CN109286611A - A kind of network target range cloud platform system, construction method, equipment and medium - Google Patents

A kind of network target range cloud platform system, construction method, equipment and medium Download PDF

Info

Publication number
CN109286611A
CN109286611A CN201810978299.6A CN201810978299A CN109286611A CN 109286611 A CN109286611 A CN 109286611A CN 201810978299 A CN201810978299 A CN 201810978299A CN 109286611 A CN109286611 A CN 109286611A
Authority
CN
China
Prior art keywords
authentication
network
application
user
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810978299.6A
Other languages
Chinese (zh)
Inventor
黄友俊
李星
吴建平
黄有根
李威
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CERNET Corp
Original Assignee
CERNET Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CERNET Corp filed Critical CERNET Corp
Priority to CN201810978299.6A priority Critical patent/CN109286611A/en
Publication of CN109286611A publication Critical patent/CN109286611A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/145Network analysis or design involving simulating, designing, planning or modelling of a network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention provides a kind of network target range cloud platform system, construction method, equipment and media.The system comprises: authentication module, resource management module and application build module, wherein: the authentication module is used to carry out authentication to user, the resource management module is used to provide virtual resource to the application build module, the application build module is used to construct network range application according to the virtual resource distributed, and the network range application is supplied to the user that authentication passes through.User is established with network range application and is contacted, provide network range application for the user by authentication by authentication module by the present invention, is formed in using the safeguard protection before application to target range simulated environment.

Description

A kind of network target range cloud platform system, construction method, equipment and medium
Technical field
The present invention relates to network RANGE TECHNOLOGIES field, more particularly to a kind of network target range cloud platform system, construction method, Equipment and medium.
Background technique
With the development of network technology, while creating convenience, billions of users has also been brought into one A awkward condition.On the one hand, country and government rely on network and maintain the normal of the Activities such as politics, economy, culture, military affairs Operating;Enterprise customer relies on network and carries out technological innovation and the market expansion;Personal user relies on network and carries out information exchange;It is another Aspect, information storage, processing and transmission in network are all concerning national security, enterprise and the confidential information of individual or quick Feel information, therefore becomes hostile force, the target of attack of criminal.This unsafe situation meeting sustainable development, gradually seeps Thoroughly to emerging cyberspaces such as Internet of Things, intelligent mobile interconnection, cloud computings.
Network security is all gradually deeply being led to cope with increasingly serious network security challenges by the mechanism of all parts of the world The research in domain, wherein network target range is by the simulated environment of internet scale, and to carry out attack and defense training, new technology is verified, corresponding Course Training cultivates the network security talent.It can carry out large-scale cyberspace Attack Defence rehearsal, be rivalry-drilling Each side provides the basic hardware resources such as attacking and defending scenario building, calculating, storage, network, and confrontation evaluation of result mechanism.
But current network target range is not established with user and is contacted, and network target range simulated environment itself is not pacified Full guard.
Summary of the invention
(1) technical problems to be solved
Current network target range is not established with user and is contacted, for network target range simulated environment itself without carrying out safety Protection.
(2) technical solution
One aspect of the present invention provides a kind of network target range cloud platform system, the system comprises: authentication module, money Source control module and application build module, in which: the authentication module is used to carry out authentication, the resource to user Management module is used to provide virtual resource to the application build module, and the application build module is used for according to the void distributed Quasi- resource construction network range application, and the network range application is supplied to the user that authentication passes through.Optionally, institute Stating authentication module includes the first request unit, first password acquiring unit and the first authentication unit;First request is single Member, for sending EAPOL-Start message identity certification request to Verification System by networking client;The first password obtains Unit is taken, is sent according to the EAPOL-Start message identity certification request to networking client for the Verification System EAP-Request/Identity message obtains username and password, by the username and password with the first certification request report The form of text is sent to RADIUS authentication server;First authentication unit, for described in the judgement of RADIUS authentication server Whether the first authentication request packet is consistent with database information, if so, sending RADIUS-Success message and by described Network access equipment opens the port for connecting the network target range cloud platform system.
Optionally, the authentication module includes that the second request unit, the second password acquiring unit and the second certification are single Member;Second request unit, for issuing http network access request to network access equipment by network insertion client, Portal sends user authentication interface to network insertion client according to the http network access request;Second password obtains Unit is taken, for obtaining username and password by the user authentication interface, portal recognizes username and password with second The form of card request message is sent to RADIUS authentication server;Second authentication unit is used for RADIUS certificate server Judge whether the message is consistent with database information according to the authentication request packet, if so, sending RADIUS- Success message simultaneously opens the port for connecting the network target range cloud platform system by the network access equipment.
Optionally, the resource management module is used to provide virtual resource to the application build module, comprising: to institute The address virtual resource allocation IPV6 is stated, and the address IPV6 is provided to the application build module;The application build mould Root tuber accesses the virtual resource according to the address IPV6.Optionally, the network range application includes knowledge base training application With simulation attacking and defending training application, the knowledge base training is applied for obtaining knowledge base and forum and showing user;The mould Quasi- attacking and defending training is applied for obtaining virtual target drone, carries out attack experiment to the virtual target drone, and by attack experiment result exhibition Show to user.
Optionally, the network range application includes exam pool application and range application, and the exam pool is applied attacks for obtaining Anti- technical ability exam pool simultaneously shows user;The range application is used to obtain virtual target range, and to virtual in the virtual target range Target drone carries out attack experiment, and the virtual target range includes multiple virtual target drones with different type loophole.
Optionally, the network range application includes red blue confrontation application, opposed for providing to different users Virtual resource, and the user for keeping this different carries out attacking and defending match using the opposed virtual resource.
Another aspect of the present invention provides the construction method in a kind of system, which comprises is recognized by identity It demonstrate,proves module and authentication is carried out to user;Virtual resource is provided to the application build module by resource management module;Pass through Application build module constructs network range application according to the virtual resource distributed, and the network range application is supplied to body The user that part certification passes through.Another aspect of the invention provides a kind of electronic equipment, comprising: communicator, for logical with server Letter;Processor;Memory is stored with computer executable program, and the program is flat comprising network target range cloud as described above Platform system.
Further aspect of the present invention provides a kind of computer readable storage medium, is stored thereon with computer program, the journey Sequence includes network target range cloud platform system as described above.
(3) beneficial effect
User is established with network range application and is contacted, to pass through authentication by authentication module by the present invention User network range application is provided, i.e., user needed when using network range application in the cloud platform system of network target range into Row authentication procedures are formed in using the safeguard protection before the application to target range simulated environment.
Detailed description of the invention
Fig. 1 is network target range cloud platform system block diagram provided in an embodiment of the present invention;
Fig. 2 is electronic device block diagram provided in an embodiment of the present invention;
Fig. 3 is construction method flow chart provided in an embodiment of the present invention.
Specific embodiment
Hereinafter, will be described with reference to the accompanying drawings the embodiment of the present invention.However, it should be understood that these descriptions are only exemplary , and be not intended to limit the scope of the invention.In the following detailed description, to elaborate many specific thin convenient for explaining Section is to provide the comprehensive understanding to the embodiment of the present invention.It may be evident, however, that one or more embodiments are not having these specific thin It can also be carried out in the case where section.In addition, in the following description, descriptions of well-known structures and technologies are omitted, to avoid Unnecessarily obscure idea of the invention.
Technology of the invention can be realized in the form of hardware and/or software (including firmware, microcode etc.).In addition, this The technology of invention can take the form of the computer program product on the computer-readable medium for being stored with instruction, the computer Program product uses for instruction execution system or instruction execution system is combined to use.In the context of the present invention, it calculates Machine readable medium, which can be, can include, store, transmitting, propagating or transmitting the arbitrary medium of instruction.For example, computer-readable Jie Matter can include but is not limited to electricity, magnetic, optical, electromagnetic, infrared or semiconductor system, device, device or propagation medium.Computer can The specific example for reading medium includes: magnetic memory apparatus, such as tape or hard disk (HDD);Light storage device, such as CD (CD-ROM); Memory, such as random access memory (RAM) or flash memory;And/or wire/wireless communication link.
A kind of network target range cloud platform system of the present invention, referring to Fig. 1, the system 100 include: authentication module 110, Resource management module 120 and application build module 130, in which: the authentication module 110 is used to carry out identity to user to recognize Card, the resource management module 120 are used to provide virtual resource, the application build module 130 to the application build module For constructing network range application according to the building virtual resource distributed, and the network range application is supplied to identity and is recognized Demonstrate,prove the user passed through.
User is established with network range application and is contacted, to pass through authentication by authentication module by the present invention User network range application is provided, i.e., user needed when using network range application in the cloud platform system of network target range into Row authentication procedures are formed in using the safeguard protection before the application to target range simulated environment.
Wherein, the network target range, which refers to, is combined by virtual environment with real equipment, and it is rich that analog simulation goes out true match Cyberspace attacking and defending operational environment can support the rich fight capability research of match and match rich weaponry verification test, it is therefore an objective to needle To network-combination yarn rehearsal and new network evaluation and test.Network range application is to refer to that user can be used based on network target range Various applications.
The process of authentication described above can there are many implementations, such as: in one embodiment of the invention, The authentication subsystem can carry out authentication to user by 802.1x agreement.It will be appreciated by those skilled in the art that , the technology that 802.1x agreement is authenticated based on ethernet port, before authentication passes through, 802.1x only allows EAPOL The switch port that (Extensible Authentication Protocol based on local area network) data are connected by equipment;After authentication passes through, normally Data can be smoothly through ethernet port.Networking client, Verification System and the network access equipment of 802.1x agreement Between interacted by three agreements EAPOL, EAP and RADIUS, realize authentication procedures.The authentication module packet Include the first request unit, first password acquiring unit and the first authentication unit;First request unit, for passing through network visitor Family end sends EAPOL-Start message identity certification request to Verification System;The first password acquiring unit, recognizes for described Card system sends EAP-Request/ to networking client according to the EAPOL-Start message identity certification request Identity message obtains username and password, the username and password is sent in the form of the first authentication request packet Give RADIUS authentication server;First authentication unit judges first certification request for RADIUS authentication server Whether message is consistent with database information, if so, sending RADIUS-Success message and passing through the network access equipment Open the port for connecting the network target range cloud platform system.Wherein described network access equipment such as interchanger, router etc., Interchanger can be Ethernet switch herein.
In another embodiment of the present invention, the authentication subsystem is recognized by the portal based on RADIUS Card carries out authentication to user.Specifically, the authentication module includes the second request unit, the second password acquiring unit With the second authentication unit;Second request unit, for issuing HTTP to network access equipment by network insertion client Network access request, portal send user authentication interface to network insertion client according to the http network access request; The second password acquiring unit, for obtaining username and password by the user authentication interface, portal is by user name RADIUS authentication server is sent in the form of the second authentication request packet with password;Second authentication unit, is used for RADIUS authentication server judges whether the message is consistent with database information according to the authentication request packet, if so, It sends RADIUS-Success message and is opened by the network access equipment and connect the network target range cloud platform system Port.Wherein the networking client is one end of request access network, such as browser, the network access equipment are for example handed over It changes planes, router etc., interchanger can be Ethernet switch herein.
Specifically, the resource management module is used to provide virtual resource to the application build module, comprising: to described The address virtual resource allocation IPV6, and the address IPV6 is provided to the application build module;The application build module The virtual resource is accessed according to the address IPV6.For example, table 1 show virtual resource IPV6 address information, when virtual money When source includes target drone, an independent address IPV6 is distributed to each available target drone, the target when the user clicks or in List of input When machine address, the target drone may have access to.Network environment locating for the network target range cloud platform system can be IPV6 environment.
1 target drone IPV6 address information table of table
Target drone number Target drone title Target drone address Survival condition
B0001 Target drone 1 2001:da8::01 It is
B0002 Target drone 2 2001:da8::02 It is
B0003 Target drone 3 2001:da8::03 It is no
B0004 Target drone 4 2001:da8::04 It is no
Virtual resource described above may also include target range, when virtual resource includes target range, as shown in table 2, to it is each can An independent address IPV6 is distributed with target range, when target range address when the user clicks or in List of input, may have access to the target range. It will be appreciated by persons skilled in the art that the target range includes multiple target drones.
2 target range IPV6 address information table of table
Target range number Target range title Target range address Survival condition
C0001 Target range 1 2001:da8::06 It is
C0002 Target range 2 2001:da8::07 It is
C0003 Target range 3 2001:da8::08 It is no
C0004 Target range 4 2001:da8::09 It is no
In addition, the resource management module can also be used to be managed user information, will be used in the cloud platform of network target range Family ID, user's name, affiliated unit, affiliated group, score etc. show user.For example, table 3 show resource management module to The table that family information is managed.
3 subscriber information management table of table
User ID Address name School's (unit) Affiliated group Personal score
000001 Wang Yi Tsinghua University Group 1 90
000002 Zhao two Peking University Group 2 89
000003 Zhang San Zhejiang University Group 3 91
000004 Li Si Fudan University Group 4 88
It, can be with it will be appreciated by persons skilled in the art that the target drone in virtual resource described above is virtual machine It is deployed in Docker container, target range can also be used as integral deployment in Docker container.The target drone include Windows and Two kinds of systems of Kali Linux.
Further, the network range application includes knowledge base training application and simulates attacking and defending training application, described to know Library training application is known for obtaining knowledge base and forum and showing user;The simulation attacking and defending training is applied virtual for obtaining Target drone carries out attack experiment to the virtual target drone, and attack experiment result is showed user.Such as: user can be from net Learnt in network range application for content in knowledge base, while can be exchanged in forum with other users.User After obtaining virtual target drone, simulation attack experiment training can be carried out to the virtual target drone, deepens the study to loophole knowledge.
Further, the network range application includes exam pool application and range application, and the exam pool is applied for obtaining Attacking and defending technical ability exam pool simultaneously shows user;The range application is used to obtain virtual target range, and to the void in the virtual target range Quasi- target drone carries out attack experiment, and the virtual target range includes multiple virtual target drones with different type loophole.Such as: Yong Huke To obtain exam pool from network range application, which includes password cracking, WEB safety, reverse-engineering, system safety, network The types such as agreement.The virtual target range can primary virtual target range, intermediate virtual target range and high-level virtual target range, primary virtual target Field forms target range with single target drone, shares 20 target ranges;Intermediate virtual target range forms target range with 2-3 target drone, is altogether 10 targets ?;High-level virtual target range forms target range with 2-5 target drone, is altogether 5 target ranges.Each target range may include the leakage of multiple and different types Hole, user can enter intermediate virtual target range and high-level virtual target range after the attack experiment for completing primary virtual target range.
Further, the network range application includes red blue confrontation application, opposed for providing to different users Virtual resource, and the user for keeping this different carries out attacking and defending match using the opposed virtual resource.Such as: user A, B, C is red team, and user D, E, F are blue team, and two teams need to protect the target range of this pair when attacking the target range of other side.Pass through Red blue confrontation application can be with the adaptability to changes of training user and Attack Defence ability.
The present invention also provides the construction methods in a kind of system described above, which comprises passes through authentication Module carries out authentication to user;Virtual resource is provided to the application build module by resource management module;By answering Network range application is constructed according to the virtual resource distributed with building module, and the network range application is supplied to identity Authenticate the user passed through.
Specifically, referring to Fig. 3, authentication is carried out to user by authentication module, after authenticating successfully, user is carried out Requirement description provides virtual resource to the application build module by resource management module, that is, carries out according to the requirement description File configuration process, after being optimal configuration (optimum virtual resource), simultaneously to the application build module by the resource delivery User is showed, and judges whether user confirms the resource, if user does not confirm the resource, user is again Requirement description is carried out, and re-starts file configuration process, is constructed by application build module according to the virtual resource distributed Network range application, and the network range application is supplied to the user that authentication passes through.Network target has been used in user After the application of field, virtual resource is destroyed by resource management module.
In addition, the present invention provides a kind of electronic equipment 200, comprising: communicator is used for and server communication;Processor; Memory is stored with computer executable program, which includes network target range cloud platform system as described above.
Fig. 2 diagrammatically illustrates electronic device block diagram according to an embodiment of the present invention.
As shown in Fig. 2, the electronic equipment 200 includes communicator 210, processor 220 and memory 230.The electronics is set Standby 200 can execute according to the method for the embodiment of the present invention.
Specifically, processor 220 for example may include general purpose microprocessor, instruction set processor and/or related chip group And/or special microprocessor (for example, specific integrated circuit (ASIC)), etc..Processor 220 can also include using for caching The onboard storage device on way.Processor 220 can be for executing the different movements of process according to the method for the embodiment of the present invention Single treatment unit either multiple processing units.
Memory 230, such as can be the arbitrary medium can include, store, transmitting, propagating or transmitting instruction.For example, Readable storage medium storing program for executing can include but is not limited to electricity, magnetic, optical, electromagnetic, infrared or semiconductor system, device, device or propagate Jie Matter.The specific example of readable storage medium storing program for executing includes: magnetic memory apparatus, such as tape or hard disk (HDD);Light storage device, such as CD (CD-ROM);Memory, such as random access memory (RAM) or flash memory;And/or wire/wireless communication link.It is stored with meter Calculation machine executable program, the program by the processor when being executed, so that the processor executes network as described above Target range cloud platform system.
The present invention also provides a kind of computer-readable mediums, are stored thereon with computer program, which includes as above Network target range cloud platform system described in text.The computer-readable medium can be equipment/device described in above-described embodiment/ Included in system;It is also possible to individualism, and without in the supplying equipment/device/system.Above-mentioned computer-readable Jie Matter carries one or more program, and when said one or multiple programs are performed, realization is according to embodiments of the present invention Method.
According to an embodiment of the invention, computer-readable medium can be computer-readable signal media or computer can Read storage medium either the two any combination.Computer readable storage medium for example can be --- but it is unlimited In system, device or the device of --- electricity, magnetic, optical, electromagnetic, infrared ray or semiconductor, or any above combination.It calculates The more specific example of machine readable storage medium storing program for executing can include but is not limited to: have the electrical connection, portable of one or more conducting wires Formula computer disk, hard disk, random access storage device (RAM), read-only memory (ROM), erasable programmable read only memory (EPROM or flash memory), optical fiber, portable compact disc read-only memory (CD-ROM), light storage device, magnetic memory device or The above-mentioned any appropriate combination of person.In the present invention, computer readable storage medium can be it is any include or storage program Tangible medium, which can be commanded execution system, device or device use or in connection.And in this hair In bright, computer-readable signal media may include in a base band or as carrier wave a part propagate data-signal, In carry computer-readable program code.The data-signal of this propagation can take various forms, including but not limited to Electromagnetic signal, optical signal or above-mentioned any appropriate combination.Computer-readable signal media can also be computer-readable Any computer-readable medium other than storage medium, the computer-readable medium can send, propagate or transmit for by Instruction execution system, device or device use or program in connection.The journey for including on computer-readable medium Sequence code can transmit with any suitable medium, including but not limited to: wireless, wired, optical cable, radiofrequency signal etc., or Above-mentioned any appropriate combination.
It will be understood by those skilled in the art that the feature recorded in each embodiment of the invention and/or claim can To carry out multiple combinations or/or combination, even if such combination or combination are not expressly recited in the present invention.Particularly, exist In the case where not departing from spirit of that invention and introduction, the feature recorded in each embodiment of the invention and/or claim can To carry out multiple combinations and/or combination.All these combinations and/or combination each fall within the scope of the present invention.
Although the present invention, art technology has shown and described referring to certain exemplary embodiments of the invention Personnel it should be understood that in the case where the spirit and scope of the present invention limited without departing substantially from the following claims and their equivalents, A variety of changes in form and details can be carried out to the present invention.Therefore, the scope of the present invention should not necessarily be limited by above-described embodiment, But should be not only determined by appended claims, also it is defined by the equivalent of appended claims.

Claims (10)

1. a kind of network target range cloud platform system, which is characterized in that the system comprises: authentication module, resource management mould Block and application build module, in which:
The authentication module is used to carry out user authentication, and the resource management module is used for the application build Module provides virtual resource, and the application build module is used to construct network range application according to the virtual resource distributed, and The network range application is supplied to the user that authentication passes through.
2. system according to claim 1, which is characterized in that the authentication module includes the first request unit, the One password acquiring unit and the first authentication unit;
First request unit, for sending the certification of EAPOL-Start message identity to Verification System by networking client Request;
The first password acquiring unit, for the Verification System according to the EAPOL-Start message identity certification request EAP-Request/Identity message is sent to networking client, username and password is obtained, by the username and password RADIUS authentication server is sent in the form of the first authentication request packet;
First authentication unit, for RADIUS authentication server judge first authentication request packet whether with database Information is consistent, connects the network if so, sending RADIUS-Success message and opening by the network access equipment The port of target range cloud platform system.
3. system according to claim 1, which is characterized in that the authentication module includes the second request unit, the Two password acquiring units and the second authentication unit;
Second request unit is asked for issuing http network access to network access equipment by network insertion client It asks, portal sends user authentication interface to network insertion client according to the http network access request;
The second password acquiring unit, for obtaining username and password by the user authentication interface, portal will be used Name in an account book and password are sent to RADIUS authentication server in the form of the second authentication request packet;
Whether second authentication unit judges the message according to the authentication request packet for RADIUS authentication server It is consistent with database information, if so, sending RADIUS-Success message and opening connection by the network access equipment The port of the network target range cloud platform system.
4. system according to claim 1, which is characterized in that the resource management module is used for the application build mould Block provides virtual resource, comprising:
The application build module is provided to the address the virtual resource allocation IPV6, and by the address IPV6;
The application build module accesses the virtual resource according to the address IPV6.
5. system according to claim 1, which is characterized in that the network range application include knowledge base training apply and Attacking and defending training application is simulated,
The knowledge base training is applied for obtaining knowledge base and forum and showing user;
The simulation attacking and defending training is applied for obtaining virtual target drone, carries out attack experiment to the virtual target drone, and will attack Experimental results show is to user.
6. system according to claim 1, which is characterized in that the network range application includes that exam pool is answered using with target range With,
The exam pool is applied for obtaining attacking and defending technical ability exam pool and showing user;
The range application carries out attack experiment, institute for obtaining virtual target range, and to the virtual target drone in the virtual target range Stating virtual target range includes multiple virtual target drones with different type loophole.
7. system according to claim 1, which is characterized in that the network range application includes red blue confrontation application, is used In providing opposed virtual resource to different user, and the user for keeping this different using the opposed virtual resource into Row attacking and defending match.
8. the construction method of system described in a kind of any one of claim 1-7, which is characterized in that the described method includes:
Authentication is carried out to user by authentication module;
Virtual resource is provided to the application build module by resource management module;
Network range application is constructed according to the virtual resource that is distributed by application build module, and by the network range application It is supplied to the user that authentication passes through.
9. a kind of electronic equipment, which is characterized in that the equipment includes:
Communicator, is used for and server communication;
Processor;
Memory is stored with computer executable program, which includes such as the network target range cloud platform in claim 1-7 System.
10. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the program includes as weighed Benefit requires the network target range cloud platform system in 1-7.
CN201810978299.6A 2018-08-24 2018-08-24 A kind of network target range cloud platform system, construction method, equipment and medium Pending CN109286611A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810978299.6A CN109286611A (en) 2018-08-24 2018-08-24 A kind of network target range cloud platform system, construction method, equipment and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810978299.6A CN109286611A (en) 2018-08-24 2018-08-24 A kind of network target range cloud platform system, construction method, equipment and medium

Publications (1)

Publication Number Publication Date
CN109286611A true CN109286611A (en) 2019-01-29

Family

ID=65183920

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810978299.6A Pending CN109286611A (en) 2018-08-24 2018-08-24 A kind of network target range cloud platform system, construction method, equipment and medium

Country Status (1)

Country Link
CN (1) CN109286611A (en)

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110730161A (en) * 2019-09-09 2020-01-24 光通天下网络科技股份有限公司 Network target range implementation method, device, equipment, medium and system
CN111030837A (en) * 2019-10-28 2020-04-17 哈尔滨安天科技集团股份有限公司 Network environment current situation assessment method and device, electronic equipment and storage medium
CN111212064A (en) * 2019-12-31 2020-05-29 北京安码科技有限公司 Method, system, equipment and storage medium for simulating attack behavior of shooting range
CN111736947A (en) * 2020-05-16 2020-10-02 安徽商贸职业技术学院 Open type multi-person online teaching system and experimental method
CN113162954A (en) * 2021-06-23 2021-07-23 西南石油大学 Target drone creating method and network attack and defense training system
CN113438103A (en) * 2021-06-08 2021-09-24 博智安全科技股份有限公司 Large-scale network target range and construction method, construction device and construction equipment thereof
CN114285680A (en) * 2021-12-21 2022-04-05 北京永信至诚科技股份有限公司 Team cooperative communication method and system applied to network target range
CN114422201A (en) * 2021-12-28 2022-04-29 北京永信至诚科技股份有限公司 Network target range large-scale user remote access method and system
CN115190042A (en) * 2022-06-16 2022-10-14 南京赛宁信息技术有限公司 Network target range target access state detection system and method
CN115225410A (en) * 2022-08-30 2022-10-21 四川安洵信息技术有限公司 Independent dynamic network security shooting range system, device and application method thereof
CN115225347A (en) * 2022-06-30 2022-10-21 烽台科技(北京)有限公司 Method and device for monitoring shooting range resources

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104410617A (en) * 2014-11-21 2015-03-11 西安邮电大学 Information safety attack and defense system structure of cloud platform
US9171049B2 (en) * 2002-06-13 2015-10-27 Salesforce.Com, Inc. Offline simulation of online session between client and server
CN105516160A (en) * 2015-12-17 2016-04-20 北京荣之联科技股份有限公司 Domain management object mapping apparatus and unified identity authentication system
CN106060097A (en) * 2016-08-02 2016-10-26 北京永信至诚科技股份有限公司 Management system and management method for information security competition
CN107426152A (en) * 2017-04-07 2017-12-01 西安电子科技大学 Multitask security isolation system and method under cloud platform actual situation Interconnection Environment
CN108021428A (en) * 2017-12-05 2018-05-11 华迪计算机集团有限公司 A kind of method and system that network target range is realized based on Docker

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9171049B2 (en) * 2002-06-13 2015-10-27 Salesforce.Com, Inc. Offline simulation of online session between client and server
CN104410617A (en) * 2014-11-21 2015-03-11 西安邮电大学 Information safety attack and defense system structure of cloud platform
CN105516160A (en) * 2015-12-17 2016-04-20 北京荣之联科技股份有限公司 Domain management object mapping apparatus and unified identity authentication system
CN106060097A (en) * 2016-08-02 2016-10-26 北京永信至诚科技股份有限公司 Management system and management method for information security competition
CN107426152A (en) * 2017-04-07 2017-12-01 西安电子科技大学 Multitask security isolation system and method under cloud platform actual situation Interconnection Environment
CN108021428A (en) * 2017-12-05 2018-05-11 华迪计算机集团有限公司 A kind of method and system that network target range is realized based on Docker

Non-Patent Citations (5)

* Cited by examiner, † Cited by third party
Title
吴怡晨,王轶骏等: "面向网络空间的攻防靶场设计", 《通信技术》 *
孙震: "高效能网络靶场的设计与实现", 《电信网技术》 *
宣乐飞: "基于云技术的网络攻防实训平台设计与实现", 《计算机时代》 *
王灵霞,刘永纯: "《网络管理与运维实战宝典》", 31 July 2016 *
肖文红: "网络空间安全实训室校企共建共享探索", 《商业经济》 *

Cited By (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110730161B (en) * 2019-09-09 2020-08-04 光通天下网络科技股份有限公司 Network target range implementation method, device, equipment, medium and system
CN110730161A (en) * 2019-09-09 2020-01-24 光通天下网络科技股份有限公司 Network target range implementation method, device, equipment, medium and system
CN111030837A (en) * 2019-10-28 2020-04-17 哈尔滨安天科技集团股份有限公司 Network environment current situation assessment method and device, electronic equipment and storage medium
CN111212064A (en) * 2019-12-31 2020-05-29 北京安码科技有限公司 Method, system, equipment and storage medium for simulating attack behavior of shooting range
CN111736947A (en) * 2020-05-16 2020-10-02 安徽商贸职业技术学院 Open type multi-person online teaching system and experimental method
CN113438103B (en) * 2021-06-08 2023-08-22 博智安全科技股份有限公司 Large-scale network shooting range, construction method, construction device and construction equipment thereof
CN113438103A (en) * 2021-06-08 2021-09-24 博智安全科技股份有限公司 Large-scale network target range and construction method, construction device and construction equipment thereof
CN113162954A (en) * 2021-06-23 2021-07-23 西南石油大学 Target drone creating method and network attack and defense training system
CN113162954B (en) * 2021-06-23 2021-09-03 西南石油大学 Target drone creating method and network attack and defense training system
CN114285680A (en) * 2021-12-21 2022-04-05 北京永信至诚科技股份有限公司 Team cooperative communication method and system applied to network target range
CN114422201A (en) * 2021-12-28 2022-04-29 北京永信至诚科技股份有限公司 Network target range large-scale user remote access method and system
CN115190042A (en) * 2022-06-16 2022-10-14 南京赛宁信息技术有限公司 Network target range target access state detection system and method
CN115190042B (en) * 2022-06-16 2023-09-08 南京赛宁信息技术有限公司 Network target range target access state detection system and method
CN115225347A (en) * 2022-06-30 2022-10-21 烽台科技(北京)有限公司 Method and device for monitoring shooting range resources
CN115225347B (en) * 2022-06-30 2023-12-22 烽台科技(北京)有限公司 Method and device for monitoring target range resources
CN115225410A (en) * 2022-08-30 2022-10-21 四川安洵信息技术有限公司 Independent dynamic network security shooting range system, device and application method thereof
CN115225410B (en) * 2022-08-30 2022-12-09 四川安洵信息技术有限公司 Independent dynamic network security target range system, device and application method thereof

Similar Documents

Publication Publication Date Title
CN109286611A (en) A kind of network target range cloud platform system, construction method, equipment and medium
Ghafir et al. Social engineering attack strategies and defence approaches
Ficco et al. Leaf: An open-source cybersecurity training platform for realistic edge-IoT scenarios
CN108959933A (en) Risk analysis device and method for the certification based on risk
CN107580767A (en) The method and system of network activity is managed using biological characteristic
AlHarthy et al. Implement network security control solutions in BYOD environment
Valluripally et al. Modeling and defense of social virtual reality attacks inducing cybersickness
Crossman et al. Study of authentication with IoT testbed
Bierhoff et al. The social psychology of trust with applications in the internet
CN109922027A (en) A kind of trusted identity authentication method, terminal and storage medium
Hussain et al. Penetration testing in system administration
Islam et al. Mr-block: A blockchain-assisted secure content sharing scheme for multi-user mixed-reality applications in internet of military things
English et al. Towards a metric for recognition-based graphical password security
Aggarwal et al. Hackit: a human-in-the-loop simulation tool for realistic cyber deception experiments
Hardi et al. Enhanced security framework on chatbot using MAC address authentication to customer service quality
Singh The Ultimate Kali Linux Book: Perform Advanced Penetration Testing Using Nmap, Metasploit, Aircrack-ng, and Empire
Sherman et al. Project-based learning inspires cybersecurity students: A scholarship-for-service research study
Iacob Information security management in e-learning
Nguyen et al. MB-PBA: Leveraging merkle tree and blockchain to enhance user profile-based authentication in e-learning systems
Dawson et al. The future of national and international security on the internet
Jayashri et al. Cloud cryptography for cloud data analytics in IoT
Rosmansyah et al. Impersonation attack-defense tree
Dawson et al. Battlefield cyberspace: Exploitation of hyperconnectivity and internet of things
NEDELCHEV et al. Cybersecurity recommendations and best practices for digital education
Hasan et al. E-Learning systems and their Security

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20190129