CN112671741A - Network protection method, device, terminal and storage medium - Google Patents
Network protection method, device, terminal and storage medium Download PDFInfo
- Publication number
- CN112671741A CN112671741A CN202011493299.0A CN202011493299A CN112671741A CN 112671741 A CN112671741 A CN 112671741A CN 202011493299 A CN202011493299 A CN 202011493299A CN 112671741 A CN112671741 A CN 112671741A
- Authority
- CN
- China
- Prior art keywords
- attack
- network
- network attack
- target system
- code information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The application is applicable to the technical field of computers, and provides a network protection method, a device, a terminal and a storage medium, wherein the method comprises the following steps: when a protection instruction of a target system is obtained, code information corresponding to the target system is obtained; attacking the code information based on the trained network attack model to obtain an attack result; and protecting the target system according to the attack result. According to the mode, the code information of the system needing to be protected is attacked through the trained network attack model, protection is carried out according to the attack result, manual screening is not needed, the system is effectively and quickly protected, automation of system protection is achieved, and system protection efficiency is improved. In the scheme, the system is protected based on the code layer, when the codes of the system have problems, the codes can be directly and accurately repaired without searching the corresponding codes according to the loopholes, and the situations of positioning errors of the loopholes and untimely repair are avoided.
Description
Technical Field
The present application belongs to the field of computer technologies, and in particular, to a network protection method, a network protection device, a network protection terminal, and a storage medium.
Background
In order to enhance the work management of each company and make each company continuously develop healthily, the security of the system used by each company in the fields of information, operation, data, codes and the like needs to be guaranteed in real time. Therefore, the system used by each company needs to be checked frequently. The traditional manual checking mode cannot meet the requirement of modern network attack protection. For example, the existing manual checking mode has low checking efficiency, cannot comprehensively master the potential safety hazard of the system, cannot accurately judge the bug of the system, and cannot repair the bug in time. Based on the inventor's realization, there is an urgent need for a method for automatically, effectively and rapidly protecting a system.
Disclosure of Invention
In view of this, embodiments of the present application provide a network protection method, a network protection device, a network protection terminal, and a storage medium, so as to solve the problems that an existing manual checking method is low in checking efficiency, cannot comprehensively grasp potential safety hazards existing in a system, cannot accurately determine bugs existing in the system, and cannot repair the bugs in time, and implement automatic, effective, and fast protection on the system.
A first aspect of an embodiment of the present application provides a method for network protection, including:
when a protection instruction of a target system is obtained, code information corresponding to the target system is obtained;
attacking the code information based on the trained network attack model to obtain an attack result;
and protecting the target system according to the attack result.
According to the embodiment of the application, when the terminal acquires the protection instruction of the target system, the code information corresponding to the target system is acquired; attacking the code information based on the trained network attack model to obtain an attack result; and protecting the target system according to the attack result. In the scheme, the terminal attacks the code information of the system needing protection through the trained network attack model, protects according to the attack result, does not need manual screening, effectively and quickly protects the system, realizes the automation of system protection, and improves the efficiency of system protection. In the scheme, the system is protected based on the code layer, when the codes of the system have problems, the codes can be directly and accurately repaired without searching the corresponding codes according to the loopholes, and the situations of positioning errors of the loopholes and untimely repair are avoided.
Optionally, before the code information corresponding to the target system is obtained, the method further includes:
collecting different types of network attacks; the network attack comprises viruses and trojans;
selecting a controllable network attack from the network attacks; the controllable network attack is a repairable network attack;
and testing and packaging the controllable network attack to generate the network attack model.
Optionally, after collecting the different types of network attacks, the method further includes:
selecting an uncontrollable network attack from the network attacks; the uncontrollable network attack is a current irreparable network attack;
and repairing the uncontrollable network attack to obtain the controllable network attack.
In the above embodiment, the network attack model is obtained based on controllable network attack training in advance, so that the system protection is more comprehensive, and the security of the system protection is further ensured.
Optionally, the network attack model includes a plurality of controllable network attacks of different types, and the attacking the code information based on the trained network attack model to obtain an attack result includes:
and attacking the code information through each controllable network attack in the network attack model to obtain an attack result corresponding to each controllable network attack.
Optionally, the attack result corresponding to each controllable network attack includes attack success or attack failure, and the protecting the target system according to the attack result includes:
acquiring a repair scheme corresponding to the successful attack of the controllable network attack;
and repairing the code information corresponding to the target system based on the repairing scheme.
Optionally, after the controllable network attack is tested and encapsulated, and the network attack model is generated, the method further includes: acquiring a new controllable network attack;
and training and updating the network attack model according to the new controllable network attack.
Optionally, the method further comprises: and uploading the network attack model to a blockchain.
A second aspect of an embodiment of the present application provides a network protection apparatus, including:
the device comprises an acquisition unit, a processing unit and a processing unit, wherein the acquisition unit is used for acquiring code information corresponding to a target system when a protection instruction of the target system is acquired;
the attack unit is used for attacking the code information based on the trained network attack model to obtain an attack result;
and the protection unit is used for protecting the target system according to the attack result.
A third aspect of the embodiments of the present application provides a network-guarded terminal, including a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor, when executing the computer program, implements the steps of the network-guarded method according to the first aspect.
A fourth aspect of embodiments of the present application provides a computer-readable storage medium, which stores a computer program that, when executed by a processor, implements the steps of the method of network defense as described in the first aspect.
A fifth aspect of embodiments of the present application provides a computer program product, which, when running on a network-protected terminal, causes the network-protected terminal to perform the steps of the network protection method according to the first aspect.
The network protection method, the network protection device, the network protection terminal and the storage medium provided by the embodiment of the application have the following beneficial effects:
according to the embodiment of the application, when the terminal acquires the protection instruction of the target system, the code information corresponding to the target system is acquired; attacking the code information based on the trained network attack model to obtain an attack result; and protecting the target system according to the attack result. In the scheme, the terminal attacks the code information of the system needing protection through the trained network attack model, protects according to the attack result, does not need manual screening, effectively and quickly protects the system, realizes the automation of system protection, and improves the efficiency of system protection. In the scheme, the system is protected based on the code layer, when the codes of the system have problems, the codes can be directly and accurately repaired without searching the corresponding codes according to the loopholes, and the situations of positioning errors of the loopholes and untimely repair are avoided. And the network attack model is obtained based on controllable network attack training in advance, so that the system protection is more comprehensive, and the safety of the system protection is further ensured.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the embodiments or the prior art descriptions will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive exercise.
Fig. 1 is a flowchart illustrating an implementation of a method for network defense according to an embodiment of the present application;
fig. 2 is a flowchart of an implementation of a method for network defense according to another embodiment of the present application;
FIG. 3 is a flowchart illustrating an implementation of a method for network defense according to another embodiment of the present application;
fig. 4 is a schematic diagram of a network defense apparatus according to an embodiment of the present application;
fig. 5 is a schematic diagram of a network-guarded terminal according to another embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
In order to enhance the work management of each company and make each company continuously develop healthily, the security of the system used by each company in the fields of information, operation, data, codes and the like needs to be guaranteed in real time. Therefore, the system used by each company needs to be checked frequently. The traditional manual checking mode cannot meet the requirement of modern network attack protection. For example, the existing manual checking mode has low checking efficiency, cannot comprehensively master the potential safety hazard of the system, cannot accurately judge the bug of the system, and cannot repair the bug in time. Therefore, a method for protecting the system automatically, effectively and quickly is urgently needed.
In view of this, the present application provides a method for network protection, in which when a terminal acquires a protection instruction of a target system, code information corresponding to the target system is acquired; attacking the code information based on the trained network attack model to obtain an attack result; and protecting the target system according to the attack result. In the scheme, the terminal attacks the code information of the system needing protection through the trained network attack model, protects according to the attack result, does not need manual screening, effectively and quickly protects the system, realizes the automation of system protection, and improves the efficiency of system protection. In the scheme, the system is protected based on the code layer, when the codes of the system have problems, the codes can be directly and accurately repaired without searching the corresponding codes according to the loopholes, and the situations of positioning errors of the loopholes and untimely repair are avoided.
Referring to fig. 1, fig. 1 is a schematic flowchart of a method for network protection according to an embodiment of the present application. In this embodiment, the main execution body of the network protection method is a terminal, and the terminal includes but is not limited to a mobile terminal such as a smart phone, a tablet computer, a Personal Digital Assistant (PDA), and the like, and may also include a terminal such as a desktop computer, a server, and the like. The method for network protection shown in fig. 1 may include steps S101 to S103, which are specifically as follows: :
s101: and when the protection instruction of the target system is obtained, code information corresponding to the target system is obtained.
The target system refers to a system to be protected, and the target system may be a system that is open to the outside, or a system that is only used inside a company and is not open to the outside, and is not limited to this. The protection instruction is used for triggering the terminal to acquire code information corresponding to the target system.
And when the terminal acquires the protection instruction of the target system, acquiring code information corresponding to the target system. Illustratively, in the scheme, a safety check plug-in can be integrated through an editor and used for monitoring code information corresponding to each system. For example, security check plug-ins are integrated in editors such as a computer programming language (Python), an integrated environment for java programming language development (IDEA ), a development tool set (Microsoft Visual Studio, VS), and the like, and code information corresponding to each system is monitored. A developer can trigger a protection instruction through a client in a terminal, the terminal operates an editor integrated with a safety check plug-in after detecting the protection instruction, and code information corresponding to a target system is monitored and acquired based on the editor. Or automatically triggering a protection instruction of the target system based on a preset condition, for example, triggering the protection instruction once every hour, detecting the protection instruction in real time by the terminal, and operating the editor after detecting the protection instruction to acquire the code information corresponding to the system to be protected.
The protection instruction may include identification information corresponding to the target system. The code information corresponding to each system can be obtained in advance, is stored in the code database after being associated with the identification information of the system, and is updated in time, so that the code information corresponding to each system is ensured to be the latest. The terminal can also search the code information corresponding to the target system in the code database according to the identification information corresponding to the target system in the protection instruction. The realization mode accelerates the speed of acquiring the code information by the terminal, thereby improving the system protection speed.
Optionally, in a possible implementation manner, after the terminal acquires the protection instruction of the target system, the terminal calls the code information corresponding to the target system through a preset function. The description is given for illustrative purposes only and is not intended to be limiting.
Optionally, in a possible implementation manner, when only a certain module in the target system is to be protected, the protection instruction may further include module identification information corresponding to the target module in the target system. The code database may store in advance module identification information of each module in each system and code information corresponding to each module. Wherein the module identification information of each module is associated with the code information of the module.
When only one module in the target system is to be protected, the code information corresponding to the module can be correspondingly acquired according to the module identification information contained in the protection instruction, and then only the module is subsequently protected. The process of obtaining the code information corresponding to the target module may refer to the process of obtaining the code information corresponding to the target system, which is not described herein again.
In the implementation mode, a certain module is protected in a targeted manner, the system protection efficiency is improved, the resource waste is avoided, and the system protection time is shortened. For example, a target system includes 5 modules, and in a plurality of system protection tests, 4 modules are already stable, and at this time, protection can be performed only for the last module. The description is given for illustrative purposes only and is not intended to be limiting.
S102: and attacking the code information based on the trained network attack model to obtain an attack result.
In this embodiment, a pre-trained network attack model is stored in the terminal in advance. The network attack model is obtained by training, testing and packaging based on controllable network attack. It can be understood that the network attack model may be trained in advance by the terminal, or a file corresponding to the network attack model may be transplanted to the terminal after being trained in advance by other devices. That is, the execution agent that trains the cyber attack model may be the same as or different from the execution agent that uses the cyber attack model.
The trained network attack model comprises a plurality of controllable network attacks of different types, and the terminal attacks the code information of the target system through the controllable network attacks of different types in the trained network attack model to obtain a corresponding attack result. It should be noted that the network attack may include malicious codes such as viruses and trojans that destroy the system, and the controllable network attack is a repairable network attack, which may be understood as a network attack including a corresponding repair scheme, that is, the controllable network attack currently has a corresponding solution.
Optionally, in a possible implementation manner, if only the target module in the target system is to be protected, the code information corresponding to the target module is attacked based on the trained network attack model, so as to obtain a corresponding attack result.
Optionally, when the code information is attacked through the trained network attack model to obtain a corresponding attack result, different reminders can be set, and the attack results are displayed. For example, alarms with different degrees may be set for the number of controllable network attacks that attack succeeds, a larger alarm sound indicates that the target system has more bugs, a smaller alarm sound indicates that the target system has fewer bugs, and if no alarm sound is emitted, it indicates that the target system does not currently have bugs. And each controllable network attack and the corresponding attack result can be displayed on a terminal display interface, so that on one hand, developers can know the current security of the target system in time, and on the other hand, when the target system has a security problem, the developers can repair the target system in time. The description is given for illustrative purposes only and is not intended to be limiting.
Optionally, an attack report corresponding to the target system may be generated according to the attack result, so as to facilitate subsequent reference of the security protection condition of the target system.
Optionally, in a possible implementation manner, the trained cyber attack model includes a plurality of controllable cyber attacks of different types, and the S102 may include S1021, specifically as follows:
s1021: and attacking the code information through each controllable network attack in the network attack model to obtain an attack result corresponding to each controllable network attack.
The trained cyber attack model includes a plurality of different types of controllable cyber attacks. And attacking the code information of the target system in sequence based on each controllable network attack in the network attack model, or attacking the code information of the target system in turn based on each controllable network attack in the network attack model to obtain an attack result corresponding to each controllable network attack. The attack result corresponding to each controllable network attack can be attack success or attack failure.
For example, the cyber attack model may include controlled cyber attacks that may be virus a, virus B, virus C, trojan a, trojan B, trojan C, and so on. And respectively attacking the code information of the target system by using the virus A, the virus B, the virus C, the Trojan A, the Trojan B and the Trojan C in turn, or alternatively attacking the code information of the target system by using the virus A, the virus B, the virus C, the Trojan A, the Trojan B and the Trojan C to obtain respective corresponding attack results of the virus A, the virus B, the virus C, the Trojan A, the Trojan B and the Trojan C. For example, the attack result may be successful attack of virus a, failed attack of virus B, failed attack of virus C, failed attack of Trojan horse a, successful attack of Trojan horse B, and failed attack of Trojan horse C. The target system has a vulnerability in protection of the virus A and the Trojan B, and the target system has no problem in protection of the virus B, the virus C, the Trojan A and the Trojan C.
Optionally, in a possible implementation manner, if only the target module in the target system is to be protected, the code information of the target module is attacked in sequence based on each controllable network attack in the network attack model, or the code information of the target module is attacked in turn based on each controllable network attack in the network attack model, so as to obtain an attack result corresponding to each controllable network attack. The specific attack process may refer to an attack process on code information of the target system, and details are not described here.
S103: and protecting the target system according to the attack result.
The attack result corresponding to each controllable network attack can be attack success or attack failure. The attack success condition includes any one of information stolen into the target system, target system interrupt service, code information corresponding to the target system is tampered, or any combination of the three. Illustratively, the code information is attacked through each controllable network attack, and if the information in the target system (data stored in the target system, such as identity information of the user, usage record of the user, etc.) is stolen based on the controllable network attack; or after the code information is attacked based on the controllable network attack, the target system has the conditions of service interruption, service stop and the like; or after the code information is attacked based on the controllable network attack, comparing the attacked code information with the code information before the attack, finding that the attacked code information is changed, and the like, and considering that the attack is successful. When the attack result is attack failure, the target system is proved to have no problem on the protection of the type of network attack (virus and Trojan horse); and when the attack result is successful, the target system is proved to have a vulnerability to the protection of the network attack (virus and Trojan horse) and needs to be repaired. And when the attack result of a certain controllable network attack is successful, acquiring a repair scheme corresponding to the controllable network attack, and repairing the code information corresponding to the target system according to the repair scheme.
Illustratively, when the attack results are attack failures, the current target system is proved to have no problem in terms of safety, and the current code information of the current system can be continuously used. When the attack result shows that the attack is successful, the potential safety hazard of the current target system is proved, and the greater the number of successful attacks, the greater the potential safety hazard problem of the target system is proved to be.
Illustratively, a code position where a certain virus attack succeeds is obtained, the code is extracted, and the code is repaired according to a repair method corresponding to the virus. When a plurality of controllable network attacks successfully attack the target system, repairing each bug by the method, and embedding each repaired code segment into the code information corresponding to the target system to finally obtain the repaired and complete code information corresponding to the target system.
Optionally, in a possible implementation manner, if only the code information corresponding to the target module is attacked, a corresponding attack result is obtained. And acquiring a repair scheme corresponding to the successful attack of the controllable network attack in the attack result, and repairing the code information corresponding to the target module according to the repair scheme.
Optionally, in a possible implementation manner, the attack result corresponding to each controllable network attack includes attack success or attack failure, and the S103 may include S1031 to S1032, which is specifically as follows:
s1031: and acquiring a repair scheme corresponding to the successful attack of the controllable network attack.
The network attack model may include a repair scheme corresponding to each controllable network attack, and the repair scheme may include a patch corresponding to the controllable network attack, a program code corresponding to the controllable network attack and having no holes, a repair method corresponding to the controllable network attack, a repair suggestion, and the like. And the terminal acquires a restoration scheme corresponding to the successful attack of the controllable network attack in the attack result in the network attack model.
Optionally, each controllable network attack and the repair scheme corresponding to each controllable network attack may also be stored in the database. And when the attack result of a certain controllable network attack is successful, searching a repair scheme corresponding to the controllable network attack in the database.
S1032: and repairing the code information corresponding to the target system based on the repairing scheme.
And repairing the code information corresponding to the target system according to different repairing schemes. Illustratively, when the repair scheme includes a patch corresponding to a controllable network attack for which the attack is successful, the patch corresponding to the controllable network attack is acquired, and the patch is installed in the target system, so as to repair the target system. It may be understood that the program code contained in the patch is used to replace the successfully attacked code in the code information. Or directly acquiring the program code without the holes corresponding to the controllable network attack in the repair scheme, and replacing the corresponding code information in the target system by the program code without the holes corresponding to the controllable network attack. And the specific codes which are successfully attacked can be positioned and highlighted, and developers modify the codes to realize the repair of the target system.
Optionally, in a possible implementation manner, if only the code information corresponding to the target module is attacked, a corresponding attack result is obtained. And acquiring a repair scheme corresponding to the controllable network attack successfully attacked in the attack result, and replacing code information corresponding to the target module by using a program code in the repair scheme, or repairing the code information corresponding to the target module according to a repair method in the repair scheme.
In the scheme, when the terminal acquires the protection instruction of the target system, the code information corresponding to the target system is acquired; attacking the code information based on the trained network attack model to obtain an attack result; and protecting the target system according to the attack result. In the scheme, the terminal attacks the code information of the system needing protection through the trained network attack model, protects according to the attack result, does not need manual screening, effectively and quickly protects the system, realizes the automation of system protection, and improves the efficiency of system protection. In the scheme, the system is protected based on the code layer, when the codes of the system have problems, the codes can be directly and accurately repaired without searching the corresponding codes according to the loopholes, and the situations of positioning errors of the loopholes and untimely repair are avoided.
Referring to fig. 2, fig. 2 is a schematic flowchart of a method for network protection according to another embodiment of the present application. The method for network protection shown in fig. 2 may include S201 to S206, where S204 to S206 in this embodiment are the same as S101 to S103 in the embodiment corresponding to fig. 1, and are not described herein again, and S201 to S203 will be described in detail below.
S201: collecting different types of network attacks; the network attack comprises virus and trojan.
Different types of network attacks are collected in advance. Network attacks may include a variety of different types of viruses, trojans, and the like. Specifically, different types of network attacks may be collected in the network, or different types of network attacks may be uploaded to the terminal by a developer. For example, a Trojan or virus collection plug-in is set in the editor, and different types of Trojan or virus are collected based on the Trojan or virus collection plug-in. Or different types of trojans and viruses can be acquired in a trojan database or a virus database in the network.
Optionally, when different types of network attacks are collected, repair schemes corresponding to the network attacks are collected. Namely, various Trojan horses and viruses are collected, and simultaneously, repair schemes corresponding to the Trojan horses and the viruses are also collected. For example, these trojans are collected with the corresponding virus without the program code of the holes, the corresponding repair method, the repair suggestion, the patch, etc.
S202: selecting a controllable network attack from the network attacks; the controllable network attack is a repairable network attack.
The controllable network attack is a repairable network attack, and it can be understood that the controllable network attack is a network attack including a corresponding repair scheme, that is, the controllable network attack currently has a corresponding solution. For example, viruses, trojans, and the like with corresponding repair schemes are selected in the collected network attacks.
Optionally, in a possible implementation manner, after S201, the method may further include: selecting uncontrollable network attacks from the network attacks; the uncontrollable network attack is a current irreparable network attack; and repairing the uncontrollable network attack to obtain the controllable network attack.
The uncontrollable network attack is a current irreparable network attack, and can be understood as a network attack without a corresponding repair scheme, that is, the uncontrollable network attack does not have a corresponding solution at present. It should be noted that the uncontrollable network attack is only the uncontrollable network attack at present, and the controllable network attack can be converted through the repair of developers.
Illustratively, viruses, trojans and the like which do not currently have corresponding repair schemes are selected in the collected different types of network attacks. And the developers repair the uncontrollable network attacks or search a repair scheme corresponding to the uncontrollable network attacks in the network. When the uncontrollable network attack can be repaired, the uncontrollable network attack is repaired and tested for many times, and the safety of the repaired uncontrollable network attack is ensured. And marking the repaired uncontrollable network attack as a controllable network attack, or marking the searched uncontrollable network attack as the controllable network attack after repairing and testing the uncontrollable network attack of the repair scheme.
S203: and testing and packaging the controllable network attack to generate the network attack model.
And carrying out multiple tests and simulation analysis on all current controllable network attacks. For example, different types of test codes are attacked through the controllable network attack, and then the repair is performed through a repair scheme corresponding to the controllable network attack. Therefore, each controllable network attack is ensured to be controllable indeed, and further, after the code information attack on the target system is successful, the code information can be repaired in time, and the occurrence of uncontrollable factors and unnecessary loss are avoided.
And when the controllable network attacks have no problems after a plurality of tests and simulation analysis, packaging the controllable network attacks to obtain a trained network attack model. In order to ensure that no other damage is caused to the code information of the target system subsequently, the network attack model can be further tested.
Optionally, in a possible implementation manner, after S203, the method may further include: acquiring a new controllable network attack; and training and updating the network attack model according to the new controllable network attack.
A new controlled cyber attack refers to a controlled cyber attack that was not present in the previously trained cyber attack model. The new controllable network attack may be a new controllable network attack collected in the network, a new controllable network attack uploaded by a developer, or a controllable network attack obtained by repairing the uncontrollable network attack. And carrying out multiple tests, simulation analysis and packaging on the new controllable network attack into the previously trained network attack model to update the network attack model.
And attacking the code information of the target system based on the updated network attack model, so as to realize the protection of the target system. For a specific attack process and protection process, reference may be made to the descriptions in S101 to S103, which are not described herein again.
In the scheme, the network attack model is updated in time, and the target system is attacked and protected based on the updated network attack model, so that the target system is protected more comprehensively, and the safety of the target system is further improved.
Referring to fig. 3, fig. 3 is a schematic flowchart of a network protection method according to another embodiment of the present application. The method for network protection as shown in fig. 3 may include S301 to S304, where S301 to S303 in this embodiment are the same as S101 to S103 in the corresponding embodiment of fig. 1, and are not repeated here, and S304 will be described in detail below.
S304: and uploading the network attack model to a blockchain.
In this embodiment, the trained network attack model is uploaded to the blockchain, so that the security and the fair transparency to the user can be ensured. And the trained network attack model is uploaded to the blockchain, and by means of the characteristic that files on the blockchain cannot be randomly tampered, the trained network attack model can be prevented from being maliciously tampered, so that the subsequent automatic, effective and rapid protection on the system can be realized according to the network attack model.
The blockchain referred to in this example is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, consensus mechanism, encryption algorithm, and the like. A block chain (Blockchain), which is essentially a decentralized database, is a series of data blocks associated by using a cryptographic method, and each data block contains information of a batch of network transactions, so as to verify the validity (anti-counterfeiting) of the information and generate a next block. The blockchain may include a blockchain underlying platform, a platform product service layer, an application service layer, and the like.
Optionally, in a possible implementation, when the trained cyber attack model is updated, the updated cyber attack model is uploaded into the blockchain.
It should be noted that, the above step S304 may also be executed after the step S203, which is not limited to this.
Referring to fig. 4, fig. 4 is a schematic diagram of a network defense apparatus according to an embodiment of the present disclosure. The device comprises units for performing the steps in the embodiments corresponding to fig. 1, 2, 3. Please refer to the related descriptions in the corresponding embodiments of fig. 1, fig. 2, and fig. 3. For convenience of explanation, only the portions related to the present embodiment are shown. Referring to fig. 4, including:
an obtaining unit 410, configured to obtain, when a protection instruction of a target system is obtained, code information corresponding to the target system;
the attack unit 420 is configured to attack the code information based on the trained network attack model to obtain an attack result;
and the protection unit 430 is configured to protect the target system according to the attack result.
Optionally, the apparatus further comprises:
the acquisition unit is used for acquiring different types of network attacks; the network attack comprises viruses and trojans;
a first selection unit, configured to select a controllable network attack among the network attacks; the controllable network attack is a repairable network attack;
and the generating unit is used for testing and packaging the controllable network attack to generate the network attack model.
Optionally, the apparatus further comprises:
a second selection unit, configured to select an uncontrollable network attack among the network attacks; the uncontrollable network attack is a current irreparable network attack;
and the repairing unit is used for repairing the uncontrollable network attack to obtain the controllable network attack.
Optionally, the network attack model includes a plurality of controllable network attacks of different types, and the attack unit 420 is specifically configured to:
and attacking the code information through each controllable network attack in the network attack model to obtain an attack result corresponding to each controllable network attack.
Optionally, the attack result corresponding to each controllable network attack includes attack success or attack failure, and the protection unit 430 is specifically configured to:
acquiring a repair scheme corresponding to the successful attack of the controllable network attack;
and repairing the code information corresponding to the target system based on the repairing scheme.
Optionally, the apparatus further comprises:
the controllable network attack acquisition unit is used for acquiring a new controllable network attack;
and the updating unit is used for training and updating the network attack model according to the new controllable network attack.
Optionally, the apparatus further comprises:
and the uploading unit is used for uploading the network attack model to the block chain.
Referring to fig. 5, fig. 5 is a schematic diagram of a network protected terminal according to another embodiment of the present application. As shown in fig. 5, the network-guarded terminal 5 of the embodiment includes: a processor 50, a memory 51, and computer readable instructions 52 stored in said memory 51 and executable on said processor 50. The processor 50, when executing the computer readable instructions 52, implements the steps in the various network defense method embodiments described above, such as S101-S103 shown in fig. 1. Alternatively, the processor 50, when executing the computer readable instructions 52, implements the functions of the units in the above embodiments, such as the units 410 to 430 shown in fig. 4.
Illustratively, the computer readable instructions 52 may be divided into one or more units, which are stored in the memory 51 and executed by the processor 50 to accomplish the present application. The one or more units may be a series of computer-readable instruction segments capable of performing certain functions, which are used to describe the execution of the computer-readable instructions 52 in the network secured terminal 5. For example, the computer readable instructions 52 may be partitioned into an acquisition unit, an attack unit, and a guard unit, each unit functioning specifically as described above.
The network secured terminal may include, but is not limited to, a processor 50, a memory 51. It will be appreciated by those skilled in the art that fig. 5 is merely an example of a network guarded terminal 5 and does not constitute a limitation of a network guarded terminal, and may include more or fewer components than shown, or some components may be combined, or different components, e.g., the network guarded terminal may also include input-output terminals, network access terminals, buses, etc.
The Processor 50 may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic, discrete hardware components, etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The memory 51 may be an internal storage unit of the network secured terminal, such as a hard disk or a memory of the network secured terminal. The memory 51 may also be an external storage terminal of the network-protected terminal, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like, which are equipped on the network-protected terminal. Further, the memory 51 may also include both an internal storage unit of the network-guarded terminal and an external storage terminal. The memory 51 is used for storing the computer readable instructions and other programs and data required by the terminal. The memory 51 may also be used to temporarily store data that has been output or is to be output.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications and substitutions do not cause the essential features of the corresponding technical solutions to depart from the spirit scope of the technical solutions of the embodiments of the present application, and are intended to be included within the scope of the present application.
Claims (10)
1. A method of network defense, comprising:
when a protection instruction of a target system is obtained, code information corresponding to the target system is obtained;
attacking the code information based on the trained network attack model to obtain an attack result;
and protecting the target system according to the attack result.
2. The method of claim 1, wherein before the obtaining of the code information corresponding to the target system, the method further comprises:
collecting different types of network attacks; the network attack comprises viruses and trojans;
selecting a controllable network attack from the network attacks; the controllable network attack is a repairable network attack;
and testing and packaging the controllable network attack to generate the network attack model.
3. The method of claim 2, wherein after collecting the different types of network attacks, the method further comprises:
selecting an uncontrollable network attack from the network attacks; the uncontrollable network attack is a current irreparable network attack;
and repairing the uncontrollable network attack to obtain the controllable network attack.
4. The method of claim 1, wherein the cyber attack model includes a plurality of different types of cyber attacks, and wherein attacking the code information based on the trained cyber attack model to obtain an attack result comprises:
and attacking the code information through each controllable network attack in the network attack model to obtain an attack result corresponding to each controllable network attack.
5. The method of claim 4, wherein the attack result corresponding to each controllable network attack comprises attack success or attack failure, and the protecting the target system according to the attack result comprises:
acquiring a repair scheme corresponding to the successful attack of the controllable network attack;
and repairing the code information corresponding to the target system based on the repairing scheme.
6. The method of claim 2, wherein the testing and packaging of the controlled cyber attack, after generating the cyber attack model, the method further comprises:
acquiring a new controllable network attack;
and training and updating the network attack model according to the new controllable network attack.
7. The method of any of claims 1 to 6, further comprising:
and uploading the network attack model to a blockchain.
8. An apparatus for network defense, comprising:
the device comprises an acquisition unit, a processing unit and a processing unit, wherein the acquisition unit is used for acquiring code information corresponding to a target system when a protection instruction of the target system is acquired;
the attack unit is used for attacking the code information based on the trained network attack model to obtain an attack result;
and the protection unit is used for protecting the target system according to the attack result.
9. A network secured terminal comprising a memory, a processor and a computer program stored in the memory and executable on the processor, characterized in that the processor implements the method according to any of claims 1 to 7 when executing the computer program.
10. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011493299.0A CN112671741B (en) | 2020-12-16 | 2020-12-16 | Network protection method, device, terminal and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011493299.0A CN112671741B (en) | 2020-12-16 | 2020-12-16 | Network protection method, device, terminal and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112671741A true CN112671741A (en) | 2021-04-16 |
| CN112671741B CN112671741B (en) | 2022-10-18 |
Family
ID=75404564
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011493299.0A Active CN112671741B (en) | 2020-12-16 | 2020-12-16 | Network protection method, device, terminal and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112671741B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115664787A (en) * | 2022-10-24 | 2023-01-31 | 惠州市德赛西威智能交通技术研究院有限公司 | Automobile network vulnerability protection method, system, terminal equipment and medium |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108256329A (en) * | 2018-02-09 | 2018-07-06 | 杭州奇盾信息技术有限公司 | Fine granularity RAT program detecting methods, system and corresponding APT attack detection methods based on dynamic behaviour |
| CN110135166A (en) * | 2019-05-08 | 2019-08-16 | 北京国舜科技股份有限公司 | A kind of detection method and system for the attack of service logic loophole |
| CN110650117A (en) * | 2019-08-01 | 2020-01-03 | 平安科技(深圳)有限公司 | Cross-site attack protection method, device, equipment and storage medium |
| US20200110884A1 (en) * | 2018-08-21 | 2020-04-09 | The Regents Of The University Of Michigan | Computer system with moving target defenses against vulnerability attacks |
| CN111049827A (en) * | 2019-12-12 | 2020-04-21 | 杭州安恒信息技术股份有限公司 | Network system safety protection method, device and related equipment |
| CN111931166A (en) * | 2020-09-24 | 2020-11-13 | 中国人民解放军国防科技大学 | Application program anti-attack method and system based on code injection and behavior analysis |
-
2020
- 2020-12-16 CN CN202011493299.0A patent/CN112671741B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108256329A (en) * | 2018-02-09 | 2018-07-06 | 杭州奇盾信息技术有限公司 | Fine granularity RAT program detecting methods, system and corresponding APT attack detection methods based on dynamic behaviour |
| US20200110884A1 (en) * | 2018-08-21 | 2020-04-09 | The Regents Of The University Of Michigan | Computer system with moving target defenses against vulnerability attacks |
| CN110135166A (en) * | 2019-05-08 | 2019-08-16 | 北京国舜科技股份有限公司 | A kind of detection method and system for the attack of service logic loophole |
| CN110650117A (en) * | 2019-08-01 | 2020-01-03 | 平安科技(深圳)有限公司 | Cross-site attack protection method, device, equipment and storage medium |
| CN111049827A (en) * | 2019-12-12 | 2020-04-21 | 杭州安恒信息技术股份有限公司 | Network system safety protection method, device and related equipment |
| CN111931166A (en) * | 2020-09-24 | 2020-11-13 | 中国人民解放军国防科技大学 | Application program anti-attack method and system based on code injection and behavior analysis |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115664787A (en) * | 2022-10-24 | 2023-01-31 | 惠州市德赛西威智能交通技术研究院有限公司 | Automobile network vulnerability protection method, system, terminal equipment and medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112671741B (en) | 2022-10-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10387655B2 (en) | Method, system and product for using a predictive model to predict if inputs reach a vulnerability of a program | |
| US10007784B2 (en) | Technologies for control flow exploit mitigation using processor trace | |
| US9424426B2 (en) | Detection of malicious code insertion in trusted environments | |
| US8966634B2 (en) | System and method for correcting antivirus records and using corrected antivirus records for malware detection | |
| CN109918285B (en) | Security identification method and device for open source software | |
| CN105103158A (en) | Profiling code execution | |
| CN107103238A (en) | System and method for protecting computer system to exempt from malicious objects activity infringement | |
| CN113761519B (en) | Method and device for detecting Web application program and storage medium | |
| CN106897197B (en) | Error log duplicate removal method and device | |
| CN104517054A (en) | Method, device, client and server for detecting malicious APK | |
| CN109815697B (en) | Method and device for processing false alarm behavior | |
| CN109271789A (en) | Malicious process detection method, device, electronic equipment and storage medium | |
| CN112115473A (en) | Method for security detection of Java open source assembly | |
| CN113486350A (en) | Malicious software identification method, device, equipment and storage medium | |
| CN110287700B (en) | iOS application security analysis method and device | |
| CN112671741B (en) | Network protection method, device, terminal and storage medium | |
| CN107193249B (en) | Program development support device and program development support method | |
| CN116361807A (en) | Risk management and control method and device, storage medium and electronic equipment | |
| EP3818437B1 (en) | Binary software composition analysis | |
| EP3692456B1 (en) | Binary image stack cookie protection | |
| US10931693B2 (en) | Computation apparatus and method for identifying attacks on a technical system on the basis of events of an event sequence | |
| CN103679024A (en) | Virus treating method and device | |
| CN114741700B (en) | Public component library vulnerability availability analysis method and device based on symbolized stain analysis | |
| CN115391230A (en) | Test script generation method, test script penetration method, test script generation device, test penetration device, test equipment and test medium | |
| CN110674491B (en) | Method and device for real-time evidence obtaining of android application and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |