CN109547405A - Automated network attack traffic acquisition methods and system based on Python - Google Patents
Automated network attack traffic acquisition methods and system based on Python Download PDFInfo
- Publication number
- CN109547405A CN109547405A CN201811184616.3A CN201811184616A CN109547405A CN 109547405 A CN109547405 A CN 109547405A CN 201811184616 A CN201811184616 A CN 201811184616A CN 109547405 A CN109547405 A CN 109547405A
- Authority
- CN
- China
- Prior art keywords
- network attack
- script
- python
- attack
- traffic
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3668—Software testing
- G06F11/3672—Test management
- G06F11/3676—Test management for coverage analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/24—Traffic characterised by specific attributes, e.g. priority or QoS
- H04L47/2441—Traffic characterised by specific attributes, e.g. priority or QoS relying on flow classification, e.g. using integrated services [IntServ]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Quality & Reliability (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present invention provides a kind of automated network attack traffic acquisition methods and system based on Python, obtains network attack script, and network attack script is enabled to carry out semiology analysis, obtains the input information of code region execution;Network attack script is executed according to input information, extraction obtains Network Attack, carries out attack step classification to Network Attack;Enable Network Attack according to category classification, the characteristic information in token network attack traffic is obtained character network attack traffic, stored in the form of database or text file to character network attack traffic.Using Python symbolic execution technique automatic running target attack script and traverse code branch, attack traffic is obtained for academic research or the performance test of cyber-defence system, effectively avoid the step of needing to build target target drone environment in traditional attack script flow collection, it can automate on a large scale, the a large amount of attack traffic sample of quick obtaining, practicability is higher, has broad application prospects.
Description
Technical field
The present invention relates to network test fields, and in particular, to a kind of automated network attack based on Python
Flow acquisition methods and system and computer storage medium, more particularly, to a kind of automation net based on Python semiology analysis
Network attack traffic acquisition methods.
Background technique
Network Attack Generator is the important verification tool for checking and verifying network system detection invasive ability, wide
In the general network system test for being applied to various severity levels, especially in the network system more demanding for inspection security energy
There is the central role that can not be substituted when with the performance of IDS tool.In network security test, it is required that tested test system is defeated
Enter a large amount of attack traffic to be handled, to verify its safety according to the operating status of tested test system and feedback data
Property.
Attack traffic sample in current network Attack generation device then needs largely to artificially collect and analyze, and needs
Consume a large amount of manpower of security study tissue and material resources.Occurs a kind of new network attack every time, Security Officer requires receiving
Its operation logic of manual analyzing after collection attack script on the net, and corresponding loophole target drone environment is built to allow attack script
Actual attack is carried out to target target drone, to extract real attack traffic.
Symbolic execution technique is a kind of technology in the software test field of comparative maturity, is normally used for test target software
Run-time error.Its purpose is to each code logic branch in tested software is all triggered execution as much as possible
Once, to examine the robustness and stability of software.Cyber-attack techniques are a kind of interleaving techniques of complexity, are related to a variety of
Computer literacy.Five stages: scan phase can be roughly divided into according to the stage that cyber-attack techniques carry out, detect rank
Section, phase of the attack control the stage, are resident the stage.The purpose in each stage is different with traffic characteristic, needs researcher point
It is not analyzed.Therefore symbolic execution technique is applied to the research in terms of cyber-attack techniques, there is urgent realistic meaning.
Summary of the invention
For the defects in the prior art, the object of the present invention is to provide a kind of automated networks based on Python
Attack traffic acquisition methods and system and computer storage medium.
A kind of automated network attack traffic acquisition methods based on Python provided according to the present invention, including,
Test script amendment step: obtaining network attack script, and network attack script is enabled to carry out semiology analysis, obtains code region execution
Input information;Traffic classification step: network attack script is executed according to input information, extraction obtains Network Attack, right
Network Attack carries out attack step classification;Flow storing step: enable Network Attack according to category classification, token network
Characteristic information in attack traffic obtains character network attack traffic, to character network attack traffic with database or text
Document form storage.
Preferably, the input information mainly includes any one of input parameter, feedback variable or appoints a variety of.
Preferably, the network attack script is based on Python script, and the semiology analysis is based on Python symbol
It executes.
Preferably, it is to obtain objective function title by semiology analysis, call that the extraction, which obtains Network Attack,
API, lines of code infer that present flow rate is in position and property in attack step, carry out attack step to Network Attack
Rapid classification.
Preferably, the characteristic information mainly include IP address, port numbers, check bit, etc. in any in variable positions
Or appoint a variety of.
Preferably, it is described enable network attack script carry out semiology analysis when, judge sentence by network attack foot according to condition
Originally it is divided into basic code block, is connected with dendrogram and successively executes relationship.
Preferably, the semiology analysis using pruning algorithms, branch into that policy selection, based on context state recognition is worked as
Any one of preceding circulation position appoints a variety of, progress network attack script execution.
Preferably, the solver in the semiology analysis, semiology analysis engine independently execute, and jump generation using modification script
Code promotes code implementation coverage.
A kind of computer readable storage medium for being stored with computer program provided according to the present invention, the computer journey
The step of above method is realized when sequence is executed by processor.
A kind of automated network attack traffic based on Python provided according to the present invention obtains system, including,
Test script correction module: obtaining network attack script, and network attack script is enabled to carry out semiology analysis, obtains code region execution
Input information;Traffic classification module: network attack script is executed according to input information, extraction obtains Network Attack, right
Network Attack carries out attack step classification;Flow memory module: enable Network Attack according to category classification, token network
Characteristic information in attack traffic obtains character network attack traffic, to character network attack traffic with database or text
Document form storage.
Compared with prior art, the present invention have it is following the utility model has the advantages that
1, by using symbolic execution technique, it can be realized the Network Attack generated to Python network attack script
Progress efficiently automatically extracts, classifies, storing on a large scale, without building target drone environment required for target Python attack script,
And the step of eliminating manual analysis script, dramatically save manpower and material resources;
2, the Python attack script for supporting new type, is with good expansibility and practicability, has wide answer
Use prospect.
Detailed description of the invention
Upon reading the detailed description of non-limiting embodiments with reference to the following drawings, other feature of the invention,
Objects and advantages will become more apparent upon:
Fig. 1 is script flow chart of the invention;
Fig. 2 is traffic classification flow chart of the invention;
Fig. 3 is flow Stored Procedure figure of the invention.
Specific embodiment
The present invention is described in detail combined with specific embodiments below.Following embodiment will be helpful to the technology of this field
Personnel further understand the present invention, but the invention is not limited in any way.It should be pointed out that the ordinary skill of this field
For personnel, without departing from the inventive concept of the premise, several changes and improvements can also be made.These belong to the present invention
Protection scope.
A kind of automated network attack traffic acquisition methods based on Python provided according to the present invention, compared to
The flow of traditional attack script extracts, and without building target drone environment required for target Python attack script, directly utilizes symbol
The result that calculates number is executed to adjust every the input parameter, feedback variable of script so that script can be specific by these
Parameter and variable execute each branch for being triggered to code, to can smoothly enter into the real attack code process of script and final
Its attack traffic discharged is captured, without being halted attacks in advance due to the incorrect of target environment, and can be removed from
Manual analysis script and the step of build target drone environment, to use manpower and material resources sparingly.
The method includes test script amendment steps: obtaining network attack script, network attack script is enabled to carry out symbol
It executes, obtains the input information of code region execution;Traffic classification step: network attack script is executed according to input information, is mentioned
Network Attack is obtained, attack step classification is carried out to Network Attack;Flow storing step: Network Attack is enabled
According to category classification, characteristic information in token network attack traffic obtains character network attack traffic, attacks character network
Flow is stored in the form of database or text file.
Specifically, the input information mainly includes any one of input parameter, feedback variable or appoints a variety of.
Specifically, the network attack script is based on Python script, and the semiology analysis is based on Python symbol
It executes.
Specifically, it is to obtain objective function title by semiology analysis, call that the extraction, which obtains Network Attack,
API, lines of code infer that present flow rate is in position and property in attack step, carry out attack step to Network Attack
Rapid classification.
Specifically, the characteristic information mainly include IP address, port numbers, check bit, etc. in any in variable positions
Or appoint a variety of.
Specifically, it is described enable network attack script carry out semiology analysis when, judge sentence by network attack foot according to condition
Originally it is divided into basic code block, is connected with dendrogram and successively executes relationship.
Specifically, the semiology analysis using pruning algorithms, branch into that policy selection, based on context state recognition is worked as
Any one of preceding circulation position appoints a variety of, progress network attack script execution.
Specifically, the solver in the semiology analysis, semiology analysis engine independently execute, and jump generation using modification script
Code promotes code implementation coverage.
A kind of computer readable storage medium for being stored with computer program provided according to the present invention, the computer journey
The step of above method is realized when sequence is executed by processor.
A kind of automated network attack traffic based on Python provided according to the present invention obtains system, including,
Test script correction module: obtaining network attack script, and network attack script is enabled to carry out semiology analysis, obtains code region execution
Input information;Traffic classification module: network attack script is executed according to input information, extraction obtains Network Attack, right
Network Attack carries out attack step classification;Flow memory module: enable Network Attack according to category classification, token network
Characteristic information in attack traffic obtains character network attack traffic, to character network attack traffic with database or text
Document form storage.
Automated network attack traffic provided by the invention based on Python obtains system, can be by being based on
The step process of the automated network attack traffic acquisition methods of Python is realized.Those skilled in the art can will be based on
The automated network attack traffic acquisition methods of Python are interpreted as the automated network based on Python and attack
Hit the preference that flow obtains system.
It is further elaborated below for preference.
Firstly, analysis script, carries out semiology analysis to the Python network attack script got, utilizes semiology analysis
Calculated result inputs parameter, feedback variable to adjust the every of script, and script is allowed to pass through these specific parameters and change
It measures to trigger each branch for executing code, really attacks process hence into script, own capture that it is discharged
Attack traffic;Secondly, traffic classification can be according to Python semiology analysis skill when automatically analyzing Python network attack script
Art objective function title obtained calls the information inferences present flow rates such as API, locating lines of code to be in attack step
Position and property, to carry out attack step classification to the attack traffic automatically extracted;Finally, flow stores, will mention automatically
The Network Attack got according to category classification, and to IP, port in flow, verify and variable positions waited to be marked, just
Corresponding parameter is modified when subsequent construction particular network attack traffic, then in the form of database data and text file form
It is stored, to meet subsequent big data analysis or manual analysis demand.
Python symbolic execution technique applicable object range used in the present invention is all Python scripts, therefore target
Attack script either existing attack type, or the following new network attack type occurred at present, as long as using
What Python was write is all just effective.Python symbolic execution technique used in the present invention can be with automated analysis
Python script can automatically run attack script as long as network attack script is write with Python, from
And trigger the attack code path in script and capture attack traffic, this process is entirely automation.It is used herein
Symbolic execution technique when analyzing Python attack script, according to conditions such as if, else, while can judge sentence
It is divided into basic code block, its possible successive execution relationship is connected with dendrogram, so as to more easily count
Code coverage and other expansion analytic functions.When for attack step especially complex Python attack script, this hair
Python symbolic execution technique used in bright can pass through pruning algorithms, the selection, based on context to strategy is branched into
The means such as state recognition previous cycle position avoid leading to path explosion and hang-up because accessing unnecessary loop branches, thus
The present invention is promoted to the coverage rate of Python attack script analysis, while improving operational efficiency.Python symbolic execution technique institute
The solver and Python semiology analysis engine used is two independent parts, and Python semiology analysis engine passes through solver
External calling interface interact and obtain required constraint solving answer, can draw not influencing Python semiology analysis
In the case where holding up, the insurmountable restricted problem of more current mathematics is obtained by the subsequent solution ability for improving solver,
To improve the triggering ability of code under special parameter constraint condition;It can also lead in the case where not influencing constraint solver
Later continue improvement semiology analysis engine branches into the characteristics such as strategy, Strategy for Parameter Selecting, script modification strategy, to promote this
The Python code coverage rate and raising operational efficiency of invention.But since current solution device ability is sent out by objective science of mathematics
The limitation of exhibition, constraint solving ability show not some constraint conditions being related to except current science of mathematics resolution ability
Good, in response to this, the present invention has been also equipped with the ability that modification script jumps code, passes through modification script unapproachable generation
The condition of code branch judges sentence, while the reasonable enforcement sequence of each code block is kept using tree-shaped graph structure, to be promoted
Code coverage improves the ability that triggering really generates attack traffic.The present invention, can be according to process when grabbing data on flows packet
Traffic differentiation is carried out, so that the data packet obtained is more accurate than the capture of conventional data packet, resulting data on flows energy
More make the work such as extraction traffic characteristic, academic analysis more convenient efficiently.For each of the same Python attack script
It is true that the flow file that a code execution path is captured can find out it according to features such as its length, API Calls, data packet numbers
Flow file where positive attack traffic.
One skilled in the art will appreciate that in addition to realizing system provided by the invention in a manner of pure computer readable program code
It, completely can be by the way that method and step be carried out programming in logic come so that provided by the invention other than system, device and its modules
System, device and its modules are declined with logic gate, switch, specific integrated circuit, programmable logic controller (PLC) and insertion
The form of controller etc. realizes identical program.So system provided by the invention, device and its modules may be considered that
It is a kind of hardware component, and the knot that the module for realizing various programs for including in it can also be considered as in hardware component
Structure;It can also will be considered as realizing the module of various functions either the software program of implementation method can be Hardware Subdivision again
Structure in part.
Specific embodiments of the present invention are described above.It is to be appreciated that the invention is not limited to above-mentioned
Particular implementation, those skilled in the art can make a variety of changes or modify within the scope of the claims, this not shadow
Ring substantive content of the invention.In the absence of conflict, the feature in embodiments herein and embodiment can any phase
Mutually combination.
Claims (10)
1. a kind of automated network attack traffic acquisition methods based on Python characterized by comprising
Test script amendment step: obtaining network attack script, enables network attack script carry out semiology analysis, obtains code region
The input information of execution;
Traffic classification step: network attack script is executed according to input information, extraction obtains Network Attack, to network attack
Flow carries out attack step classification;
Flow storing step: enabling Network Attack according to category classification, and the characteristic information in token network attack traffic obtains
Character network attack traffic stores character network attack traffic in the form of database or text file.
2. the automated network attack traffic acquisition methods according to claim 1 based on Python, feature exist
In the input information mainly includes any one of input parameter, feedback variable or appoints a variety of.
3. the automated network attack traffic acquisition methods according to claim 1 based on Python, feature exist
In the network attack script is based on Python script.
4. the automated network attack traffic acquisition methods according to claim 1 based on Python, feature exist
In it is to obtain objective function title by semiology analysis, call API, lines of code that the extraction, which obtains Network Attack, is pushed away
Disconnected present flow rate is in position and property in attack step, carries out attack step classification to Network Attack.
5. the automated network attack traffic acquisition methods according to claim 1 based on Python, feature exist
In, the characteristic information mainly include IP address, port numbers, check bit, etc. in any in variable positions or appoint a variety of.
6. the automated network attack traffic acquisition methods according to claim 1 based on Python, feature exist
In, it is described enable network attack script carry out semiology analysis when, judge that network attack script is divided into substantially by sentence according to condition
Code block is connected with dendrogram and successively executes relationship.
7. the automated network attack traffic acquisition methods according to claim 1 based on Python, feature exist
In the semiology analysis uses pruning algorithms, branches into policy selection, based on context state recognition previous cycle position
It is any or appoint it is a variety of, carry out network attack script execution.
8. the automated network attack traffic acquisition methods according to claim 1 based on Python, feature exist
In solver, semiology analysis engine in the semiology analysis independently execute, and jump code using modification script, promote code
Implementation coverage.
9. a kind of automated network attack traffic based on Python obtains system characterized by comprising
Test script correction module: obtaining network attack script, enables network attack script carry out semiology analysis, obtains code region
The input information of execution;
Traffic classification module: network attack script is executed according to input information, extraction obtains Network Attack, to network attack
Flow carries out attack step classification;
Flow memory module: enabling Network Attack according to category classification, and the characteristic information in token network attack traffic obtains
Character network attack traffic stores character network attack traffic in the form of database or text file.
10. a kind of computer readable storage medium for being stored with computer program, which is characterized in that the computer program is located
The step of reason device realizes method described in any item of the claim 1 to 8 when executing.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811184616.3A CN109547405A (en) | 2018-10-11 | 2018-10-11 | Automated network attack traffic acquisition methods and system based on Python |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811184616.3A CN109547405A (en) | 2018-10-11 | 2018-10-11 | Automated network attack traffic acquisition methods and system based on Python |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109547405A true CN109547405A (en) | 2019-03-29 |
Family
ID=65843627
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811184616.3A Pending CN109547405A (en) | 2018-10-11 | 2018-10-11 | Automated network attack traffic acquisition methods and system based on Python |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109547405A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113569212A (en) * | 2021-07-30 | 2021-10-29 | 上海交通大学 | Keystroke dynamics identity authentication and identification method and system based on automatic encoder |
| CN113794712A (en) * | 2021-09-10 | 2021-12-14 | 中国工商银行股份有限公司 | Method, apparatus, device and medium for controlling traffic of network security shooting range |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103455421A (en) * | 2013-08-19 | 2013-12-18 | 西安交通大学 | Regression testing case generation method based on program control dependence guide |
| US20140143762A1 (en) * | 2012-11-21 | 2014-05-22 | Fujitsu Limited | Symbolic execution of dynamic programming languages |
| CN104219221A (en) * | 2014-05-30 | 2014-12-17 | 郭瑞 | Network security flow generating method and network security flow generating system |
-
2018
- 2018-10-11 CN CN201811184616.3A patent/CN109547405A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140143762A1 (en) * | 2012-11-21 | 2014-05-22 | Fujitsu Limited | Symbolic execution of dynamic programming languages |
| CN103455421A (en) * | 2013-08-19 | 2013-12-18 | 西安交通大学 | Regression testing case generation method based on program control dependence guide |
| CN104219221A (en) * | 2014-05-30 | 2014-12-17 | 郭瑞 | Network security flow generating method and network security flow generating system |
Non-Patent Citations (2)
| Title |
|---|
| 邱洋、王轶骏、薛质: "基于符号执行的Python攻击脚本分析平台", 《计算机工程》 * |
| 邱洋: "基于符号执行的Python 攻击脚本分析", 《万方学位论文》 * |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113569212A (en) * | 2021-07-30 | 2021-10-29 | 上海交通大学 | Keystroke dynamics identity authentication and identification method and system based on automatic encoder |
| CN113569212B (en) * | 2021-07-30 | 2024-04-26 | 上海交通大学 | Automatic encoder-based key-striking dynamics identity authentication and identification method and system |
| CN113794712A (en) * | 2021-09-10 | 2021-12-14 | 中国工商银行股份有限公司 | Method, apparatus, device and medium for controlling traffic of network security shooting range |
| CN113794712B (en) * | 2021-09-10 | 2022-07-12 | 中国工商银行股份有限公司 | Method, apparatus, device and medium for controlling traffic of network security shooting range |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102508780B (en) | Crossed dynamic software testing method and device | |
| CN104598380B (en) | A kind of automated testing method and system based on control | |
| CN109947646A (en) | Interface test method, device, computer equipment and storage medium | |
| CN111291384B (en) | Vulnerability scanning method and device and electronic equipment | |
| CN103532793A (en) | Automatic penetration testing method for information system security | |
| CN104732152B (en) | Buffer-overflow vulnerability automatic testing method based on the beta pruning of semiology analysis path | |
| CN105763392A (en) | Industrial control protocol fuzzing test method based on protocol state | |
| CN106874763B (en) | Android software malicious behavior triggering system and method for simulating user behavior | |
| CN109117364A (en) | A kind of object-oriented method for generating test case and system | |
| CN108459954A (en) | Vulnerability of application program detection method and device | |
| Wang et al. | A combinatorial approach to detecting buffer overflow vulnerabilities | |
| CN106529304B (en) | A kind of Android applies concurrent leakage location | |
| CN110022311A (en) | A kind of cloud outsourcing service leaking data safety test use-case automatic generating method based on attack graph | |
| CN111884989A (en) | Vulnerability detection method and system for power web system | |
| CN109547405A (en) | Automated network attack traffic acquisition methods and system based on Python | |
| CN110245077A (en) | A kind of response method and equipment of program exception | |
| CN109255240A (en) | A kind of loophole treating method and apparatus | |
| CN105487983A (en) | Sensitive point approximation method based on intelligent route guidance | |
| Wang et al. | Detecting SQL vulnerability attack based on the dynamic and static analysis technology | |
| CN113206849B (en) | Vulnerability scanning method and device based on ghidra and related equipment | |
| Wang et al. | A model-based behavioral fuzzing approach for network service | |
| CN107682302A (en) | Cross-site scripting attack detection method and device | |
| Yuan et al. | A method for detecting buffer overflow vulnerabilities | |
| CN109002723A (en) | A kind of segmented symbolic excution methodology | |
| CN108446557A (en) | Security threat active perception method based on defence honey jar |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190329 |
|
| RJ01 | Rejection of invention patent application after publication |