CN113037545A - Network simulation method, device, equipment and storage medium - Google Patents
Network simulation method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN113037545A CN113037545A CN202110215453.6A CN202110215453A CN113037545A CN 113037545 A CN113037545 A CN 113037545A CN 202110215453 A CN202110215453 A CN 202110215453A CN 113037545 A CN113037545 A CN 113037545A
- Authority
- CN
- China
- Prior art keywords
- network
- virtual
- node
- simulation
- configuration interface
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/145—Network analysis or design involving simulating, designing, planning or modelling of a network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/12—Discovery or management of network topologies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/50—Testing arrangements
Abstract
The application discloses a network simulation method, a device, equipment and a storage medium, and belongs to the technical field of networks. The method comprises the following steps: according to network node information in a network system to be simulated, a plurality of virtual network nodes are created by using a plurality of virtual resources, and the plurality of virtual resources comprise virtual operating systems and virtual components; configuring a communication relationship between at least two virtual network nodes in the plurality of virtual network nodes according to a network topology structure of the network system to obtain a simulation network; and operating the simulation network. The application can establish a simulation network based on virtualization, the simulation network is used for simulating a network system, and the simulation network can be used for carrying out network security test on the network system.
Description
Technical Field
The present application relates to the field of network technologies, and in particular, to a network simulation method, apparatus, device, and storage medium.
Background
The key information infrastructure refers to an information system or an industrial control system which provides network information service for the public or supports important industries such as energy, communication, finance, transportation, public utilities and the like to operate. Due to the importance of the key information infrastructure, it is often necessary to formulate a network security policy for testing the key information infrastructure in order to analyze the network security risk of the key information infrastructure and further ensure the stable operation of the key information infrastructure. However, many network security tests are very disruptive and cannot be applied directly to the production environment of critical information infrastructure operating in real time. It is therefore important to build a simulation system for network security testing of critical information infrastructure.
Disclosure of Invention
The application provides a network simulation method, a device, equipment and a storage medium, which can build a simulation network based on virtualization to carry out network security test of a network system. The technical scheme is as follows:
in a first aspect, a network simulation method is provided, and the method includes:
according to network node information in a network system to be simulated, a plurality of virtual network nodes are created by using a plurality of virtual resources, and the plurality of virtual resources comprise virtual operating systems and virtual components;
configuring a communication relationship between at least two virtual network nodes in the plurality of virtual network nodes according to a network topology structure of the network system to obtain a simulation network;
and operating the simulation network.
In the application, a simulation network based on virtualization can be established, the simulation network is used for simulating a network system, and the simulation network can be used for carrying out network security test on the network system.
Optionally, the network node information includes a resource identifier and a resource attribute of the network node, and the creating, according to the network node information in the network system to be simulated, a plurality of virtual network nodes using a plurality of virtual resources includes:
receiving a resource application instruction, wherein the resource application instruction carries a resource identifier and a resource attribute of a network node in the network system;
acquiring a corresponding virtual resource from a resource pool according to the resource identifier of the network node;
and configuring the obtained virtual resource according to the resource attribute of the network node to obtain a virtual network node.
Optionally, the configuring, according to the network topology of the network system, a communication relationship between at least two virtual network nodes in the plurality of virtual network nodes to obtain a simulation network includes:
displaying a network topology configuration interface;
displaying a node icon for each of at least two of the plurality of virtual network nodes on the network topology configuration interface;
and configuring the communication relations among the virtual network nodes corresponding to all the node icons in the network topology configuration interface to obtain the simulation network.
Optionally, the displaying a node icon of each of at least two of the plurality of virtual network nodes on the network topology configuration interface includes:
if a network node adding instruction is detected on the network topology configuration interface, displaying a node icon of each virtual network node in the plurality of virtual network nodes;
if a selection instruction aiming at the displayed at least two node icons is detected, displaying the at least two node icons on the network topology configuration interface;
the configuring the communication relationship among the virtual network nodes corresponding to all the node icons in the network topology configuration interface to obtain the simulation network comprises:
if an attribute setting instruction for one node icon is detected on the network topology configuration interface, adding corresponding attribute information for the node icon;
if a connection instruction aiming at two node icons is detected on the network topology configuration interface, adding corresponding connection information for the two node icons;
and configuring the communication relationship among the virtual network nodes corresponding to all the node icons in the network topology configuration interface according to the attribute information and the connection information of all the node icons in the network topology configuration interface to obtain the simulation network.
Optionally, the method further comprises:
monitoring a network flow state in the simulation network and a node state of a virtual network node in the simulation network in the process of operating the simulation network;
and displaying the monitored network flow state and the monitored node state on the network topology configuration interface.
Optionally, the method further comprises:
in the process of operating the simulation network, if a control instruction for one node icon is detected on the network topology configuration interface, displaying a remote control interface of the virtual network node corresponding to the node icon.
Optionally, the network system is a network system of a key information infrastructure.
In a second aspect, there is provided a network simulation apparatus, the apparatus comprising:
the system comprises a creating module, a simulation module and a simulation module, wherein the creating module is used for creating a plurality of virtual network nodes by using a plurality of virtual resources according to network node information in a network system to be simulated, and the virtual resources comprise a virtual operating system and virtual components;
the configuration module is used for configuring the communication relationship between at least two virtual network nodes in the plurality of virtual network nodes according to the network topology structure of the network system to obtain a simulation network;
and the operation module is used for operating the simulation network.
Optionally, the network node information includes a resource identifier and a resource attribute of the network node, and the creating module is configured to:
receiving a resource application instruction, wherein the resource application instruction carries a resource identifier and a resource attribute of a network node in the network system;
acquiring a corresponding virtual resource from a resource pool according to the resource identifier of the network node;
and configuring the obtained virtual resource according to the resource attribute of the network node to obtain a virtual network node.
Optionally, the configuration module is configured to:
displaying a network topology configuration interface;
displaying a node icon for each of at least two of the plurality of virtual network nodes on the network topology configuration interface;
and configuring the communication relations among the virtual network nodes corresponding to all the node icons in the network topology configuration interface to obtain the simulation network.
Optionally, the configuration module is configured to:
if a network node adding instruction is detected on the network topology configuration interface, displaying a node icon of each virtual network node in the plurality of virtual network nodes;
if a selection instruction aiming at the displayed at least two node icons is detected, displaying the at least two node icons on the network topology configuration interface;
the configuration module is configured to:
if an attribute setting instruction for one node icon is detected on the network topology configuration interface, adding corresponding attribute information for the node icon;
if a connection instruction aiming at two node icons is detected on the network topology configuration interface, adding corresponding connection information for the two node icons;
and configuring the communication relationship among the virtual network nodes corresponding to all the node icons in the network topology configuration interface according to the attribute information and the connection information of all the node icons in the network topology configuration interface to obtain the simulation network.
Optionally, the apparatus further comprises:
monitoring a network flow state in the simulation network and a node state of a virtual network node in the simulation network in the process of operating the simulation network;
and displaying the monitored network flow state and the monitored node state on the network topology configuration interface.
Optionally, the apparatus further comprises:
in the process of operating the simulation network, if a control instruction for one node icon is detected on the network topology configuration interface, displaying a remote control interface of the virtual network node corresponding to the node icon.
Optionally, the network system is a network system of a key information infrastructure.
In a third aspect, a computer device is provided, the computer device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, the computer program, when executed by the processor, implementing the network simulation method described above.
In a fourth aspect, a computer-readable storage medium is provided, which stores a computer program that, when executed by a processor, implements the network simulation method described above.
In a fifth aspect, a computer program product containing instructions is provided, which when run on a computer causes the computer to perform the steps of the network simulation method described above.
It is to be understood that, for the beneficial effects of the second aspect, the third aspect, the fourth aspect and the fifth aspect, reference may be made to the description of the first aspect, and details are not described herein again.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
FIG. 1 is a schematic diagram of a network simulation system according to an embodiment of the present application;
fig. 2 is a flowchart of a network simulation method according to an embodiment of the present application;
fig. 3 is a schematic structural diagram of a network simulation apparatus according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of a computer device according to an embodiment of the present application.
Detailed Description
To make the objects, technical solutions and advantages of the present application more clear, embodiments of the present application will be described in further detail below with reference to the accompanying drawings.
It should be understood that reference to "a plurality" in this application means two or more. In the description of the present application, "/" means "or" unless otherwise stated, for example, a/B may mean a or B; "and/or" herein is only an association relationship describing an associated object, and means that there may be three relationships, for example, a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone. In addition, for the convenience of clearly describing the technical solutions of the present application, the terms "first", "second", and the like are used to distinguish the same items or similar items having substantially the same functions and actions. Those skilled in the art will appreciate that the terms "first," "second," etc. do not denote any order or quantity, nor do the terms "first," "second," etc. denote any order or importance.
Before explaining the embodiments of the present application in detail, an application scenario of the embodiments of the present application will be described.
The key information infrastructure refers to an information system or an industrial control system which provides network information service for the public or supports important industries such as energy, communication, finance, transportation, public utilities and the like to operate. Once network security accidents happen to the systems, normal operation of important industries is affected, and serious losses are caused to national politics, economy, science and technology, society, culture, national defense, environment and people's lives and properties.
The key information infrastructure may include website classes such as party and government websites, enterprise and public institution websites, news websites, and the like; platforms, such as instant messaging, online shopping, online payment, search engines, e-mails, forums, maps, audio and video and other network service platforms; production business classes such as office and business systems, industrial control systems, large data centers, cloud computing platforms, television relay systems, and the like.
Due to the importance of the key information infrastructure, it is often necessary to formulate a network security policy for testing the key information infrastructure in order to analyze the network security risk of the key information infrastructure and further ensure the stable operation of the key information infrastructure. However, many network security tests are very disruptive and cannot be applied directly to the production environment of critical information infrastructure operating in real time. It is therefore important to build a simulation system for network security testing of critical information infrastructure.
Therefore, the embodiment of the application provides a network simulation method, which is used for constructing a simulation network based on virtualization to perform network security testing on key information infrastructures, such as attack and defense drilling, product testing, vulnerability mining, risk assessment, education training and the like, so as to improve the practical application operation capability of researching and learning the key information infrastructures.
The key information infrastructure is widely applied to various industries. The simulation network provided by the embodiment of the application can be used for network security testing of key information infrastructure by various subjects (including but not limited to central and local departments in charge, industry associations, industrial control operation units, various research institutions, industrial control product providers, system integrators, information security manufacturers and the like).
The system architecture provided by the embodiments of the present application is explained below.
Fig. 1 is a schematic diagram of a network simulation system according to an embodiment of the present application. Referring to fig. 1, the network simulation system includes: the system comprises a cloud resource pool framework 101, a visualization networking engine 102, a data storage and analysis system 103 and a functional application system 104.
The cloud resource pool framework 101 is responsible for building a resource pool, and the resource pool includes various types of virtual resources, for example, the resource pool may include a virtual operating system, a virtual component, an educational training file, and the like. The cloud resource pool architecture 101 may merge technologies such as cloud computing and software defined networking to classify heterogeneous virtual resources into a uniform resource pool, so as to centrally manage all virtual resources of software and hardware.
The cloud resource pool framework 101 can perform automatic discovery, automatic configuration, unified scheduling, and rapid deployment on virtual resources in the resource pool. For example, cloud resource pool framework 101 can create virtual network nodes (also referred to as virtual machines) from virtual resources in the resource pool, and the various types of virtual network nodes created by cloud resource pool framework 101 can be provided to visualization networking engine 102. For example, various types of virtual network nodes created by cloud resource pool framework 101 may provide relevant open interfaces to respond to requests from other application services or visualization networking engine 102.
The visualization networking engine 102 is used for editing a network topology, and has a graphical editing interface (which may also be referred to as a network topology configuration interface). Illustratively, the visualization networking engine 102 may be implemented based on HTML (HyperText Markup Language) 5 technology of the Web, and the editing interface of the visualization networking engine 102 may be a Web canvas. The visualization networking engine 102 may provide a node library composed of various virtual network nodes, where the virtual network nodes in the node library may include various virtual network nodes created by the cloud resource pool framework 101, and may further include some preset virtual network nodes, such as switches, routers, Programmable Logic Controllers (PLC), servers, engineer stations, and the like.
The visualization networking engine 102 may perform network topology configuration on the editing interface according to the virtual network nodes in the node library, so as to generate the simulation network accordingly. For example, the editing interface of the visualization networking engine 102 can be a Web canvas, and a user can quickly and conveniently configure the network topology in a work area of the Web canvas through a simple drag and drop operation. The visualization networking engine 102 can automatically convert the visualization topological graph in the editing interface into a virtualization network environment, so as to realize automatic configuration of virtual network nodes and communication relations thereof in the visualization topological graph, and complete construction work of the whole simulation network within a minute level.
The data storage and analysis system 103 is mainly used for providing data storage, data analysis and display. The data storage and analysis system 103 may use the big data engine to perform real-time monitoring during the operation of the simulation network, collect and analyze communication data of all virtual network nodes in the simulation network, so as to monitor a network traffic state in the simulation network and a node state (including but not limited to an operation state, an abnormal state, etc.) of the virtual network nodes in the simulation network, and may store the monitored network traffic state and the node state, and display the monitored network traffic state and the node state, for example, may be displayed on an editing interface of the visualization networking engine 102, or may be displayed on other interfaces.
The functional application system 104 may form an application system capable of performing network security testing of the network system using the simulation network, for example, the application system formable using the simulation network may include an attack and defense exercise system, a product testing system, a vulnerability mining system, a risk assessment system, an educational training system, and the like, and these formed application systems may provide practical application operation capabilities of testing, learning, and the like to users. Moreover, for users with different requirements, the functional application system 104 may provide different types of application system interfaces, and provide corresponding functional buttons in the application system interfaces for the users to operate. For example, for an attack and defense drilling system, the function application 104 may provide a function button in the application interface for instructing the simulation network to perform attack and defense drilling. As another example, for an educational training system, the functionality application 104 may provide a functionality button in the application interface for launching a simulation network and a functionality button in the application interface for presenting related educational training files related to the simulation network.
The network simulation method provided by the embodiment of the present application is explained in detail below.
Fig. 2 is a flowchart of a network simulation method provided in an embodiment of the present application, where the method may be applied to a computer device. Referring to fig. 2, the method includes the following steps.
Step 201: and creating a plurality of virtual network nodes by using a plurality of virtual resources according to the network node information in the network system to be simulated.
The network system to be simulated may be a network system with network security testing requirements, such as a network system that may be a critical information infrastructure. For example, the network system may be an industrial control system.
Virtual resources are resources used to create virtual network nodes. For example, the plurality of virtual resources may include a virtual operating system (including but not limited to Android, Windows, Linux, etc.), a virtual component (including but not limited to virtual software, virtual hardware (including but not limited to a CPU (Central Processing Unit), a memory, a hard disk drive, a network interface, etc.), and the like).
Virtual network nodes, which may also be referred to as virtual machines, are virtual devices that may be used to build subsequent simulation networks. For example, the virtual network node may be a switch, router, PLC, server, engineer station, etc.
The network node information is information related to the network node, and may include, for example, a resource identification and a resource attribute of the network node. The resource identification of the network node is used to identify a resource (including but not limited to an operating system, a component, etc.) included in the network node, such as may be a name of the resource included in the network node, etc. The resource attribute of the network node is an attribute of a resource included in the network node. A resource may have the same resource identification as its corresponding virtual resource of the same type.
Specifically, the operation of step 201 may be: receiving a resource application instruction, wherein the resource application instruction carries a resource identifier and a resource attribute of a network node in the network system; acquiring corresponding virtual resources from a resource pool according to the resource identifier of the network node; and configuring the obtained virtual resource according to the resource attribute of the network node to obtain a virtual network node.
The resource application instruction is used for applying for virtual resources to create the virtual network node. The resource application instruction can be triggered by a manager, and the manager can trigger the resource application instruction through operations such as click operation, sliding operation, voice operation, gesture operation and somatosensory operation. The administrator may generate multiple virtual network nodes by triggering the resource application instruction multiple times.
The resource pool may be pre-built. Various types of virtual resources are included in the resource pool, such as a virtual operating system, a virtual component, an educational training file, etc., may be included in the resource pool. Optionally, resource usage, resource health, and resource performance of the resource pool may be monitored.
After the acquired virtual resources are configured according to the resource attribute of the network node, the acquired virtual resources can be constructed into a virtual network node. In this case, the virtual network node includes a virtual resource whose attribute coincides with an attribute of a resource having the same resource identification as the virtual resource in the network node.
It is noted that step 201 described above can be implemented by cloud resource pool framework 101 shown in the embodiment of fig. 1 above. Of course, the step 201 may also be implemented by other modules, which is not limited in this embodiment of the present application.
Step 202: and configuring the communication relationship between at least two virtual network nodes in the plurality of virtual network nodes according to the network topology structure of the network system to obtain the simulation network.
The network topology of the network system is used to indicate the communication relationships between all network nodes in the network system. The communication relationship between at least two virtual network nodes of the plurality of virtual network nodes can thus be configured according to the network topology of the network system, such that a simulation network for simulating the network system can be obtained.
Specifically, the operation of step 202 may be: displaying a network topology configuration interface; displaying a node icon for each of at least two of the plurality of virtual network nodes on a network topology configuration interface; and configuring the communication relation among the virtual network nodes corresponding to all the node icons in the network topology configuration interface to obtain the simulation network.
The network topology configuration interface is an interface for configuring the network topology of the simulation network. The network topology configuration interface may display node icons of virtual network nodes in the simulation network and communication conditions between the virtual network nodes. The administrator can conveniently configure the network topology of the simulation network on the network topology configuration interface.
Wherein the operation of displaying the node icon of each of the at least two of the plurality of virtual network nodes on the network topology configuration interface may be: if a network node adding instruction is detected on a network topology configuration interface, displaying a node icon of each virtual network node in the plurality of virtual network nodes; and if a selection instruction aiming at the displayed at least two node icons is detected, displaying the at least two node icons on a network topology configuration interface.
The network node adding instruction is used for indicating the addition of the virtual network node. The network node adding instruction can be triggered by a manager, and the manager can trigger the network node adding instruction through operations such as click operation, sliding operation, voice operation, gesture operation and somatosensory operation. The administrator can add a plurality of virtual network nodes to the simulation network by triggering the network node adding instruction for a plurality of times.
The node icons of the virtual network nodes displayed after the network node addition instruction is detected may include not only the node icon of the virtual network node created in step 101, but also some node icons of the virtual network nodes configured in advance, which is not limited in this embodiment of the present application.
And the selection instruction for the displayed at least two node icons is used for indicating that the selected at least two node icons are displayed on the network topology configuration interface. That is, at least two virtual network nodes corresponding to the selected at least two node icons are added to the simulation network.
The operation of configuring the communication relationships between the virtual network nodes corresponding to all the node icons in the network topology configuration interface to obtain the simulation network may be: if an attribute setting instruction for one node icon is detected on a network topology configuration interface, adding corresponding attribute information for the node icon; if a connection instruction aiming at two node icons is detected on a network topology configuration interface, adding corresponding connection information for the two node icons; and configuring the communication relation between the virtual network nodes corresponding to all the node icons in the network topology configuration interface according to the attribute information and the connection information of all the node icons in the network topology configuration interface to obtain the simulation network.
The attribute setting instruction for one node icon is used for indicating the setting of the attribute of the virtual network node corresponding to the node icon. The attribute setting instruction may carry attribute information to be set. The attribute setting instruction can be triggered by a manager, and the manager can trigger the attribute setting instruction through operations such as click operation, sliding operation, voice operation, gesture operation and somatosensory operation. The administrator may set the attributes for the plurality of virtual network nodes by triggering the attribute setting instruction multiple times.
The connection instruction for the two node icons is used for indicating that communication connection is established for the two virtual network nodes corresponding to the two node icons. The connection instruction can be triggered by a manager, and the manager can trigger the connection instruction through operations such as click operation, sliding operation, voice operation, gesture operation and motion sensing operation. The administrator can establish communication connection for the plurality of virtual network nodes by triggering the connection command a plurality of times.
Because the network topology of the simulation network is configured in the network topology configuration interface, the attributes of the virtual network nodes corresponding to all the node icons in the network topology configuration interface can be configured and the communication connection between the virtual network nodes can be established according to the attribute information and the connection information of all the node icons in the network topology configuration interface, so that the configuration of the communication relation between the virtual network nodes corresponding to all the node icons in the network topology configuration interface can be completed, and the simulation network for simulating the network system can be obtained.
Notably, the above step 202 can be implemented by the visualization networking engine 102 shown in the embodiment of fig. 1 above. Of course, the step 202 may also be implemented by other modules, which is not limited in this embodiment of the application.
Step 203: the simulation network is run.
After the simulation network is established, the simulation network can be used to perform network security tests related to the network system.
Optionally, in the process of running the simulation network, if a control instruction for one node icon is detected on the network topology configuration interface, the remote control interface of the virtual network node corresponding to the node icon is displayed.
The control instruction for one node icon is used for instructing the remote control of the virtual network node corresponding to the node icon. The control instruction can be triggered by a manager, and the manager can trigger the control instruction through operations such as click operation, sliding operation, voice operation, gesture operation and motion sensing operation. The administrator can remotely control the plurality of virtual network nodes by triggering the control command a plurality of times.
The remote control interface is an interface for enabling remote control of the one virtual network node. For example, the Remote control interface may be an RDP (Remote Desktop Protocol) interface, a VNC (Virtual Network Console) interface, or the like. The administrator can operate on the remote control interface to remotely control the one virtual network node.
Optionally, in the process of operating the simulation network, the network traffic state in the simulation network and the node state (including but not limited to an operating state, an abnormal state, and the like) of the virtual network node in the simulation network may also be monitored, and then the monitored network traffic state and the monitored node state are displayed on a network topology configuration interface or other interfaces, so that a manager can timely know the operating condition of the simulation network.
Monitoring of the simulation network may be accomplished by the data storage and analysis system 103 shown in the embodiment of FIG. 1 above. Of course, the monitoring of the simulation network may also be implemented by other modules, which is not limited in this embodiment of the application.
It is noted that the embodiment of the present application may run the simulation network when the network security test needs to be performed on the network system. The simulation network can be used to form an application system for performing network security testing of the network system. The application system can be an attack and defense drilling system, a product testing system, a vulnerability mining system, a risk assessment system, an education training system and the like. In this case, when the user uses the application system, the administrator may run the simulation network to implement the corresponding function. For example, if a user starts using the attack and defense drilling system, a drilling request can be sent to the computer device, the computer device can operate the simulation network and input attack data into the simulation network, and then monitoring is performed during the operation of the simulation network and relevant monitoring data is displayed to the user. For another example, if the user starts using the product testing system, the user may send a test request to the computer device, and the computer device may operate the simulation network and input test data to the simulation network, and then monitor and display related monitoring data to the user during the operation of the simulation network.
In the embodiment of the application, according to the network node information in the network system to be simulated, a plurality of virtual network nodes are created by using a plurality of virtual resources, and the plurality of virtual resources comprise a virtual operating system and virtual components. And then, configuring the communication relationship between at least two virtual network nodes in the plurality of virtual network nodes according to the network topology structure of the network system to obtain the simulation network. Finally, the simulation network is run. Since the simulation network is used for simulating the network system, the simulation network can be used for network security testing of the network system.
Fig. 3 is a schematic structural diagram of a network simulation apparatus according to an embodiment of the present application. Referring to fig. 3, the apparatus includes: a creation module 301, a configuration module 302, and an execution module 303.
A creating module 301, configured to create a plurality of virtual network nodes using a plurality of virtual resources according to network node information in a network system to be simulated, where the plurality of virtual resources include a virtual operating system and a virtual component;
a configuration module 302, configured to configure a communication relationship between at least two virtual network nodes in the plurality of virtual network nodes according to a network topology structure of the network system, so as to obtain a simulation network;
and the running module 303 is used for running the simulation network.
Optionally, the network node information includes a resource identifier and a resource attribute of the network node, and the creating module 301 is configured to:
receiving a resource application instruction, wherein the resource application instruction carries a resource identifier and a resource attribute of a network node in the network system;
acquiring corresponding virtual resources from a resource pool according to the resource identifier of the network node;
and configuring the obtained virtual resource according to the resource attribute of the network node to obtain a virtual network node.
Optionally, the configuration module 302 is configured to:
displaying a network topology configuration interface;
displaying a node icon of each of at least two of the plurality of virtual network nodes on a network topology configuration interface;
and configuring the communication relation among the virtual network nodes corresponding to all the node icons in the network topology configuration interface to obtain the simulation network.
Optionally, the configuration module 302 is configured to:
if a network node adding instruction is detected on a network topology configuration interface, displaying a node icon of each virtual network node in the plurality of virtual network nodes;
if a selection instruction aiming at the displayed at least two node icons is detected, displaying the at least two node icons on a network topology configuration interface;
the configuration module 302 is configured to:
if an attribute setting instruction for one node icon is detected on a network topology configuration interface, adding corresponding attribute information for the node icon;
if a connection instruction aiming at two node icons is detected on a network topology configuration interface, adding corresponding connection information for the two node icons;
and configuring the communication relation between the virtual network nodes corresponding to all the node icons in the network topology configuration interface according to the attribute information and the connection information of all the node icons in the network topology configuration interface to obtain the simulation network.
Optionally, the apparatus further comprises:
monitoring a network flow state in the simulation network and a node state of a virtual network node in the simulation network in the process of operating the simulation network;
and displaying the monitored network flow state and the monitored node state on a network topology configuration interface.
Optionally, the apparatus further comprises:
in the process of running the simulation network, if a control instruction aiming at one node icon is detected on a network topology configuration interface, a remote control interface of a virtual network node corresponding to the node icon is displayed.
Optionally, the network system is a network system of a key information infrastructure.
In the embodiment of the application, according to the network node information in the network system to be simulated, a plurality of virtual network nodes are created by using a plurality of virtual resources, and the plurality of virtual resources comprise a virtual operating system and virtual components. And then, configuring the communication relationship between at least two virtual network nodes in the plurality of virtual network nodes according to the network topology structure of the network system to obtain the simulation network. Finally, the simulation network is run. Since the simulation network is used for simulating the network system, the simulation network can be used for network security testing of the network system.
It should be noted that: in the network simulation apparatus provided in the foregoing embodiment, only the division of the functional modules is illustrated in the example, and in practical applications, the function distribution may be completed by different functional modules according to needs, that is, the internal structure of the apparatus is divided into different functional modules to complete all or part of the functions described above.
Each functional unit and module in the above embodiments may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit, and the integrated unit may be implemented in a form of hardware, or in a form of software functional unit. In addition, specific names of the functional units and modules are only for convenience of distinguishing from each other, and are not used to limit the protection scope of the embodiments of the present application.
The network simulation apparatus and the network simulation method provided in the above embodiments belong to the same concept, and the specific working processes and technical effects brought by the units and modules in the above embodiments can be referred to the method embodiments, and are not described herein again.
Fig. 4 is a schematic structural diagram of a computer device according to an embodiment of the present application. As shown in fig. 4, the computer device 4 includes: a processor 40, a memory 41 and a computer program 42 stored in the memory 41 and executable on the processor 40, the steps in the network simulation method in the above embodiments being implemented when the computer program 42 is executed by the processor 40.
The computer device 4 may be a general purpose computer device or a special purpose computer device. In a specific implementation, the computer device 4 may be a desktop computer, a laptop computer, a network server, a palmtop computer, a mobile phone, a tablet computer, a wireless terminal device, a communication device, or an embedded device, and the embodiment of the present application does not limit the type of the computer device 4. Those skilled in the art will appreciate that fig. 4 is merely an example of the computer device 4 and does not constitute a limitation of the computer device 4, and may include more or less components than those shown, or combine certain components, or different components, such as input output devices, network access devices, etc.
The Processor 40 may be a Central Processing Unit (CPU), and the Processor 40 may also be other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic, discrete hardware components, etc. A general purpose processor may be a microprocessor or any conventional processor.
An embodiment of the present application further provides a computer device, where the computer device includes: at least one processor, a memory, and a computer program stored in the memory and executable on the at least one processor, the processor implementing the steps of any of the various method embodiments described above when executing the computer program.
The embodiments of the present application also provide a computer-readable storage medium, where a computer program is stored, and when the computer program is executed by a processor, the steps in the above-mentioned method embodiments can be implemented.
The embodiments of the present application provide a computer program product, which when run on a computer causes the computer to perform the steps of the above-described method embodiments.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, all or part of the processes in the above method embodiments may be implemented by a computer program, which may be stored in a computer readable storage medium and used by a processor to implement the steps of the above method embodiments. Wherein the computer program comprises computer program code, which may be in the form of source code, object code, an executable file or some intermediate form, etc. The computer readable medium may include at least: any entity or apparatus capable of carrying computer program code to a photographing apparatus/terminal device, a recording medium, computer Memory, ROM (Read-Only Memory), RAM (Random Access Memory), CD-ROM (Compact Disc Read-Only Memory), magnetic tape, floppy disk, optical data storage device, etc. The computer-readable storage medium referred to herein may be a non-volatile storage medium, in other words, a non-transitory storage medium.
It should be understood that all or part of the steps for implementing the above embodiments may be implemented by software, hardware, firmware or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. The computer instructions may be stored in the computer-readable storage medium described above.
In the above embodiments, the descriptions of the respective embodiments have respective emphasis, and reference may be made to the related descriptions of other embodiments for parts that are not described or illustrated in a certain embodiment.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus/computer device and method may be implemented in other ways. For example, the above-described apparatus/computer device embodiments are merely illustrative, and for example, a module or a unit may be divided into only one logical function, and may be implemented in other ways, for example, multiple units or components may be combined or integrated into another system, or some features may be omitted, or not implemented. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
Units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications and substitutions do not substantially depart from the spirit and scope of the embodiments of the present application and are intended to be included within the scope of the present application.
Claims (10)
1. A method for network simulation, the method comprising:
according to network node information in a network system to be simulated, a plurality of virtual network nodes are created by using a plurality of virtual resources, and the plurality of virtual resources comprise virtual operating systems and virtual components;
configuring a communication relationship between at least two virtual network nodes in the plurality of virtual network nodes according to a network topology structure of the network system to obtain a simulation network;
and operating the simulation network.
2. The method of claim 1, wherein the network node information includes resource identification and resource attributes of the network node, and wherein creating a plurality of virtual network nodes using a plurality of virtual resources based on the network node information in the network system to be simulated comprises:
receiving a resource application instruction, wherein the resource application instruction carries a resource identifier and a resource attribute of a network node in the network system;
acquiring a corresponding virtual resource from a resource pool according to the resource identifier of the network node;
and configuring the obtained virtual resource according to the resource attribute of the network node to obtain a virtual network node.
3. The method of claim 1, wherein configuring the communication relationship between at least two of the plurality of virtual network nodes to obtain a simulated network according to the network topology of the network system comprises:
displaying a network topology configuration interface;
displaying a node icon for each of at least two of the plurality of virtual network nodes on the network topology configuration interface;
and configuring the communication relations among the virtual network nodes corresponding to all the node icons in the network topology configuration interface to obtain the simulation network.
4. The method of claim 3, wherein said displaying a node icon for each of at least two of the plurality of virtual network nodes in the network topology configuration interface comprises:
if a network node adding instruction is detected on the network topology configuration interface, displaying a node icon of each virtual network node in the plurality of virtual network nodes;
if a selection instruction aiming at the displayed at least two node icons is detected, displaying the at least two node icons on the network topology configuration interface;
the configuring the communication relationship among the virtual network nodes corresponding to all the node icons in the network topology configuration interface to obtain the simulation network comprises:
if an attribute setting instruction for one node icon is detected on the network topology configuration interface, adding corresponding attribute information for the node icon;
if a connection instruction aiming at two node icons is detected on the network topology configuration interface, adding corresponding connection information for the two node icons;
and configuring the communication relationship among the virtual network nodes corresponding to all the node icons in the network topology configuration interface according to the attribute information and the connection information of all the node icons in the network topology configuration interface to obtain the simulation network.
5. The method of claim 4, wherein the method further comprises:
monitoring a network flow state in the simulation network and a node state of a virtual network node in the simulation network in the process of operating the simulation network;
and displaying the monitored network flow state and the monitored node state on the network topology configuration interface.
6. The method of claim 4, wherein the method further comprises:
in the process of operating the simulation network, if a control instruction for one node icon is detected on the network topology configuration interface, displaying a remote control interface of the virtual network node corresponding to the node icon.
7. The method of any of claims 1-6, wherein the network system is a critical information infrastructure network system.
8. A network emulation device, comprising:
the system comprises a creating module, a simulation module and a simulation module, wherein the creating module is used for creating a plurality of virtual network nodes by using a plurality of virtual resources according to network node information in a network system to be simulated, and the virtual resources comprise a virtual operating system and virtual components;
the configuration module is used for configuring the communication relationship between at least two virtual network nodes in the plurality of virtual network nodes according to the network topology structure of the network system to obtain a simulation network;
and the operation module is used for operating the simulation network.
9. A computer device, characterized in that the computer device comprises a memory, a processor and a computer program stored in the memory and executable on the processor, which computer program, when executed by the processor, implements the method according to any of claims 1 to 7.
10. A computer-readable storage medium, characterized in that the computer-readable storage medium stores a computer program which, when executed by a processor, implements the method of any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110215453.6A CN113037545A (en) | 2021-02-26 | 2021-02-26 | Network simulation method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110215453.6A CN113037545A (en) | 2021-02-26 | 2021-02-26 | Network simulation method, device, equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113037545A true CN113037545A (en) | 2021-06-25 |
Family
ID=76461587
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110215453.6A Pending CN113037545A (en) | 2021-02-26 | 2021-02-26 | Network simulation method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113037545A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113411221A (en) * | 2021-06-30 | 2021-09-17 | 中国南方电网有限责任公司 | Power communication network fault simulation verification method, device, equipment and storage medium |
| CN113452567A (en) * | 2021-07-08 | 2021-09-28 | 安天科技集团股份有限公司 | Networking method and device, computing equipment and storage medium |
| CN113742083A (en) * | 2021-09-13 | 2021-12-03 | 京东科技信息技术有限公司 | Scheduling simulation method and device, computer equipment and storage medium |
| CN114629800A (en) * | 2022-02-09 | 2022-06-14 | 烽台科技(北京)有限公司 | Visual generation method, device, terminal and storage medium for industrial control network target range |
| CN115051927A (en) * | 2022-07-01 | 2022-09-13 | 中国信息通信研究院 | Data network development method and system |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101925102A (en) * | 2010-06-08 | 2010-12-22 | 中国人民解放军理工大学 | Wireless network topology simulation method adopting Ethernet promiscuous mode |
| US20180046486A1 (en) * | 2016-08-10 | 2018-02-15 | American Megatrends, Inc. | Cloud based platform simulation for management controller development |
| CN109039703A (en) * | 2018-06-27 | 2018-12-18 | 中国科学院信息工程研究所 | The method and system of business scenario network rapid build under a kind of complex network simulated environment |
| CN110876155A (en) * | 2018-08-31 | 2020-03-10 | 阿里巴巴集团控股有限公司 | Simulation system and method for wireless mesh network |
| CN112311606A (en) * | 2020-11-12 | 2021-02-02 | 中国科学院计算技术研究所 | Method for constructing virtual-real decoupling simulation network |
-
2021
- 2021-02-26 CN CN202110215453.6A patent/CN113037545A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101925102A (en) * | 2010-06-08 | 2010-12-22 | 中国人民解放军理工大学 | Wireless network topology simulation method adopting Ethernet promiscuous mode |
| US20180046486A1 (en) * | 2016-08-10 | 2018-02-15 | American Megatrends, Inc. | Cloud based platform simulation for management controller development |
| CN109039703A (en) * | 2018-06-27 | 2018-12-18 | 中国科学院信息工程研究所 | The method and system of business scenario network rapid build under a kind of complex network simulated environment |
| CN110876155A (en) * | 2018-08-31 | 2020-03-10 | 阿里巴巴集团控股有限公司 | Simulation system and method for wireless mesh network |
| CN112311606A (en) * | 2020-11-12 | 2021-02-02 | 中国科学院计算技术研究所 | Method for constructing virtual-real decoupling simulation network |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113411221A (en) * | 2021-06-30 | 2021-09-17 | 中国南方电网有限责任公司 | Power communication network fault simulation verification method, device, equipment and storage medium |
| CN113452567A (en) * | 2021-07-08 | 2021-09-28 | 安天科技集团股份有限公司 | Networking method and device, computing equipment and storage medium |
| CN113452567B (en) * | 2021-07-08 | 2022-08-23 | 安天科技集团股份有限公司 | Networking method and device, computing equipment and storage medium |
| CN113742083A (en) * | 2021-09-13 | 2021-12-03 | 京东科技信息技术有限公司 | Scheduling simulation method and device, computer equipment and storage medium |
| CN114629800A (en) * | 2022-02-09 | 2022-06-14 | 烽台科技(北京)有限公司 | Visual generation method, device, terminal and storage medium for industrial control network target range |
| CN114629800B (en) * | 2022-02-09 | 2024-03-15 | 烽台科技(北京)有限公司 | Visual generation method, device, terminal and storage medium for industrial control network target range |
| CN115051927A (en) * | 2022-07-01 | 2022-09-13 | 中国信息通信研究院 | Data network development method and system |
| CN115051927B (en) * | 2022-07-01 | 2023-09-19 | 中国信息通信研究院 | Data network development method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109802852B (en) | Method and system for constructing network simulation topology applied to network target range | |
| CN113037545A (en) | Network simulation method, device, equipment and storage medium | |
| US10063427B1 (en) | Visualizing and interacting with resources of an infrastructure provisioned in a network | |
| CN110233742B (en) | Group establishing method, system, terminal and server | |
| CN111181801A (en) | Node cluster testing method and device, electronic equipment and storage medium | |
| WO2021203979A1 (en) | Operation and maintenance processing method and apparatus, and computer device | |
| US20230403215A1 (en) | Systems and methods of monitoring and controlling remote assets | |
| US20170070401A1 (en) | Network element diagnostic evaluation | |
| US10956131B2 (en) | Separation of user interface logic from user interface presentation by using a protocol | |
| JP2022033685A (en) | Method, apparatus, electronic device, computer readable storage medium and computer program for determining robustness | |
| CN113268260A (en) | Routing method and device for web front end | |
| CN114584354A (en) | Construction method and system of network security practical training platform | |
| CN108885686B (en) | Cloud-based active debugging system for video analysis | |
| CN112235300B (en) | Cloud virtual network vulnerability detection method, system, device and electronic equipment | |
| CN104160389A (en) | Dynamic user interface aggregation through smart eventing with non-instantiated content | |
| CN109792617B (en) | Application resiliency system for applications deployed on a platform and method thereof | |
| US10135728B2 (en) | Partial switching of network traffic | |
| CN115793911A (en) | Data processing method and device, electronic equipment and storage medium | |
| CN114417633A (en) | Network shooting range scene construction method and system based on parallel simulation six-tuple | |
| CN111813407A (en) | Game development method, game running device and electronic equipment | |
| Zheng et al. | Modelling and analysis of UPnP AV media player system based on Petri nets | |
| US10305733B1 (en) | Defining software infrastructure using a physical model | |
| CN109756393A (en) | Information processing method, system, medium and calculating equipment | |
| Manione | User centered integration of Internet of Things devices | |
| Santillán-Lima et al. | Diagnostic previous to the design of a network of medium-sized university campuses: an improvement to the methodology of Santillán-Lima |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210625 |