CN107172127A - Based on the information security technology contest course monitoring method acted on behalf of more - Google Patents

Based on the information security technology contest course monitoring method acted on behalf of more Download PDF

Info

Publication number
CN107172127A
CN107172127A CN201710267177.1A CN201710267177A CN107172127A CN 107172127 A CN107172127 A CN 107172127A CN 201710267177 A CN201710267177 A CN 201710267177A CN 107172127 A CN107172127 A CN 107172127A
Authority
CN
China
Prior art keywords
virtual machine
contest
network
monitoring
gateway
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710267177.1A
Other languages
Chinese (zh)
Inventor
潘丽敏
柯懂湘
罗森林
刘宇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Institute of Technology BIT
Original Assignee
Beijing Institute of Technology BIT
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Institute of Technology BIT filed Critical Beijing Institute of Technology BIT
Priority to CN201710267177.1A priority Critical patent/CN107172127A/en
Publication of CN107172127A publication Critical patent/CN107172127A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • H04L67/125Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks involving control of end-device applications over a network
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/3003Monitoring arrangements specially adapted to the computing system or computing system component being monitored
    • G06F11/301Monitoring arrangements specially adapted to the computing system or computing system component being monitored where the computing system is a virtual computing platform, e.g. logically partitioned systems
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services

Landscapes

  • Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Mathematical Physics (AREA)
  • Quality & Reliability (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention relates to network security technology contest, network security technology matching system is managed by virtualizing cloud platform, virtual machine needed for contest is built in cloud platform environment builds the virtual network needed for contest for contest player access and answer as needed to dispose competition management system and examination topic.On this basis, by installing monitoring agent in the virtual machine needed for gateway, contest, calculate node entity physical machine, many agent process monitoring is realized, real-time monitoring is carried out matching system, ensure that contest is smoothed out.

Description

Based on the information security technology contest course monitoring method acted on behalf of more
Technical field
The present invention relates to a kind of method that process monitoring is carried out in information security technology contest, belong to computer and information Science and technology field.
Background technology
With the fast development of information technology, network is worldwide rapidly popularized.On the one hand along with the hair of network Exhibition, all kinds of attacks for information system also increasingly increase.Each website also " encloses what is attacked by fishing website, trojan horse Chase after and intercept ", bank, which is cloned, from network, user's fund is stolen gets worm, wooden horse, fishing website, the invasion of Malware, respectively Plant the network crime to emerge in an endless stream, counted according to China national information security vulnerability database CNNVD, newly-increased leak 7754 in 2015, Application software leak is wherein increased newly up to 5142, the 2/3 of sum is accounted for, application software leak turns into " internet+" main peace It is complete to threaten.Associated mechanisms statistics display, average every of 1 year internal cause information security events of domestic large and medium-sized enterprise are lost up to 2,400,000 Dollar.And the loss that annual computer techno-stress criminal activity is brought is more than 445,000,000,000 dollars.Fully pay attention to my internet security Problem is extremely urgent.
On the other hand, the problem of the problems such as specialty safety talent lacks also turns into enterprise network security generality.According to statistics, China needs Talents for Information Security to be up to 600,000 in each year, and reality is annual information security graduate culture number only more than 8000 It is individual.The missing of the specialty safety talent turns into the short slab of enterprise network security, and country and enterprise need to strengthen to the network security talent Culture.In network security personnel training, network security technology contest is that one kind is trained by network security combat exercise Support the important means of the talent.Network security contest can increase to the theoretical foundation and the ability of practice of the safe talent.Therefore Present major colleges and universities, enterprise can all hold various network security contests, for cultivating the network security technology talent.But safety is competing The attack matching system of various player's malice often occurs in match, causes other people can not normally participate in contest, this The purpose of invention is exactly to ensure that contest can be carried out successfully by process monitoring.
The content of the invention
The purpose of the present invention is:For having part player's malicious attack contest system in current information security technology contest System, the problems such as carrying out violation operation proposes a kind of information security technology contest course monitoring method, reaches the violation behaviour to player Make carry out alarm response, behavior of the record player in virtual machine is to trace the purposes such as offer strong evidence afterwards, so as to It is widely used in various network security technology contests.
The present invention design principle be:Network security technology matching system is managed by virtualizing cloud platform, in cloud platform Virtual machine needed for contest is built in environment with dispose competition management system and examination topic, and as needed build contest needed for Virtual network is for contest player access and answer.On this basis, by the virtual machine needed for gateway, contest, calculate node Monitoring agent is installed in entity physical machine, realizes many agent process monitoring, carries out matching system real-time monitoring, ensure that contest is suitable Profit is carried out.The technical scheme is that be achieved by the steps of:
Step 1, cloud platform system is built, virtual machine and deployment management system are configured according to network security technology contest demand With contest topic, concrete methods of realizing is:
Step 1.1, cloud platform management system is built in entity physics computer equipment, and configures virtualization cloud environment institute The physical equipment needed.
Step 1.2, according to contest demand, correspondence virtual machine is created by cloud platform management system, and in the middle part of virtual machine Affix one's name to competition management system and examination topic.
Step 1.3, according to contest demand, virtual network environment is configured, contest virtual machine is connected to form race network.
Step 2, on the basis of step 1, according to contest needs, monitoring agent is installed on the gateway of matching system:
Step 2.1, according to contest needs, monitoring agent is disposed on gateway, the data passed through on gateway are supervised Control.
Step 2.2, capturing to the network packet by gateway, preserves all data during match operation Bag, for tracing afterwards.
Step 3, the matching system set up based on step one, is carried out in virtual machine internal installation agent used in contest Monitor, concrete methods of realizing is:
Step 3.1, the Communication broker component for building virtual machine and physical machine is set up, is easy to virtual machine to be believed with physical machine Breath is exchanged.
Step 3.2, monitoring agent is installed in virtual machine internal, monitors and record player's operation, and communicated generation by actual situation Result is returned to management and control center by reason, is easy to keeper to check.
Step 3.3, analysis monitoring acts on behalf of returned information, and such as virtual machine is destroyed and alarm by player.
Step 4, on the basis of step one, monitoring agent is installed in the calculate node of cloud platform, to the node top The virtual machine target drone of administration is monitored.
Step 4.1, monitoring agent is installed in calculate node, the Microsoft Loopback Adapter of each virtual machine is monitored, analysis passes through void Intend the data of network interface card, monitoring traffic in network.
Step 4.2, to being backed up by the critical network data of each Microsoft Loopback Adapter, for tracing evidence obtaining afterwards.
Beneficial effect
A kind of information security contest course monitoring method proposed by the present invention, can be real-time, accurately, and many monitoring are whole Individual matching system.Once malicious attack matching system occurs in player, carry out violation operation, can with and alarm, Competition Management people Member can carry out accident treatment in time, ensure that contest can be normally carried out, and remain player's malice, the card of violation operation According to, be easy to the later stage in violation of rules and regulations processing.This method can be widely suitable for various information security contests.
Brief description of the drawings
Fig. 1 is that network level monitors flow chart;
Fig. 2 is network level Data Packet Seize flow chart;
Fig. 3 is that answering system monitors flow chart;
Fig. 4 is that virtual machine internal monitors flow chart;
Fig. 5 is process monitoring logical topology chart.
Embodiment
In order to better illustrate objects and advantages of the present invention, below in conjunction with the accompanying drawings with implementation use-case to the inventive method Embodiment is described in further details.Here, the present invention schematic implementation use-case and wherein illustrate be used for explain the present invention, But it is not as a limitation of the invention.
Implementing use-case includes 1 conduct virtualization cloud platform management terminal, 2 services in 5 servers, implementation process Device is as the calculate node of cloud platform, and 1 server is as player's answer server, and 1 is used as gateway server, connection management Node, calculate node, and player's answer server, server and virtual machine use Linux Ubuntu operating systems.
First link
The purpose of this link is to build the virtual network needed for network security technology contest.Specific implementation step is as follows:
Step 1.1, Cloudstack cloud platform management service ends and contest database are built in server A, and will clothes Business device B, server C are used as cloud platform calculate node.
Step 1.2, by the Cloudstack cloud platform management services end in server A, built in server B virtual Machine 1 and virtual machine 2, build virtual machine 3 and virtual machine 4 in server C;Then contest topic is disposed in virtual machine 1,2,3, It is used as contest target drone.Virtual machine 4 installs competition management system.
Step 1.3, player's answering system is disposed on server D.
Step 1.4, gateway is built on server E, section is calculated by the Cloudstack cloud platforms management in server A 4 virtual machines are connected into same virtual network, are allowed to interconnected amongst one another by point.And allow player's answer server and virtual machine phase Mutual communication.
Second link
The purpose of this link is to realize to be monitored in whole network aspect and preserve the packet of all-network communication.Tool Body implementation steps are as follows:
Step 2.1, Zabbix is installed on player's server to increase income monitoring software, player's server is monitored, it is right The attack such as ddos, arp that player starts is alarmed and identity is examined, it is ensured that the normal operation of match.
Step 2.2, Zabbix is installed on gateway server to increase income monitoring software, to by the flow of gateway server entering Row monitoring, note abnormalities flow and alarm.
Step 2.3, tcpdump scripts are run in calculate node and gateway server, the capture of network packet is preserved All packets during match operation, for tracing afterwards, carry out tcpdump using shell scripts and automatically control.
Step 2.4, whether normally transported using the timing detection answering system service of shell scripts on competition management system OK, management and control center and is regularly notified.
3rd link
This link purpose is that agent is installed in calculate node, monitors the operation of player:
Step 3.1, virtual machine 1,2,3 and the communication agent of calculate node physical machine are built.
Step 3.2, agent is installed on virtual machine 1,2,3, the real-time status of virtual machine is detected, and by the result of detection It is sent to management server.
Step 3.3, such as there is abnormal, generation alarm, notifies management in the result that management server analysis agent is returned Member's processing.
Below so that player carries out malice attack on player's server to target drone as an example, this method operation principle is illustrated:
1. contestant 1 carries out DDOS attack in answer to gateway server.
2. the Zabbix softwares in gateway server and player's server, detect ongoing DDOS attack, and will The IP address of attacker is recorded, and is produced alarm, is notified keeper.
3. the attacker that contestant 2 runs violation on target drone causes virtual machine 1 to destroy.
4. the agent of virtual machine 1 detects virtual machine and destroyed, by actual situation communication agent, pipe is sent information to Manage node.
5. management node, which receives information post analysis, to be gone out virtual machine 1 and destroyed, alarm is produced, notifies keeper to handle.

Claims (5)

1. a kind of information security technology contest course monitoring method, it is characterised in that the described method comprises the following steps:
Step 1, matching system virtual machine and respective virtual network are built based on virtualization cloud platform technology;
Step 2, monitoring agent is installed on the gateway of matching system;
Step 3, in contest virtual machine internal installation agent, virtual machine state is monitored in real time;
Step 4, monitoring agent is installed in the calculate node of cloud platform, the virtual machine target drone disposed on the node is supervised Control.
2. according to the method described in claim 1, it is characterised in that described network security technology matching system is implemented in completely In the virtual environment built based on virtualization cloud platform technology, in matching system and the deployment of contest topic and virtual machine, contest Virtual network connection of the network between virtual machine.
3. according to the method described in claim 1, it is characterised in that monitoring agent is installed on gateway, to the number by gateway According to being monitored and preserve:
Step 2.1, according to contest needs, monitoring agent is disposed on gateway, the data passed through on gateway are monitored;
Step 2.2, capturing to the network packet by gateway, preserves all packets during match operation, uses In tracing afterwards.
4. according to the method described in claim 1, it is characterised in that monitoring agent is installed in virtual machine internal, supervised in real time The specific steps of control include:
Step 3.1, the Communication broker component for building virtual machine and physical machine is set up, is easy to virtual machine to enter row information friendship with physical machine Change;
Step 3.2, monitoring agent is installed in virtual machine internal, monitors and record player's operation, and will by actual situation communication agent Result returns to management and control center, is easy to keeper to check;
Step 3.3, analysis monitoring acts on behalf of returned information, and such as virtual machine is destroyed and alarm by player.
5. the method according to claims 1, it is characterised in that monitoring agent is installed in the calculate node of cloud platform, The virtual machine target drone disposed on the node is monitored:
Step 4.1, monitoring agent is installed in calculate node, the Microsoft Loopback Adapter of each virtual machine is monitored, analysis passes through virtual net The data of card, monitoring traffic in network;
Step 4.2, to being backed up by the critical network data of each Microsoft Loopback Adapter, for tracing evidence obtaining afterwards.
CN201710267177.1A 2017-04-21 2017-04-21 Based on the information security technology contest course monitoring method acted on behalf of more Pending CN107172127A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710267177.1A CN107172127A (en) 2017-04-21 2017-04-21 Based on the information security technology contest course monitoring method acted on behalf of more

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710267177.1A CN107172127A (en) 2017-04-21 2017-04-21 Based on the information security technology contest course monitoring method acted on behalf of more

Publications (1)

Publication Number Publication Date
CN107172127A true CN107172127A (en) 2017-09-15

Family

ID=59812611

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710267177.1A Pending CN107172127A (en) 2017-04-21 2017-04-21 Based on the information security technology contest course monitoring method acted on behalf of more

Country Status (1)

Country Link
CN (1) CN107172127A (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109685347A (en) * 2018-12-14 2019-04-26 西安四叶草信息技术有限公司 Attacking and defending assessment method and device
WO2019080011A1 (en) * 2017-10-25 2019-05-02 深圳市互盟科技股份有限公司 Cloudstack cloud platform-based method for monitoring virtual machine
CN110955705A (en) * 2019-12-04 2020-04-03 厦门安胜网络科技有限公司 Data acquisition and analysis method and device for fortress machine
CN112291280A (en) * 2020-12-31 2021-01-29 博智安全科技股份有限公司 Network flow monitoring and auditing method and system
CN112311815A (en) * 2020-12-31 2021-02-02 博智安全科技股份有限公司 Monitoring, auditing and anti-cheating method and system under training competition
CN113342479A (en) * 2021-08-09 2021-09-03 南京赛宁信息技术有限公司 Competition platform dynamic Flag injection method and system based on file system
CN115174669A (en) * 2022-05-25 2022-10-11 南京赛宁信息技术有限公司 Virtual machine distributed agent access method and system in shooting range environment

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102158367A (en) * 2010-12-17 2011-08-17 中国科学技术大学苏州研究院 Active anti-plug-in online game system and anti-plug-in method thereof
CN102244622A (en) * 2011-07-25 2011-11-16 北京网御星云信息技术有限公司 Virtual gateway protection method, virtual security gateway and system for server virtualization
CN102801585A (en) * 2012-08-24 2012-11-28 上海和辰信息技术有限公司 Information monitoring system and method based on cloud computing network environment
CN103458003A (en) * 2013-08-15 2013-12-18 中电长城网际系统应用有限公司 Access control method and system of self-adaptation cloud computing environment virtual security domain
CN104050178A (en) * 2013-03-13 2014-09-17 北京思博途信息技术有限公司 Internet monitoring anti-spamming method and device
CN105282170A (en) * 2015-11-04 2016-01-27 国网山东省电力公司电力科学研究院 Information security offense and defense drill competition system for power industry
CN105577794A (en) * 2015-12-24 2016-05-11 杭州电魂网络科技股份有限公司 Running method for compound single race network model
CN106254547A (en) * 2016-09-29 2016-12-21 北京理工大学 A kind of network security technology contest dynamic FLAG management method
CN106330602A (en) * 2016-08-22 2017-01-11 中国科学院信息工程研究所 Method and system for monitoring cloud computing virtual tenant network
US20170093923A1 (en) * 2015-09-29 2017-03-30 NeuVector, Inc. Creating Additional Security Containers For Transparent Network Security For Application Containers Based On Conditions

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102158367A (en) * 2010-12-17 2011-08-17 中国科学技术大学苏州研究院 Active anti-plug-in online game system and anti-plug-in method thereof
CN102244622A (en) * 2011-07-25 2011-11-16 北京网御星云信息技术有限公司 Virtual gateway protection method, virtual security gateway and system for server virtualization
CN102801585A (en) * 2012-08-24 2012-11-28 上海和辰信息技术有限公司 Information monitoring system and method based on cloud computing network environment
CN104050178A (en) * 2013-03-13 2014-09-17 北京思博途信息技术有限公司 Internet monitoring anti-spamming method and device
CN103458003A (en) * 2013-08-15 2013-12-18 中电长城网际系统应用有限公司 Access control method and system of self-adaptation cloud computing environment virtual security domain
US20170093923A1 (en) * 2015-09-29 2017-03-30 NeuVector, Inc. Creating Additional Security Containers For Transparent Network Security For Application Containers Based On Conditions
CN105282170A (en) * 2015-11-04 2016-01-27 国网山东省电力公司电力科学研究院 Information security offense and defense drill competition system for power industry
CN105577794A (en) * 2015-12-24 2016-05-11 杭州电魂网络科技股份有限公司 Running method for compound single race network model
CN106330602A (en) * 2016-08-22 2017-01-11 中国科学院信息工程研究所 Method and system for monitoring cloud computing virtual tenant network
CN106254547A (en) * 2016-09-29 2016-12-21 北京理工大学 A kind of network security technology contest dynamic FLAG management method

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
罗森林 朱帅 王春晓: ""网络空间安全对抗演练模型研究"", 《信息安全研究》 *
贾丛飞: ""网络空间安全对抗演练方法研究"", 《中国优秀硕士学位论文全文数据库信息科技辑》 *

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019080011A1 (en) * 2017-10-25 2019-05-02 深圳市互盟科技股份有限公司 Cloudstack cloud platform-based method for monitoring virtual machine
CN109685347A (en) * 2018-12-14 2019-04-26 西安四叶草信息技术有限公司 Attacking and defending assessment method and device
CN110955705A (en) * 2019-12-04 2020-04-03 厦门安胜网络科技有限公司 Data acquisition and analysis method and device for fortress machine
CN110955705B (en) * 2019-12-04 2022-06-28 厦门安胜网络科技有限公司 Data acquisition and analysis method and device for fortress machine
CN112291280A (en) * 2020-12-31 2021-01-29 博智安全科技股份有限公司 Network flow monitoring and auditing method and system
CN112311815A (en) * 2020-12-31 2021-02-02 博智安全科技股份有限公司 Monitoring, auditing and anti-cheating method and system under training competition
CN113342479A (en) * 2021-08-09 2021-09-03 南京赛宁信息技术有限公司 Competition platform dynamic Flag injection method and system based on file system
CN115174669A (en) * 2022-05-25 2022-10-11 南京赛宁信息技术有限公司 Virtual machine distributed agent access method and system in shooting range environment

Similar Documents

Publication Publication Date Title
CN107172127A (en) Based on the information security technology contest course monitoring method acted on behalf of more
Lippmann et al. The 1999 DARPA off-line intrusion detection evaluation
KR101534194B1 (en) cybersecurity practical training system and method that reflects the intruder behavior patterns
CN109951500A (en) Network attack detecting method and device
US20120167161A1 (en) Apparatus and method for controlling security condition of global network
CN106656991A (en) Network threat detection system and detection method
CN106657019A (en) Network security protection method and device
CN106357685A (en) Method and device for defending distributed denial of service attack
Alsafi et al. Idps: An integrated intrusion handling model for cloud
CN106899601A (en) Network attack defence installation and method based on cloud and local platform
CN104363240A (en) Unknown threat comprehensive detection method based on information flow behavior validity detection
JP2004030286A (en) Intrusion detection system and intrusion detection program
CN109344624A (en) Penetration test method, platform, equipment and storage medium based on cloud cooperation
CN108965210A (en) Safety test platform based on scene-type attacking and defending simulation
Han et al. Biologically inspired smart contract: A blockchain-based DDoS detection system
Başer et al. Ssh and telnet protocols attack analysis using honeypot technique: Analysis of ssh and telnet honeypot
Yang et al. Design of distributed honeypot system based on intrusion tracking
Cheetancheri et al. A distributed host-based worm detection system
CN115208678A (en) Intelligent network safety protection method, system, equipment and medium
Baláž et al. ModSecurity IDMEF module
CN113489703A (en) Safety protection system
Pihelgas Design and implementation of an availability scoring system for cyber defence exercises
Ghaleb et al. A framework architecture for agentless cloud endpoint security monitoring
TW201141155A (en) Alliance type distributed network intrusion prevention system and method thereof
CN111107035B (en) Security situation sensing and protecting method and device based on behavior identification

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20170915