CN113496638B - Network security training system and method - Google Patents

Network security training system and method Download PDF

Info

Publication number
CN113496638B
CN113496638B CN202110784516.XA CN202110784516A CN113496638B CN 113496638 B CN113496638 B CN 113496638B CN 202110784516 A CN202110784516 A CN 202110784516A CN 113496638 B CN113496638 B CN 113496638B
Authority
CN
China
Prior art keywords
training
network
module
function
submodule
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110784516.XA
Other languages
Chinese (zh)
Other versions
CN113496638A (en
Inventor
李强
史帅
尚程
王杰
杨满智
蔡琳
梁彧
田野
金红
陈晓光
傅强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Eversec Beijing Technology Co Ltd
Original Assignee
Eversec Beijing Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Eversec Beijing Technology Co Ltd filed Critical Eversec Beijing Technology Co Ltd
Priority to CN202110784516.XA priority Critical patent/CN113496638B/en
Publication of CN113496638A publication Critical patent/CN113496638A/en
Application granted granted Critical
Publication of CN113496638B publication Critical patent/CN113496638B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G09EDUCATION; CRYPTOGRAPHY; DISPLAY; ADVERTISING; SEALS
    • G09BEDUCATIONAL OR DEMONSTRATION APPLIANCES; APPLIANCES FOR TEACHING, OR COMMUNICATING WITH, THE BLIND, DEAF OR MUTE; MODELS; PLANETARIA; GLOBES; MAPS; DIAGRAMS
    • G09B19/00Teaching not covered by other main groups of this subclass
    • G09B19/0053Computers, e.g. programming

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Computer Hardware Design (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Physics & Mathematics (AREA)
  • Educational Administration (AREA)
  • Educational Technology (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Computer And Data Communications (AREA)

Abstract

The embodiment of the invention discloses a network security training system and a method, wherein the system comprises: the user interaction module is used for displaying a system login interface, receiving authorization information of a target user based on the system login interface, displaying a visual function selection interface corresponding to the authorization information, receiving a function request which is initiated by the target user based on the visual function selection interface and corresponds to the function response module, and sending the function request to the function response module; and the function response module is used for receiving the function request and responding to the function request, wherein the function response module comprises at least one of a knowledge training module, a defense service training module and a training management module. By the technical scheme of the embodiment of the invention, the attack and defense scene is constructed according to the requirement, the theoretical learning and the actual combat training are combined, and the effect of network safety training is improved.

Description

Network security training system and method
Technical Field
The embodiment of the invention relates to the technical field of network security, in particular to a network security training system and a network security training method.
Background
In modern society, the application of the internet relates to aspects of work and life, so network security is also receiving more attention, and the development of network security talents capable of defending and resisting attacks such as computer viruses and hackers has become an urgent task for network security professionals.
The network security training system is a system for training network security maintenance personnel. At present, a plurality of excellent network security attack and defense platforms are developed at home and abroad, and network security talents can be trained in a targeted manner through actual drilling operation.
However, the existing network security training system can only select a preset attack and defense environment to practice and exercise, and cannot customize the attack and defense environment to adapt to the user requirements. Moreover, the existing network security training system can train theoretical knowledge, however, a network security attack and defense actual combat training case is lacked, so that the trainees are difficult to combine theoretical learning with experimental operation, and the training effect of the trainees is influenced.
Disclosure of Invention
The embodiment of the invention provides a network security training system and a network security training method, which are used for constructing an attack and defense scene according to requirements, combining theoretical learning with actual combat training and improving the network security training effect.
In a first aspect, an embodiment of the present invention provides a network security training system, where the system includes:
the system comprises a user interaction module, a function response module and a display module, wherein the user interaction module is used for displaying a system login interface, receiving authorization information of a target user based on the system login interface, displaying a visual function selection interface corresponding to the authorization information, receiving a function request corresponding to the function response module initiated by the target user based on the visual function selection interface, and sending the function request to the function response module;
and the function response module is used for receiving the function request and responding to the function request, wherein the function response module comprises at least one of a knowledge training module, a defense service training module and a training management module.
In a second aspect, an embodiment of the present invention further provides a network security training method, where the method includes:
displaying a system login interface based on a user interaction module, receiving authorization information of a target user based on the system login interface, displaying a visual function selection interface corresponding to the authorization information, receiving a function request initiated by the target user based on the visual function selection interface and corresponding to a function response module, and sending the function request to the function response module;
and receiving the function request based on a function response module, and responding to the function request, wherein the function response module comprises at least one of a knowledge training module, a defense business training module and a training management module.
In a third aspect, an embodiment of the present invention further provides an electronic device, where the electronic device includes:
one or more processors;
a storage device for storing one or more programs,
when the one or more programs are executed by the one or more processors, the one or more processors implement the network security training method according to any of the embodiments of the present invention.
In a fourth aspect, an embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the network security training method according to any one of the embodiments of the present invention.
According to the technical scheme, the system login interface is displayed through the user interaction module, the authorization information of the target user is received based on the system login interface, the visual function selection interface corresponding to the authorization information is displayed, the function request corresponding to the function response module is initiated by the target user based on the visual function selection interface and is sent to the function response module, the function request is received through the function response module, and the function request is responded, wherein the function response module comprises at least one of the knowledge training module, the defense service training module and the training management module, the problems that an existing network safety training system cannot carry out practical training on theoretical knowledge and is difficult to combine theoretical learning with experimental operation are solved, the attack and defense scene is built according to requirements, the theoretical learning and actual combat training are combined, and the effect of network safety training is improved.
Drawings
In order to more clearly illustrate the technical solutions of the exemplary embodiments of the present invention, a brief description is given below of the drawings used in describing the embodiments. It should be clear that the described figures are only views of some of the embodiments of the invention to be described, not all, and that for a person skilled in the art, other figures can be derived from these figures without inventive effort.
Fig. 1 is a schematic structural diagram of a network security training system according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of a first network security training system according to a second embodiment of the present invention;
fig. 3 is a schematic structural diagram of a second network security training system according to a second embodiment of the present invention;
fig. 4 is a schematic structural diagram of a third network security training system according to a second embodiment of the present invention;
fig. 5 is a schematic structural diagram of a fourth network security training system according to a second embodiment of the present invention;
fig. 6 is a schematic structural diagram of a fifth network security training system according to a second embodiment of the present invention;
fig. 7 is a system architecture diagram of a network security training system according to a third embodiment of the present invention;
fig. 8 is a schematic structural diagram of a network security training system according to a third embodiment of the present invention;
fig. 9 is a flowchart illustrating a network security training method for a trained user according to a third embodiment of the present invention;
fig. 10 is a schematic flowchart of a method for training network security of a task director user according to a third embodiment of the present invention;
fig. 11 is a flowchart illustrating a network security training method for a system management user according to a third embodiment of the present invention;
fig. 12 is a schematic flowchart of network security training according to a fourth embodiment of the present invention;
fig. 13 is a schematic structural diagram of an electronic device according to a fifth embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be further noted that, for the convenience of description, only some structures related to the present invention are shown in the drawings, not all of them.
Example one
Fig. 1 is a schematic structural diagram of a network security training system according to an embodiment of the present invention, where the embodiment is applicable to a situation of performing theory and practice learning on network security learners, and the system may be implemented in the form of software and/or hardware, where the hardware may be an electronic device, and optionally, the electronic device may be a PC terminal, and the like.
The network security training system as described in fig. 1, comprising: the system comprises a user interaction module 1 and a function response module 2;
the user interaction module 1 is used for displaying a system login interface, receiving authorization information of a target user based on the system login interface, displaying a visual function selection interface corresponding to the authorization information, receiving a function request corresponding to the function response module 2 initiated by the target user based on the visual function selection interface, and sending the function request to the function response module 2; and the function response module 2 is used for receiving the function request and responding to the function request, wherein the function response module 2 comprises at least one of a knowledge training module, a defense service training module and a training management module.
The user interaction module 1 is used for displaying a system login interface, receiving authorization information of a target user based on the system login interface, displaying a visual function selection interface corresponding to the authorization information, receiving a function request initiated by the target user based on the visual function selection interface and corresponding to the function response module 2, and sending the function request to the function response module 2.
The system login interface may be an interface provided for the target user to log in the network security training system, and optionally, the interface may be a web interface or the like. The target users may be individual users who are able to use the network security training system, for example: the target user has an account number, a password and the like for logging in the network security training system. The authorization information may be information that the target user authorizes to the network security training system, such as: user name, password, name, age, school number, etc. The visual function selection interface can be a visual operation interface displayed by target users of different user types after logging in the network security training system, and the network security training system can be used through the visual function selection interface. The function request may be a code or instruction generated to complete a certain function or several functions, etc. through function triggering on the visual function selection interface.
Specifically, based on the user interaction module 1, a system login interface may be displayed, a control for receiving a user name and a password input by a target user may be displayed on the system login interface, and the control may also be a control for logging in the network security training system by receiving human body biological information. When the user interaction module 1 receives authorization information of a target user based on the system login interface, whether the target user can log in the network security system or not can be judged, if the target user can log in the system, a visual function selection interface corresponding to the target user can be determined according to the authorization information, and the visual function selection interface is displayed to the target user based on the user interaction module 1, so that the target user can select functions. When the target user triggers the control on the visual function selection interface, a function request can be generated and sent to the function response module 2 corresponding to the function request, so that the function response module 2 can respond to the function request and execute the corresponding function.
It should be noted that the target user may be a trained user, a task director user or an administrator user, and different visual function selection interfaces may be displayed for different target users. Illustratively, a visual function selection interface for network security training is displayed for the trained user, a visual function selection interface for course distribution, task distribution and the like for each trained user is displayed for the task command user, and a visual function selection interface for course management, training environment, user information and the like is displayed for the management user. The target user may also be other different types of users, and is not specifically limited in this embodiment.
And the function response module 2 is used for receiving the function request and responding to the function request, wherein the function response module 2 comprises at least one of a knowledge training module, a defense service training module and a training management module.
The knowledge training module can be a module for providing functions such as theoretical knowledge training. The defense business training module can be a module for providing functions of constructing a practical training environment and the like. The training management module can be a module for providing functions of organizing and evaluating training tasks and the like.
Specifically, the function response module 2 may receive the function request sent by the user interaction module 1, analyze the function request, and respond to the function request to meet the function requirement of the target user.
According to the technical scheme, the system login interface is displayed through the user interaction module, the authorization information of the target user is received based on the system login interface, the visual function selection interface corresponding to the authorization information is displayed, the function request corresponding to the function response module is initiated by the target user based on the visual function selection interface and is sent to the function response module, the function request is received through the function response module, and the function request is responded, wherein the function response module comprises at least one of a knowledge training module, a defense service training module and a training management module, the problems that an existing network safety training system cannot carry out practical training on theoretical knowledge and is difficult to combine theoretical learning with experimental operation are solved, the attack and defense scene is built according to requirements, the theoretical learning and actual combat training are combined, and the effect of network safety training is improved.
Example two
Fig. 2 is a schematic structural diagram of a first network security training system according to a second embodiment of the present invention, wherein explanations of terms that are the same as or correspond to the above-mentioned embodiments are not repeated herein.
As shown in fig. 2, the function response module 2 includes a knowledge training module 21, wherein the knowledge training module 21 is configured to respond to a function request of a target user for managing and viewing the network security teaching material and the knowledge item base corresponding to the network security teaching material.
The network security teaching material can be text information for providing various knowledge related to network security. The knowledge question bank can be a database used for storing training questions for theoretical knowledge assessment.
Specifically, when the target user wants to check the network security teaching materials for learning and check the test questions in the knowledge item base, the user interaction module 1 may send a function request for checking the network security teaching materials and/or checking the knowledge item base, and when the knowledge training module 21 receives the function request, the user interaction module responds to feed back the network security teaching materials and/or the knowledge item base that the target user wants to check, so as to display the network security teaching materials and/or the knowledge item base on the display screen for the target user to check. When the target user wants to manage the network security teaching materials and/or the knowledge item base, the user interaction module 1 may send a function request that the user interaction module 1 may send to manage the network security teaching materials and/or the knowledge item base, and when the knowledge training module 21 receives the function request, respond so that the target user can manage the network security teaching materials and/or the knowledge item base.
Optionally, fig. 3 is a schematic structural diagram of a second network security training system according to a second embodiment of the present invention, as shown in fig. 3, the knowledge training module 21 includes a network security teaching material sub-module 211, an item bank and assessment sub-module 212, and a personal learning management sub-module 213, and the target users include task directing users and trained users.
The network security teaching material sub-module 211 is configured to respond to a function request of a target user for performing a management operation or a viewing operation on the network security teaching material, where the management operation includes at least one of an entry operation, an editing operation, a retrieval operation, and a deletion operation on the network security teaching material.
Specifically, when the network security textbook sub-module 211 receives a function request of a target user for performing a management operation or a view operation on the network security textbook, a corresponding response may be made so that the target user can complete the management operation or the view operation, for example: and checking, inputting, editing, retrieving, deleting and the like the network security teaching material.
It should be noted that the trained user can learn the related content online by means of a browser. The network security teaching material sub-module 211 mainly implements the storage and management functions of the basic knowledge teaching material, and may be used to maintain the network security teaching material of the system, and may include: network space defense technology, network space situation theory, social engineering, network cryptography, host security technology, virus attack and defense technology and the like. The network security teaching material sub-module 211 can also provide the functions of inputting, editing, retrieving, deleting and the like of the teaching material contents.
The question bank and examination sub-module 212 is used for responding to the management of examination questions by the target users, distributing the examination questions to each network security teaching material in the network security teaching material sub-module 211, forming examination paper, and performing examination and/or displaying function requests of examination result statistical information of the examination paper according to the examination paper.
The examination questions can be questions in a knowledge question bank, and also can be questions uploaded by task commanding users, and the like. The examination paper can be used for verifying theoretical learning effect generated aiming at different network security teaching materials. The assessment result statistical information can comprise information obtained by statistics of assessment results, wrong question analysis, score distribution proportion and the like of all trained users.
Specifically, when the question bank and examination sub-module 212 receives a function request for editing or distributing the examination questions and/or examination papers by the target user, a corresponding response can be made so that the target user can edit the examination questions and/or examination papers and distribute the edited examination questions and/or examination papers to the trained users participating in the examination.
Optionally, the question bank and assessment sub-module 212 may also respond to a function request of the target user for querying the personal learning status.
Illustratively, the function request of the trainee user for inquiring the contents of the learning subjects, the learning time, the learning duration and the like can be responded.
And the personal learning management submodule 213 is used for responding to the account information of the task command user to the trained user, and distributing the function requests of checking and managing the teaching material information and the assessment result statistical information.
The account information may be the level information of the trained user, learning direction information, and the like. The distributed teaching material information can be the teaching material information which is learned, is learning and is about to be learned by the trained user, and can comprise information such as learning progress.
Specifically, the task director user can check and manage the account information of each trained user through the information fed back by the personal learning management sub-module 213, and distribute the teaching material information and the evaluation result statistical information, so that the task director user can monitor and manage the learning state of each trained user.
As illustrated in fig. 2, the functional response module includes a defense business training module 22; the defense service training module 22 is configured to respond to a function request of a target user for constructing a network threat scenario, so as to simulate a network attack and a network threat behavior and record the behavior.
The network threat scenario may be a network scenario constructed according to network security training requirements.
Specifically, the defense service training module 22 may respond to a function request of a target user for constructing a network threat scenario, and construct a network scenario matched with a training requirement according to the training requirement of the target user, so as to provide the target user with practical training.
Optionally, fig. 4 is a schematic structural diagram of a third network security training system provided in the second embodiment of the present invention, and as shown in fig. 4, the defense service training module 22 includes at least one of a network training environment building sub-module 221, a network attack process simulation sub-module 222, a network threat behavior building sub-module 223, and a network threat behavior recording sub-module 224.
The network training environment constructing sub-module 221 is configured to respond to a function request of a target user for dynamically constructing a training environment according to preset network security training requirements.
The network security training requirements may include setting requirements for hosts, routes, servers, topology, and the like. The training environment may be a virtual network environment for practicing learning and testing.
Specifically, the target user may preset each network security training requirement, and when the network training environment constructing sub-module 221 receives the function request for constructing the network threat scene, the training environment may be dynamically constructed according to each preset network security training requirement.
It should be noted that the frequently used training environment may be used as a training environment template and stored in the network training environment construction sub-module 221, so as to avoid repeated construction for the same training environment.
And the network attack process simulation submodule 222 is used for responding to a function request of simulating and generating attack simulation threat flow in the training environment by the target user.
Wherein the attack simulation threat traffic may be threat traffic generated according to a simulation network attack process.
Specifically, for a training environment selected by the target user and a function request for generating the attack simulation threat traffic in the training environment by simulation, the network attack process simulation submodule 222 may obtain the training environment selected by the target user and generate the attack simulation threat traffic in the training environment according to the simulation attack process required by the target user for subsequent training.
And the network threat behavior construction submodule 223 is configured to respond to a network threat behavior simulated by the target user in the training environment, and generate a function request of behavior simulation threat traffic according to the network threat behavior.
Wherein the network threat behavior comprises network information threat behavior and/or network device threat behavior. The behavior modeling threat traffic may be threat traffic generated from cyber threat behaviors.
Specifically, for the target user to generate the function request of the behavior simulation threat traffic, the cyber threat behavior constructing sub-module 223 may construct the behavior simulation threat traffic corresponding to the cyber threat behavior in the training environment according to the training environment selected by the target user and the cyber threat behavior, so as to be used for the subsequent training.
It should be noted that the training environment used in the network training environment constructing sub-module 221 and the network attack process simulating sub-module 222 may be a training environment constructed by the network training environment constructing sub-module 221, or may be a training environment built in the network security training system, which is not specifically limited in this embodiment.
And the cyber threat behavior recording submodule 224 is used for responding to a functional request of the target user for collecting, detecting, tracing and/or recording the cyber threat flow in real time.
The network threat traffic may be network traffic in the training environment at the current time, and may include uplink traffic, downlink traffic, and the like.
Specifically, when at least one of the function requests of the target user for collecting, detecting, tracing and recording the cyber threat traffic in real time is received, the cyber threat behavior-based recording submodule 224 may respond to the function request accordingly. For example: for the network threat traffic collection request, the network threat behavior recording submodule 224 may collect the network traffic in the training environment at the current time; for the detection request of the cyber-threat traffic, the cyber-threat behavior recording submodule 224 may detect the cyber-threat traffic in the training environment at the current time; for the tracing request of the network threat traffic, the network threat behavior recording submodule 224 may trace the source of the network traffic in the training environment at the current moment; for a request to record network threat traffic, the network threat behavior recording sub-module 224 may record network traffic within the training environment at the current time.
As illustrated in fig. 2, the functional response module includes a training management module 23; the target users comprise task commanding users and trained users; the training management module is used for responding to various network threat scenes received by the task commanding user, determining target appraisers from the trained users based on the various network threat scenes, and distributing function requests of target roles to the target appraisers.
The network threat scenario may be a scenario including a training environment and threat traffic, and is used for practical training of defense and attack. The target assessment personnel can be the personnel needing to participate in the assessment in the trained users, and can be the trained users selected by the task commanding users. The target role may be a role of the target examiner in practical training, for example: attack roles, defense roles, and the like, and may also include policies, targets, and the like.
Specifically, the training management module 23 may respond to a function request for constructing and distributing practice training by a task director user. When the training management module 23 receives the function request received by the task commanding user, it may select a network threat scenario meeting the current training requirement, and select the trained user participating in training as the target assessment personnel according to the selected network threat scenario. Furthermore, a target role can be distributed to each target appraiser, so that the target appraisers can determine the attack and defense tasks of the target appraisers.
Optionally, fig. 5 is a schematic structural diagram of a fourth network security training system provided in the second embodiment of the present invention, and as shown in fig. 5, the training management module 23 includes a training task management sub-module 231 and a training effect evaluation sub-module 232.
The training task management submodule 231 is configured to respond to a function request that a target user generates at least one training task and/or displays a physical resource allocation condition corresponding to each training task according to various network threat scenarios established by the defense service training module 22; and the response task commanding user determines target appraisers corresponding to the training tasks from the trained users and distributes function requests of target roles to the target appraisers.
The training task management submodule 231 includes at least one of an attack and defense training task planning unit, a training scene planning unit, a collaborative training task management unit, and a physical resource visualization management unit. The physical resources may be computing resources, storage resources, network resources, and the like.
Specifically, the training task management sub-module 231 may generate a training task in response to the target user, and display at least one of the function requests of the physical resource allocation condition corresponding to the training task. When the training task management sub-module 231 receives a function request for generating a training task, the constructed cyber-threat scenario may be fed back to the target user for selection. When the training task management sub-module 231 receives the function request for displaying the physical resource allocation condition corresponding to the training task, the physical resource allocation conditions of each entity device and each virtual device may be displayed for the training task, so as to monitor the progress of the training task.
Optionally, the offensive and defensive training task planning unit is configured to respond to a function request of a target user for creating, editing, deleting, and approving each training task.
Optionally, the training scenario planning unit is configured to respond to a function request for adjusting an attack/defense seat, an attack/defense strategy, an attack/defense scenario, and an attack/defense target of each training task by a target user, and/or adjusting a target evaluator, a service scenario, service content, and a service seat of each training task.
Optionally, the collaborative training task management unit is configured to respond to a function request that a response task command user allocates a target role to each target assessment person and associates each target assessment person with each training task.
Optionally, the physical resource visualization management unit is configured to respond to a function request that the target user visually displays the physical resources corresponding to each training task and/or configures, arranges, and/or manages the physical resources.
The training effect evaluation submodule 232 is configured to respond to a function request that a target user acquires evaluation data of each training task and performs training effect evaluation and display on each training task.
The training effect evaluation sub-module 232 includes at least one of an evaluation data acquisition unit, a training effect evaluation unit, and a task evaluation and display unit. The evaluation data may include data related to the completion of the training task, such as: which may include task completion duration, etc.
Specifically, when the training effect evaluation sub-module 232 receives a function request for acquiring the evaluation data of the training task from the target user, the evaluation data of the training task may be fed back to enable the target user to view the evaluation data. When the training effect evaluation sub-module 232 receives a function request of a target user for performing training effect evaluation and display on each training task, statistical analysis can be performed on evaluation data to determine a training evaluation effect, and the training evaluation effect is fed back to be displayed to the target user.
Optionally, the evaluation data acquiring unit is configured to determine, in response to the training task allocated by the target user according to the training task management submodule 231, evaluation data to be acquired, and acquire a function request of the evaluation data to be acquired in a process of executing the training task.
Optionally, the training effect evaluation unit is configured to respond to a target user to obtain data to be evaluated, which is acquired by the evaluation data acquisition unit, input the data to be evaluated into a pre-established effect evaluation model, and determine a function request of a training evaluation result corresponding to a training task.
Optionally, the task evaluation and display unit is configured to respond to a function request that the target user obtains a training evaluation result determined by the training effect evaluation unit and performs statistics and display on the evaluation result.
Optionally, fig. 6 is a schematic structural diagram of a fifth network security training system provided in the second embodiment of the present invention, and as shown in fig. 6, the network security training system further includes a training support module 3.
Wherein the training support module 3 is configured to perform at least one of the following operations:
responding to a function request of a target user for resource allocation and management of the network security training system;
responding to a function request of a target user for constructing and deploying a topological environment and collecting and managing system logs;
and responding to a function request of a target user for monitoring the running states of all virtual machines and all entity equipment in the network security training system.
The topological environment may be a network environment formed by a physical layout of interconnecting various devices by using a transmission medium. The management system log may be a log for recording network security training system operation information.
Specifically, the training support module 3 may respond to a functional request for allocating and managing physical resources and/or virtual resources by a target user, so that the target user can schedule resources required by the network security system. The training support module 3 can respond to the function requests of the target user for connection, deployment and the like of the topological environment so as to construct a network structure capable of being adapted to the network security system. The training support module 3 can respond to the function request of the target user for monitoring the running state of each virtual machine and each entity device, so that the target user can check the current running state in real time, and the problems of faults and the like are avoided.
Optionally, the training support module 3 comprises at least one of the following sub-modules:
and the entity environment construction and management submodule is used for responding to the function requests of constructing and managing entity computing resources, entity storage resources and network entity resources by the target user.
Specifically, through the entity environment construction and management submodule, the target user can perform entity computing resource management, entity storage resource management, network entity resource management and the like.
And the virtual machine resource construction and management submodule is used for responding to a function request of a target user for carrying out virtual machine operation on a virtual machine mirror image of the virtual machine and managing nodes, a remote connection desktop, a network card and/or a disk of the virtual machine.
The virtual machine operation comprises at least one of registration, uploading, viewing, deleting, format conversion and compression operation of the virtual machine image.
Specifically, through the virtual machine resource construction and management submodule, the target user can perform global management on the virtual machine, and the method mainly comprises four functions: the method comprises the following steps of virtual machine node management, virtual machine remote connection desktop management, virtual machine network card management and virtual machine disk management. The target user can also perform operations such as registration, uploading, viewing, deletion, format conversion, compression and the like on the virtual machine image through the virtual machine resource construction and management submodule.
It should be noted that the entity environment construction and management submodule and the virtual machine resource construction and management submodule can provide the construction capability of the network threat environment, and a virtual-real combined network security training environment with a threat attack scene is formed through the entity physical device and the virtual machine resource.
And the training resource dynamic allocation and monitoring submodule is used for responding to allocation of virtual machine resources and network resources by a target user and/or monitoring stock of the virtual machine resources and the network resources, physical network outlet flow and a function request of the virtual network outlet flow.
Specifically, the virtual machine resources and the network resources can be allocated through the training resource dynamic allocation and monitoring submodule to serve as virtual resources of the system, and the system can flexibly expand or reduce the number of virtual machines by allocating the virtual machines. The dynamic resource allocation and monitoring submodule can be used for counting and early warning the resource stock condition, monitoring the outlet flow of the physical network and monitoring the outlet flow of the virtual network by training the resource dynamic allocation and monitoring submodule.
And the network isolation submodule is used for creating network isolation among different networks so as to avoid communication among the different networks.
Specifically, normal communication connection can be performed between different virtual networks in the network security training system. Meanwhile, the network isolation submodule can provide a virtual network isolation function, and can be arranged in a virtual machine, and different created virtual networks are completely isolated from each other, so that the networks are not allowed to directly communicate with each other.
And the multi-topology function combination submodule is used for responding to a function request of combining at least two network topologies of a target user to form the target network topology.
Specifically, the created multiple network topologies can be combined into one network topology through the multi-topology function combining submodule. Optionally, when different network topologies are combined, the edge nodes of the network topologies are connected through the visualized connecting nodes.
And the training environment access sub-module is used for connecting the system login interface to a virtual network environment of the network security training system.
Specifically, the training environment access sub-module enables a target user of the network security training system to be connected to the virtual network environment of the system virtual machine through a network interface to perform simulated network security training. The currently available virtual network environment resources can be displayed according to the authority of the target user after the target user normally logs in.
And the system log management submodule is used for recording, storing, inquiring, exporting and/or deleting the system log.
Specifically, the system log management submodule can record and store log information, query the log information, export the log information and delete the log information.
According to the technical scheme of the embodiment, the function requests of a target user for managing and checking network security teaching materials and a knowledge question bank corresponding to the network security teaching materials are responded by the knowledge training module, the function requests of the target user for constructing a network threat scene are responded by the defense service training module so as to simulate network attack and network threat behaviors and record, the task commanding user is responded by the training management module to receive various network threat scenes, target appraisers are determined from trained users based on various network threat scenes, and the function requests of target roles are distributed to the target appraisers.
EXAMPLE III
Fig. 7 is a system architecture diagram of a network security training system according to a third embodiment of the present invention, as shown in fig. 7, including: the system comprises a basic resource layer, a basic supporting layer, a service supporting layer and a platform application layer.
Optionally, the network security training system may use an Openstack (cloud computing management platform), and provide service support capabilities of multiple service dimensions for training teaching, defense and attack drilling, environment simulation testing, and the like by combining virtualization technologies such as KVM (Keyboard Video Mouse, video Mouse), docker (application container engine), and the like.
The basic resource layer mainly comprises a hardware server, a switch and a large screen display. The basic supporting layer comprises a training supporting module and a core knowledge base. The service support layer comprises a defense service training module, a knowledge training module and a training management module. The platform application layer is mainly a business application management center.
Specifically, the basic support layer mainly comprises a training support module and a core knowledge base, and provides a basic virtual software environment for upper-layer services. The training support module can be used for training environment construction, entity environment resource management, training environment access, multi-topology combination, virtual machine management, virtual machine mirror image resource management, simulation scene retrieval, network topology visualization, resource dynamic allocation, training environment resource state detection, multi-virtual network isolation, system log management and the like. The core knowledge base can comprise: the system comprises a threat generation library, a professional skill teaching material library, an assessment result library, an attack and defense scene library, a Trojan horse virus library, a basic knowledge teaching material library, a training effect evaluation library, a mirror image library, a basic knowledge question library, a leak library, a configuration management library and the like.
The service support layer forms a whole set of support capacity from training, learning, assessing and attacking and defending exercises to assessing through the defense service training module, the knowledge training module and the training management module, and is designed and realized to have threat generation capacity, knowledge learning and assessing capacity and attacking and defending exercise assessing capacity.
Specifically, the defense service training module can be used for known threat characteristic simulation, attack process simulation, threat traffic generation, attack behavior record analysis, PCAP (process feature analysis software package) retention, topology visualization management, environment configuration management, traffic management, simulation environment compatibility management, and the like. The knowledge training module can comprise a training teaching material sub-module (a network security teaching material sub-module) and a question bank and assessment sub-module. The training teaching material submodule is mainly used for basic knowledge teaching material management and training teaching material management. The question bank and examination submodule is mainly used for basic knowledge question bank management, examination paper examination, study condition query, report uploading scoring, examination result statistics and the like. The training management module may include a training task management sub-module and a training effect evaluation sub-module. The training task management submodule is mainly used for offensive and defensive training task planning, collaborative training task management, training scene management, physical resource visualization and the like. The training effect evaluation submodule is mainly used for defense business training effect evaluation, training data acquisition and analysis, task evaluation, evaluation report management and the like.
The platform application layer is composed of a business application management center, is a uniform entrance of a target user, provides display aiming at the overall situation of the platform and the running condition of each module, manages all target user login accounts and authority information in the system, and allows the target user to login a personal center through application management to perform learning training, examination, competition, evaluation and other operations. The situation data in the system can be output to a large screen for large screen display, and data interaction with the large screen is supported. Service usage and access to the system comes primarily from the seating area.
Specifically, the business application management center can be used for overall situation display, threat generation display, training teaching material display, question bank examination display, training task display, training effect evaluation display, user management, application management authority management, system monitoring management and the like.
Fig. 8 is a schematic structural diagram of a network security training system according to a third embodiment of the present invention, as shown in fig. 8, including: the system comprises a knowledge training module, a defense business training module, a training management module and a training support module.
The knowledge training module is a specific business system constructed on the basis of a bottom-layer platform, and provides basic attack and defense training experimental environments for trained users at different levels so as to achieve the purpose of training professional talents and exercise teams. The knowledge training module consists of a training teaching material submodule, a question bank and assessment submodule and a personal learning center submodule.
Wherein, the training teaching material submodule mainly realizes the management content of the basic knowledge teaching material. The question bank and the examination submodule mainly realize the contents of knowledge question bank management, examination grading and the like. The personal learning center submodule is a center for the trained user to log in the system to develop learning, and mainly comprises a personal center and a course selection center, and is used for completing the follow-up of the personal learning condition and the selection of courses in the system.
The training and teaching material sub-module can adopt a B/S architecture design, and a trained user can learn related contents on line in a browser mode and the like. The training teaching material submodule mainly realizes basic knowledge teaching material management functions and the like. Basic knowledge teaching material support function is used for maintaining basic knowledge teaching material in the system, provides and includes: network space defense technology, network space situation theory, social engineering, network cryptography, host security technology, virus attack and defense technology and other types of basic knowledge. The training teaching material management function provides functions of inputting, editing, retrieving, deleting and the like of training teaching material contents, and supports uploading of teaching material accessories, wherein the accessory types comprise pictures, characters, compressed packets and the like.
The question bank and the examination submodule can adopt B/S architecture design, and a trained student can participate in examination on line in a browser mode. The basic knowledge question bank management function is used for maintaining basic knowledge test questions in the system. The system realizes management operations such as addition, deletion, modification, query, uploading and downloading aiming at basic knowledge item libraries and scenes, and supports test item import and export operations. The learning condition query function is a function for providing trained users to query personal learning conditions, and the function supports the content queried by the trained users to comprise the contents of learning subjects, learning time, learning duration and the like; meanwhile, the progress state of the trained task can be inquired and obtained according to the trained task; the examination and answer results of the trained users can be checked according to the examination content of the examination questions.
The personal center comprises personal learning records and personal information management, and the system can record detailed personal learning and practical training records; the method supports the trained user to check and manage the personal learning process data, and also supports the management of the required courses and the personal virtual machine and container.
The defense service training module constructs various network threat flows based on calculation, storage and network resources provided by the support platform, and completes the construction of a training environment according to the requirements of a training task. The defense service training module comprises functions of threat scene construction, attack process simulation generation, threat behavior construction, threat behavior recording and the like. The defense service training module consists of a threat scene construction submodule, an attack process simulation generation submodule, a threat behavior construction submodule and a threat behavior recording submodule.
The threat scene construction submodule can realize dynamic construction of a network environment according to the requirement of a training task and can realize environment construction of web network application; the attack process simulation generation submodule and the threat behavior construction submodule can realize the simulation of network threat behaviors and the generation of threat flow, and can simulate the threat behaviors aiming at the terminal equipment; the threat behavior recording submodule can provide contents such as defense training environment for collecting, monitoring and tracing threat flow.
The training management module is responsible for organizing an actual training task and consists of a training task management submodule and a training effect evaluation submodule.
The training task management submodule mainly achieves the functions of offensive and defensive training task planning, collaborative training task management, training scene planning, physical resource visualization management and the like. The training effect evaluation submodule mainly achieves the functions of evaluation of the training effect of the defense service, evaluation data acquisition, task evaluation and display and the like.
Specifically, the training task management submodule can provide a function of planning an attack and defense training task, support planning of a simulation service scene, and support creation, editing, deletion and approval of the training task. The management function of the training scene mainly comprises the management of the contents of the training attack and defense seat, the attack and defense strategy, the attack and defense scene, the attack and defense target and the like through the training task management submodule, and the management of the training service personnel, the service scene, the service content and the service seat. The training task management sub-module also supports the adjustment of the contents of the offensive and defensive seats, offensive and defensive strategies, offensive and defensive scenes, offensive and defensive targets and the like of the training; and the adjustment of trained service personnel, service scenes, service contents and service seats is supported. The physical resource visualization management function is to perform total visualization presentation on various computing resources, storage resources and network resources of the system, and simultaneously, provide uniform visualization interaction for the operations of configuration, arrangement, management and the like of the physical resources. The cooperative training task management refers to that a system provides a task authority management function, divides different functional authorities according to personnel authorities and supports the association of training tasks and corresponding trained users; according to the function authority, division of labor, retrieval and distribution of the attack and defense training task are supported. The training effect evaluation sub-module can evaluate and analyze the training effect according to various data collected by the evaluation data collection module.
The training support module provides basic technical support, resource content and environment construction for the system, and mainly realizes the functions of constructing and deploying a topological environment, accessing a virtual machine, managing various resources, monitoring the running states of the virtual machine and a physical machine, registering entity equipment, managing units and personnel, collecting and managing system logs and the like. The functions of the training support module include: the method comprises the following functions of training environment construction, entity environment resource management, virtual machine mirror image resource management, resource dynamic allocation, training environment resource state monitoring, multi-virtual network isolation, multi-topology combination, simulation scene retrieval, training environment access and system log management.
Specifically, the training environment construction function provides the system with the construction capability of a network threat environment, and the main purpose is to form a virtual-real combined network security practical training simulation environment with a threat attack scene through physical equipment and virtual machine resources, enable the trained user to perform attack and defense drilling in the environment, and improve the defense level of the trained user through training. The entity environment resource management function mainly comprises 3 parts, including: entity computing resource management, entity storage resource management and network entity resource management. The virtual machine management functions mainly comprise 4 functions, which are respectively as follows: the method comprises the following steps of virtual machine node management, virtual machine remote connection desktop management, virtual machine network card management and virtual machine disk management. And managing network entity resources. The virtual machine mirror image resource management function is mainly used for registering, uploading, checking, deleting, format converting, compressing and the like of the virtual machine mirror image. The object of the dynamic resource allocation function mainly comprises virtual resources and network resources. The dynamic resource allocation function can flexibly expand or reduce the number of virtual machines by configuring the virtual machines. The resource state monitoring function of the training environment can count and early warn the resource stock condition, monitor the outlet flow of the physical network and monitor the outlet flow of the virtual network. Normal communication connections can be made between different virtual networks of the system. The multi-virtual network isolation function can provide virtual network isolation capability, complete network isolation can be set between different virtual networks created in the virtual machine, and the networks are not allowed to directly communicate with each other. The multi-topology combining function may combine the created multiple network topologies into one network topology. Specifically, when different network topologies are combined, the system may connect edge nodes of the network topologies through the visualized connecting nodes. The simulation scene retrieval function can perform accurate query and fuzzy query on the simulation scene through the ip address of the network topology node, the node name, the node operating system, the node host model, the total number of nodes, the network topology name, the network topology using state, the topology scene description, the topology creator, the creation time, the modification time and the like. The training environment access function can enable a target user to be connected to a virtual network environment of a system virtual machine through a web interface to conduct simulated network safety training. Specifically, the target user logs in the system, and after normal login, the system can display currently available virtual network environment resources according to the authority of the user. The system log management functions may include log information recording and saving, log information query, log information export, and log information deletion.
It should be noted that the network security training system implements training environment construction capability, training data acquisition capability, training effect evaluation capability, training situation display capability, training process control capability and platform management capability through a virtual node fast generation technology, a multi-level virtual-real interconnection access arrangement technology, a multi-fusion virtualization platform unified management technology, a training scene strain support technology, a low-loss real-time data acquisition and analysis technology, an elastically programmable dynamic evaluation technology, a multi-dimensional, multi-type comprehensive evaluation technology and a training process real-time control technology, and forms an advanced network security training system to provide data support for network space defense training effect evaluation.
It should be further noted that the network security training system adopts the idea of "componentization", which is the integration of numerous interface protocols and service mechanisms, and the compatibility of the platform can be continuously enriched and improved through collaborative development. The platform is provided with a plurality of plug-and-play components, the components are exquisite, and small software is used for manufacturing a large platform, so that the platform is continuously improved and expanded. The so-called component is a functional unit which is packaged by each soft and hard resource of the system and can be independently issued or interacted, and is a functional entity which can be independently replaced or upgraded. The components can realize the unification of data interaction formats of various heterogeneous physical resources, shield the difference of equipment interfaces and facilitate the interaction of external data.
Fig. 9 is a schematic flowchart of a network security training method for a trained user according to a third embodiment of the present invention, as shown in fig. 9, the method mainly includes:
(1) The method comprises the steps that a trained user firstly logs in a system main interface corresponding to the trained user, of course, a trainer firstly needs to have an account number and a password, and if the trainer forgets the password during logging in, the trainer can click 'forget the password' to reset the password;
(2) The default main interface of the system of the trained user can be all courses of the training course system, and course information can be browsed by clicking a button of any course system in a page;
(3) The trainee user can also select a training center module (the training center module provides a bottom technical support by the personal learning center submodule of the knowledge training module), and after entering the training center module, a corresponding course list can be displayed after selecting an attack and defense seat, and the trainee user can learn training courses. The system automatically records the progress condition of each training course of the trained user, and the training of the system can be continued along the current progress in the next learning;
(4) The trained user selects the actual combat training module to carry out actual combat training (the actual combat training module provides bottom technical support by the training teaching material submodule and the defense business training module of the knowledge training module). The trained user clicks a training task list distributed to the trained user, selects a specific task, completes the task by combining task description, submits a task report after completing training, and waits for evaluation and scoring of the task commanding user;
(5) The trained user selects the examination module to perform relevant subject examination (the actual combat training module provides underlying technical support by the question bank, the examination submodule and the personal learning center submodule of the knowledge training module). The trained user clicks the test question list to select a corresponding test paper for answering, submits the test paper after answering, and waits for the evaluation and scoring of the task commanding user.
Fig. 10 is a schematic flowchart of a network security training method for task director users according to a third embodiment of the present invention, and as shown in fig. 10, the method mainly includes:
(1) The task commanding user firstly logs in a system main interface corresponding to the task commanding user;
(2) The task command user plans and manages the tasks by selecting the task management module (the task management module provides the bottom technical support by the training management module). The task commanding user can create, edit, delete and share the training task;
(3) The task commanding user can also select a task to be issued from the established tasks to different trained objects;
(4) And the task commanding user carries out approval work on the task of the trained personnel through the task approval module. And opening a task list to be examined and approved by the task commanding user, and evaluating and scoring the task completion condition of the trained personnel. And after the evaluation and the scoring are finished, reporting the result to a background for carrying out relevant processing such as statistical calculation and the like.
(5) The task commander user uploads related courseware through the courseware uploading module (the courseware uploading module provides bottom technical support by the training teaching material management function of the training teaching material submodule of the knowledge training module). When uploading courseware, the task command user firstly selects the class and branch to which the courseware to be uploaded belongs, and then uploads the courseware in batch or independently;
(6) The task commanding user generates test papers of different classifications through the examination module (the examination module provides underlying technical support by the question bank and the examination submodule of the knowledge training module). The system can automatically generate the examination paper or manually generate the examination paper by a task director user. If the task director user manually generates the examination paper, the task director user can manually select the questions from the question bank according to the question classification to form the examination paper.
Fig. 11 is a schematic flowchart of a network security training method for a system management user according to a third embodiment of the present invention, and as shown in fig. 11, the method mainly includes:
(1) A system management user firstly logs in a system main interface corresponding to the system management user;
(2) The system management user selects the user management module to carry out the operations of adding, deleting, modifying and searching the user;
(3) The system management user carries out the operations of classification, classification creation, deletion, editing and the like of courses through the practical course management module (the practical course management module and the training management module provide bottom technical support);
(4) The system management user can approve the courses uploaded by the task commander and the planned tasks through the task examination module (the task examination module provides a bottom technical support by the training task management submodule of the training management module);
(5) The system management user can perform operations such as classification, creation, editing and the like of the attack and defense scene through the attack and defense scene management module (the attack and defense scene module provides bottom technical support by the defense service training module and the training support module). The created attack and defense scene can be selected when the task command user carries out task planning and construction;
(6) The system management user sets and edits the offensive and defensive seat through the offensive and defensive seat management module (the offensive and defensive seat management module provides bottom technical support for the training management module);
(7) The system management user sets and edits the attack and defense strategy through the attack and defense strategy management module (the attack and defense strategy management module provides bottom technical support by the training management module).
It should be noted that the system management user has the highest authority, and has the functions of adding, deleting and modifying information of each target user, attack and defense seat and course, and can check whether courseware uploaded by the task command user meets the requirements or not.
According to the technical scheme, the problems that an existing network safety training system cannot carry out practical training on theoretical knowledge and is difficult to combine theoretical learning with experimental operation are solved through system architecture design, core function module design and system function flow of the network safety training system, attack and defense scenes are built according to requirements, the theoretical learning and actual combat training are combined, and the effect of network safety training is improved.
Example four
Fig. 12 is a schematic flow chart of network security training according to a fourth embodiment of the present invention, which is applicable to a situation of performing theoretical and practical learning on network security learners. The same or corresponding terms as those in the above embodiments are not explained in detail herein.
As shown in fig. 12, the method of this embodiment specifically includes the following steps:
s410, displaying a system login interface based on the user interaction module, receiving authorization information of a target user based on the system login interface, displaying a visual function selection interface corresponding to the authorization information, receiving a function request initiated by the target user based on the visual function selection interface and corresponding to the function response module, and sending the function request to the function response module.
And S420, receiving the function request based on the function response module, and responding to the function request, wherein the function response module comprises at least one of a knowledge training module, a defense service training module and a training management module.
Optionally, the function response module includes a knowledge training module; and responding to a function request of the target user for managing and viewing the network security teaching materials and the knowledge item base corresponding to the network security teaching materials by a knowledge-based training module.
Optionally, the knowledge training module comprises a network security teaching material sub-module, a question bank and assessment sub-module and a personal learning management sub-module; the target users comprise task commanding users and trained users; responding a function request of a target user for performing management operation or viewing operation on the network security teaching material based on a network security teaching material sub-module, wherein the management operation comprises at least one of the operations of inputting, editing, retrieving and deleting on the network security teaching material; managing examination questions based on a question bank and an examination sub-module, distributing the examination questions to each network security teaching material in the network security teaching material sub-module to form an examination paper, and performing examination and/or displaying a function request of examination result statistical information of the examination paper according to the examination paper; and responding to the account information of the task commanding user to the trained user based on the personal learning management submodule, and distributing the function requests for checking and managing the teaching material information and the assessment result statistical information.
Optionally, the function response module includes a defense service training module; and responding to a function request of constructing a network threat scene by the target user based on a defense service training module so as to simulate network attack and network threat behaviors and record.
Optionally, the defense service training module includes at least one of a network training environment construction sub-module, a network attack process simulation sub-module, a network threat behavior construction sub-module, and a network threat behavior recording sub-module; responding to a function request of dynamically constructing a training environment by the target user according to preset network safety training requirements based on a network training environment constructing submodule; responding to a function request of simulating and generating attack simulation threat flow in a training environment by the target user based on a network attack process simulation submodule; responding to a simulated network threat behavior of the target user in a training environment based on a network threat behavior construction submodule, and generating a function request of behavior simulated threat flow according to the network threat behavior; wherein the network threat behavior comprises network information threat behavior and/or network device threat behavior; and responding to the functional request of the target user for acquiring, detecting, tracing and/or recording the network threat flow in real time based on the network threat behavior recording submodule.
Optionally, the function response module includes a training management module; the target users comprise task commanding users and trained users; the method comprises the steps that a training management module responds to task command users to receive various network threat scenes, target assessment personnel are determined from trained users on the basis of the various network threat scenes, and function requests of target roles are distributed to the target assessment personnel.
Optionally, the training management module includes a training task management sub-module and a training effect evaluation sub-module; responding to various network threat scenes constructed by the defense service training module by the target user based on a training task management submodule to generate at least one training task and/or a function request for displaying physical resource allocation conditions corresponding to the training tasks; responding to the task commanding user to determine target appraisers corresponding to the training tasks from the trained users, and distributing function requests of target roles to the target appraisers; the training task management submodule comprises at least one of an attack and defense training task planning unit, a training scene planning unit, a collaborative training task management unit and a physical resource visualization management unit; responding to the evaluation data of each training task obtained by the target user based on a training effect evaluation submodule, and carrying out the function request of the evaluation and display of the training effect on each training task; the training effect evaluation submodule comprises an evaluation data acquisition unit, a training effect evaluation unit and at least one of a task evaluation and display unit.
Optionally, the system further includes: training the support module; wherein at least one of the following operations is performed based on the training support module: responding to a function request of the target user for resource allocation and management of the network security training system; responding to a function request of the target user for constructing and deploying the topological environment and collecting and managing system logs; and responding to the function request of the target user for monitoring the running states of all virtual machines and all entity equipment in the network security training system.
Optionally, performing at least one of the following operations based on the training support module: responding to the functional requests of constructing and managing entity computing resources, entity storage resources and network entity resources of the target user based on the entity environment constructing and managing submodule; responding to a function request of a target user for carrying out virtual machine operation on a virtual machine mirror image of a virtual machine and managing nodes, a remote connection desktop, a network card and/or a disk of the virtual machine by a virtual machine resource construction and management submodule; the virtual machine operation comprises at least one of registration, uploading, viewing, deleting, format conversion and compression operation of the virtual machine mirror image; responding to the allocation of virtual machine resources and network resources by the target user based on a training resource dynamic allocation and monitoring submodule, and/or monitoring the stock of the virtual machine resources and the network resources, physical network outlet flow and a function request of the virtual network outlet flow; establishing network isolation among different networks based on the network isolation submodule so as to avoid communication among different networks; responding to the target user to combine at least two network topologies based on a multi-topology function combination submodule to form a function request of the target network topology; connecting a system login interface to a virtual network environment of the network security training system based on a training environment access sub-module; and recording, saving, inquiring, exporting and/or deleting the system log based on the system log management submodule.
According to the technical scheme, the system login interface is displayed through the user interaction module, the authorization information of the target user is received based on the system login interface, the visual function selection interface corresponding to the authorization information is displayed, the function request corresponding to the function response module is initiated by the target user based on the visual function selection interface and is sent to the function response module, the function request is received through the function response module, and the function request is responded, wherein the function response module comprises at least one of a knowledge training module, a defense service training module and a training management module, the problems that an existing network safety training system cannot carry out practical training on theoretical knowledge and is difficult to combine theoretical learning with experimental operation are solved, the attack and defense scene is built according to requirements, the theoretical learning and actual combat training are combined, and the effect of network safety training is improved.
EXAMPLE five
Fig. 13 is a schematic structural diagram of an electronic device according to a fifth embodiment of the present invention. FIG. 13 illustrates a block diagram of an exemplary electronic device 50 suitable for use in implementing embodiments of the present invention. The electronic device 50 shown in fig. 13 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiment of the present invention.
As shown in fig. 13, the electronic device 50 is in the form of a general purpose computing device. The components of the electronic device 50 may include, but are not limited to: one or more processors or processing units 501, a system memory 502, and a bus 503 that couples various system components (including the system memory 502 and the processing unit 501).
Bus 503 represents one or more of any of several types of bus structures, including a memory bus or memory controller, a peripheral bus, an accelerated graphics port, a processor, or a local bus using any of a variety of bus architectures. By way of example, such architectures include, but are not limited to, industry Standard Architecture (ISA) bus, micro-channel architecture (MAC) bus, enhanced ISA bus, video Electronics Standards Association (VESA) local bus, and Peripheral Component Interconnect (PCI) bus.
Electronic device 50 typically includes a variety of computer system readable media. Such media may be any available media that is accessible by electronic device 50 and includes both volatile and nonvolatile media, removable and non-removable media.
The system memory 502 may include computer system readable media in the form of volatile memory, such as Random Access Memory (RAM) 504 and/or cache memory 505. The electronic device 50 may further include other removable/non-removable, volatile/nonvolatile computer system storage media. By way of example only, storage system 506 may be used to read from and write to non-removable, nonvolatile magnetic media (not shown in FIG. 13 and commonly referred to as a "hard drive"). Although not shown in FIG. 13, a magnetic disk drive for reading from and writing to a removable, nonvolatile magnetic disk (e.g., a "floppy disk") and an optical disk drive for reading from or writing to a removable, nonvolatile optical disk (e.g., a CD-ROM, DVD-ROM, or other optical media) may be provided. In these cases, each drive may be connected to the bus 503 by one or more data media interfaces. System memory 502 may include at least one program product having a set (e.g., at least one) of program modules that are configured to carry out the functions of embodiments of the invention.
A program/utility 508 having a set (at least one) of program modules 507 may be stored, for example, in system memory 502, such program modules 507 including, but not limited to, an operating system, one or more application programs, other program modules, and program data, each of which examples or some combination thereof may include an implementation of a network environment. Program modules 507 generally perform the functions and/or methodologies of embodiments of the invention as described herein.
The electronic device 50 may also communicate with one or more external devices 509 (e.g., keyboard, pointing device, display 510, etc.), with one or more devices that enable a user to interact with the electronic device 50, and/or with any devices (e.g., network card, modem, etc.) that enable the electronic device 50 to communicate with one or more other computing devices. Such communication may occur through input/output (I/O) interfaces 511. Also, the electronic device 50 may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network, such as the Internet) via the network adapter 512. As shown, the network adapter 512 communicates with the other modules of the electronic device 50 over the bus 503. It should be understood that although not shown in FIG. 13, other hardware and/or software modules may be used in conjunction with electronic device 50, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, among others.
The processing unit 501 executes various functional applications and data processing by running programs stored in the system memory 502, for example, implementing the network security training method provided by the embodiment of the present invention.
EXAMPLE five
An embodiment of the present invention further provides a storage medium containing computer-executable instructions, where the computer-executable instructions are executed by a computer processor to perform a network security training method, and the method includes:
displaying a system login interface based on a user interaction module, receiving authorization information of a target user based on the system login interface, displaying a visual function selection interface corresponding to the authorization information, receiving a function request corresponding to a function response module initiated by the target user based on the visual function selection interface, and sending the function request to the function response module;
and receiving the function request based on a function response module, and responding to the function request, wherein the function response module comprises at least one of a knowledge training module, a defense business training module and a training management module. Computer storage media for embodiments of the invention may employ any combination of one or more computer-readable media. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
A computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Computer program code for carrying out operations for embodiments of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, smalltalk, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the latter scenario, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
It is to be noted that the foregoing description is only exemplary of the invention and that the principles of the technology may be employed. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present invention has been described in greater detail by the above embodiments, the present invention is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present invention, and the scope of the present invention is determined by the scope of the appended claims.

Claims (9)

1. A network security training system, comprising:
the system comprises a user interaction module, a function response module and a display module, wherein the user interaction module is used for displaying a system login interface, receiving authorization information of a target user based on the system login interface, displaying a visual function selection interface corresponding to the authorization information, receiving a function request corresponding to the function response module initiated by the target user based on the visual function selection interface, and sending the function request to the function response module;
the function response module is used for receiving the function request and responding to the function request, wherein the function response module comprises at least one of a knowledge training module, a defense service training module and a training management module;
the defense service training module comprises at least one of a network training environment construction submodule, a network attack process simulation submodule, a network threat behavior construction submodule and a network threat behavior recording submodule;
the network training environment construction submodule is used for responding to a function request of the target user for dynamically constructing a training environment according to preset network safety training requirements;
the network attack process simulation submodule is used for responding to a function request of simulating and generating attack simulation threat flow of the target user in a training environment;
the network threat behavior construction submodule is used for responding to the simulation of network threat behaviors of the target user in a training environment and generating a function request of behavior simulation threat flow according to the network threat behaviors; wherein the network threat behavior comprises network information threat behavior and/or network device threat behavior;
and the network threat behavior recording submodule is used for responding to a functional request of the target user for acquiring, detecting, tracing and/or recording the network threat flow in real time.
2. The system of claim 1, wherein the functional response module comprises a knowledge training module; wherein,
the knowledge training module is used for responding to the function request of the target user for managing and checking the network security teaching materials and the knowledge item base corresponding to the network security teaching materials.
3. The system of claim 2, wherein the knowledge training module comprises a network security teaching material sub-module, a question bank and assessment sub-module, and a personal learning management sub-module; the target users comprise task commanding users and trained users; wherein,
the network security teaching material sub-module is used for responding to a function request of the target user for performing management operation or viewing operation on the network security teaching material, wherein the management operation comprises at least one of the operations of inputting, editing, retrieving and deleting on the network security teaching material;
the question bank and examination submodule is used for responding to the target user to manage the examination questions, distributing the examination questions to each network safety teaching material in the network safety teaching material submodule to form an examination paper, and examining and/or displaying a function request of examination result statistical information of the examination paper according to the examination paper;
and the personal learning management submodule is used for responding to the account information of the task commanding user to the trained user, and distributing the function requests of checking and managing teaching material information and assessment result statistical information.
4. The system of claim 1, wherein the functional response module comprises a defense business training module; wherein,
and the defense service training module is used for responding to a function request of the target user for constructing a network threat scene so as to simulate network attack and network threat behaviors and record the network attack and network threat behaviors.
5. The system of claim 1, wherein the functional response module comprises a training management module; the target users comprise task commanding users and trained users; wherein,
the training management module is used for responding to various network threat scenes received by a task commanding user, determining target assessment personnel from the trained user based on the various network threat scenes, and distributing function requests of target roles to the target assessment personnel.
6. The system of claim 5, wherein the training management module comprises a training task management sub-module and a training effect evaluation sub-module; wherein,
the training task management submodule is used for responding to various network threat scenes constructed by the defense service training module and generated by the target user to generate at least one training task and/or display a function request of a physical resource allocation condition corresponding to each training task; responding to the task commanding user to determine target appraisers corresponding to the training tasks from the trained users, and distributing function requests of target roles to the target appraisers; the training task management submodule comprises at least one of an attack and defense training task planning unit, a training scene planning unit, a collaborative training task management unit and a physical resource visualization management unit;
the training effect evaluation submodule is used for responding to the evaluation data of each training task obtained by the target user and carrying out the function request of the training effect evaluation and display on each training task; the training effect evaluation submodule comprises an evaluation data acquisition unit, a training effect evaluation unit and at least one of a task evaluation and display unit.
7. The system of claim 1, further comprising: training a support module; wherein the training support module is configured to perform at least one of the following operations:
responding to a function request of the target user for resource allocation and management of the network security training system;
responding to a function request of the target user for constructing and deploying the topological environment and collecting and managing system logs;
responding to the function request of the target user for monitoring the running states of all virtual machines and all entity equipment in the network safety training system.
8. The system of claim 7, wherein the training support module comprises at least one of the following sub-modules:
the entity environment construction and management submodule is used for responding to the function requests of the target user construction and management of entity computing resources, entity storage resources and network entity resources;
the virtual machine resource construction and management submodule is used for responding to a function request that the target user performs virtual machine operation on a virtual machine mirror image of the virtual machine and manages nodes, a remote connection desktop, a network card and/or a disk of the virtual machine; the virtual machine operation comprises at least one of registration, uploading, viewing, deleting, format conversion and compression operation of the virtual machine mirror image;
the training resource dynamic allocation and monitoring submodule is used for responding to allocation of virtual machine resources and network resources by the target user and/or monitoring stock of the virtual machine resources and the network resources, physical network outlet flow and a function request of the virtual network outlet flow;
the network isolation submodule is used for establishing network isolation among different networks so as to avoid communication among the different networks;
the multi-topology function combination submodule is used for responding to the combination of at least two network topologies of the target user to form a function request of the target network topology;
the training environment access sub-module is used for connecting a system login interface to a virtual network environment of the network security training system;
and the system log management submodule is used for recording, storing, inquiring, exporting and/or deleting the system log.
9. A network security training method is characterized by comprising the following steps:
displaying a system login interface based on a user interaction module, receiving authorization information of a target user based on the system login interface, displaying a visual function selection interface corresponding to the authorization information, receiving a function request initiated by the target user based on the visual function selection interface and corresponding to a function response module, and sending the function request to the function response module;
receiving the function request based on a function response module, and responding to the function request, wherein the function response module comprises at least one of a knowledge training module, a defense business training module and a training management module;
the defense service training module comprises at least one of a network training environment construction submodule, a network attack process simulation submodule, a network threat behavior construction submodule and a network threat behavior recording submodule; responding to a function request of dynamically constructing a training environment by the target user according to preset network safety training requirements based on a network training environment constructing submodule; responding to a function request of simulating and generating attack simulation threat flow in a training environment by the target user based on a network attack process simulation submodule; responding to a simulated network threat behavior of the target user in a training environment based on a network threat behavior construction submodule, and generating a function request of behavior simulated threat flow according to the network threat behavior; wherein the network threat behavior comprises network information threat behavior and/or network device threat behavior; and responding to the functional request of the target user for acquiring, detecting, tracing and/or recording the network threat flow in real time based on the network threat behavior recording submodule.
CN202110784516.XA 2021-07-12 2021-07-12 Network security training system and method Active CN113496638B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110784516.XA CN113496638B (en) 2021-07-12 2021-07-12 Network security training system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110784516.XA CN113496638B (en) 2021-07-12 2021-07-12 Network security training system and method

Publications (2)

Publication Number Publication Date
CN113496638A CN113496638A (en) 2021-10-12
CN113496638B true CN113496638B (en) 2023-03-10

Family

ID=77996222

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110784516.XA Active CN113496638B (en) 2021-07-12 2021-07-12 Network security training system and method

Country Status (1)

Country Link
CN (1) CN113496638B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116055089A (en) * 2022-11-08 2023-05-02 北京永信至诚科技股份有限公司 Training evaluation method and device for network target range
CN117459402A (en) * 2023-10-09 2024-01-26 北京五一嘉峪科技有限公司 Cloud target range competition system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104463744A (en) * 2014-12-18 2015-03-25 北京永信至诚科技有限公司 Information security training system and method
CN108922298A (en) * 2018-07-23 2018-11-30 贵州电网有限责任公司信息中心 A kind of electric power safety operation training system
CN111327463A (en) * 2020-02-12 2020-06-23 博智安全科技股份有限公司 Industrial Internet safety practical training platform based on virtualization
CN112419820A (en) * 2020-11-04 2021-02-26 武汉大学 Block chain attack and defense virtual simulation experiment teaching system and method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104463744A (en) * 2014-12-18 2015-03-25 北京永信至诚科技有限公司 Information security training system and method
CN108922298A (en) * 2018-07-23 2018-11-30 贵州电网有限责任公司信息中心 A kind of electric power safety operation training system
CN111327463A (en) * 2020-02-12 2020-06-23 博智安全科技股份有限公司 Industrial Internet safety practical training platform based on virtualization
CN112419820A (en) * 2020-11-04 2021-02-26 武汉大学 Block chain attack and defense virtual simulation experiment teaching system and method

Also Published As

Publication number Publication date
CN113496638A (en) 2021-10-12

Similar Documents

Publication Publication Date Title
Pardo et al. Stepping out of the box: towards analytics outside the learning management system
US6755659B2 (en) Interactive training system and method
US7747494B1 (en) Non-determinative risk simulation
CN113496638B (en) Network security training system and method
Queirós et al. Programming exercises evaluation systems: An interoperability survey
Aoyama et al. On the complexity of cybersecurity exercises proportional to preparedness
CN112712741A (en) Safety management training system, method and terminal
CN103077650A (en) Simulation training system device used for testing safety cognition mentality and behavior
CN113872960A (en) Network security target range for power industry and operation method thereof
Hernández-García et al. GraphFES: A web service and application for Moodle message board social graph extraction
Wilhelmson et al. Handbook for planning, running and evaluating information technology and cyber security exercises
Lemmens et al. Learning analytics: A South African higher education perspective
AKÇAPINAR et al. Moodleminer: Data mining analysis tool for moodle learning management system MoodleMiner: Moodle öğrenme yönetim sistemi için veri madenciliği analiz Aracı
Hijón-Neira et al. From the discovery of students access patterns in e-learning including web 2.0 resources to the prediction and enhacements of students outcome
Pang et al. How to help teachers deal with students’ cheating in Online Examinations: Design and Implementation of International Chinese Online Teaching Test Anti-Cheating Monitoring System (OICIE-ACS)
Karjalainen et al. Key elements of on-line cyber security exercise and survey of learning during the on-line cyber security exercise
Ramiro et al. Accessweb barometer-a web accessibility evaluation and analysis platform
Tokdemir et al. Remote lab effectiveness assessment model
Hara Cyber range CYBERIUM for training security meisters to deal with cyber attacks
Misailidis et al. Visualization of educational data mined from the moodle e-learning platform
García et al. Learning analytics sources: Beyond learning platforms
Poston et al. Managing user acceptance testing of business applications
Guimarães et al. Gamification using technologies for occupational safety training in the civil construction sector
Gu et al. A multi-criteria comprehensive evaluation framework of online learning platform based on Pythagorean probabilistic linguistic information
Trinh et al. Delivering construction safety training and education using immersive learning technology: A state-of-the-art review and future research directions

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant