CN111756746B - Network attack and defense competition dynamic Flag anti-cheating application method - Google Patents

Network attack and defense competition dynamic Flag anti-cheating application method Download PDF

Info

Publication number
CN111756746B
CN111756746B CN202010591580.1A CN202010591580A CN111756746B CN 111756746 B CN111756746 B CN 111756746B CN 202010591580 A CN202010591580 A CN 202010591580A CN 111756746 B CN111756746 B CN 111756746B
Authority
CN
China
Prior art keywords
information
flag
attack
virtual node
defense
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010591580.1A
Other languages
Chinese (zh)
Other versions
CN111756746A (en
Inventor
王庆
何跃鹰
王鲁华
李建强
曹钰洁
王书亚
林冠洲
李超
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Xinlian Kehui Technology Co ltd
National Computer Network and Information Security Management Center
Original Assignee
Beijing Xinlian Kehui Technology Co ltd
National Computer Network and Information Security Management Center
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Xinlian Kehui Technology Co ltd, National Computer Network and Information Security Management Center filed Critical Beijing Xinlian Kehui Technology Co ltd
Priority to CN202010591580.1A priority Critical patent/CN111756746B/en
Publication of CN111756746A publication Critical patent/CN111756746A/en
Application granted granted Critical
Publication of CN111756746B publication Critical patent/CN111756746B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/30Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • H04L67/025Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/146Markers for unambiguous identification of a particular session, e.g. session cookie or URL-encoding
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Technology Law (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention relates to a dynamic Flag anti-cheating application method of a network attack and defense competition, wherein in the process that an attacker submits attack result information and a system analyzes the attack result information, a Flag server forwards new Flag information generated by an attack and defense anti-environment management system aiming at corresponding services on corresponding virtual nodes, the Flag information in the successfully attacked service is updated in time under different attack and defense rounds, the uniqueness and the accuracy of the Flag information in the whole network attack and defense competition are ensured in the whole competition period, the alarm information of the corresponding attacker is recorded aiming at the Flag analysis result with doubtful points, and the collection of problem solving steps corresponding to the attacking and defense parties respectively is combined, so that the objective evaluation of the network attack and defense competition result is realized, the accurate judgment of the competition result is ensured, and the competition fairness is improved.

Description

Network attack and defense competition dynamic Flag anti-cheating application method
Technical Field
The invention relates to a dynamic Flag anti-cheating application method for a network attack and defense competition, and belongs to the technical field of virtual attack and defense competition.
Background
With the rapid development of internet technology, the network brings convenience and high efficiency to life and production, and simultaneously provides new challenges for information security, economic security and the like. The network security is enhanced, the risk brought by the network can be better avoided, the network security is enhanced, a large number of professional talents with network security skills are needed, the network attack and defense competition simulates the confrontation scene in a real network environment, and the method is a mode for efficiently cultivating and selecting the relevant talents.
The network attack and defense competition requires a competition team to attack virtual equipment of other teams in a specific virtual network environment to acquire related Flag information as the name suggests, and meanwhile, the self defending party equipment is not taken by other people to acquire the Flag information. Specifically, each participating team allocates devices with the same initialization configuration, the virtual devices run in the same environment, each virtual device contains one or more vulnerabilities, and the participating team needs to discover vulnerabilities of an enemy and initiate attacks within a limited time and reinforce the vulnerabilities of the own party so as to prevent the vulnerabilities from being broken. The scoring mode of the match is zero and scoring, namely each competition team has certain initial scoring, the breaking opponent can score, and the breaking opponent correspondingly deducts the scoring.
The network attack and defense competition judges whether the attack is successful or not by monitoring the attack flow in the competition and comparing whether the Flag submitted by the user is correct or not. In the process of competition, after a contestant breaks the service of an opponent, the contestant obtains a corresponding Flag, the contestant needs to submit the obtained Flag to a system appraising module through a specified entrance, and the system gives a score according to the attack flow and the Flag; the network attack and defense competition not only needs to ensure that the Flag information of the competition environment is unique, but also needs to prevent cheating behaviors in the competition process and disturb the competition order. The dynamic Flag generation in the game needs to solve the following situations:
situation 1. different services of different teams participating in the game set different flags;
case 2. different teams participating in the game set different Flag for the same service;
case 3. different services of the same competition team set different flags;
case 4. the same service of the same team updates Flag at regular time.
In the prior art, regarding the application of the Flag in the virtual network environment, for example, a common Flag generation manner of the patent is a static Flag, and it is disclosed that before a match, a Flag of each service is set when a match title is configured; the player initiates a request to acquire the title information, and creates a game environment according to the service information. The static Flag generation method can satisfy different flags for different services, but cannot satisfy different flags for the same service, i.e., the above cases 1 and 3, and the above cases 2 and 4 are not satisfied.
In addition, a dynamic Flag generation mode is proposed by the wang wei and the like of the Nanjing Xeroning information technology Limited company, firstly, a player initiates a request to acquire service information, triggers a system to dynamically generate Flag, and updates the Flag in the service information; then writing the newly generated Flag into the initialization script to create a virtual environment of the competition; and finally, saving the newly generated Flag to a database for later Flag verification. The dynamic Flag generation method can satisfy different services and different flags of the same service of different players, but cannot satisfy the timing refresh Flag of the same service of the same player, namely, the above situations 1, 2 and 3 can be satisfied, and the above situation 4 can not be satisfied.
Moreover, the rochelle et al of the university of beijing rationality proposed a dynamic Flag generation method, which sequentially executed the following steps:
1) creating a virtual competition environment, and adding virtual serial port equipment for the virtual target drone;
2) triggering a Flag module by a player breaking service;
3) the generated Flag is displayed to the player through the virtual serial port equipment;
4) the generated Flag is stored in a database;
5) and (5) comparing the Flag submitted by the players with the Flag in the database, and systematically judging.
The dynamic Flag generation mode can simultaneously meet the four situations, but when two players break through the same service at the same time, the two dynamic Flag generation modules are called twice in sequence, and Flag conflicts at the same time, so that the appraising errors are caused.
Disclosure of Invention
The invention aims to solve the technical problem of providing a dynamic Flag anti-cheating application method for a network attack and defense game, which adopts a brand-new judgment analysis strategy, ensures the objective Flag information, can realize accurate monitoring aiming at the network attack and defense game and effectively improves the accuracy of a game result.
The invention adopts the following technical scheme for solving the technical problems: the invention designs a dynamic Flag anti-cheating application method of a network attack and defense competition, which is used for analyzing attack result information submitted by an attacker and confirming an attack result, wherein an attack and defense countermeasure environment management system executes the following steps A to G:
step A, judging whether the Flag information is the Flag information in the attack and defense countermeasure environment management system or not aiming at the attacked virtual node IP, the port information of the service on the attacked virtual node and the Flag information of the service in the attack result information, and entering the step B if the Flag information is the Flag information in the attack and defense countermeasure environment management system; otherwise, feeding back the invalid information of the attack result, and recording the invalid information as the alarm information of the attacker;
b, judging whether the Flag information is the Flag information served on the virtual node of the attacker, if so, indicating that the attacker submits own information, feeding back the invalid information of the attack result, and recording the invalid information as the alarm information of the attacker; otherwise, entering the step C;
c, judging whether the Flag information is effective Flag information in the attack and defense countermeasure environment management system or not, and if so, entering the step D; otherwise, the Flag information is prompted to be invalid and recorded as the alarm information of the attacker and the alarm information of the attacker submitting the Flag information for the first time;
step D, judging whether the IP of the attacked virtual node, the port information of the service on the attacked virtual node and the Flag information of the service are correspondingly matched or not aiming at the attack result information, if so, respectively entering the step E and the step F; otherwise, feeding back the invalid information of the attack result, and recording the invalid information as the alarm information of the attacker;
step E, aiming at the attacked service on the attacked virtual node in the attack result information, setting the Flag information of the service to be invalid, and generating new Flag information for updating the Flag information of the service;
step F, judging whether the virtual node of the attacker generates attack flow, if so, entering step G; otherwise, prompting that the attack flow is not detected, and recording the alarm information as the alarm information of the attacker;
and G, judging whether the attack traffic contains port information of the attacked service on the attacked virtual node in the attack result information, if so, giving a score to the attacker according to the question information corresponding to the service, otherwise, prompting that the attacking port is not detected and recording the score as the alarm information of the attacker.
As a preferred technical scheme of the invention: based on the confirmation of the attack result in the steps A to G, after the network attack and defense competition is finished, the method also comprises the following steps a to b;
step a, obtaining problem solving steps corresponding to all attacking and defending parties respectively and warning information of all attacking and defending parties, and then entering step b;
and b, according to the corresponding relation between each question and each virtual node in the network attack and defense competition, combining the problem solving steps corresponding to each attacking and defense party and the alarm information of each attacking and defense party, checking the scores of each attacking and defense party, and correspondingly correcting the scores of each attacking and defense party with errors.
As a preferred technical scheme of the invention: the attack and defense countermeasure environment management system comprises a Flag server internally provided with a message middleware service and a CA root certificate; in the construction of the network attack and defense competition environment, after the virtual nodes corresponding to the network attack and defense images are obtained, the following steps I to V are further included for each virtual node:
i, establishing a unique identification code corresponding to a virtual node by an attack and defense confrontation environment management system to serve as theme information of the virtual node, and then entering step II;
step II, storing the theme information of the virtual node into a message middleware service of a Flag server, and then entering step III;
step III, aiming at each service in the virtual node, applying the theme information of the virtual node, the Flag file address in the service and the CA certificate corresponding to the CA root certificate in the Flag server to construct a configuration file corresponding to the service; further acquiring configuration files corresponding to the services in the virtual node, and then entering step IV;
step IV, importing the configuration files corresponding to the services in the virtual node into the virtual node in the form of subscription scripts, and entering the step V;
and V, starting each subscription script in the virtual node, realizing the import of the CA certificate in the virtual node, simultaneously realizing the subscription of each service in the virtual node to a Flag server, and returning Flag information initialized by the defense and attack countermeasure environment management system aiming at each service in the virtual node to each service in the virtual node by the Flag server, so as to realize the writing of the initialized Flag information of each service.
As a preferred technical solution of the present invention, the step E includes the steps of:
step E1, the attack and defense countermeasure environment management system generates new Flag information aiming at the attacked service on the attacked virtual node in the attack result information, and then the step E2 is carried out;
step E2, connecting the Flag server, obtaining the subject information in the message middleware service subscribed by the attacked virtual node, judging whether the number of the virtual machine nodes related to the subject information in the Flag server is equal to 1, if so, entering the step E3; otherwise, the Flag information of the attacked service on the attacked virtual node cannot be updated, and the system reports the Flag information;
step E3. executes the script of the attacked virtual node and updates the Flag information of the attacked service on the attacked virtual node by applying the new Flag information.
As a preferred technical solution of the present invention, in step E3, it is determined whether the system of the attacked virtual node is a Linux system, if so, a set command is called, and the Flag information of the attacked service on the attacked virtual node is updated by applying the new Flag information; and otherwise, updating the Flag information of the attacked service on the attacked virtual node by using the new Flag information in a stream reading mode.
As a preferred technical scheme of the invention: the Flag server is constructed according to the following steps i to vi;
creating virtual configuration and selecting virtual resource information;
step ii, configuring a virtual network address;
step iii, installing a preset specified virtual machine operating system;
installing a message middleware service;
and step vi, installing the CA root certificate.
Compared with the prior art, the dynamic Flag anti-cheating application method for the network attack and defense competition, which is disclosed by the invention, has the following technical effects:
(1) according to the dynamic Flag anti-cheating application method for the network attack and defense competition, when an attacker submits attack result information and the system analyzes the attack result information, based on the submission of Flag information meeting preset correct requirements, a Flag server forwards new Flag information generated by an attack and defense anti-confrontation environment management system aiming at corresponding services on corresponding virtual nodes, so that the Flag information in the successfully attacked service is updated in time under different attack and defense rounds, the uniqueness and the accuracy of the Flag information in the whole network attack and defense competition in the whole competition period are ensured, the alarm information of the corresponding attacker is recorded aiming at the Flag analysis result with doubtful points, and the collection of problem solving steps corresponding to each attacker and defense party is combined, so that the objective evaluation of the network attack and defense competition result is realized, the accurate judgment of the competition result is ensured, and the competition fairness is improved;
(2) in the dynamic Flag anti-cheating application method for the network attack and defense competition, which is designed by the invention, the Flag server is applied, the unique identification code corresponding to the virtual node is taken as the subject information of the virtual node and is stored in the message middleware service of the Flag server, meanwhile, the subscription script is generated and is introduced into the virtual node, and the subscription script is started in the virtual node based on the subject information, the Flag file address and the CA certificate contained in the subscription script, so that the Flag server can forward the Flag information generated by the attack and defense countermeasure environment management system;
(3) in the dynamic Flag anti-cheating application method for the network attack and defense competition, which is designed by the invention, the message middleware service is skillfully utilized, whether all Flag files exist can be monitored, whether the attack and defense parties delete or close the subscription script service is prevented, and if the attack and defense parties delete or close the subscription script service in practical application, the system gives an alarm, namely, the system becomes a message without subscription, all services are in one-to-one correspondence, if two virtual nodes are discovered to subscribe, the problem of equipment is shown, and alarm information is recorded in time; and the application of the subscription script realizes the functions of subscribing and receiving Flag information on one hand and can avoid the complex operation of writing information by remotely connecting Windows on the other hand.
Drawings
FIG. 1 is a schematic flow chart of creating a theme and starting a subscription script with respect to a virtual node according to the present invention;
FIG. 2 is a schematic diagram of subscription publishing between a virtual node and a Flag server in the design of the present invention;
FIG. 3 is a schematic diagram illustrating the analysis process of the attack result information submitted by the attacker in the design of the present invention;
FIG. 4 is a schematic diagram illustrating the updating process of Flag information according to the present invention;
fig. 5 is a flow chart of score verification based on steps of solving the problem of each part of attack and defense and warning information of each part of attack and defense in the design of the present invention.
Detailed Description
The following description will explain embodiments of the present invention in further detail with reference to the accompanying drawings.
The invention designs a dynamic Flag anti-cheating application method of a network attack and defense competition, which is used for analyzing attack result information submitted by an attacker and realizing confirmation of an attack result, and in the actual application, in order to ensure the fairness of the competition, the invention designs a Flag server aiming at the network attack and defense competition, and the Flag server is used as a service for issuing and distributing unique Flag information to equipment of a competition team, and the Flag information and each virtual node form one-to-one association; in order to ensure the safety and reliability of the Flag server, a CA certificate is configured for the Flag server, so that illegal equipment is prevented from being accessed maliciously; and installing message middleware service in the Flag server, automatically starting host node monitoring and script detection when the virtual node is established, storing the identifier of the virtual node by the system, establishing the identifier in the Flag server message middleware as subject information, generating a script containing a CA certificate, the subject information and Flag information, and importing the script into the virtual node. And the virtual node equipment subscribes the service theme information of the message middleware of the Flag server by running the script, and automatically replaces the current Flag information when the subscription script receives the information pushed by the server. Therefore, the Flag information is pushed to the relevant subscription equipment by using the Flag server message middleware service; in practical application, the firewall of the Flag server is opened, a specific port is opened, and interference flow is avoided.
In practical applications, the Flag server is specifically constructed according to the following steps i to vi.
Creating a virtual configuration and selecting virtual resource information.
Step ii.
And step iii, installing a preset specified virtual machine operating system.
Install the message middleware service.
And step vi, installing the CA root certificate.
Based on the introduction of the Flag server, after virtual nodes corresponding to each network attack and defense image are obtained in the construction of the network attack and defense competition environment, the following steps I to V are further designed and executed for each virtual node, as shown in fig. 1.
And step I, the attack and defense confrontation environment management system creates a unique identification code corresponding to the virtual node as the theme information of the virtual node, and then the step II is carried out.
And step II, storing the theme information of the virtual node into a message middleware service of a Flag server, and then entering the step III.
Step III, aiming at each service in the virtual node, applying the theme information of the virtual node, the Flag file address in the service and the CA certificate corresponding to the CA root certificate in the Flag server to construct a configuration file corresponding to the service; and further acquiring configuration files corresponding to the services in the virtual node, and then entering step IV.
And IV, importing the configuration files corresponding to the services in the virtual node into the virtual node in the form of subscription scripts, and entering the step V.
And V, starting each subscription script in the virtual node, realizing the import of the CA certificate in the virtual node, simultaneously realizing the subscription of each service in the virtual node to a Flag server, and returning Flag information initialized by the defense and attack countermeasure environment management system aiming at each service in the virtual node to each service in the virtual node by the Flag server, so as to realize the writing of the initialized Flag information of each service.
The message middleware service is installed in the Flag server, only the virtual node runs the subscription script by using the message middleware service, and the virtual node can receive the message from the Flag server, so that the Flag server cannot monitor or utilize data by other people in the process of releasing the Flag information to the virtual node, and the safety of the data is ensured. Therefore, in the network attack and defense competition environment designed by the invention, the safety and reliability of Flag data can be effectively ensured, each team, topic information and virtual machine node are bound to unique topic information, and in practical application, a specific subscription and release process is shown in fig. 2.
Based on the Flag server applied to the attack and defense countering environment management system and the operations from the step I to the step V designed and executed for each virtual node, in the actual application, as shown in fig. 3, the attack and defense countering environment management system executes the following steps a to G, analyzes the attack result information submitted by the attacker, and realizes confirmation of the attack result.
Step A, judging whether the Flag information is the Flag information in the attack and defense countermeasure environment management system or not aiming at the attacked virtual node IP, the port information of the service on the attacked virtual node and the Flag information of the service in the attack result information, and entering the step B if the Flag information is the Flag information in the attack and defense countermeasure environment management system; otherwise, the information of the attack result is fed back to be invalid and recorded as the alarm information of the attack party.
B, judging whether the Flag information is the Flag information served on the virtual node of the attacker, if so, indicating that the attacker submits own information, feeding back the invalid information of the attack result, and recording the invalid information as the alarm information of the attacker; otherwise, entering the step C.
C, judging whether the Flag information is effective Flag information in the attack and defense countermeasure environment management system or not, and if so, entering the step D; otherwise, the Flag information is prompted to be invalid and recorded as the alarm information of the attacker and the alarm information of the attacker submitting the Flag information for the first time.
Step D, judging whether the IP of the attacked virtual node, the port information of the service on the attacked virtual node and the Flag information of the service are correspondingly matched or not aiming at the attack result information, if so, respectively entering the step E and the step F; otherwise, the information of the attack result is fed back to be invalid and recorded as the alarm information of the attack party.
And E, setting the Flag information of the service to be invalid aiming at the attacked service on the attacked virtual node in the attack result information, and generating new Flag information for updating the Flag information of the service.
In practical applications, as shown in fig. 4, the step E is specifically designed to perform the following steps E1 to E3.
And E1, aiming at the attacked service on the attacked virtual node in the attack result information, the attacking and defending resisting environment management system generates new Flag information, and then the step E2 is carried out.
Step E2, connecting the Flag server, obtaining the subject information in the message middleware service subscribed by the attacked virtual node, judging whether the number of the virtual machine nodes related to the subject information in the Flag server is equal to 1, if so, entering the step E3; otherwise, the Flag information of the attacked service on the attacked virtual node cannot be updated, and the system reports the Flag information.
Step E3. executes the script of the attacked virtual node and updates the Flag information of the attacked service on the attacked virtual node by applying the new Flag information.
And step E3, in the actual execution, specifically designing and judging whether the system of the attacked virtual node is a Linux system or not aiming at the operating system of the virtual node, if so, calling a set command, and updating the Flag information of the attacked service on the attacked virtual node by applying the new Flag information; and otherwise, updating the Flag information of the attacked service on the attacked virtual node by using the new Flag information in a stream reading mode.
Step F, judging whether the virtual node of the attacker generates attack flow, if so, entering step G; otherwise, prompting that the attack flow is not detected, and recording the alarm information as the alarm information of the attack party.
And G, judging whether the attack traffic contains port information of the attacked service on the attacked virtual node in the attack result information, if so, giving a score to the attacker according to the question information corresponding to the service, otherwise, prompting that the attacking port is not detected and recording the score as the alarm information of the attacker.
In practical applications, after the network attack and defense competition is finished based on the confirmation of the attack results from the steps a to G, as shown in fig. 5, the following steps a to b are further designed and executed.
Step a, obtaining the problem solving steps corresponding to all attacking and defending parties respectively, namely Writeup corresponding to all attacking and defending parties respectively and the alarm information of all attacking and defending parties, and then entering step b.
And b, according to the corresponding relation between each question and each virtual node in the network attack and defense competition, combining the problem solving steps corresponding to each attack and defense party and the alarm information of each attack and defense party, checking the scores of each attack and defense party, namely judging whether the scores are valid or not, and correspondingly correcting the scores which are wrong.
The dynamic Flag anti-cheating application method for the network attack and defense competition designed by the invention is applied to practice, and through the angle analysis of the steps, if abnormal conditions occur, the system can give a relevant alarm information prompt to prepare for maintaining a good competition environment, so that accurate monitoring can be realized for the network attack and defense competition, and the accuracy of a competition result is effectively improved.
In the dynamic Flag anti-cheating application method for the network attack and defense competition designed by the technical scheme, in the process that an attacker submits attack result information and the system analyzes the attack result information, based on the submission of Flag information meeting preset correct requirements, a Flag server forwards new Flag information generated by an attack and defense anti-confrontation environment management system aiming at corresponding services on corresponding virtual nodes, the Flag information in the successfully attacked services is updated in time under different attack and defense rounds, the uniqueness and the accuracy of the Flag information in the whole network attack and defense competition are ensured in the whole competition period, the alarm information of the corresponding attacker is recorded aiming at the Flag analysis result with doubtful points, and the collection of problem solving steps corresponding to the attacking and defending parties respectively is combined, so that the objective evaluation of the network attack and defense competition result is realized, the accurate judgment of the competition result is ensured, and the fairness of the competition is improved.
In the dynamic Flag anti-cheating application method for the network attack and defense competition, which is designed by the invention, the Flag server is applied, the unique identification code corresponding to the virtual node is taken as the subject information of the virtual node and is stored in the message middleware service of the Flag server, the subscription script is generated and is introduced into the virtual node, and the subscription script is started in the virtual node based on the subject information, the Flag file address and the CA certificate contained in the subscription script, so that the Flag server can forward the Flag information generated by the attack and defense countermeasure environment management system.
In the dynamic Flag anti-cheating application method for the network attack and defense competition, which is designed by the invention, the message middleware service is skillfully utilized, whether all Flag files exist can be monitored, whether the attack and defense parties delete or close the subscription script service is prevented, and if the attack and defense parties delete or close the subscription script service in practical application, the system gives an alarm, namely, the system becomes a message without subscription, all services are in one-to-one correspondence, if two virtual nodes are discovered to subscribe, the problem of equipment is shown, and alarm information is recorded in time; and the application of the subscription script realizes the functions of subscribing and receiving Flag information on one hand and can avoid the complex operation of writing information by remotely connecting Windows on the other hand.
The embodiments of the present invention have been described in detail with reference to the drawings, but the present invention is not limited to the above embodiments, and various changes can be made within the knowledge of those skilled in the art without departing from the gist of the present invention.

Claims (5)

1. A network attack and defense competition dynamic Flag anti-cheating application method is used for analyzing attack result information submitted by an attacker and confirming an attack result, and is characterized in that an attack and defense countermeasure environment management system executes the following steps A to G:
step A, judging whether the Flag information is the Flag information in the attack and defense countermeasure environment management system or not aiming at the attacked virtual node IP, the port information of the service on the attacked virtual node and the Flag information of the service in the attack result information, and entering the step B if the Flag information is the Flag information in the attack and defense countermeasure environment management system; otherwise, feeding back the invalid information of the attack result, and recording the invalid information as the alarm information of the attacker;
b, judging whether the Flag information is the Flag information served on the virtual node of the attacker, if so, indicating that the attacker submits own information, feeding back the invalid information of the attack result, and recording the invalid information as the alarm information of the attacker; otherwise, entering the step C;
c, judging whether the Flag information is effective Flag information in the attack and defense countermeasure environment management system or not, and if so, entering the step D; otherwise, the Flag information is prompted to be invalid and recorded as the alarm information of the attacker and the alarm information of the attacker submitting the Flag information for the first time;
step D, judging whether the IP of the attacked virtual node, the port information of the service on the attacked virtual node and the Flag information of the service are correspondingly matched or not aiming at the attack result information, if so, respectively entering the step E and the step F; otherwise, feeding back the invalid information of the attack result, and recording the invalid information as the alarm information of the attacker;
step E, aiming at the attacked service on the attacked virtual node in the attack result information, setting the Flag information of the service to be invalid, and generating new Flag information for updating the Flag information of the service;
the step E comprises the following steps E1 to E3;
step E1, the attack and defense countermeasure environment management system generates new Flag information aiming at the attacked service on the attacked virtual node in the attack result information, and then the step E2 is carried out;
step E2, connecting a Flag server, obtaining subject information in the message middleware service subscribed by the attacked virtual node, judging whether the number of virtual machine nodes related to the subject information in the Flag server is equal to 1, and if so, entering the step E3; otherwise, the Flag information of the attacked service on the attacked virtual node cannot be updated, and the system reports the Flag information;
step E3., executing the script of the attacked virtual node, and applying the new Flag information to update the Flag information of the attacked service on the attacked virtual node;
step F, judging whether the virtual node of the attacker generates attack flow, if so, entering step G; otherwise, prompting that the attack flow is not detected, and recording the alarm information as the alarm information of the attacker;
and G, judging whether the attack traffic contains port information of the attacked service on the attacked virtual node in the attack result information, if so, giving a score to the attacker according to the question information corresponding to the service, otherwise, prompting that the attacking port is not detected and recording the score as the alarm information of the attacker.
2. The dynamic Flag anti-cheating application method of the network attack and defense competition according to claim 1, wherein the dynamic Flag anti-cheating application method comprises the following steps: based on the confirmation of the attack result in the steps A to G, after the network attack and defense competition is finished, the method also comprises the following steps a to b;
step a, obtaining problem solving steps corresponding to all attacking and defending parties respectively and warning information of all attacking and defending parties, and then entering step b;
and b, according to the corresponding relation between each question and each virtual node in the network attack and defense competition, combining the problem solving steps corresponding to each attacking and defense party and the alarm information of each attacking and defense party, checking the scores of each attacking and defense party, and correspondingly correcting the scores of each attacking and defense party with errors.
3. The dynamic Flag anti-cheating application method of the network attack and defense competition according to claim 1, wherein the dynamic Flag anti-cheating application method comprises the following steps: the attack and defense countermeasure environment management system comprises a Flag server internally provided with a message middleware service and a CA root certificate; in the construction of the network attack and defense competition environment, after the virtual nodes corresponding to the network attack and defense images are obtained, the following steps I to V are further included for each virtual node:
i, establishing a unique identification code corresponding to a virtual node by an attack and defense confrontation environment management system to serve as theme information of the virtual node, and then entering step II;
step II, storing the theme information of the virtual node into a message middleware service of a Flag server, and then entering step III;
step III, aiming at each service in the virtual node, applying the theme information of the virtual node, the Flag file address in the service and the CA certificate corresponding to the CA root certificate in the Flag server to construct a configuration file corresponding to the service; further acquiring configuration files corresponding to the services in the virtual node, and then entering step IV;
step IV, importing the configuration files corresponding to the services in the virtual node into the virtual node in the form of subscription scripts, and entering the step V;
and V, starting each subscription script in the virtual node, realizing the import of the CA certificate in the virtual node, simultaneously realizing the subscription of each service in the virtual node to a Flag server, and returning Flag information initialized by the defense and attack countermeasure environment management system aiming at each service in the virtual node to each service in the virtual node by the Flag server, so as to realize the writing of the initialized Flag information of each service.
4. The method for applying dynamic Flag anti-cheating in a network attack and defense competition according to claim 1, wherein in the step E3, it is determined whether the system of the attacked virtual node is a Linux system, if so, a set command is invoked, and the Flag information of the attacked service on the attacked virtual node is updated by applying the new Flag information; and otherwise, updating the Flag information of the attacked service on the attacked virtual node by using the new Flag information in a stream reading mode.
5. The dynamic Flag anti-cheating application method of the network attack and defense competition according to any one of claims 3 to 4, wherein: the Flag server is constructed according to the following steps i to vi;
creating virtual configuration and selecting virtual resource information;
step ii, configuring a virtual network address;
step iii, installing a preset specified virtual machine operating system;
installing a message middleware service;
and step vi, installing the CA root certificate.
CN202010591580.1A 2020-06-24 2020-06-24 Network attack and defense competition dynamic Flag anti-cheating application method Active CN111756746B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010591580.1A CN111756746B (en) 2020-06-24 2020-06-24 Network attack and defense competition dynamic Flag anti-cheating application method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010591580.1A CN111756746B (en) 2020-06-24 2020-06-24 Network attack and defense competition dynamic Flag anti-cheating application method

Publications (2)

Publication Number Publication Date
CN111756746A CN111756746A (en) 2020-10-09
CN111756746B true CN111756746B (en) 2022-03-25

Family

ID=72677301

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010591580.1A Active CN111756746B (en) 2020-06-24 2020-06-24 Network attack and defense competition dynamic Flag anti-cheating application method

Country Status (1)

Country Link
CN (1) CN111756746B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112822460B (en) * 2021-02-01 2023-02-03 深圳市瑞驰文体发展有限公司 Billiard game video monitoring method and system

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8250654B1 (en) * 2005-01-27 2012-08-21 Science Applications International Corporation Systems and methods for implementing and scoring computer network defense exercises
US9325728B1 (en) * 2005-01-27 2016-04-26 Leidos, Inc. Systems and methods for implementing and scoring computer network defense exercises
CN106254547A (en) * 2016-09-29 2016-12-21 北京理工大学 A kind of network security technology contest dynamic FLAG management method
CN106874245B (en) * 2017-02-15 2020-04-14 南京赛宁信息技术有限公司 Dynamic Flag processing method and device for CTF online competition platform
CN108786115B (en) * 2018-05-03 2021-06-01 南京赛宁信息技术有限公司 Method and system for generating CTF dynamic Flag based on transparent proxy
CN109543933B (en) * 2018-10-08 2021-10-22 中国科学院信息工程研究所 Network security personnel skill evaluation system
CN111209089B (en) * 2020-02-28 2023-08-22 杭州师范大学 CTF competition online environment class title safety deployment method

Also Published As

Publication number Publication date
CN111756746A (en) 2020-10-09

Similar Documents

Publication Publication Date Title
US11189188B2 (en) Mission-based, game-implemented cyber training system and method
US9384677B2 (en) Automated execution and evaluation of network-based training exercises
Doupé et al. Hit'em where it hurts: a live security exercise on cyber situational awareness
CN106909432B (en) Online environment intelligent deployment system and method for CTF online competition platform
CN106874245B (en) Dynamic Flag processing method and device for CTF online competition platform
CN111786983B (en) Virtualized attack-defense countermeasure environment construction method
KR102152989B1 (en) Git based attack defense type hacking platform providing system and method for providing hacking contest using the same
CN107153603A (en) Analog detection method, the apparatus and system of game
WO2018175551A1 (en) Mission-based, game-implemented cyber training system and method
CN111209089B (en) CTF competition online environment class title safety deployment method
Childers et al. Organizing large scale hacking competitions
CN109499069B (en) Operation result checking method and device, storage medium and electronic device
US11765196B2 (en) Attack scenario simulation device, attack scenario generation system, and attack scenario generation method
Raj et al. Scalable and lightweight {CTF} infrastructures using application containers (pre-recorded presentation)
CN115225410B (en) Independent dynamic network security target range system, device and application method thereof
KR101918546B1 (en) Hacking Defense Contest System
CN111756746B (en) Network attack and defense competition dynamic Flag anti-cheating application method
US20220150273A1 (en) System and method for cyber training
Kim et al. Becoming invisible hands of national live-fire attack-defense cyber exercise
KR101918547B1 (en) Hacking Defense Contest System That Can Verify Vulnerability Patch
CN114584359A (en) Safe trapping method and device and computer equipment
CN112448850B (en) Method for identifying and configuring network access equipment
CN115277091A (en) Attack and defense method and device in network security competition
CN109685347A (en) Attacking and defending assessment method and device
Russo et al. Cyber Range and Cyber Defense Exercises: Gamification Meets University Students

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant