CN114050909A - Method and system for drilling simulated mails and electronic equipment - Google Patents

Method and system for drilling simulated mails and electronic equipment Download PDF

Info

Publication number
CN114050909A
CN114050909A CN202111006727.7A CN202111006727A CN114050909A CN 114050909 A CN114050909 A CN 114050909A CN 202111006727 A CN202111006727 A CN 202111006727A CN 114050909 A CN114050909 A CN 114050909A
Authority
CN
China
Prior art keywords
mail
simulated
data
simulation
database
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202111006727.7A
Other languages
Chinese (zh)
Other versions
CN114050909B (en
Inventor
许勇刚
王利斌
李祉岐
冯雅平
尹琴
杨阳
李宁
王秋明
宋洁
刘晓蕾
刘正坤
霍钰
张琼尹
林婷婷
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Siji Network Security Beijing Co ltd
State Grid Corp of China SGCC
State Grid Information and Telecommunication Co Ltd
Original Assignee
State Grid Siji Network Security Beijing Co ltd
State Grid Corp of China SGCC
State Grid Information and Telecommunication Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Siji Network Security Beijing Co ltd, State Grid Corp of China SGCC, State Grid Information and Telecommunication Co Ltd filed Critical State Grid Siji Network Security Beijing Co ltd
Priority to CN202111006727.7A priority Critical patent/CN114050909B/en
Publication of CN114050909A publication Critical patent/CN114050909A/en
Application granted granted Critical
Publication of CN114050909B publication Critical patent/CN114050909B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1483Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • G06F16/2453Query optimisation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0281Proxies

Landscapes

  • Engineering & Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Mining & Analysis (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Computational Linguistics (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The present disclosure provides a method, system and electronic device for drilling a simulated mail; the method comprises the following steps: through an agent executing the dual-computer hot standby strategy, an administrator terminal sends a plurality of creating activity requests aiming at different simulation targets to a plurality of management platforms, and the management platforms call related construction data in a database to construct simulation mail activities according to the received activity requests; the management platform puts the drilling data of the simulated mail activity into a database in a read-write separation mode, and puts the simulated mail in the simulated mail activity into a queue of a remote service dictionary for executing a dual-computer hot standby strategy for waiting to be sent; the management platform regularly scans a plurality of simulated mails in the remote service dictionary, and the remote service dictionary simultaneously sends at least one simulated mail meeting the sending time condition to at least one simulated target terminal; and the management platform receives the back connection sent by the simulation target terminal, extracts the simulation target data from the back connection, and records the simulation target data into the database in a read-write separation mode.

Description

Method and system for drilling simulated mails and electronic equipment
Technical Field
The embodiment of the disclosure relates to the technical field of network security attack and defense, and particularly relates to a method and a system for practicing a simulated mail and an electronic device.
Background
In the face of increasingly frequent phishing attacks, it is very important to establish a drilling method and a system for effectively simulating simulated mails. In the drilling method of the related analog mail, a drilling system architecture of the analog mail is generally established in a single-node deployment manner.
The single-node deployment mode, no matter a background program server or a mail sending system, is often lack of stability, when one node has a problem, the whole drilling system is in a paralyzed state, and when a large amount of simulated mails are processed, the bottleneck of the whole drilling system can be caused by the single-node deployment mode, and the processing capacity is reduced.
Based on this, a solution is needed to improve the stability of the drilling system and to enable colleagues to handle a large amount of simulated mails.
Disclosure of Invention
In view of the above, the present disclosure is directed to a method, a system and an electronic device for drilling a simulated email.
Based on the above purpose, the present disclosure provides a method for practicing a simulated mail, comprising:
through an agent executing the dual-computer hot standby strategy, an administrator terminal sends a plurality of creating activity requests aiming at different simulation targets to a plurality of management platforms, and each management platform calls related construction data in a database according to the received activity requests and constructs simulation mail activities; wherein simulating the mail activity comprises: drill data and simulate mail;
each management platform puts the drilling data of the simulated mail activity into a database executing the dual-computer hot standby strategy in a read-write separation mode, and puts the simulated mail in the simulated mail activity into a queue of a remote service dictionary executing the dual-computer hot standby strategy for waiting to be sent;
each management platform regularly scans a plurality of simulated mails in the remote service dictionary, and the remote service dictionary simultaneously sends at least one simulated mail meeting the sending time condition to at least one simulated target terminal;
and each management platform responds to the fact that the received back connection sent by the simulation target terminal is determined, extracts simulation target data from the back connection, and records the simulation target data into the database in a read-write separation mode.
Based on the same inventive concept, the present disclosure also provides a system for practicing simulation mails, comprising: creating an activity module, a mail constructing module, a sending module and a back connection module;
wherein the create activity module is configured to: through an agent executing the dual-computer hot standby strategy, an administrator terminal sends a plurality of creating activity requests aiming at different simulation targets to a plurality of management platforms, and each management platform calls related construction data in a database according to the received activity requests and constructs simulation mail activities; wherein simulating the mail activity comprises: drill data and simulate mail;
the construct mail module is configured to: each management platform puts the drilling data of the simulated mail activity into a database executing the dual-computer hot standby strategy in a read-write separation mode, and puts the simulated mail in the simulated mail activity into a queue of a remote service dictionary executing the dual-computer hot standby strategy for waiting to be sent;
the sender module is configured to: each management platform regularly scans a plurality of simulated mails in the remote service dictionary, and the remote service dictionary simultaneously sends at least one simulated mail meeting the sending time condition to at least one simulated target terminal;
the tieback module is configured to: and each management platform responds to the fact that the received back connection sent by the simulation target terminal is determined, extracts simulation target data from the back connection, and records the simulation target data into the database in a read-write separation mode.
Based on the same inventive concept, the present disclosure also provides an electronic device, which includes a memory, a processor, and a computer program stored on the memory and executable on the processor, wherein the processor implements the method for simulating the drilling of the email according to any one of the above aspects when executing the computer program.
From the above, the method, the system and the electronic device for drilling the simulated mail provided by the present disclosure are based on an agent and a remote service dictionary for executing a dual-computer hot standby policy, and a management platform and a database for multi-node setting; the conditions of constructing a plurality of simulated mails aiming at a plurality of different simulated target terminals are comprehensively considered to establish the simulated mail activity, and the database is made to adopt a read-write separation strategy, so that the operations of processing an activity establishing request by each management platform, inputting the drilling data of the simulated mails into the database, scanning the remote service dictionary by the management platform, sending the simulated mails by the remote service dictionary, receiving the simulated target terminals by the management platform, returning and extracting the simulated target data are kept stable, the whole simulated mail drilling process is not easy to have bottlenecks, and the simulated mail drilling effect is improved.
Drawings
In order to more clearly illustrate the technical solutions in the present disclosure or related technologies, the drawings needed to be used in the description of the embodiments or related technologies are briefly introduced below, and it is obvious that the drawings in the following description are only embodiments of the present disclosure, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
FIG. 1 is a flow chart of a method for practicing a simulated email according to an embodiment of the disclosure;
FIG. 2 is a schematic diagram of a system for practicing simulated mail according to an embodiment of the present disclosure;
FIG. 3 is a schematic diagram of a simulated mail drilling architecture according to an embodiment of the present disclosure;
FIG. 4 is a schematic diagram of elements of a management platform according to an embodiment of the present disclosure;
fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the disclosure.
Detailed Description
For the purpose of promoting a better understanding of the objects, aspects and advantages of the present disclosure, reference is made to the following detailed description taken in conjunction with the accompanying drawings.
It is to be noted that technical terms or scientific terms used in the embodiments of the present disclosure should have a general meaning as understood by those having ordinary skill in the art to which the present disclosure belongs, unless otherwise defined. The use of "first," "second," and similar terms in the embodiments of the disclosure is not intended to indicate any order, quantity, or importance, but rather is used to distinguish one element from another. The word "comprising" or "comprises", and the like, means that the element or item listed before the word covers the element or item listed after the word and its equivalents, but does not exclude other elements or items. The terms "connected" or "coupled" and the like are not restricted to physical or mechanical connections, but may include electrical connections, whether direct or indirect.
The related method, system and electronic device for practicing the simulated mail have difficulty in meeting the requirement of real-world simulated practicing.
In the course of implementing the present disclosure, the applicant finds that the main problems of the related method for simulating the drilling of the mail are: in the method and the system for drilling the simulation mails for executing the single-point deployment strategy when a large number of simulation mail activities are created and a large number of simulation mails are constructed, when a problem occurs in one node, the whole drilling system is in a paralyzed state, and the node can be a reverse agent, a database agent, a remote service dictionary, a management platform and the like, so that the stability is lacked; when a large amount of simulation mails are processed, any node or any server has a processing bottleneck, and the processing capacity of the whole platform is reduced; further, in the related scheme, when the drilling data of the simulation mail and the simulation target terminal data are processed by the database, the read-write request is not distinguished, so that the processing pressure of the data is completely delivered to the database server, and the results of the processing request of the database is prolonged, the request is lost, even the database is crashed and the like are caused.
In order to realize simultaneous creation and transmission of a large number of simulated mails to simulate real network attacks and obtain the best effect of network attack and defense drilling, the simulated mail drilling method, the simulated mail drilling system and the electronic equipment are provided.
It is to be appreciated that the method can be performed by any apparatus, device, platform, cluster of devices having computing and processing capabilities.
The technical method of the present disclosure is described in detail below by specific embodiments, specifically with reference to the flowchart of the method for practicing the simulation mail shown in fig. 1.
Referring to fig. 1, a method for practicing a simulated mail according to an embodiment of the present disclosure includes the following steps:
step S101, by executing an agent of a dual-computer hot standby strategy, an administrator terminal sends a plurality of creating activity requests aiming at different simulation targets to a plurality of management platforms, and each management platform calls related building data in a database according to the received activity requests and builds simulated mail activities; wherein simulating the mail activity comprises: drill data and simulate mail.
In the embodiment of the present disclosure, during the drilling of the simulation mail, the simulation mail is sent from the administrator terminal to a plurality of different simulation target terminals through the framework of the simulation mail system, and further, each node in the framework of the simulation mail system adopts a multi-point deployment mode and a main-standby mode deployment mode, thereby strictly preventing the task of simultaneously processing a plurality of simulation mail activities from being affected due to a single machine fault.
First, the administrator terminal sends a plurality of creation activity requests to a plurality of management platforms through the agent. The agent comprises a main agent and a standby agent, and a dual-machine hot standby strategy is executed between the main agent and the standby agent; specifically, the administrator terminal sends a plurality of creating activity requests through the main agent, and switches the standby agent to send the creating activity requests when the main agent fails or goes down.
Further, as shown in fig. 3, multiple management platforms are responsible for receiving multiple created activity requests for different simulation target terminals in a decentralized manner, where the management platforms operate on the basis of servers, and each server is responsible for operating one management platform.
Further, after each management platform receives the creation activity request, it starts to create a simulated mail activity, which specifically includes: the drilling data of the simulated mail activity is packaged, and the simulated mail is constructed.
In the embodiment of the disclosure, each management platform calls preset simulation target address data, preset mail template data, preset page template data and preset simulated sender data in a database, packages the data into drilling data of simulated mail activities, and further constructs simulated mails in the management platform according to the data; among other things, the database used in this disclosure may be a MySQL database (relational database management system).
Specifically, as shown in fig. 4, each management platform includes: the system comprises a recipient management unit, a mail template unit, a page template unit, a delivery service unit, a sender management unit, an activity management unit and a statistic overview unit.
In the present disclosure, the recipient management unit may store the simulation target address data of the multiple simulation target terminals as a recipient group in a group form, each group of simulation target address data may include addresses of the multiple simulation target terminals, and store the recipient group in the MySQL database for use in creating a simulation mail activity.
The address data of the simulation target may be a mailbox address of the corresponding simulation target.
In the present disclosure, the mail template unit may store the mail content sent to the simulation target terminal in the form of a mail template for use in creating a simulation mail activity a plurality of times.
Further, the mail template also supports import of mail source codes, for example, eml format files can be exported at other mail agents, and the content of the files can be put on a management platform, and a mail template unit of the management platform can automatically generate the mail template according to eml format content.
Wherein, the mail content in the mail template can be provided with a tracking function and a simulation link; specifically, the tracking function of the simulation target terminal can be selected according to needs when the mail template is created, after selection, a tracking icon is added in the mail template, the icon address of the tracking icon can be connected to the management platform, and specifically, the tracking icon can be connected back to the statistical overview unit of the management platform. When the simulation mail is opened at the simulation target terminal, the tracking icon is automatically loaded and is connected back to the management platform so as to inform the management platform that the simulation target opens the simulation mail.
The mail template data can be stored in a MySQL database.
In the present disclosure, the page template unit may preset what the simulation target can view after clicking the simulation link. The content can be edited by the page template unit and then stored in the MySQL database as a page template in a template mode so as to be convenient for multiple use.
Furthermore, in the page template unit, the URL address of the existing website may be filled in to import the existing website into the page template.
In the present disclosure, the sender management unit may process a sender displayed in the simulated mail received by the simulation target terminal.
Specifically, the sender management unit takes addresses, mailboxes, IPs (internet protocol) and names of a plurality of pre-constructed simulated senders as sender data, and stores the sender data in a MySQL database in a group manner, and the sender management unit can also support the introduction of the sender data into the MySQL database in a file-using manner; where each group may have multiple simulated sender data within it.
In the present disclosure, a simulated mail activity is initiated according to the mail template, the page template, the sender data, and the simulated destination address data.
Specifically, the activity management unit may select a constructed mail content, a simulated drill site accessed by a simulated target, a plurality of pre-constructed simulated sender data and a plurality of simulated target address data, and package them into drill data of the simulated mail activity.
Further, it is possible to add a transmission time, a transmission frequency, and the like to the drill data, and set the transmission time as a condition for triggering transmission of the analog mail.
And S102, each management platform puts the drilling data of the simulated mail activity into the database in a read-write separation mode, and puts the simulated mails in the simulated mail activity into a queue of a remote service dictionary executing the dual-computer hot standby strategy for waiting to be sent.
In the embodiment of the disclosure, each management platform stores the drill data into a MySQL database, wherein the MySQL database uses a main MySQL agent and a standby MySQL agent, and a dual-machine hot standby strategy is executed between the main MySQL agent and the standby MySQL agent; specifically, the main MySQL agent reads and writes the sent data, and when the main MySQL agent fails or goes down, the standby MySQL agent is switched to read and write the data.
Further, the MySQL database further comprises: the MySQL proxy comprises a main MySQL database and a plurality of slave MySQL databases, wherein when the MySQL databases inquire or store data, the MySQL proxy processes the data in a read-write separation mode; specifically, the read requests are dispersed into the master MySQL database and all slave MySQL databases, so that the pressure of a large number of read requests is reduced; and the requests related to saving, modifying and deleting are distributed to the main MySQL database; further, the master MySQL database can uniformly synchronize the change of the data to other slave MySQL databases to realize the horizontal extension of the MySQL databases.
Further, the MySQL data may also be vertically expanded in a manner of setting a plurality of master MySQL databases, and accordingly, each master MySQL database will have a plurality of slave MySQL databases corresponding thereto.
Further, when the drilling data in the MySQL database needs to be queried, the drilling data can be queried through any one management platform.
In the present disclosure, after the simulated mail activity is created, the simulated mails constructed in the simulated mail activity will be put into Redis (remote service dictionary) and waiting to be sent, and when multiple pieces of simulated mails are put into Redis, a simulated mail queue is formed in Redis.
Wherein Redis comprises: the system comprises a main Redis and a standby Redis, and a dual-computer hot standby strategy is executed between the main Redis and the standby Redis; specifically, the main Redis executes a sending task on the simulation mails, and when the main Redis goes wrong or goes down, the standby Redis is switched to send the simulation mails.
Step S103, each management platform scans a plurality of simulation mails in the remote service dictionary at regular time, and the remote service dictionary sends at least one simulation mail meeting the sending time condition to at least one simulation target terminal.
In the embodiment of the present disclosure, the sending service unit in the management platform is configured to start a sending service to send the analog mail to the address of the analog target terminal, where the sending service may be a local mail service or other mail services.
In the disclosure, the management platform will periodically scan the simulated mail queue in Redis to query the simulated mails meeting the sending conditions, wherein the sending conditions are set as time conditions; when the Redis has a simulation mail meeting the currently set time condition, the sending service unit enables the Redis to start sending the simulation mail.
Further, the sending service unit can store a plurality of sending services to realize the horizontal extension of the sending services; thus, it is possible to realize that at least one emulated mail is sent to the address of at least one emulated target terminal simultaneously using at least one delivery service.
Further, by configuring a plurality of pre-built simulated sender data and a plurality of stored sender services. The simulated mail is sent through different pre-constructed simulated sender mailboxes and different delivery services.
Therefore, in the simulated mail activity, sender data such as the sender IP, the sender mailbox, the sender name and the like displayed by all the simulated target terminals are different.
Furthermore, the pre-constructed simulated sender mailboxes and the sender services are subjected to average matching according to the number of the simulated targets, and each sender mailbox is guaranteed to send out the simulated mails by using different sender services. Therefore, the method prevents the pre-constructed simulated sender mailbox and sender IP from being highly repeatedly sent when the mailbox server where the simulated target terminal is located inquires, and filters out the simulated mail.
And step S104, each management platform responds to the fact that the loop connection sent by the simulation target terminal is received, extracts simulation target data from the loop connection, and records the simulation target data into a database in a read-write separation mode.
In the embodiment of the present disclosure, according to fig. 4, after the simulation target terminal receives and opens the simulation mail, the simulation target opens the operation of clicking the simulation link, and a HTTP (hypertext transfer protocol) loopback request is sent to the management platform.
Furthermore, a statistical overview unit in the management platform acquires simulation target data according to the HTTP return connection request, and records the simulation target data into the MySQL database in the read-write classification manner; the statistics overview unit may present the record in the administrator terminal in the form of an Echarts data report.
Therefore, the method for drilling the simulated mail according to the embodiment of the disclosure is based on the agent and the remote service dictionary for executing the dual-computer hot standby strategy, and a management platform and a database for multi-node setting; the conditions of constructing a plurality of simulated mails aiming at a plurality of different simulated target terminals are comprehensively considered to establish the simulated mail activity, and the database is made to adopt a read-write separation strategy, so that the operations of processing an activity establishing request by each management platform, inputting the drilling data of the simulated mails into the database, scanning the remote service dictionary by the management platform, sending the simulated mails by the remote service dictionary, receiving the simulated target terminals by the management platform, returning and extracting the simulated target data are kept stable, the whole simulated mail drilling system is not easy to have bottleneck, and the simulated mail drilling effect is improved.
It should be noted that the method of the embodiments of the present disclosure may be executed by a single device, such as a computer or a server. The method of the embodiment can also be applied to a distributed scene and completed by the mutual cooperation of a plurality of devices. In such a distributed scenario, one of the devices may perform only one or more steps of the method of an embodiment of the disclosure, and the devices may interact with each other to complete the method.
It should be noted that the above describes some embodiments of the disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments described above and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.
Based on the same inventive concept, corresponding to any embodiment method, the embodiment of the disclosure also provides a drilling system for simulating the mails.
Referring to fig. 2, the system for practicing the simulated mail includes: creating an activity module, a mail constructing module, a sending module and a back connection module;
wherein the create activity module 201 is configured to: through an agent executing a dual-computer hot standby strategy, an administrator terminal sends a plurality of creating activity requests aiming at different simulation targets to a plurality of management platforms, and each management platform calls related construction data in a database according to the received activity requests and constructs simulation mail activities; wherein the simulated mail activity comprises: drill data and simulate mail;
a construct mail module 202 configured to: each management platform puts the drilling data of the simulated mail activity into the database executing the dual-computer hot standby strategy in a read-write separation mode, and puts the simulated mail in the simulated mail activity into a queue of a remote service dictionary executing the dual-computer hot standby strategy for waiting to be sent;
a sending module 203 configured to: each management platform regularly scans a plurality of simulated mails in a remote service dictionary and sends at least one simulated mail meeting a sending time condition to at least one simulated target terminal;
a tieback module 204 configured to: and each management platform responds to the fact that the loop connection sent by the simulation target terminal is received, extracts simulation target data from the loop connection, and records the simulation target data into the database in a read-write separation mode.
As an optional embodiment, the creating activity module 201 is specifically configured to, when performing a drilling of a simulation email, send the simulation email from the administrator terminal to a plurality of different simulation target terminals through the framework of the simulation email system, and further, each node in the framework of the simulation email system adopts a multi-point deployment mode and a main-standby mode deployment mode, so as to strictly prevent a task of processing a plurality of simulation email activities simultaneously due to a single machine failure.
First, the administrator terminal sends a plurality of creation activity requests to a plurality of management platforms through the agent. The agent comprises a main agent and a standby agent, and a dual-machine hot standby strategy is executed between the main agent and the standby agent; specifically, the administrator terminal sends a plurality of creating activity requests through the main agent, and switches the standby agent to send the creating activity requests when the main agent fails or goes down.
Further, as shown in fig. 3, multiple management platforms are responsible for receiving multiple created activity requests for different simulation target terminals in a decentralized manner, where the management platforms operate on the basis of servers, and each server is responsible for operating one management platform.
Further, after each management platform receives the creation activity request, it starts to create a simulated mail activity, which specifically includes: the drilling data of the simulated mail activity is packaged, and the simulated mail is constructed.
In the embodiment of the disclosure, each management platform calls preset simulation target address data, preset mail template data, preset page template data and preset simulated sender data in a database, packages the data into drilling data of simulated mail activities, and further constructs simulated mails in the management platform according to the data; among other things, the database used in this disclosure may be a MySQL database.
Specifically, as shown in fig. 4, each management platform includes: the system comprises a recipient management unit, a mail template unit, a page template unit, a delivery service unit, a sender management unit, an activity management unit and a statistic overview unit.
In the present disclosure, the recipient management unit may store the simulation target address data of the multiple simulation target terminals as a recipient group in a group form, each group of simulation target address data may include addresses of the multiple simulation target terminals, and store the recipient group in the MySQL database to be used for creating a simulation mail activity, and as another optional manner, the scheme also supports a manner of using a file to dump the simulation target address data into the MySQL database.
The address data of the simulation target may be a mailbox address of the corresponding target simulation target.
In the present disclosure, the mail template unit may store the mail content sent to the simulation target terminal in the form of a mail template for use in creating a simulation mail activity a plurality of times.
Further, the mail template also supports import of mail source codes, for example, eml format files can be exported at other mail agents, and the content of the files can be put on a management platform, and a mail template unit of the management platform can automatically generate the mail template according to eml format content.
Wherein, the mail content in the mail template can be provided with a tracking function and a simulation link; specifically, the tracking function of the simulation target terminal can be selected according to needs when the mail template is created, after selection, a tracking icon is added in the mail template, the icon address of the tracking icon can be connected to the management platform, and specifically, the tracking icon can be connected back to the statistical overview unit of the management platform. When the simulation mail is opened at the simulation target terminal, the tracking icon is automatically loaded and is connected back to the management platform so as to inform the management platform that the simulation target opens the simulation mail.
The mail template data can be stored in a MySQL database.
In the present disclosure, the page template unit may preset what the simulation target can view after clicking the simulation link. The content can be edited by the page template unit and then stored in the MySQL database as a page template in a template mode so as to be convenient for multiple use.
Furthermore, in the page template unit, the URL address of the existing website may be filled in to import the existing website into the page template.
In the present disclosure, the sender management unit may process a sender displayed in the simulated mail received by the simulation target terminal.
Specifically, the sender management unit takes addresses, mailboxes, IPs and names of a plurality of simulated senders which are pre-constructed as sender data and stores the sender data in a MySQL database in a group manner, and the sender management unit can also support the introduction of the sender data into the MySQL database in a file-using manner; where each group may have multiple simulated sender data within it.
In the present disclosure, a simulated mail activity is initiated according to the mail template, the page template, the sender data, and the simulated destination address data.
Specifically, the activity management unit may select a constructed mail content, a simulated drill site accessed by a simulated target, a plurality of pre-constructed simulated sender data and a plurality of simulated target address data, and package them into drill data of the simulated mail activity.
Further, it is possible to add a transmission time, a transmission frequency, and the like to the drill data, and set the transmission time as a condition for triggering transmission of the analog mail.
As an optional embodiment, the mail constructing module 202 is specifically configured to store, by each management platform, the drill data in a MySQL database, where the MySQL database uses a main MySQL agent and a standby MySQL agent, and a dual hot standby policy is executed between the main MySQL agent and the standby MySQL agent; specifically, the main MySQL agent reads and writes the sent data, and when the main MySQL agent fails or goes down, the standby MySQL agent is switched to read and write the data.
Further, the MySQL database further comprises: the MySQL proxy comprises a main MySQL database and a plurality of slave MySQL databases, wherein when the MySQL databases inquire or store data, the MySQL proxy processes the data in a read-write separation mode; specifically, the read requests are dispersed into the master MySQL database and all slave MySQL databases, so that the pressure of a large number of read requests is reduced; and the requests related to saving, modifying and deleting are distributed to the main MySQL database; further, the master MySQL database can uniformly synchronize the change of the data to other slave MySQL databases to realize the horizontal extension of the MySQL databases.
Further, the MySQL data may also be vertically expanded in a manner of setting a plurality of master MySQL databases, and accordingly, each master MySQL database will have a plurality of slave MySQL databases corresponding thereto.
Further, when the drilling data in the MySQL database needs to be queried, the drilling data can be queried through any one management platform.
In the present disclosure, after the simulated mail activity is created, the simulated mails constructed in the simulated mail activity will be put into Redis (remote service dictionary) and waiting to be sent, and when multiple pieces of simulated mails are put into Redis, a simulated mail queue is formed in Redis.
Wherein Redis comprises: the system comprises a main Redis and a standby Redis, and a dual-computer hot standby strategy is executed between the main Redis and the standby Redis; specifically, the main Redis executes a sending task on the simulation mails, and when the main Redis goes wrong or goes down, the standby Redis is switched to send the simulation mails.
As an optional embodiment, the sending module 203 is specifically configured to enable a sending service unit in the management platform to start a sending service, so as to send the simulated email to the address of the simulated target terminal, where the sending service may be a local email service or other email services.
In the disclosure, the management platform will periodically scan the simulated mail queue in Redis to query the simulated mails meeting the sending conditions, wherein the sending conditions are set as time conditions; when the Redis has a simulation mail meeting the currently set time condition, the sending service unit enables the Redis to start sending the simulation mail.
Further, the sending service unit can store a plurality of sending services to realize the horizontal extension of the sending services; thus, it is possible to realize that at least one emulated mail is sent to the address of at least one emulated target terminal simultaneously using at least one delivery service.
Further, by configuring a plurality of pre-built simulated sender data and a plurality of stored sender services. The simulated mail is sent through different pre-constructed simulated sender mailboxes and different delivery services.
Therefore, in the simulated mail activity, sender data such as the sender IP, the sender mailbox, the sender name and the like displayed by all the simulated target terminals are different.
Furthermore, the pre-constructed simulated sender mailboxes and the sender services are subjected to average matching according to the number of the simulated targets, and each sender mailbox is guaranteed to send out the simulated mails by using different sender services. Therefore, the method prevents the pre-constructed simulated sender mailbox and sender IP from being highly repeatedly sent when the mailbox server where the simulated target terminal is located inquires, and filters out the simulated mail.
As an alternative embodiment, the callback module 204 is specifically configured to, according to fig. 4, after the simulation target terminal receives and opens the simulation mail, open and click the simulation link through the simulation target, and send a HTTP (hypertext transfer protocol) callback request to the management platform.
Furthermore, a statistical overview unit in the management platform acquires simulation target data according to the HTTP return connection request, and records the simulation target data into the MySQL database in the read-write classification manner; the statistics overview unit may present the record in the administrator terminal in the form of an Echarts data report.
For convenience of description, the above devices are described as being divided into various modules by functions, and are described separately. Of course, the functionality of the modules may be implemented in the same one or more software and/or hardware when implementing embodiments of the present disclosure.
The apparatus of the foregoing embodiment is used to implement the method for practicing the corresponding simulated email in any of the foregoing embodiments, and has the beneficial effects of the corresponding method embodiment, which are not described herein again.
Based on the same inventive concept, corresponding to any of the above-mentioned embodiments, the embodiments of the present disclosure further provide an electronic device, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, and when the processor executes the program, the processor implements the method for simulating the drilling of the email according to any of the above-mentioned embodiments.
Fig. 5 is a schematic diagram illustrating a more specific hardware structure of an electronic device according to this embodiment, where the electronic device may include: a processor 1010, a memory 1020, an input/output interface 1030, a communication interface 1040, and a bus 1050. Wherein the processor 1010, memory 1020, input/output interface 1030, and communication interface 1040 are communicatively coupled to each other within the device via bus 1050.
The processor 1010 may be implemented by a general-purpose CPU (Central Processing Unit), a microprocessor, an Application Specific Integrated Circuit (ASIC), or one or more Integrated circuits, and is configured to execute related programs to implement the technical solutions provided by the embodiments of the present disclosure.
The Memory 1020 may be implemented in the form of a ROM (Read Only Memory), a RAM (Random Access Memory), a static storage device, a dynamic storage device, or the like. The memory 1020 can store an operating system and other application programs, and when the technical solution provided by the embodiments of the present disclosure is implemented by software or firmware, the relevant program codes are stored in the memory 1020 and called to be executed by the processor 1010.
The input/output interface 1030 is used for connecting an input/output module to input and output information. The i/o module may be configured as a component in a device (not shown) or may be external to the device to provide a corresponding function. The input devices may include a keyboard, a mouse, a touch screen, a microphone, various sensors, etc., and the output devices may include a display, a speaker, a vibrator, an indicator light, etc.
The communication interface 1040 is used for connecting a communication module (not shown in the drawings) to implement communication interaction between the present apparatus and other apparatuses. The communication module can realize communication in a wired mode (such as USB, network cable and the like) and also can realize communication in a wireless mode (such as mobile network, WIFI, Bluetooth and the like).
Bus 1050 includes a path that transfers information between various components of the device, such as processor 1010, memory 1020, input/output interface 1030, and communication interface 1040.
It should be noted that although the above-mentioned device only shows the processor 1010, the memory 1020, the input/output interface 1030, the communication interface 1040 and the bus 1050, in a specific implementation, the device may also include other components necessary for normal operation. Moreover, those skilled in the art will appreciate that the above-described apparatus may also include only those components necessary to implement the embodiments of the present disclosure, and need not include all of the components shown in the figures.
The apparatus of the foregoing embodiment is used to implement the method for practicing the corresponding simulated email in any of the foregoing embodiments, and has the beneficial effects of the corresponding method embodiment, which are not described herein again.
Those of ordinary skill in the art will understand that: the discussion of any embodiment above is meant to be exemplary only, and is not intended to intimate that the scope of the disclosure, including the claims, is limited to these examples; within the idea of the present disclosure, also technical features in the above embodiments or in different embodiments may be combined, steps may be implemented in any order, and there are many other variations of the different aspects of the embodiments of the present disclosure as described above, which are not provided in detail for the sake of brevity.
In addition, well-known power/ground connections to Integrated Circuit (IC) chips and other components may or may not be shown in the provided figures for simplicity of illustration and discussion, and so as not to obscure the embodiments of the disclosure. Furthermore, devices may be shown in block diagram form in order to avoid obscuring embodiments of the present disclosure, and this also takes into account the fact that specifics with respect to implementation of such block diagram devices are highly dependent upon the platform within which embodiments of the present disclosure are to be implemented (i.e., specifics should be well within purview of one skilled in the art). Where specific details (e.g., circuits) are set forth in order to describe example embodiments of the disclosure, it should be apparent to one skilled in the art that embodiments of the disclosure can be practiced without, or with variation of, these specific details. Accordingly, the description is to be regarded as illustrative instead of restrictive.
While the present disclosure has been described in conjunction with specific embodiments thereof, many alternatives, modifications, and variations of these embodiments will be apparent to those of ordinary skill in the art in light of the foregoing description. For example, other memory architectures (e.g., dynamic ram (dram)) may use the discussed embodiments.
The embodiments of the present disclosure are intended to embrace all such alternatives, modifications and variances that fall within the broad scope of the appended claims. Therefore, any omissions, modifications, equivalents, improvements, and the like that may be made within the spirit and principles of the embodiments of the disclosure are intended to be included within the scope of the disclosure.

Claims (10)

1. A method of drilling a simulated email, comprising:
through an agent executing a dual-computer hot standby strategy, an administrator terminal sends a plurality of creating activity requests aiming at different simulation targets to a plurality of management platforms, and each management platform calls related construction data in a database according to the received activity requests and constructs simulation mail activities; wherein the simulated mail activity comprises: drill data and simulate mail;
each management platform puts the drilling data of the simulated mail activity into the database in a read-write separation mode, and puts the simulated mails in the simulated mail activity into a queue of a remote service dictionary executing a dual-computer hot standby strategy for waiting to be sent;
each management platform regularly scans a plurality of simulated mails in a remote service dictionary, and the remote service dictionary simultaneously sends at least one simulated mail meeting the sending time condition to at least one simulated target terminal;
and each management platform responds to the fact that the loop connection sent by the simulation target terminal is received, extracts simulation target data from the loop connection, and records the simulation target data into the database in a read-write separation mode.
2. The method of claim 1, wherein the agent comprises: a master agent and a standby agent;
the executing the dual-computer hot standby strategy comprises the following steps:
sending a plurality of the create activity requests to a plurality of the management platforms by using a master agent;
switching to a standby agent to send the create activity request in response to determining that the primary agent fails.
3. The method of claim 1, wherein invoking relevant build data in the database comprises:
the management platform calls preset simulation target address data, preset mail template data, preset page template data and preset simulated sender data in the database, and packages the simulation target address data, the preset mail template data, the preset page template data and the preset simulated sender data into the drilling data of the simulated mail activities.
4. The method of claim 3, wherein the simulating the predetermined manner of the target address data comprises:
a receiver management unit in the management platform stores the simulation target address data into the database in a group mode, wherein each group of the simulation target address data comprises the addresses of a plurality of simulation target terminals;
the preset mode of the mail template data comprises the following steps:
a mail template unit in the management platform stores the mail content sent to the simulation target terminal into the database in a template mode, wherein a tracking icon and a simulation link are arranged in the mail content;
the preset mode of the page template data comprises the following steps:
a page template unit in the management platform presets the contents looked up after the simulation link is clicked by a simulation target;
the pre-construction mode of the sender data comprises the following steps:
and a sender management unit in the management platform takes senders displayed by the simulation target terminal as sender data and stores the sender data in the database in a group mode, wherein each group of sender data comprises a plurality of senders.
5. The method of claim 3, wherein said constructing a simulated mail activity comprises:
and an activity management unit in the management platform constructs a plurality of simulated mails according to the simulated target address data, the mail template data, the page template data, the forged sender data and the sending time in the database.
6. The method of claim 1, wherein the database comprises: a master database and a plurality of slave databases;
the management platform puts the drilling data of the simulated mail activity into the database in a read-write separation mode, and the method comprises the following steps:
each management platform dispersedly stores the reading requests into all the databases, and stores the data requests for processing storage, modification and deletion into the main database; wherein the plurality of slave databases and the master database maintain data synchronization with each other.
7. The method of claim 4, wherein said extracting, in response to determining receipt of a backhaul connection from the simulated target terminal and from the backhaul connection, simulated target data comprises:
in response to determining that the management platform receives a reconnection request of a hypertext transfer protocol sent by the simulation target terminal, a statistical overview unit in the management platform acquires the simulation target data according to the reconnection request of the hypertext transfer protocol;
wherein, the request of the hypertext transfer protocol sent by the terminal of the simulation target opens the simulation mail and clicks the simulation link trigger through the simulation target.
8. A system for simulating a drill of mail, comprising: creating an activity module, a mail constructing module, a sending module and a back connection module;
wherein the create activity module is configured to: through an agent executing a dual-computer hot standby strategy, an administrator terminal sends a plurality of creating activity requests aiming at different simulation targets to a plurality of management platforms, and each management platform calls related construction data in a database according to the received activity requests and constructs simulation mail activities; wherein the simulated mail activity comprises: drill data and simulate mail;
the construct mail module is configured to: each management platform puts the drilling data of the simulated mail activity into the database in a read-write separation mode, and puts the simulated mails in the simulated mail activity into a queue of a remote service dictionary executing a dual-computer hot standby strategy for waiting to be sent;
the sender module is configured to: each management platform regularly scans a plurality of simulated mails in a remote service dictionary, and the remote service dictionary simultaneously sends at least one simulated mail meeting the sending time condition to at least one simulated target terminal;
the tieback module is configured to: and each management platform responds to the fact that the loop connection sent by the simulation target terminal is received, extracts simulation target data from the loop connection, and records the simulation target data into the database in a read-write separation mode.
9. The system of claim 8, wherein the management platform comprises: the system comprises a recipient management unit, a mail template unit, a page template unit, a delivery service unit, a sender management unit, an activity management unit and a statistic overview unit;
the recipient management unit is configured to store simulation target address data into the database in a group manner, wherein each group of the simulation target address data comprises addresses of a plurality of simulation target terminals;
the mail template unit is configured to store the mail content sent to the simulation target terminal into the database in a template mode, wherein a tracking icon and a simulation link are arranged in the mail content;
the page template unit is configured to preset the contents looked up after the simulation link is clicked by a simulation target;
the sender management unit is configured to take senders displayed by the simulation target terminal as sender data and store the senders into the database in a group mode, wherein each group of sender data comprises a plurality of senders;
the activity management unit module is configured to construct a plurality of simulated mails according to the simulated target address data, the mail template data, the page template data, the pre-constructed sender data and the sending time in the database;
the statistical overview unit module is configured to acquire the simulation target data according to a loopback request of a hypertext transfer protocol and record the simulation target data into the database in a read-write separation mode;
and the simulation target terminal sends a hypertext transfer protocol connection request, and the simulation target opens the simulation mail and clicks the simulation link trigger.
10. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable by the processor, characterized in that the processor implements the method according to any of claims 1 to 7 when executing the computer program.
CN202111006727.7A 2021-08-30 2021-08-30 Exercise method, system and electronic equipment for simulating mail Active CN114050909B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111006727.7A CN114050909B (en) 2021-08-30 2021-08-30 Exercise method, system and electronic equipment for simulating mail

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111006727.7A CN114050909B (en) 2021-08-30 2021-08-30 Exercise method, system and electronic equipment for simulating mail

Publications (2)

Publication Number Publication Date
CN114050909A true CN114050909A (en) 2022-02-15
CN114050909B CN114050909B (en) 2023-08-18

Family

ID=80205109

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111006727.7A Active CN114050909B (en) 2021-08-30 2021-08-30 Exercise method, system and electronic equipment for simulating mail

Country Status (1)

Country Link
CN (1) CN114050909B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115665257A (en) * 2022-12-27 2023-01-31 成都同步新创科技股份有限公司 Request processing method and device based on reverse proxy and dynamic script

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016172151A1 (en) * 2015-04-20 2016-10-27 SafeBreach Ltd. System and method for securing a computer system against malicious actions by utilizing virtualized elements
CN109067637A (en) * 2018-06-15 2018-12-21 北京首联信通科技有限公司 Network information security Consciousness Education method and device, storage medium
CN111416801A (en) * 2020-03-11 2020-07-14 时时同云科技(成都)有限责任公司 Mail processing method and device
CN111770086A (en) * 2020-06-28 2020-10-13 深圳前海微众银行股份有限公司 Fishing user simulation collection method, device, system and computer readable storage medium
US20210075828A1 (en) * 2019-09-10 2021-03-11 KnowBe4, Inc. Systems and methods for simulated phishing attacks involving message threads
US20210243220A1 (en) * 2016-02-26 2021-08-05 KnowBe4, Inc. Systems and methods for performing or creating simulated phishing attacks and phishing attack campaigns
CN113259321A (en) * 2021-04-13 2021-08-13 上海碳泽信息科技有限公司 System and method for verifying security awareness of personnel on network attack and utilization

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016172151A1 (en) * 2015-04-20 2016-10-27 SafeBreach Ltd. System and method for securing a computer system against malicious actions by utilizing virtualized elements
US20210243220A1 (en) * 2016-02-26 2021-08-05 KnowBe4, Inc. Systems and methods for performing or creating simulated phishing attacks and phishing attack campaigns
CN109067637A (en) * 2018-06-15 2018-12-21 北京首联信通科技有限公司 Network information security Consciousness Education method and device, storage medium
US20210075828A1 (en) * 2019-09-10 2021-03-11 KnowBe4, Inc. Systems and methods for simulated phishing attacks involving message threads
CN111416801A (en) * 2020-03-11 2020-07-14 时时同云科技(成都)有限责任公司 Mail processing method and device
CN111770086A (en) * 2020-06-28 2020-10-13 深圳前海微众银行股份有限公司 Fishing user simulation collection method, device, system and computer readable storage medium
CN113259321A (en) * 2021-04-13 2021-08-13 上海碳泽信息科技有限公司 System and method for verifying security awareness of personnel on network attack and utilization

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115665257A (en) * 2022-12-27 2023-01-31 成都同步新创科技股份有限公司 Request processing method and device based on reverse proxy and dynamic script

Also Published As

Publication number Publication date
CN114050909B (en) 2023-08-18

Similar Documents

Publication Publication Date Title
US8495434B2 (en) Failure source server and mail server administrator alert management programs, systems, and methods
CN112637346A (en) Proxy method, device, proxy server and storage medium
US11436066B2 (en) System for offline object based storage and mocking of rest responses
CN105337787A (en) Multi-server monitoring method, device and system
CN103268319A (en) Cloud browser based on webpages
CN108712320B (en) Message pushing method and device
CN106897336A (en) Web page files sending method, webpage rendering intent and device, webpage rendering system
CN106357814B (en) A kind of document handling method, agency service end and client
CN105516261A (en) Web page loading control method and load balancer
CN109561167A (en) A kind of domain name analytic method and device
CN112261111A (en) Method and system for realizing cross-domain access of browser in application program
CN114050909A (en) Method and system for drilling simulated mails and electronic equipment
CN111694620A (en) Interaction method, device and equipment of third-party service and computer storage medium
CN107341059A (en) A kind of wechat public number concurrent message treatment mechanism
CN103905477B (en) A kind of method and server for handling HTTP request
CN110928706A (en) Applet interaction method and device, electronic equipment and storage medium
CN109391658B (en) Account data synchronization method and equipment, storage medium and terminal thereof
CN104570967B (en) Long-range control method and system based on android system
AU2018390863B2 (en) Computer system and method for extracting dynamic content from websites
CN103561113A (en) Web Service interface generating method and device
CN110597783A (en) Database management method, device, equipment and storage medium
CN113779122B (en) Method and device for exporting data
CN105100001A (en) Dynamic online interaction platform control method, management background and interaction platform
CN111176782B (en) Online experiment method and device
CN109302446B (en) Cross-platform access method and device, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant