment deployment devices one embodiment that the present invention is based on software defined network.
Embodiment
For making the object of the embodiment of the present invention, technical scheme and advantage clearly, below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly described, obviously, described embodiment is the present invention's part embodiment, instead of whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, belong to the scope of protection of the invention.
As shown in Figure 1, the present embodiment discloses a kind of network security attack and defense training Ministry of environment arranging method based on software defined network, comprising:
S1, set up based on the range network of software defined network according to network security attack and defense training demand; Wherein, described range network comprises controller system, switch system and at least one main frame;
S2, the stream table determining corresponding to described network security attack and defense training demand;
S3, make described controller system by the stream table corresponding to described network security attack and defense training demand is handed down to described switch system, with make described switch system according to described in the stream table that issues carry out data retransmission;
The Rapid Implementation of the extensive automation deployment scheme of S4, conveniently later stage, disposes by automation operating system and/or the target range system that code portions affixes one's name to each main frame in this range network.
In the embodiment of the present invention, in advance by conventional network plan writing controller, controller, according to specifically drilling demand, is automatically selected the network matched, is issued stream table, realize network and automatically upgrade, thus does not need webmaster personnel to configure again.
According to fixed rehearsal pattern and network demand, the existing stream satiable COS of table of analyzer-controller and fields match information, judge whether to need to generate new stream table content, to meet current network conditions demand.As created new stream table, the process creating new stream table is as follows:
Steps A: according to network demand, selects to generate single or multilevel flow table.
Step B: according to progression order from low to high, arranges each field (highest stream list item does not arrange and transmits instruction) of the stream list item of stream table at different levels.Each stream table comprises multiple stream list item, every bar stream list item comprises matching domain respectively and (includes port, metadata, source/destination media access control address, source/destination IP, IP agreement, source/destination port, VLAN ID, the common fields of data packet messages such as VLAN priority, the accurate coupling to packet can be realized), priority, counter, transmit instruction (when OpenFlow switch memory is at multiple stream table, transmission instruction is all had in all stream tables except last stream off-balancesheet, be responsible to define the stream table matching order of packet), (action collection realizes the various management and control operations to matched data bag to action collection, comprise packet content amendment, the actions such as appointed output terminal mouth) etc. field.Packet is mated with stream list item by matching domain, and perform stream list item dependent instruction afterwards, OpenFlow switch carries out management and control to data Packet forwarding direction thus.
In the embodiment of the present invention, after step s4, the ruuning situation of whole target range system can also be tested, guarantee the normal on-line running of all services, and recover failed host service in time.
The network security attack and defense training Ministry of environment arranging method based on software defined network described in the embodiment of the present invention, can according to rehearsal demand, automatic renewal is based on the range network of software defined network, and operating system and the target range system of each main frame in code portions administration range network is disposed by automation, compare traditional deployed environment based on hardware net equipment, the network operation workload that operation maintenance personnel is brought because rehearsal demand changes can be reduced greatly, rehearsal environment can be improved and dispose efficiency, avoid labor intensive one by one main frame manually dispose, increase system automation operating mechanism, and, this range network is based on software defined network, thus the controller in this range network and switch all realize with the form of software code in virtual machine, hardware resource can be saved to greatest extent, and, because the network switching equipment (controller and switch) is that software implementation realizes, so add or sweep equipment, and renewal network configuration ratio is easier to.
Alternatively, in another embodiment of network security attack and defense training Ministry of environment arranging method that the present invention is based on software defined network, describedly to set up based on the range network of software defined network according to network security attack and defense training demand, comprising:
Run in order to ensure network environment stable support target range, according to described network security attack and defense training demand, and set up the network topology structure of range network based on software defined network; Wherein, described network topology structure comprises attack plane subnet system, target drone subnet system and control centre's subnet system, and described control centre subnet system comprises controller system;
According to described network topology structure, generate the OpenFlow software switch system of each subnet system in described network topology structure.
In the embodiment of the present invention, target range system platform is made up of multiple virtual server, comprises target drone, attack plane, exercise question environment etc., is all made up of multiple virtual machine server.Virtual machine server is placed in physical server.Network interworking between virtual machine server, being then the virtual switch (SDN controller, SDN switch) by being placed on physical server, realizing using physical server network interface card as medium.
Alternatively, in another embodiment of network security attack and defense training Ministry of environment arranging method that the present invention is based on software defined network, the described stream table determined corresponding to described network security attack and defense training demand, comprising:
Show corresponding with the relation of stream table of network security attack and defense training demand prestored by inquiring about described control centre subnet system determines the stream table corresponding to described network security attack and defense training demand.
Alternatively, in another embodiment of network security attack and defense training Ministry of environment arranging method that the present invention is based on software defined network, described dispose the code portions operating system of affixing one's name to each main frame in this range network and/or target range system by automation before, also comprise:
By inquiring about, network security attack and defense training demand that described control centre subnet system prestores is corresponding with the relation of operating system mirror image to be shown and/or network security attack and defense training demand and the relation of target range system are corresponding shows to determine the operating system mirror image that each main frame in described range network needs to dispose and/or service.
Alternatively, in another embodiment of network security attack and defense training Ministry of environment arranging method that the present invention is based on software defined network, described operating system and/or target range system of being affixed one's name to each main frame in this range network by automation deployment code portions, being comprised:
When each main frame described in each main frame described is previously stored with needs operating system mirror image and/or the service of deployment, disposing code by automation needs the operating system mirror image of deployment and/or service arrangement on each main frame corresponding in each main frame described in described each main frame storage;
When each main frame described not storing each main frame described and needing operating system mirror image and/or the service of deployment, issue to each main frame described the operating system mirror image and/or service that each main frame described needs to dispose by described control centre subnet system, and dispose operating system mirror image and/or service arrangement that each main frame described in issuing to need to dispose by code on each main frame corresponding by automation.
In Network Security Exercise Range Environment, attack plane and target drone all will run corresponding program and go respective role, as the various attack software such as network sweep, penetration testing, leak analysis based on attack plane, containing leaky or by the service of attacking, one can being formed thus and comprise the complete Range Environment of attacking with leak based on target drone.
In the embodiment of the present invention, when each main frame being previously stored with each main frame described and needing operating system mirror image and the service of deployment, arrange according to each main frame function, dispose corresponding operating system mirror image, network attack service (attack plane), network hole service (target drone) etc. respectively, completion system deployment task; When each main frame not storing each main frame described and needing operating system mirror image and the service of deployment, according to concrete user demand, determine the operating system mirror image of the required deployment in relevant target drone, attack plane and various relevant virtual hardware resource, and by virtual management and control central platform, batch disposes mainframe host computer.
In the embodiment of the present invention, target range system can be pre-installed and multiplely include various service, can meet the operating system mirror image of attack plane and all kinds of demand of target drone.Meanwhile, target range system is also supported to customize based on the mirror image of particular demands, possesses certain flexibility.
As shown in Figure 2, the present embodiment discloses a kind of network security attack and defense training environment deployment devices based on software defined network, comprising:
Network sets up unit 1, for setting up the range network based on software defined network according to network security attack and defense training demand; Wherein, described range network comprises controller system, switch system and at least one main frame;
First determining unit 2, for determining the stream table corresponding to described network security attack and defense training demand;
Stream table issues unit 3, for making described controller system by the stream table corresponding to described network security attack and defense training demand is handed down to described switch system, with make described switch system according to described in the stream table that issues carry out data retransmission;
Deployment unit 4, for disposing by automation operating system and/or the target range system that code portions affixes one's name to each main frame in this range network.
The network security attack and defense training environment deployment devices based on software defined network described in the embodiment of the present invention, can according to rehearsal demand, automatic renewal is based on the range network of software defined network, and operating system and the target range system of each main frame in code portions administration range network is disposed by automation, compare traditional deployed environment based on hardware net equipment, the network operation workload that operation maintenance personnel is brought because rehearsal demand changes can be reduced greatly, rehearsal environment can be improved and dispose efficiency, avoid labor intensive one by one main frame manually dispose, increase system automation operating mechanism, and, this range network is based on software defined network, thus the controller in this range network and switch all realize with the form of software code in virtual machine, hardware resource can be saved to greatest extent, and, because the network switching equipment (controller and switch) is that software implementation realizes, so add or sweep equipment, and renewal network configuration ratio is easier to.
Alternatively, in another embodiment of network security attack and defense training environment deployment devices that the present invention is based on software defined network, described network sets up unit, comprising:
Subelement set up by topological structure, for according to described network security attack and defense training demand, and sets up the network topology structure of range network based on software defined network; Wherein, described network topology structure comprises attack plane subnet system, target drone subnet system and control centre's subnet system, and described control centre subnet system comprises controller system;
Switch system generates subelement, for according to described network topology structure, generates the OpenFlow software switch system of each subnet system in described network topology structure.
Alternatively, in another embodiment of network security attack and defense training environment deployment devices that the present invention is based on software defined network, described first determining unit, determines the stream table corresponding to described network security attack and defense training demand for show corresponding with the relation of stream table of network security attack and defense training demand prestored by inquiry described control centre subnet system.
Alternatively, in another embodiment of network security attack and defense training environment deployment devices that the present invention is based on software defined network, also comprise:
Second determining unit, before disposing the code portions operating system of affixing one's name to each main frame in this range network and/or target range system at described deployment unit by automation, by inquiring about, network security attack and defense training demand that described control centre subnet system prestores is corresponding with the relation of operating system mirror image to be shown and/or network security attack and defense training demand and the relation of target range system are corresponding shows to determine the operating system mirror image that each main frame in described range network needs to dispose and/or service.
Alternatively, in another embodiment of network security attack and defense training environment deployment devices that the present invention is based on software defined network, described deployment unit, comprising:
First disposes subelement, during for needing operating system mirror image and/or the service of deployment when each main frame described in each main frame described is previously stored with, disposing code by automation needs the operating system mirror image of deployment and/or service arrangement on each main frame corresponding in each main frame described in described each main frame storage;
Second disposes subelement, for when each main frame described not storing each main frame described and needing operating system mirror image and/or the service of deployment, issue to each main frame described the operating system mirror image and/or service that each main frame described needs to dispose by described control centre subnet system, and dispose operating system mirror image and/or service arrangement that each main frame described in issuing to need to dispose by code on each main frame corresponding by automation.
OpenFlow is a kind of network exchange model, and OpenFlow switch is the core component of whole OpenFlow network (being made up of OpenFlow switch, network virtualization layer and controller three part), the forwarding of main management data layer.
Although describe embodiments of the present invention by reference to the accompanying drawings, but those skilled in the art can make various modifications and variations without departing from the spirit and scope of the present invention, such amendment and modification all fall into by within claims limited range.

Claims (10)

1., based on a network security attack and defense training Ministry of environment arranging method for software defined network, it is characterized in that, comprising:
The range network based on software defined network is set up according to network security attack and defense training demand; Wherein, described range network comprises controller system, switch system and at least one main frame;
Determine the stream table corresponding to described network security attack and defense training demand;
Make described controller system by the stream table corresponding to described network security attack and defense training demand is handed down to described switch system, with make described switch system according to described in the stream table that issues carry out data retransmission;
Operating system and/or the target range system that code portions affixes one's name to each main frame in this range network is disposed by automation.
2. the network security attack and defense training Ministry of environment arranging method based on software defined network according to claim 1, is characterized in that, describedly sets up based on the range network of software defined network according to network security attack and defense training demand, comprising:
According to described network security attack and defense training demand, and set up the network topology structure of range network based on software defined network; Wherein, described network topology structure comprises attack plane subnet system, target drone subnet system and control centre's subnet system, and described control centre subnet system comprises controller system;
According to described network topology structure, generate the OpenFlow software switch system of each subnet system in described network topology structure.
3. the network security attack and defense training Ministry of environment arranging method based on software defined network according to claim 2, is characterized in that, the described stream table determined corresponding to described network security attack and defense training demand, comprising:
Show corresponding with the relation of stream table of network security attack and defense training demand prestored by inquiring about described control centre subnet system determines the stream table corresponding to described network security attack and defense training demand.
4. the network security attack and defense training Ministry of environment arranging method based on software defined network according to Claims 2 or 3, it is characterized in that, described dispose the code portions operating system of affixing one's name to each main frame in this range network and/or target range system by automation before, also comprise:
By inquiring about, network security attack and defense training demand that described control centre subnet system prestores is corresponding with the relation of operating system mirror image to be shown and/or network security attack and defense training demand and the relation of target range system are corresponding shows to determine the operating system mirror image that each main frame in described range network needs to dispose and/or service.
5. the network security attack and defense training Ministry of environment arranging method based on software defined network according to claim 1, is characterized in that, described operating system and/or target range system of being affixed one's name to each main frame in this range network by automation deployment code portions, being comprised:
When each main frame described in each main frame described is previously stored with needs operating system mirror image and/or the service of deployment, disposing code by automation needs the operating system mirror image of deployment and/or service arrangement on each main frame corresponding in each main frame described in described each main frame storage;
When each main frame described not storing each main frame described and needing operating system mirror image and/or the service of deployment, issue to each main frame described the operating system mirror image and/or service that each main frame described needs to dispose by described control centre subnet system, and dispose operating system mirror image and/or service arrangement that each main frame described in issuing to need to dispose by code on each main frame corresponding by automation.
6., based on a network security attack and defense training environment deployment devices for software defined network, it is characterized in that, comprising:
Network sets up unit, for setting up the range network based on software defined network according to network security attack and defense training demand; Wherein, described range network comprises controller system, switch system and at least one main frame;
First determining unit, for determining the stream table corresponding to described network security attack and defense training demand;
Stream table issues unit, for making described controller system by the stream table corresponding to described network security attack and defense training demand is handed down to described switch system, with make described switch system according to described in the stream table that issues carry out data retransmission;
Deployment unit, for disposing by automation operating system and/or the target range system that code portions affixes one's name to each main frame in this range network.
7. the network security attack and defense training environment deployment devices based on software defined network according to claim 6, it is characterized in that, described network sets up unit, comprising:
Subelement set up by topological structure, for according to described network security attack and defense training demand, and sets up the network topology structure of range network based on software defined network; Wherein, described network topology structure comprises attack plane subnet system, target drone subnet system and control centre's subnet system, and described control centre subnet system comprises controller system;
Switch system generates subelement, for according to described network topology structure, generates the OpenFlow software switch system of each subnet system in described network topology structure.
8. the network security attack and defense training environment deployment devices based on software defined network according to claim 7, it is characterized in that, described first determining unit, determines the stream table corresponding to described network security attack and defense training demand for show corresponding with the relation of stream table of network security attack and defense training demand prestored by inquiry described control centre subnet system.
9. the network security attack and defense training environment deployment devices based on software defined network according to claim 7 or 8, is characterized in that, also comprise:
Second determining unit, before disposing the code portions operating system of affixing one's name to each main frame in this range network and/or target range system at described deployment unit by automation, by inquiring about, network security attack and defense training demand that described control centre subnet system prestores is corresponding with the relation of operating system mirror image to be shown and/or network security attack and defense training demand and the relation of target range system are corresponding shows to determine the operating system mirror image that each main frame in described range network needs to dispose and/or service.
10. the network security attack and defense training environment deployment devices based on software defined network according to claim 6, it is characterized in that, described deployment unit, comprising:
First disposes subelement, during for needing operating system mirror image and/or the service of deployment when each main frame described in each main frame described is previously stored with, disposing code by automation needs the operating system mirror image of deployment and/or service arrangement on each main frame corresponding in each main frame described in described each main frame storage;
Second disposes subelement, for when each main frame described not storing each main frame described and needing operating system mirror image and/or the service of deployment, issue to each main frame described the operating system mirror image and/or service that each main frame described needs to dispose by described control centre subnet system, and dispose operating system mirror image and/or service arrangement that each main frame described in issuing to need to dispose by code on each main frame corresponding by automation.
CN201510144905.0A 2015-03-30 2015-03-30 Deployment method and device for network security attack and defense exercise environment Pending CN105024990A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510144905.0A CN105024990A (en) 2015-03-30 2015-03-30 Deployment method and device for network security attack and defense exercise environment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510144905.0A CN105024990A (en) 2015-03-30 2015-03-30 Deployment method and device for network security attack and defense exercise environment

Publications (1)

Publication Number Publication Date
CN105024990A true CN105024990A (en) 2015-11-04

Family

ID=54414700

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510144905.0A Pending CN105024990A (en) 2015-03-30 2015-03-30 Deployment method and device for network security attack and defense exercise environment

Country Status (1)

Country Link
CN (1) CN105024990A (en)

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107483484A (en) * 2017-09-13 2017-12-15 北京椰子树信息技术有限公司 One kind attack protection drilling method and device
CN107835136A (en) * 2017-12-14 2018-03-23 中国科学技术大学苏州研究院 Existing network is disposed to the interchanger of software defined network transition and method for routing
CN109543933A (en) * 2018-10-08 2019-03-29 中国科学院信息工程研究所 A kind of net peace personnel technical ability evaluation system
CN110132051A (en) * 2019-06-12 2019-08-16 广州锦行网络科技有限公司 A kind of information security actual combat target range construction method that actual situation combines
CN111464567A (en) * 2020-06-16 2020-07-28 鹏城实验室 Configuration method and device of attack and defense shooting range system and storage medium
CN111488306A (en) * 2020-03-26 2020-08-04 浙江口碑网络技术有限公司 Attack and defense architecture system and construction method thereof
CN111711703A (en) * 2020-08-20 2020-09-25 南京赛宁信息技术有限公司 Equipment library self-adaption system and method for network target range actual combat drilling scene
CN111726421A (en) * 2020-07-01 2020-09-29 哈尔滨工业大学(威海) Method and device for realizing interconnection of network target range and industrial control equipment
CN111786832A (en) * 2020-07-01 2020-10-16 哈尔滨工业大学(威海) Method and device for interconnecting attack and defense platform and various industrial control scenes
CN112153010A (en) * 2020-08-31 2020-12-29 北京全路通信信号研究设计院集团有限公司 Network security shooting range system and operation method thereof
CN114915467A (en) * 2022-04-21 2022-08-16 南京联成科技发展股份有限公司 System and method for realizing network security attack and defense drilling
CN116155582A (en) * 2023-02-01 2023-05-23 广东为辰信息科技有限公司 Automobile network target range attack and defense competition and drill access method and system
CN117319094A (en) * 2023-11-30 2023-12-29 西安辰航卓越科技有限公司 SDN network attack and defense target range platform system
CN117459402A (en) * 2023-10-09 2024-01-26 北京五一嘉峪科技有限公司 Cloud target range competition system
CN117852048A (en) * 2024-03-08 2024-04-09 华中科技大学 Multi-dimensional attack vector-based soft and hard combined Internet of vehicles shooting range construction method
CN118368148A (en) * 2024-06-19 2024-07-19 鹏城实验室 Data scanning method and device for network target range, electronic equipment and storage medium

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1614941A (en) * 2004-12-02 2005-05-11 上海交通大学 Method for establishing complex network running environmental analog stimulative platform
CN1805385A (en) * 2006-01-11 2006-07-19 西安电子科技大学 Network security emulation system and its emulation method
CN101188493A (en) * 2007-11-14 2008-05-28 吉林中软吉大信息技术有限公司 Teaching and testing device for network information security
CN103095583A (en) * 2012-11-09 2013-05-08 盛科网络(苏州)有限公司 Method achieving Open flow two-stage flow table through chip loopback and system thereof
CN103236945A (en) * 2013-04-08 2013-08-07 北京天地互连信息技术有限公司 OpenFlow-based FlowVisor network system
CN103701777A (en) * 2013-12-11 2014-04-02 长春理工大学 Remote network attack and defense virtual simulation system based on virtualization and cloud technology
CN104168222A (en) * 2014-07-15 2014-11-26 杭州华三通信技术有限公司 Message transmission method and device
CN104301813A (en) * 2014-11-18 2015-01-21 上海斐讯数据通信技术有限公司 Ethernet passive optical network system and configuration method
WO2015027506A1 (en) * 2013-08-31 2015-03-05 华为技术有限公司 Method and device for processing operation request in storage system

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1614941A (en) * 2004-12-02 2005-05-11 上海交通大学 Method for establishing complex network running environmental analog stimulative platform
CN1805385A (en) * 2006-01-11 2006-07-19 西安电子科技大学 Network security emulation system and its emulation method
CN101188493A (en) * 2007-11-14 2008-05-28 吉林中软吉大信息技术有限公司 Teaching and testing device for network information security
CN103095583A (en) * 2012-11-09 2013-05-08 盛科网络(苏州)有限公司 Method achieving Open flow two-stage flow table through chip loopback and system thereof
CN103236945A (en) * 2013-04-08 2013-08-07 北京天地互连信息技术有限公司 OpenFlow-based FlowVisor network system
WO2015027506A1 (en) * 2013-08-31 2015-03-05 华为技术有限公司 Method and device for processing operation request in storage system
CN103701777A (en) * 2013-12-11 2014-04-02 长春理工大学 Remote network attack and defense virtual simulation system based on virtualization and cloud technology
CN104168222A (en) * 2014-07-15 2014-11-26 杭州华三通信技术有限公司 Message transmission method and device
CN104301813A (en) * 2014-11-18 2015-01-21 上海斐讯数据通信技术有限公司 Ethernet passive optical network system and configuration method

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
ZHANG HENG-RU: "Research and Design of Network Attack and Defense", 《2010 INTERNATIONAL CONFERENCE ON COMPUTATIONAL AND INFORMATION SCIENCES》 *
孙红山: "基于SITL的网络攻防仿真平台的设计与实现", 《计算机应用研究》 *

Cited By (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107483484A (en) * 2017-09-13 2017-12-15 北京椰子树信息技术有限公司 One kind attack protection drilling method and device
CN107835136A (en) * 2017-12-14 2018-03-23 中国科学技术大学苏州研究院 Existing network is disposed to the interchanger of software defined network transition and method for routing
CN109543933A (en) * 2018-10-08 2019-03-29 中国科学院信息工程研究所 A kind of net peace personnel technical ability evaluation system
CN109543933B (en) * 2018-10-08 2021-10-22 中国科学院信息工程研究所 Network security personnel skill evaluation system
CN110132051A (en) * 2019-06-12 2019-08-16 广州锦行网络科技有限公司 A kind of information security actual combat target range construction method that actual situation combines
CN111488306A (en) * 2020-03-26 2020-08-04 浙江口碑网络技术有限公司 Attack and defense architecture system and construction method thereof
CN111464567A (en) * 2020-06-16 2020-07-28 鹏城实验室 Configuration method and device of attack and defense shooting range system and storage medium
CN111726421A (en) * 2020-07-01 2020-09-29 哈尔滨工业大学(威海) Method and device for realizing interconnection of network target range and industrial control equipment
CN111786832A (en) * 2020-07-01 2020-10-16 哈尔滨工业大学(威海) Method and device for interconnecting attack and defense platform and various industrial control scenes
CN111786832B (en) * 2020-07-01 2022-06-07 哈尔滨工业大学(威海) Method and device for interconnecting attack and defense platform and various industrial control scenes
CN111711703A (en) * 2020-08-20 2020-09-25 南京赛宁信息技术有限公司 Equipment library self-adaption system and method for network target range actual combat drilling scene
CN112153010A (en) * 2020-08-31 2020-12-29 北京全路通信信号研究设计院集团有限公司 Network security shooting range system and operation method thereof
CN114915467A (en) * 2022-04-21 2022-08-16 南京联成科技发展股份有限公司 System and method for realizing network security attack and defense drilling
CN116155582A (en) * 2023-02-01 2023-05-23 广东为辰信息科技有限公司 Automobile network target range attack and defense competition and drill access method and system
CN117459402A (en) * 2023-10-09 2024-01-26 北京五一嘉峪科技有限公司 Cloud target range competition system
CN117319094A (en) * 2023-11-30 2023-12-29 西安辰航卓越科技有限公司 SDN network attack and defense target range platform system
CN117319094B (en) * 2023-11-30 2024-03-15 西安辰航卓越科技有限公司 SDN network attack and defense target range platform system
CN117852048A (en) * 2024-03-08 2024-04-09 华中科技大学 Multi-dimensional attack vector-based soft and hard combined Internet of vehicles shooting range construction method
CN117852048B (en) * 2024-03-08 2024-06-07 华中科技大学 Multi-dimensional attack vector-based soft and hard combined Internet of vehicles shooting range construction method
CN118368148A (en) * 2024-06-19 2024-07-19 鹏城实验室 Data scanning method and device for network target range, electronic equipment and storage medium
CN118368148B (en) * 2024-06-19 2024-09-17 鹏城实验室 Data scanning method and device for network target range, electronic equipment and storage medium

Similar Documents

Publication Publication Date Title
CN105024990A (en) Deployment method and device for network security attack and defense exercise environment
CN108768685B (en) Large-scale information communication network real-time simulation system
CN109802852B (en) Method and system for constructing network simulation topology applied to network target range
US9628339B1 (en) Network testbed creation and validation
CN103026660B (en) Network policy configuration method, management equipment and network management centre device
CN103685250A (en) Virtual machine security policy migration system and method based on SDN
CN106254178B (en) network test platform NFVNTP based on NFV and test method thereof
CN110351271A (en) Network-combination yarn experimental system building method, system, device and storage medium
CN110290045A (en) A kind of soft or hard binding model construction method in cloud framework lower network target range
CN109768892A (en) A kind of network security experimental system of micro services
CN103338210A (en) AP (Access Point) emulation analog system based on CAPWAP (Control and Provisioning of Wireless Access Points) protocol
CN106330786A (en) MAC address synchronization method, apparatus and system
CN107846304A (en) A kind of automation engine of mixing cloud service architecture centralized management
CN104735176A (en) PXE booting method and device and server single board
CN109474443A (en) A kind of configuration method, device, system and the communication equipment of newly-increased server
CN115118607A (en) SDN-based automatic virtual network topology construction method
CN106878095A (en) A kind of network collocating method and system based on scenario distributed emulation
Tagliacane et al. Network simulations and future technologies in teaching networking courses: Development of a laboratory model with Cisco Virtual Internet Routing Lab (Virl)
CN103401954B (en) The implementation method of virtual DHCP
CN115348126A (en) Network target range entity equipment access method, device and implementation system
CN110535764B (en) Method for realizing spatial information network large-scale link simulator
CN112217680A (en) Controller capability benchmark test method and device based on software-defined wide area network
CN107800802A (en) A kind of Rack whole machine cabinets write-in and the method for reading UUID
CN104579778A (en) Simple implementation method for enterprise internal network virtualization
CN110493210A (en) A kind of configurable network security experimental system based on SDN

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20151104