CN109286611A - A kind of network target range cloud platform system, construction method, equipment and medium - Google Patents
A kind of network target range cloud platform system, construction method, equipment and medium Download PDFInfo
- Publication number
- CN109286611A CN109286611A CN201810978299.6A CN201810978299A CN109286611A CN 109286611 A CN109286611 A CN 109286611A CN 201810978299 A CN201810978299 A CN 201810978299A CN 109286611 A CN109286611 A CN 109286611A
- Authority
- CN
- China
- Prior art keywords
- authentication
- network
- application
- user
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/145—Network analysis or design involving simulating, designing, planning or modelling of a network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present invention provides a kind of network target range cloud platform system, construction method, equipment and media.The system comprises: authentication module, resource management module and application build module, wherein: the authentication module is used to carry out authentication to user, the resource management module is used to provide virtual resource to the application build module, the application build module is used to construct network range application according to the virtual resource distributed, and the network range application is supplied to the user that authentication passes through.User is established with network range application and is contacted, provide network range application for the user by authentication by authentication module by the present invention, is formed in using the safeguard protection before application to target range simulated environment.
Description
Technical field
The present invention relates to network RANGE TECHNOLOGIES field, more particularly to a kind of network target range cloud platform system, construction method,
Equipment and medium.
Background technique
With the development of network technology, while creating convenience, billions of users has also been brought into one
A awkward condition.On the one hand, country and government rely on network and maintain the normal of the Activities such as politics, economy, culture, military affairs
Operating;Enterprise customer relies on network and carries out technological innovation and the market expansion;Personal user relies on network and carries out information exchange;It is another
Aspect, information storage, processing and transmission in network are all concerning national security, enterprise and the confidential information of individual or quick
Feel information, therefore becomes hostile force, the target of attack of criminal.This unsafe situation meeting sustainable development, gradually seeps
Thoroughly to emerging cyberspaces such as Internet of Things, intelligent mobile interconnection, cloud computings.
Network security is all gradually deeply being led to cope with increasingly serious network security challenges by the mechanism of all parts of the world
The research in domain, wherein network target range is by the simulated environment of internet scale, and to carry out attack and defense training, new technology is verified, corresponding
Course Training cultivates the network security talent.It can carry out large-scale cyberspace Attack Defence rehearsal, be rivalry-drilling
Each side provides the basic hardware resources such as attacking and defending scenario building, calculating, storage, network, and confrontation evaluation of result mechanism.
But current network target range is not established with user and is contacted, and network target range simulated environment itself is not pacified
Full guard.
Summary of the invention
(1) technical problems to be solved
Current network target range is not established with user and is contacted, for network target range simulated environment itself without carrying out safety
Protection.
(2) technical solution
One aspect of the present invention provides a kind of network target range cloud platform system, the system comprises: authentication module, money
Source control module and application build module, in which: the authentication module is used to carry out authentication, the resource to user
Management module is used to provide virtual resource to the application build module, and the application build module is used for according to the void distributed
Quasi- resource construction network range application, and the network range application is supplied to the user that authentication passes through.Optionally, institute
Stating authentication module includes the first request unit, first password acquiring unit and the first authentication unit;First request is single
Member, for sending EAPOL-Start message identity certification request to Verification System by networking client;The first password obtains
Unit is taken, is sent according to the EAPOL-Start message identity certification request to networking client for the Verification System
EAP-Request/Identity message obtains username and password, by the username and password with the first certification request report
The form of text is sent to RADIUS authentication server;First authentication unit, for described in the judgement of RADIUS authentication server
Whether the first authentication request packet is consistent with database information, if so, sending RADIUS-Success message and by described
Network access equipment opens the port for connecting the network target range cloud platform system.
Optionally, the authentication module includes that the second request unit, the second password acquiring unit and the second certification are single
Member;Second request unit, for issuing http network access request to network access equipment by network insertion client,
Portal sends user authentication interface to network insertion client according to the http network access request;Second password obtains
Unit is taken, for obtaining username and password by the user authentication interface, portal recognizes username and password with second
The form of card request message is sent to RADIUS authentication server;Second authentication unit is used for RADIUS certificate server
Judge whether the message is consistent with database information according to the authentication request packet, if so, sending RADIUS-
Success message simultaneously opens the port for connecting the network target range cloud platform system by the network access equipment.
Optionally, the resource management module is used to provide virtual resource to the application build module, comprising: to institute
The address virtual resource allocation IPV6 is stated, and the address IPV6 is provided to the application build module;The application build mould
Root tuber accesses the virtual resource according to the address IPV6.Optionally, the network range application includes knowledge base training application
With simulation attacking and defending training application, the knowledge base training is applied for obtaining knowledge base and forum and showing user;The mould
Quasi- attacking and defending training is applied for obtaining virtual target drone, carries out attack experiment to the virtual target drone, and by attack experiment result exhibition
Show to user.
Optionally, the network range application includes exam pool application and range application, and the exam pool is applied attacks for obtaining
Anti- technical ability exam pool simultaneously shows user;The range application is used to obtain virtual target range, and to virtual in the virtual target range
Target drone carries out attack experiment, and the virtual target range includes multiple virtual target drones with different type loophole.
Optionally, the network range application includes red blue confrontation application, opposed for providing to different users
Virtual resource, and the user for keeping this different carries out attacking and defending match using the opposed virtual resource.
Another aspect of the present invention provides the construction method in a kind of system, which comprises is recognized by identity
It demonstrate,proves module and authentication is carried out to user;Virtual resource is provided to the application build module by resource management module;Pass through
Application build module constructs network range application according to the virtual resource distributed, and the network range application is supplied to body
The user that part certification passes through.Another aspect of the invention provides a kind of electronic equipment, comprising: communicator, for logical with server
Letter;Processor;Memory is stored with computer executable program, and the program is flat comprising network target range cloud as described above
Platform system.
Further aspect of the present invention provides a kind of computer readable storage medium, is stored thereon with computer program, the journey
Sequence includes network target range cloud platform system as described above.
(3) beneficial effect
User is established with network range application and is contacted, to pass through authentication by authentication module by the present invention
User network range application is provided, i.e., user needed when using network range application in the cloud platform system of network target range into
Row authentication procedures are formed in using the safeguard protection before the application to target range simulated environment.
Detailed description of the invention
Fig. 1 is network target range cloud platform system block diagram provided in an embodiment of the present invention;
Fig. 2 is electronic device block diagram provided in an embodiment of the present invention;
Fig. 3 is construction method flow chart provided in an embodiment of the present invention.
Specific embodiment
Hereinafter, will be described with reference to the accompanying drawings the embodiment of the present invention.However, it should be understood that these descriptions are only exemplary
, and be not intended to limit the scope of the invention.In the following detailed description, to elaborate many specific thin convenient for explaining
Section is to provide the comprehensive understanding to the embodiment of the present invention.It may be evident, however, that one or more embodiments are not having these specific thin
It can also be carried out in the case where section.In addition, in the following description, descriptions of well-known structures and technologies are omitted, to avoid
Unnecessarily obscure idea of the invention.
Technology of the invention can be realized in the form of hardware and/or software (including firmware, microcode etc.).In addition, this
The technology of invention can take the form of the computer program product on the computer-readable medium for being stored with instruction, the computer
Program product uses for instruction execution system or instruction execution system is combined to use.In the context of the present invention, it calculates
Machine readable medium, which can be, can include, store, transmitting, propagating or transmitting the arbitrary medium of instruction.For example, computer-readable Jie
Matter can include but is not limited to electricity, magnetic, optical, electromagnetic, infrared or semiconductor system, device, device or propagation medium.Computer can
The specific example for reading medium includes: magnetic memory apparatus, such as tape or hard disk (HDD);Light storage device, such as CD (CD-ROM);
Memory, such as random access memory (RAM) or flash memory;And/or wire/wireless communication link.
A kind of network target range cloud platform system of the present invention, referring to Fig. 1, the system 100 include: authentication module 110,
Resource management module 120 and application build module 130, in which: the authentication module 110 is used to carry out identity to user to recognize
Card, the resource management module 120 are used to provide virtual resource, the application build module 130 to the application build module
For constructing network range application according to the building virtual resource distributed, and the network range application is supplied to identity and is recognized
Demonstrate,prove the user passed through.
User is established with network range application and is contacted, to pass through authentication by authentication module by the present invention
User network range application is provided, i.e., user needed when using network range application in the cloud platform system of network target range into
Row authentication procedures are formed in using the safeguard protection before the application to target range simulated environment.
Wherein, the network target range, which refers to, is combined by virtual environment with real equipment, and it is rich that analog simulation goes out true match
Cyberspace attacking and defending operational environment can support the rich fight capability research of match and match rich weaponry verification test, it is therefore an objective to needle
To network-combination yarn rehearsal and new network evaluation and test.Network range application is to refer to that user can be used based on network target range
Various applications.
The process of authentication described above can there are many implementations, such as: in one embodiment of the invention,
The authentication subsystem can carry out authentication to user by 802.1x agreement.It will be appreciated by those skilled in the art that
, the technology that 802.1x agreement is authenticated based on ethernet port, before authentication passes through, 802.1x only allows EAPOL
The switch port that (Extensible Authentication Protocol based on local area network) data are connected by equipment;After authentication passes through, normally
Data can be smoothly through ethernet port.Networking client, Verification System and the network access equipment of 802.1x agreement
Between interacted by three agreements EAPOL, EAP and RADIUS, realize authentication procedures.The authentication module packet
Include the first request unit, first password acquiring unit and the first authentication unit;First request unit, for passing through network visitor
Family end sends EAPOL-Start message identity certification request to Verification System;The first password acquiring unit, recognizes for described
Card system sends EAP-Request/ to networking client according to the EAPOL-Start message identity certification request
Identity message obtains username and password, the username and password is sent in the form of the first authentication request packet
Give RADIUS authentication server;First authentication unit judges first certification request for RADIUS authentication server
Whether message is consistent with database information, if so, sending RADIUS-Success message and passing through the network access equipment
Open the port for connecting the network target range cloud platform system.Wherein described network access equipment such as interchanger, router etc.,
Interchanger can be Ethernet switch herein.
In another embodiment of the present invention, the authentication subsystem is recognized by the portal based on RADIUS
Card carries out authentication to user.Specifically, the authentication module includes the second request unit, the second password acquiring unit
With the second authentication unit;Second request unit, for issuing HTTP to network access equipment by network insertion client
Network access request, portal send user authentication interface to network insertion client according to the http network access request;
The second password acquiring unit, for obtaining username and password by the user authentication interface, portal is by user name
RADIUS authentication server is sent in the form of the second authentication request packet with password;Second authentication unit, is used for
RADIUS authentication server judges whether the message is consistent with database information according to the authentication request packet, if so,
It sends RADIUS-Success message and is opened by the network access equipment and connect the network target range cloud platform system
Port.Wherein the networking client is one end of request access network, such as browser, the network access equipment are for example handed over
It changes planes, router etc., interchanger can be Ethernet switch herein.
Specifically, the resource management module is used to provide virtual resource to the application build module, comprising: to described
The address virtual resource allocation IPV6, and the address IPV6 is provided to the application build module;The application build module
The virtual resource is accessed according to the address IPV6.For example, table 1 show virtual resource IPV6 address information, when virtual money
When source includes target drone, an independent address IPV6 is distributed to each available target drone, the target when the user clicks or in List of input
When machine address, the target drone may have access to.Network environment locating for the network target range cloud platform system can be IPV6 environment.
1 target drone IPV6 address information table of table
Target drone number | Target drone title | Target drone address | Survival condition |
B0001 | Target drone 1 | 2001:da8::01 | It is |
B0002 | Target drone 2 | 2001:da8::02 | It is |
B0003 | Target drone 3 | 2001:da8::03 | It is no |
B0004 | Target drone 4 | 2001:da8::04 | It is no |
Virtual resource described above may also include target range, when virtual resource includes target range, as shown in table 2, to it is each can
An independent address IPV6 is distributed with target range, when target range address when the user clicks or in List of input, may have access to the target range.
It will be appreciated by persons skilled in the art that the target range includes multiple target drones.
2 target range IPV6 address information table of table
Target range number | Target range title | Target range address | Survival condition |
C0001 | Target range 1 | 2001:da8::06 | It is |
C0002 | Target range 2 | 2001:da8::07 | It is |
C0003 | Target range 3 | 2001:da8::08 | It is no |
C0004 | Target range 4 | 2001:da8::09 | It is no |
In addition, the resource management module can also be used to be managed user information, will be used in the cloud platform of network target range
Family ID, user's name, affiliated unit, affiliated group, score etc. show user.For example, table 3 show resource management module to
The table that family information is managed.
3 subscriber information management table of table
User ID | Address name | School's (unit) | Affiliated group | Personal score |
000001 | Wang Yi | Tsinghua University | Group 1 | 90 |
000002 | Zhao two | Peking University | Group 2 | 89 |
000003 | Zhang San | Zhejiang University | Group 3 | 91 |
000004 | Li Si | Fudan University | Group 4 | 88 |
It, can be with it will be appreciated by persons skilled in the art that the target drone in virtual resource described above is virtual machine
It is deployed in Docker container, target range can also be used as integral deployment in Docker container.The target drone include Windows and
Two kinds of systems of Kali Linux.
Further, the network range application includes knowledge base training application and simulates attacking and defending training application, described to know
Library training application is known for obtaining knowledge base and forum and showing user;The simulation attacking and defending training is applied virtual for obtaining
Target drone carries out attack experiment to the virtual target drone, and attack experiment result is showed user.Such as: user can be from net
Learnt in network range application for content in knowledge base, while can be exchanged in forum with other users.User
After obtaining virtual target drone, simulation attack experiment training can be carried out to the virtual target drone, deepens the study to loophole knowledge.
Further, the network range application includes exam pool application and range application, and the exam pool is applied for obtaining
Attacking and defending technical ability exam pool simultaneously shows user;The range application is used to obtain virtual target range, and to the void in the virtual target range
Quasi- target drone carries out attack experiment, and the virtual target range includes multiple virtual target drones with different type loophole.Such as: Yong Huke
To obtain exam pool from network range application, which includes password cracking, WEB safety, reverse-engineering, system safety, network
The types such as agreement.The virtual target range can primary virtual target range, intermediate virtual target range and high-level virtual target range, primary virtual target
Field forms target range with single target drone, shares 20 target ranges;Intermediate virtual target range forms target range with 2-3 target drone, is altogether 10 targets
?;High-level virtual target range forms target range with 2-5 target drone, is altogether 5 target ranges.Each target range may include the leakage of multiple and different types
Hole, user can enter intermediate virtual target range and high-level virtual target range after the attack experiment for completing primary virtual target range.
Further, the network range application includes red blue confrontation application, opposed for providing to different users
Virtual resource, and the user for keeping this different carries out attacking and defending match using the opposed virtual resource.Such as: user A, B,
C is red team, and user D, E, F are blue team, and two teams need to protect the target range of this pair when attacking the target range of other side.Pass through
Red blue confrontation application can be with the adaptability to changes of training user and Attack Defence ability.
The present invention also provides the construction methods in a kind of system described above, which comprises passes through authentication
Module carries out authentication to user;Virtual resource is provided to the application build module by resource management module;By answering
Network range application is constructed according to the virtual resource distributed with building module, and the network range application is supplied to identity
Authenticate the user passed through.
Specifically, referring to Fig. 3, authentication is carried out to user by authentication module, after authenticating successfully, user is carried out
Requirement description provides virtual resource to the application build module by resource management module, that is, carries out according to the requirement description
File configuration process, after being optimal configuration (optimum virtual resource), simultaneously to the application build module by the resource delivery
User is showed, and judges whether user confirms the resource, if user does not confirm the resource, user is again
Requirement description is carried out, and re-starts file configuration process, is constructed by application build module according to the virtual resource distributed
Network range application, and the network range application is supplied to the user that authentication passes through.Network target has been used in user
After the application of field, virtual resource is destroyed by resource management module.
In addition, the present invention provides a kind of electronic equipment 200, comprising: communicator is used for and server communication;Processor;
Memory is stored with computer executable program, which includes network target range cloud platform system as described above.
Fig. 2 diagrammatically illustrates electronic device block diagram according to an embodiment of the present invention.
As shown in Fig. 2, the electronic equipment 200 includes communicator 210, processor 220 and memory 230.The electronics is set
Standby 200 can execute according to the method for the embodiment of the present invention.
Specifically, processor 220 for example may include general purpose microprocessor, instruction set processor and/or related chip group
And/or special microprocessor (for example, specific integrated circuit (ASIC)), etc..Processor 220 can also include using for caching
The onboard storage device on way.Processor 220 can be for executing the different movements of process according to the method for the embodiment of the present invention
Single treatment unit either multiple processing units.
Memory 230, such as can be the arbitrary medium can include, store, transmitting, propagating or transmitting instruction.For example,
Readable storage medium storing program for executing can include but is not limited to electricity, magnetic, optical, electromagnetic, infrared or semiconductor system, device, device or propagate Jie
Matter.The specific example of readable storage medium storing program for executing includes: magnetic memory apparatus, such as tape or hard disk (HDD);Light storage device, such as CD
(CD-ROM);Memory, such as random access memory (RAM) or flash memory;And/or wire/wireless communication link.It is stored with meter
Calculation machine executable program, the program by the processor when being executed, so that the processor executes network as described above
Target range cloud platform system.
The present invention also provides a kind of computer-readable mediums, are stored thereon with computer program, which includes as above
Network target range cloud platform system described in text.The computer-readable medium can be equipment/device described in above-described embodiment/
Included in system;It is also possible to individualism, and without in the supplying equipment/device/system.Above-mentioned computer-readable Jie
Matter carries one or more program, and when said one or multiple programs are performed, realization is according to embodiments of the present invention
Method.
According to an embodiment of the invention, computer-readable medium can be computer-readable signal media or computer can
Read storage medium either the two any combination.Computer readable storage medium for example can be --- but it is unlimited
In system, device or the device of --- electricity, magnetic, optical, electromagnetic, infrared ray or semiconductor, or any above combination.It calculates
The more specific example of machine readable storage medium storing program for executing can include but is not limited to: have the electrical connection, portable of one or more conducting wires
Formula computer disk, hard disk, random access storage device (RAM), read-only memory (ROM), erasable programmable read only memory
(EPROM or flash memory), optical fiber, portable compact disc read-only memory (CD-ROM), light storage device, magnetic memory device or
The above-mentioned any appropriate combination of person.In the present invention, computer readable storage medium can be it is any include or storage program
Tangible medium, which can be commanded execution system, device or device use or in connection.And in this hair
In bright, computer-readable signal media may include in a base band or as carrier wave a part propagate data-signal,
In carry computer-readable program code.The data-signal of this propagation can take various forms, including but not limited to
Electromagnetic signal, optical signal or above-mentioned any appropriate combination.Computer-readable signal media can also be computer-readable
Any computer-readable medium other than storage medium, the computer-readable medium can send, propagate or transmit for by
Instruction execution system, device or device use or program in connection.The journey for including on computer-readable medium
Sequence code can transmit with any suitable medium, including but not limited to: wireless, wired, optical cable, radiofrequency signal etc., or
Above-mentioned any appropriate combination.
It will be understood by those skilled in the art that the feature recorded in each embodiment of the invention and/or claim can
To carry out multiple combinations or/or combination, even if such combination or combination are not expressly recited in the present invention.Particularly, exist
In the case where not departing from spirit of that invention and introduction, the feature recorded in each embodiment of the invention and/or claim can
To carry out multiple combinations and/or combination.All these combinations and/or combination each fall within the scope of the present invention.
Although the present invention, art technology has shown and described referring to certain exemplary embodiments of the invention
Personnel it should be understood that in the case where the spirit and scope of the present invention limited without departing substantially from the following claims and their equivalents,
A variety of changes in form and details can be carried out to the present invention.Therefore, the scope of the present invention should not necessarily be limited by above-described embodiment,
But should be not only determined by appended claims, also it is defined by the equivalent of appended claims.
Claims (10)
1. a kind of network target range cloud platform system, which is characterized in that the system comprises: authentication module, resource management mould
Block and application build module, in which:
The authentication module is used to carry out user authentication, and the resource management module is used for the application build
Module provides virtual resource, and the application build module is used to construct network range application according to the virtual resource distributed, and
The network range application is supplied to the user that authentication passes through.
2. system according to claim 1, which is characterized in that the authentication module includes the first request unit, the
One password acquiring unit and the first authentication unit;
First request unit, for sending the certification of EAPOL-Start message identity to Verification System by networking client
Request;
The first password acquiring unit, for the Verification System according to the EAPOL-Start message identity certification request
EAP-Request/Identity message is sent to networking client, username and password is obtained, by the username and password
RADIUS authentication server is sent in the form of the first authentication request packet;
First authentication unit, for RADIUS authentication server judge first authentication request packet whether with database
Information is consistent, connects the network if so, sending RADIUS-Success message and opening by the network access equipment
The port of target range cloud platform system.
3. system according to claim 1, which is characterized in that the authentication module includes the second request unit, the
Two password acquiring units and the second authentication unit;
Second request unit is asked for issuing http network access to network access equipment by network insertion client
It asks, portal sends user authentication interface to network insertion client according to the http network access request;
The second password acquiring unit, for obtaining username and password by the user authentication interface, portal will be used
Name in an account book and password are sent to RADIUS authentication server in the form of the second authentication request packet;
Whether second authentication unit judges the message according to the authentication request packet for RADIUS authentication server
It is consistent with database information, if so, sending RADIUS-Success message and opening connection by the network access equipment
The port of the network target range cloud platform system.
4. system according to claim 1, which is characterized in that the resource management module is used for the application build mould
Block provides virtual resource, comprising:
The application build module is provided to the address the virtual resource allocation IPV6, and by the address IPV6;
The application build module accesses the virtual resource according to the address IPV6.
5. system according to claim 1, which is characterized in that the network range application include knowledge base training apply and
Attacking and defending training application is simulated,
The knowledge base training is applied for obtaining knowledge base and forum and showing user;
The simulation attacking and defending training is applied for obtaining virtual target drone, carries out attack experiment to the virtual target drone, and will attack
Experimental results show is to user.
6. system according to claim 1, which is characterized in that the network range application includes that exam pool is answered using with target range
With,
The exam pool is applied for obtaining attacking and defending technical ability exam pool and showing user;
The range application carries out attack experiment, institute for obtaining virtual target range, and to the virtual target drone in the virtual target range
Stating virtual target range includes multiple virtual target drones with different type loophole.
7. system according to claim 1, which is characterized in that the network range application includes red blue confrontation application, is used
In providing opposed virtual resource to different user, and the user for keeping this different using the opposed virtual resource into
Row attacking and defending match.
8. the construction method of system described in a kind of any one of claim 1-7, which is characterized in that the described method includes:
Authentication is carried out to user by authentication module;
Virtual resource is provided to the application build module by resource management module;
Network range application is constructed according to the virtual resource that is distributed by application build module, and by the network range application
It is supplied to the user that authentication passes through.
9. a kind of electronic equipment, which is characterized in that the equipment includes:
Communicator, is used for and server communication;
Processor;
Memory is stored with computer executable program, which includes such as the network target range cloud platform in claim 1-7
System.
10. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the program includes as weighed
Benefit requires the network target range cloud platform system in 1-7.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810978299.6A CN109286611A (en) | 2018-08-24 | 2018-08-24 | A kind of network target range cloud platform system, construction method, equipment and medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810978299.6A CN109286611A (en) | 2018-08-24 | 2018-08-24 | A kind of network target range cloud platform system, construction method, equipment and medium |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109286611A true CN109286611A (en) | 2019-01-29 |
Family
ID=65183920
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810978299.6A Pending CN109286611A (en) | 2018-08-24 | 2018-08-24 | A kind of network target range cloud platform system, construction method, equipment and medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109286611A (en) |
Cited By (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110730161A (en) * | 2019-09-09 | 2020-01-24 | 光通天下网络科技股份有限公司 | Network target range implementation method, device, equipment, medium and system |
CN111030837A (en) * | 2019-10-28 | 2020-04-17 | 哈尔滨安天科技集团股份有限公司 | Network environment current situation assessment method and device, electronic equipment and storage medium |
CN111212064A (en) * | 2019-12-31 | 2020-05-29 | 北京安码科技有限公司 | Method, system, equipment and storage medium for simulating attack behavior of shooting range |
CN111736947A (en) * | 2020-05-16 | 2020-10-02 | 安徽商贸职业技术学院 | Open type multi-person online teaching system and experimental method |
CN113162954A (en) * | 2021-06-23 | 2021-07-23 | 西南石油大学 | Target drone creating method and network attack and defense training system |
CN113438103A (en) * | 2021-06-08 | 2021-09-24 | 博智安全科技股份有限公司 | Large-scale network target range and construction method, construction device and construction equipment thereof |
CN114285680A (en) * | 2021-12-21 | 2022-04-05 | 北京永信至诚科技股份有限公司 | Team cooperative communication method and system applied to network target range |
CN114422201A (en) * | 2021-12-28 | 2022-04-29 | 北京永信至诚科技股份有限公司 | Network target range large-scale user remote access method and system |
CN115190042A (en) * | 2022-06-16 | 2022-10-14 | 南京赛宁信息技术有限公司 | Network target range target access state detection system and method |
CN115225410A (en) * | 2022-08-30 | 2022-10-21 | 四川安洵信息技术有限公司 | Independent dynamic network security shooting range system, device and application method thereof |
CN115225347A (en) * | 2022-06-30 | 2022-10-21 | 烽台科技(北京)有限公司 | Method and device for monitoring shooting range resources |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104410617A (en) * | 2014-11-21 | 2015-03-11 | 西安邮电大学 | Information safety attack and defense system structure of cloud platform |
US9171049B2 (en) * | 2002-06-13 | 2015-10-27 | Salesforce.Com, Inc. | Offline simulation of online session between client and server |
CN105516160A (en) * | 2015-12-17 | 2016-04-20 | 北京荣之联科技股份有限公司 | Domain management object mapping apparatus and unified identity authentication system |
CN106060097A (en) * | 2016-08-02 | 2016-10-26 | 北京永信至诚科技股份有限公司 | Management system and management method for information security competition |
CN107426152A (en) * | 2017-04-07 | 2017-12-01 | 西安电子科技大学 | Multitask security isolation system and method under cloud platform actual situation Interconnection Environment |
CN108021428A (en) * | 2017-12-05 | 2018-05-11 | 华迪计算机集团有限公司 | A kind of method and system that network target range is realized based on Docker |
-
2018
- 2018-08-24 CN CN201810978299.6A patent/CN109286611A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9171049B2 (en) * | 2002-06-13 | 2015-10-27 | Salesforce.Com, Inc. | Offline simulation of online session between client and server |
CN104410617A (en) * | 2014-11-21 | 2015-03-11 | 西安邮电大学 | Information safety attack and defense system structure of cloud platform |
CN105516160A (en) * | 2015-12-17 | 2016-04-20 | 北京荣之联科技股份有限公司 | Domain management object mapping apparatus and unified identity authentication system |
CN106060097A (en) * | 2016-08-02 | 2016-10-26 | 北京永信至诚科技股份有限公司 | Management system and management method for information security competition |
CN107426152A (en) * | 2017-04-07 | 2017-12-01 | 西安电子科技大学 | Multitask security isolation system and method under cloud platform actual situation Interconnection Environment |
CN108021428A (en) * | 2017-12-05 | 2018-05-11 | 华迪计算机集团有限公司 | A kind of method and system that network target range is realized based on Docker |
Non-Patent Citations (5)
Title |
---|
吴怡晨,王轶骏等: "面向网络空间的攻防靶场设计", 《通信技术》 * |
孙震: "高效能网络靶场的设计与实现", 《电信网技术》 * |
宣乐飞: "基于云技术的网络攻防实训平台设计与实现", 《计算机时代》 * |
王灵霞,刘永纯: "《网络管理与运维实战宝典》", 31 July 2016 * |
肖文红: "网络空间安全实训室校企共建共享探索", 《商业经济》 * |
Cited By (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110730161B (en) * | 2019-09-09 | 2020-08-04 | 光通天下网络科技股份有限公司 | Network target range implementation method, device, equipment, medium and system |
CN110730161A (en) * | 2019-09-09 | 2020-01-24 | 光通天下网络科技股份有限公司 | Network target range implementation method, device, equipment, medium and system |
CN111030837A (en) * | 2019-10-28 | 2020-04-17 | 哈尔滨安天科技集团股份有限公司 | Network environment current situation assessment method and device, electronic equipment and storage medium |
CN111212064A (en) * | 2019-12-31 | 2020-05-29 | 北京安码科技有限公司 | Method, system, equipment and storage medium for simulating attack behavior of shooting range |
CN111736947A (en) * | 2020-05-16 | 2020-10-02 | 安徽商贸职业技术学院 | Open type multi-person online teaching system and experimental method |
CN113438103B (en) * | 2021-06-08 | 2023-08-22 | 博智安全科技股份有限公司 | Large-scale network shooting range, construction method, construction device and construction equipment thereof |
CN113438103A (en) * | 2021-06-08 | 2021-09-24 | 博智安全科技股份有限公司 | Large-scale network target range and construction method, construction device and construction equipment thereof |
CN113162954A (en) * | 2021-06-23 | 2021-07-23 | 西南石油大学 | Target drone creating method and network attack and defense training system |
CN113162954B (en) * | 2021-06-23 | 2021-09-03 | 西南石油大学 | Target drone creating method and network attack and defense training system |
CN114285680A (en) * | 2021-12-21 | 2022-04-05 | 北京永信至诚科技股份有限公司 | Team cooperative communication method and system applied to network target range |
CN114422201A (en) * | 2021-12-28 | 2022-04-29 | 北京永信至诚科技股份有限公司 | Network target range large-scale user remote access method and system |
CN115190042A (en) * | 2022-06-16 | 2022-10-14 | 南京赛宁信息技术有限公司 | Network target range target access state detection system and method |
CN115190042B (en) * | 2022-06-16 | 2023-09-08 | 南京赛宁信息技术有限公司 | Network target range target access state detection system and method |
CN115225347A (en) * | 2022-06-30 | 2022-10-21 | 烽台科技(北京)有限公司 | Method and device for monitoring shooting range resources |
CN115225347B (en) * | 2022-06-30 | 2023-12-22 | 烽台科技(北京)有限公司 | Method and device for monitoring target range resources |
CN115225410A (en) * | 2022-08-30 | 2022-10-21 | 四川安洵信息技术有限公司 | Independent dynamic network security shooting range system, device and application method thereof |
CN115225410B (en) * | 2022-08-30 | 2022-12-09 | 四川安洵信息技术有限公司 | Independent dynamic network security target range system, device and application method thereof |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109286611A (en) | A kind of network target range cloud platform system, construction method, equipment and medium | |
Ghafir et al. | Social engineering attack strategies and defence approaches | |
Ficco et al. | Leaf: An open-source cybersecurity training platform for realistic edge-IoT scenarios | |
CN108959933A (en) | Risk analysis device and method for the certification based on risk | |
CN107580767A (en) | The method and system of network activity is managed using biological characteristic | |
AlHarthy et al. | Implement network security control solutions in BYOD environment | |
Valluripally et al. | Modeling and defense of social virtual reality attacks inducing cybersickness | |
Crossman et al. | Study of authentication with IoT testbed | |
Bierhoff et al. | The social psychology of trust with applications in the internet | |
CN109922027A (en) | A kind of trusted identity authentication method, terminal and storage medium | |
Hussain et al. | Penetration testing in system administration | |
Islam et al. | Mr-block: A blockchain-assisted secure content sharing scheme for multi-user mixed-reality applications in internet of military things | |
English et al. | Towards a metric for recognition-based graphical password security | |
Aggarwal et al. | Hackit: a human-in-the-loop simulation tool for realistic cyber deception experiments | |
Hardi et al. | Enhanced security framework on chatbot using MAC address authentication to customer service quality | |
Singh | The Ultimate Kali Linux Book: Perform Advanced Penetration Testing Using Nmap, Metasploit, Aircrack-ng, and Empire | |
Sherman et al. | Project-based learning inspires cybersecurity students: A scholarship-for-service research study | |
Iacob | Information security management in e-learning | |
Nguyen et al. | MB-PBA: Leveraging merkle tree and blockchain to enhance user profile-based authentication in e-learning systems | |
Dawson et al. | The future of national and international security on the internet | |
Jayashri et al. | Cloud cryptography for cloud data analytics in IoT | |
Rosmansyah et al. | Impersonation attack-defense tree | |
Dawson et al. | Battlefield cyberspace: Exploitation of hyperconnectivity and internet of things | |
NEDELCHEV et al. | Cybersecurity recommendations and best practices for digital education | |
Hasan et al. | E-Learning systems and their Security |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190129 |