CN112217904A - Online network security competition method and device - Google Patents
Online network security competition method and device Download PDFInfo
- Publication number
- CN112217904A CN112217904A CN202011169697.7A CN202011169697A CN112217904A CN 112217904 A CN112217904 A CN 112217904A CN 202011169697 A CN202011169697 A CN 202011169697A CN 112217904 A CN112217904 A CN 112217904A
- Authority
- CN
- China
- Prior art keywords
- sub
- containers
- domain name
- addresses
- binding
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 51
- 238000013507 mapping Methods 0.000 claims description 29
- 230000003211 malignant effect Effects 0.000 abstract description 2
- 238000005516 engineering process Methods 0.000 description 10
- 238000010586 diagram Methods 0.000 description 4
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 230000006978 adaptation Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 238000013508 migration Methods 0.000 description 1
- 230000005012 migration Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000035515 penetration Effects 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1001—Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/10—Mapping addresses of different types
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
- H04L61/4505—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
- H04L61/4511—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1095—Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention provides an online network security competition method and device, relates to the technical field of computers, and can solve the problems that in the prior art, user internet resources are limited and malignant competition is easy to occur. The specific technical scheme is as follows: firstly, M contest questions are obtained, wherein M is more than or equal to 1; creating corresponding M basic mirror images according to the M game questions; creating M N containers of N competitors according to M basic mirror images, wherein N is more than or equal to 1; and binding the M x N containers with the M x N sub-domain name addresses, and sending the M x N sub-domain name addresses to the corresponding N competitors. The present disclosure is for online network security competitions.
Description
Technical Field
The present disclosure relates to the field of computer technologies, and in particular, to a method and an apparatus for online network security competition.
Background
With The rapid development of network security technology, network security capability assessment is gradually proposed, under The relatively special background of network security technology, Flag wrecking (CTF) gradually becomes a network security technology comparison and capability inspection mode approved by The public, The CTF discovers all security risks existing in a system by using a grasped computer technology, analyzes codes from The perspective of developers, discovers bugs from The perspective of discovering fault bugs, and even uses some reverse technologies. The CTF is divided into an Internet match and an offline match according to different scenes, and most flag-robbing matches are generally held online in order to ensure fairness and justice. However, with the popularization of the internet and the opening of the network in recent years, a flag-robbing competition mode at the internet end is also proposed as a great market demand.
However, the existing flag-robbing contest migrating from offline to internet has the following three problems:
firstly, the internet resources owned by a common user are limited, and are intensively embodied in IP, domain names and cloud server resources;
secondly, when the on-line flag-grabbing competition is carried out, the environments of the flag-grabbing competition cannot be shared for fairness and justice, otherwise, the environments are damaged after one competitor finishes the penetration and utilization, and the remaining competitors cannot grab the flags any more;
thirdly, if the access is carried out by using the IP address, the interference in a vicious competition mode is easy to occur, so that the competition is influenced, and under the serious condition, the competition can not be normally carried out directly.
Disclosure of Invention
The embodiment of the disclosure provides an online network security competition method and device, which can solve the problems that in the prior art, user internet resources are limited and malignant competition is easy to occur. The technical scheme is as follows:
according to a first aspect of an embodiment of the present disclosure, there is provided an online network security competition method, including:
obtaining M contest questions, wherein M is more than or equal to 1;
creating corresponding M basic mirror images according to the M game questions;
creating M N containers of N competitors according to the M basic mirror images, wherein N is more than or equal to 1;
and binding the M x N containers with M x N sub-domain name addresses, and sending the M x N sub-domain name addresses to the corresponding N competitors.
The online network security competition method provided by the embodiment of the disclosure comprises the steps of firstly obtaining M competition questions, wherein M is more than or equal to 1; creating corresponding M basic mirror images according to the M game questions; creating M N containers of N competitors according to M basic mirror images, wherein N is more than or equal to 1; and binding the M x N containers with the M x N sub-domain name addresses, and sending the M x N sub-domain name addresses to the corresponding N competitors. According to the method, the independent target environment is created through Docker, the independent domain name is bound through domain name extensive resolution, sufficient internet resources can be provided for competitors, and fairness and justness required by flag-taking competition can be achieved. In addition, Docker occupies less resources, greatly saves resources and reduces cost.
In one embodiment, before the creating the corresponding M base images from the M contests, the method further comprises:
coding the M contest questions to obtain M coded contest questions;
correspondingly, the creating of the corresponding M basic images according to the M questions includes:
and creating corresponding M basic images according to the M coding questions.
In one embodiment, said binding said M x N containers with M x N sub-domain name addresses comprises:
mapping the M by N containers out of ports of the M by N containers;
and binding the ports of the M x N containers with the M x N sub-domain name addresses.
By the method, the embodiment of the disclosure enables the M x N containers to map the M x N container ports, and binds the container ports with the sub-domain addresses, so that the participants can obtain enough network resources.
In one embodiment, said binding the ports of the M x N containers with the M x N sub-domain name addresses comprises:
forming a one-to-one mapping relation between the ports of the M x N containers and the M x N sub-domain name addresses;
and binding the ports of the M x N containers and the M x N sub-domain name addresses according to the mapping relation.
Through the method, each contest of each contestant has an independent sub-domain name address, and fairness and justness of the contest are guaranteed.
In one embodiment, prior to said binding said M x N containers with M x N sub-domain name addresses, said method further comprises:
acquiring a main domain name;
and performing universal resolution on the main domain name to generate the M x N sub-domain name addresses.
By the method, the random M x N sub-domain name addresses can be obtained.
According to a second aspect of the embodiments of the present disclosure, an online network security competition device is provided, which includes an obtaining module, a creating module, a binding module, and a sending module;
the acquisition module is used for acquiring M contest questions, wherein M is more than or equal to 1;
the creating module is used for creating M corresponding basic images according to the M contest questions and creating M N containers of N contestants according to the M basic images, wherein N is more than or equal to 1;
the binding module is used for binding the M x N containers with M x N sub-domain name addresses;
the sending module is configured to send the M × N sub-domain name addresses to the corresponding N competitors.
The online network security competition device provided by the embodiment of the disclosure comprises an acquisition module, a creation module, a binding module and a sending module; the acquisition module acquires M game questions, wherein M is more than or equal to 1; the creating module creates M corresponding basic images according to the M game questions and creates M N containers of N participants according to the M basic images, wherein N is more than or equal to 1; the binding module binds the M x N containers with the M x N sub-domain name addresses; and the sending module sends the M × N sub-domain name addresses to the corresponding N competitors. According to the method, the independent target environment is created through Docker, the independent domain name is bound through domain name extensive resolution, sufficient internet resources can be provided for competitors, and fairness and justness required by flag-taking competition can be achieved. In addition, Docker occupies less resources, greatly saves resources and reduces cost.
In an embodiment, the apparatus further includes a coding module, configured to code the M questions to obtain M coded questions.
In one embodiment, the binding module includes a first mapping unit and a binding unit;
the first mapping unit is used for mapping the M x N containers to ports of the M x N containers;
the binding unit is used for binding the ports of the M x N containers with the M x N sub-domain addresses.
Through the arrangement, the embodiment of the disclosure enables the M x N containers to map the M x N container ports, and binds the container ports with the sub-domain addresses, so that the participants can obtain enough network resources.
In an embodiment, the binding unit is specifically configured to form a one-to-one mapping relationship between the ports of the M × N containers and the M × N sub-domain addresses; and binding the ports of the M x N containers and the M x N sub-domain name addresses according to the mapping relation.
Through the arrangement, each contest of each contestant has an independent sub-domain name address, and fairness and justness of the contest are guaranteed.
In one embodiment, the apparatus further includes a sub-domain name generating module, configured to obtain a main domain name, and generate the M × N sub-domain name addresses by performing a generic resolution on the main domain name.
According to the embodiment of the disclosure, random M × N sub-domain addresses can be obtained through the setting.
According to a third aspect of the embodiments of the present disclosure, there is provided an online network security competition device, which includes a processor and a memory, wherein the memory stores at least one computer instruction, and the instruction is loaded and executed by the processor to implement the steps executed in any one of the online network security competition methods.
According to a fourth aspect of the embodiments of the present disclosure, there is provided a computer-readable storage medium having at least one computer instruction stored therein, where the instruction is loaded and executed by a processor to implement the steps performed in the online network security competition method according to any one of the above embodiments.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present disclosure and together with the description, serve to explain the principles of the disclosure.
FIG. 1 is a flowchart of a method for online network security competition according to an embodiment of the present disclosure;
FIG. 2 is a flowchart of a method for online network security competition according to an embodiment of the present disclosure;
FIG. 3 is a flow chart of an online network security tournament provided by an embodiment of the present disclosure;
FIG. 4 is a flowchart illustrating a container construction process using a docker in an online network security competition method according to an embodiment of the disclosure;
fig. 5 is a flowchart illustrating sub-domain name generation in an online network security competition method according to an embodiment of the disclosure;
FIG. 6 is a schematic structural diagram of an online network security competition device according to an embodiment of the present disclosure;
FIG. 7 is a schematic structural diagram of an online network security competition device according to an embodiment of the present disclosure;
FIG. 8 is a schematic structural diagram of an online network security competition device according to an embodiment of the present disclosure;
fig. 9 is a schematic structural diagram of an online network security competition device according to an embodiment of the present disclosure.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The implementations described in the exemplary embodiments below are not intended to represent all implementations consistent with the present disclosure. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present disclosure, as detailed in the appended claims.
The present disclosure provides an online flag-robbing competition method in an internet scenario to solve the drawbacks existing when online internet hosts and organizes flag-robbing competitions.
In a flag grab race in non-internet mode, one C-segment or the entire B-segment can be set as an instantiated address pool of the target environment because arbitrary configuration of IP addresses is not limited. And the on-line flag-robbing competition is issued, and resources such as fields, hardware and the like are the first conditions for holding. And thus does not substantially become a bottleneck.
After migration to the internet, some users may have only one internet IP address or even no internet IP address, since the IP addresses exposed by the internet segments are limited at each user. In this mode, the problems of starting multiple flag-robbing questions, allocating multiple entry addresses, calling multiple addresses, etc. cannot be realized.
The present disclosure mainly solves the following three problems:
limited IP addresses: the problem of single entry address, if a plurality of flag-robbing competition questions are set, a plurality of cloud host resources are needed and a plurality of public network IP addresses are also needed, and the problem cannot be realized under the condition of limited resources.
IP addresses are easily exposed: all the environment ports with more target machines are mapped to the entrance, for example, 80 ports of an internal target machine 192.168.10.10 are mapped to 801 ports of an internet address x.x.x.x.x, if the internal target machines and 20 target machines are mapped, all the subjects can be quickly traversed by a contestant for flag-robbing contests, and malicious competition can also exist, and the ports mapped by a Distributed Denial of Service (DDoS) cause the contest to be terminated.
Flag grab environment sharing is susceptible: under the condition of limited resources, when each competitor cannot be independent in the flag-robbing environment, the difficulty is reduced or the subsequent competitors cannot answer after the first competitor answers the questions. For example, file uploading utilizes a test point for obtaining a shell of a computer shell layer to grab a flag topic, if a first competitor answers and uploads a Trojan of the shell, php, other competitors can possibly utilize the Trojan to crack the topic in a short time.
Based on this, the embodiment of the present disclosure provides an online network security competition method, as shown in fig. 1, including the following steps:
101, obtaining M game questions, wherein M is more than or equal to 1;
102, creating corresponding M basic images according to the M game questions;
in one embodiment, before creating the corresponding M base images from the M contests, the method further comprises:
coding the M game questions to obtain M coded game questions;
correspondingly, creating corresponding M basic images according to the M contests comprises:
and creating corresponding M basic images according to the M coding questions.
Specifically, before the competition, the competition organizer designs flag-grabbing subjects and encodes the flag-grabbing subjects, and builds the basic images by using Docker, for example, if the competition organizer prepares 10 subjects, that is, 10 flag-grabbing target environments, the Docker builds 10 basic images.
103, creating M × N containers of N competitors according to M basic mirror images, wherein N is more than or equal to 1;
in the embodiment of the disclosure, when a flag-robbing contest starts, N contestants trigger starting of a basic mirror image constructed by Docker, instantiate a running container, and thus, M × N containers of the N contestants can be created. As in the previous example, if there are 20 competitors, each competitor can obtain the 10 containers created.
And step 104, binding the M x N containers with the M x N sub-domain addresses, and sending the M x N sub-domain addresses to the corresponding N competitors.
In one embodiment, binding the M x N containers with the M x N sub-domain name addresses comprises:
mapping the M x N containers out of ports of the M x N containers;
and binding the ports of the M x N containers with the M x N sub-domain name addresses.
Specifically, the M × N containers automatically map port services of the M × N containers to be bound to the M × N sub-domain addresses.
By the method, the embodiment of the disclosure enables the M x N containers to map the M x N container ports, and binds the container ports with the sub-domain addresses, so that the participants can obtain enough network resources.
In one embodiment, binding the ports of the M x N containers with the M x N sub-domain name addresses comprises:
forming a one-to-one mapping relation between ports of the M x N containers and the M x N sub-domain name addresses;
and binding the ports of the M x N containers and the M x N sub-domain name addresses according to the mapping relation.
In actual use, the port services of the M × N containers and the M × N sub-domain addresses form a one-to-one mapping relationship and are bound, so that the M × N sub-domain addresses are returned to the corresponding N competitors, and the competitors can access the flag-stealing subjects through the corresponding sub-domain addresses.
Through the method, each contest of each contestant has an independent sub-domain name address, and fairness and justness of the contest are guaranteed.
In one embodiment, prior to binding the M x N containers with the M x N sub-domain name addresses, the method further comprises:
acquiring a main domain name;
and performing universal resolution on the main domain name to generate M x N sub-domain name addresses.
Specifically, a domain name is purchased by a domain name service provider (Aliyun, ten-thousand network and the like), a generic resolution record is added to a domain name resolution mechanism (Aliyun, dnpost and the like), a mapping agent program is run on a machine where an IP address is located, and when a certain random sub-domain name is accessed and resolved to the IP address, the corresponding service is forwarded to a corresponding port on a request internal Docker container.
By the method, the random M x N sub-domain name addresses can be obtained.
The online network security competition method provided by the embodiment of the disclosure comprises the steps of firstly obtaining M competition questions, wherein M is more than or equal to 1; creating corresponding M basic mirror images according to the M game questions; creating M N containers of N competitors according to M basic mirror images, wherein N is more than or equal to 1; and binding the M x N containers with the M x N sub-domain name addresses, and sending the M x N sub-domain name addresses to the corresponding N competitors. According to the method, the independent target environment is created through Docker, the independent domain name is bound through domain name extensive resolution, sufficient internet resources can be provided for competitors, and fairness and justness required by flag-taking competition can be achieved. In addition, Docker occupies less resources, greatly saves resources and reduces cost.
Another embodiment of the present disclosure provides an online network security competition method, as shown in fig. 2, including the following steps:
When the method is applied to online network security competition, as shown in fig. 3 and 4, a contestant directly accesses a unique entry address http:// xxx.xxx.xxx.com of the internet, enters different flag-robbing target environments, triggers and starts a constructed basic mirror image, instantiates a running container, automatically maps a port service of the container, directly points to a randomly allocated sub-domain name, returns a corresponding domain name address, and can access the flag-robbing subject.
As shown in fig. 5, the randomly allocated sub-domain names need to purchase domain names (which are generally available in external exhibition services of general enterprises) at domain name service providers (ariclou, ten thousand networks, etc.), add generic resolution records at domain name resolution mechanisms (ariclou, dnpost, etc.), run mapping agent programs at machines where IP addresses are located, and forward corresponding services to corresponding ports on request internal Docker containers when a certain random sub-domain name is accessed and resolved to the IP address. And then returning the generated random sub-domain name to the operation contestants, so that the contestants can answer the question.
The method and the system utilize the container characteristic of Docker to instantiate the container quickly, realize independent environment, use virtualization technology to realize random distribution and use of intranet addresses without influencing other services, and utilize domain name extensive resolution technology to ensure privacy and specificity of subjects. The method and the system can realize the holding of flag-robbing contests in the Internet environment, and can also realize independent environment and independent domain name of each contestant without mutual influence. And the leakage of game problems, IP, environment and the like can be avoided or the game is not unfair and unfair due to easy guess.
Based on the online network security competition method described in the embodiments corresponding to fig. 1 and fig. 2, the following is an embodiment of the apparatus of the present disclosure, which may be used to execute an embodiment of the method of the present disclosure.
The disclosed embodiment provides an online network security competition device, as shown in fig. 6, the online network security competition device 30 includes: an acquisition module 301, a creation module 302, a binding module 303 and a sending module 304;
an obtaining module 301, configured to obtain M contests, where M is greater than or equal to 1;
the creating module 302 is configured to create M corresponding basic images according to the M question matches, and create M × N containers of N competitors according to the M basic images, where N is greater than or equal to 1;
a binding module 303, configured to bind the M × N containers with the M × N sub-domain name addresses;
a sending module 304, configured to send the M × N sub-domain addresses to the corresponding N competitors.
The online network security competition device provided by the embodiment of the disclosure comprises an acquisition module 301, a creation module 302, a binding module 303 and a sending module 304; the obtaining module 301 obtains M contest questions, wherein M is more than or equal to 1; the creating module 302 creates M corresponding basic images according to the M contest questions, and creates M N containers of N contestants according to the M basic images, wherein N is more than or equal to 1; the binding module 303 binds the M × N containers with the M × N sub-domain name addresses; the sending module 304 sends the M × N sub-domain addresses to the corresponding N competitors. The method and the system utilize the container characteristic of Docker to instantiate the container quickly, realize independent environment, use virtualization technology to realize random distribution and use of intranet addresses without influencing other services, and utilize domain name extensive resolution technology to ensure privacy and specificity of subjects. The method and the system can realize the holding of flag-robbing contests in the Internet environment, and can also realize independent environment and independent domain name of each contestant without mutual influence. And the leakage of game problems, IP, environment and the like can be avoided or the game is not unfair and unfair due to easy guess.
In one embodiment, as shown in fig. 7, the apparatus further includes a coding module 305, configured to code the M game questions to obtain M coded game questions.
In one embodiment, as shown in fig. 8, the binding module 303 includes a first mapping unit 3031 and a binding unit 3032;
a first mapping unit 3031, configured to map the M × N containers to ports of the M × N containers;
a binding unit 3032, configured to bind the ports of the M × N containers with the M × N sub-domain name addresses.
Through the arrangement, the embodiment of the disclosure enables the M x N containers to map the M x N container ports, and binds the container ports with the sub-domain addresses, so that the participants can obtain enough network resources.
In one embodiment, the binding unit 3032 is specifically configured to form one-to-one mapping relationships between the ports of the M × N containers and the M × N sub-domain name addresses; and binding the ports of the M x N containers and the M x N sub-domain name addresses according to the mapping relation.
Through the arrangement, each contest of each contestant has an independent sub-domain name address, and fairness and justness of the contest are guaranteed.
In an embodiment, as shown in fig. 9, the apparatus further includes a sub-domain name generating module 306, configured to obtain the main domain name, and generate M × N sub-domain name addresses by performing a generic resolution on the main domain name.
According to the embodiment of the disclosure, random M × N sub-domain addresses can be obtained through the setting.
Based on the online network security competition method described in the embodiment corresponding to fig. 1 and fig. 2, another embodiment of the present disclosure further provides an online network security competition device, which includes a processor and a memory, where at least one computer instruction is stored in the memory, and the computer instruction is loaded and executed by the processor to implement the online network security competition method described in the embodiment corresponding to fig. 1 and fig. 2.
Based on the online network security competition method described in the embodiment corresponding to fig. 1 and fig. 2, an embodiment of the present disclosure further provides a computer-readable storage medium, for example, the non-transitory computer-readable storage medium may be a Read Only Memory (ROM), a Random Access Memory (RAM), a CD-ROM, a magnetic tape, a floppy disk, an optical data storage device, and the like. The storage medium stores at least one computer instruction, and the computer instruction is loaded by the processor and is used for executing the online network security competition method described in the embodiment corresponding to fig. 1 and fig. 2, which is not described herein again.
Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed herein. This application is intended to cover any variations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.
It will be understood that the present disclosure is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the present disclosure is limited only by the appended claims.
Claims (10)
1. An online network security competition method, the method comprising:
obtaining M contest questions, wherein M is more than or equal to 1;
creating corresponding M basic mirror images according to the M game questions;
creating M N containers of N competitors according to the M basic mirror images, wherein N is more than or equal to 1;
and binding the M x N containers with M x N sub-domain name addresses, and sending the M x N sub-domain name addresses to the corresponding N competitors.
2. The method of claim 1, wherein before creating the corresponding M base images from the M game questions, the method further comprises:
coding the M contest questions to obtain M coded contest questions;
correspondingly, the creating of the corresponding M basic images according to the M questions includes:
and creating corresponding M basic images according to the M coding questions.
3. The method of claim 1, wherein the binding the M x N containers to M x N sub-domain addresses comprises:
mapping the M by N containers out of ports of the M by N containers;
and binding the ports of the M x N containers with the M x N sub-domain name addresses.
4. The method of claim 3, wherein the binding the ports of the M x N containers to the M x N sub-domain addresses comprises:
forming a one-to-one mapping relation between the ports of the M x N containers and the M x N sub-domain name addresses;
and binding the ports of the M x N containers and the M x N sub-domain name addresses according to the mapping relation.
5. The method of claim 1, wherein prior to binding the M x N containers to M x N sub-domain addresses, the method further comprises:
acquiring a main domain name;
and performing universal resolution on the main domain name to generate the M x N sub-domain name addresses.
6. An online network security competition device comprises an acquisition module, a creation module, a binding module and a sending module;
the acquisition module is used for acquiring M contest questions, wherein M is more than or equal to 1;
the creating module is used for creating M corresponding basic images according to the M contest questions and creating M N containers of N contestants according to the M basic images, wherein N is more than or equal to 1;
the binding module is used for binding the M x N containers with M x N sub-domain name addresses;
the sending module is configured to send the M × N sub-domain name addresses to the corresponding N competitors.
7. The device of claim 6, further comprising a coding module for coding the M game questions to obtain M coded game questions.
8. An online network security competition device according to claim 6, wherein the binding module includes a first mapping unit and a binding unit;
the first mapping unit is used for mapping the M x N containers to ports of the M x N containers;
the binding unit is used for binding the ports of the M x N containers with the M x N sub-domain addresses.
9. An online network security competition device according to claim 8, wherein the binding unit is specifically configured to form a one-to-one mapping relationship between the ports of the M × N containers and the M × N sub-domain addresses; and binding the ports of the M x N containers and the M x N sub-domain name addresses according to the mapping relation.
10. The device of claim 6, further comprising a sub-domain name generation module for obtaining a main domain name, and generating the M x N sub-domain name addresses by performing a generic resolution on the main domain name.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011169697.7A CN112217904A (en) | 2020-10-28 | 2020-10-28 | Online network security competition method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011169697.7A CN112217904A (en) | 2020-10-28 | 2020-10-28 | Online network security competition method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112217904A true CN112217904A (en) | 2021-01-12 |
Family
ID=74057208
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011169697.7A Pending CN112217904A (en) | 2020-10-28 | 2020-10-28 | Online network security competition method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112217904A (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20180075152A1 (en) * | 2016-09-13 | 2018-03-15 | Verizon Patent And Licensing Inc. | Containerization of network services |
| CN110730161A (en) * | 2019-09-09 | 2020-01-24 | 光通天下网络科技股份有限公司 | Network target range implementation method, device, equipment, medium and system |
| CN111209089A (en) * | 2020-02-28 | 2020-05-29 | 杭州师范大学 | CTF competition online environment type topic safety deployment method based on Docker container |
| CN111786983A (en) * | 2020-06-24 | 2020-10-16 | 国家计算机网络与信息安全管理中心 | Construction method of virtualized attack and defense confrontation environment |
-
2020
- 2020-10-28 CN CN202011169697.7A patent/CN112217904A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20180075152A1 (en) * | 2016-09-13 | 2018-03-15 | Verizon Patent And Licensing Inc. | Containerization of network services |
| CN110730161A (en) * | 2019-09-09 | 2020-01-24 | 光通天下网络科技股份有限公司 | Network target range implementation method, device, equipment, medium and system |
| CN111209089A (en) * | 2020-02-28 | 2020-05-29 | 杭州师范大学 | CTF competition online environment type topic safety deployment method based on Docker container |
| CN111786983A (en) * | 2020-06-24 | 2020-10-16 | 国家计算机网络与信息安全管理中心 | Construction method of virtualized attack and defense confrontation environment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109767271B (en) | Lottery method and equipment based on block chain | |
| KR100638071B1 (en) | Multi-user application program interface | |
| CN106874245B (en) | Dynamic Flag processing method and device for CTF online competition platform | |
| CN107613020A (en) | A kind of device management method and device | |
| CN109413096B (en) | A kind of login method and device more applied | |
| CN106878045B (en) | Service calling method and device | |
| US20080242405A1 (en) | On-line gaming authentication | |
| Grimes | Honeypots for windows | |
| CN111209089B (en) | CTF competition online environment class title safety deployment method | |
| CN105022939B (en) | Information Authentication method and device | |
| US11411920B2 (en) | Method and system for creating a secure public cloud-based cyber range | |
| CN108786115B (en) | Method and system for generating CTF dynamic Flag based on transparent proxy | |
| CN101636741A (en) | Secured cross platform networked multiplayer communication and game play | |
| CN107493326B (en) | Network voting processing method, device, server and computer readable storage medium | |
| CN111803923A (en) | Game sharing method based on cloud mobile phone system, electronic equipment and storage medium | |
| CN104184709A (en) | Verification method, device, server, service data center and system | |
| US20210067541A1 (en) | System and method for cyber training | |
| CN113117339A (en) | Data processing method, device, server and storage medium | |
| JP4087551B2 (en) | User management system | |
| CN112217904A (en) | Online network security competition method and device | |
| US20170171357A1 (en) | Apparatus and method for assisting in downloading file successfully | |
| CN112057869A (en) | Information processing method, information processing device, electronic equipment and storage medium | |
| CN109714321A (en) | Dynamic flag processing method and processing device | |
| CN115277091A (en) | Attack and defense method and device in network security competition | |
| KR101951436B1 (en) | Server, device and method of management for providing of in virtual reality game |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210112 |