CN114050909B - Exercise method, system and electronic equipment for simulating mail - Google Patents

Exercise method, system and electronic equipment for simulating mail Download PDF

Info

Publication number
CN114050909B
CN114050909B CN202111006727.7A CN202111006727A CN114050909B CN 114050909 B CN114050909 B CN 114050909B CN 202111006727 A CN202111006727 A CN 202111006727A CN 114050909 B CN114050909 B CN 114050909B
Authority
CN
China
Prior art keywords
simulated
mail
data
database
simulation
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111006727.7A
Other languages
Chinese (zh)
Other versions
CN114050909A (en
Inventor
许勇刚
王利斌
李祉岐
冯雅平
尹琴
杨阳
李宁
王秋明
宋洁
刘晓蕾
刘正坤
霍钰
张琼尹
林婷婷
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Siji Network Security Beijing Co ltd
State Grid Corp of China SGCC
State Grid Information and Telecommunication Co Ltd
Original Assignee
State Grid Siji Network Security Beijing Co ltd
State Grid Corp of China SGCC
State Grid Information and Telecommunication Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Siji Network Security Beijing Co ltd, State Grid Corp of China SGCC, State Grid Information and Telecommunication Co Ltd filed Critical State Grid Siji Network Security Beijing Co ltd
Priority to CN202111006727.7A priority Critical patent/CN114050909B/en
Publication of CN114050909A publication Critical patent/CN114050909A/en
Application granted granted Critical
Publication of CN114050909B publication Critical patent/CN114050909B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1483Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • G06F16/2453Query optimisation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0281Proxies

Abstract

The disclosure provides a training method, a system and electronic equipment for simulating mails; the method comprises the following steps: through the agent for executing the dual-machine hot standby strategy, the manager terminal sends a plurality of creation activity requests aiming at different simulation targets to a plurality of management platforms, and the management platforms call related construction data in the database to construct simulated mail activities according to the received activity requests; the management platform puts the exercise data of the simulated mail activity into a database in a read-write separation mode, and puts the simulated mail in the simulated mail activity into a queue of a remote service dictionary for executing a dual-machine hot standby strategy to wait for sending; the management platform scans a plurality of simulated mails in a remote service dictionary at regular time, and the remote service dictionary simultaneously transmits at least one simulated mail meeting the transmission time condition to at least one simulated target terminal; the management platform receives the back connection sent by the simulation target terminal, extracts the simulation target data from the back connection, and records the simulation target data into the database in a read-write separation mode.

Description

Exercise method, system and electronic equipment for simulating mail
Technical Field
The embodiment of the disclosure relates to the technical field of network security attack and defense, in particular to a training method, a training system and electronic equipment for simulating mails.
Background
In the face of increasingly frequent phishing attacks, it is important to build an exercise method and system that effectively simulates simulated mail. In the related exercise method of the simulated mail, an exercise system architecture of the simulated mail is generally established by using a single-node deployment mode.
The single-node deployment mode is a background program server or a mail sending system, the single-node deployment often lacks stability, when one node is in a problem, the whole drilling system is in a paralyzed state, and when a large amount of simulated mails are processed, the single-node deployment mode can cause the whole drilling system to be in a bottleneck, so that the processing capacity is reduced.
Based on this, a solution is needed that can achieve an improvement in the stability of the exercise system and that has colleagues to handle a large number of simulated mails.
Disclosure of Invention
In view of the above, the present disclosure aims to provide a training method, system and electronic device for simulating mail.
Based on the above objects, the present disclosure provides a training method for simulating mail, including:
Through the agent for executing the dual-machine hot standby strategy, the manager terminal sends a plurality of creation activity requests aiming at different simulation targets to a plurality of management platforms, and each management platform calls related construction data in a database according to the received activity requests and constructs simulated mail activities; wherein simulating mail activity includes: exercise data and simulated mail;
each management platform puts the exercise data of the simulated mail activity into a database for executing the dual-machine hot standby strategy in a read-write separation mode, and puts the simulated mail in the simulated mail activity into a queue of a remote service dictionary for executing the dual-machine hot standby strategy to wait for sending;
each management platform scans a plurality of simulated mails in a remote service dictionary at regular time, and the remote service dictionary simultaneously transmits at least one simulated mail meeting the transmission time condition to at least one simulated target terminal;
each management platform responds to the determination of receiving the back connection sent by the simulation target terminal, extracts the simulation target data from the back connection, and records the simulation target data into a database in a read-write separation mode.
Based on the same inventive concept, the present disclosure also provides an exercise system for simulating mail, including: creating an activity module, constructing a mail module, a sending module and a connecting module;
Wherein the create activity module is configured to: through the agent for executing the dual-machine hot standby strategy, the manager terminal sends a plurality of creation activity requests aiming at different simulation targets to a plurality of management platforms, and each management platform calls related construction data in a database according to the received activity requests and constructs simulated mail activities; wherein simulating mail activity includes: exercise data and simulated mail;
the build mail module is configured to: each management platform puts the exercise data of the simulated mail activity into a database for executing the dual-machine hot standby strategy in a read-write separation mode, and puts the simulated mail in the simulated mail activity into a queue of a remote service dictionary for executing the dual-machine hot standby strategy to wait for sending;
the sender module is configured to: each management platform scans a plurality of simulated mails in a remote service dictionary at regular time, and the remote service dictionary simultaneously transmits at least one simulated mail meeting the transmission time condition to at least one simulated target terminal;
the loop module is configured to: each management platform responds to the determination of receiving the back connection sent by the simulation target terminal, extracts the simulation target data from the back connection, and records the simulation target data into a database in a read-write separation mode.
Based on the same inventive concept, the present disclosure also provides an electronic device, including a memory, a processor, and a computer program stored on the memory and executable on the processor, where the processor implements the exercise method of simulating mail as described in any one of the above when executing the program.
From the above, the method, the system and the electronic device for simulating the mail provided by the present disclosure are based on the agent and the remote service dictionary for executing the dual-machine hot standby strategy, and the management platform and the database for multi-node setting; the method is characterized in that the conditions of constructing a plurality of simulated mails aiming at a plurality of different simulated target terminals are comprehensively considered, the simulated mail activities are created, and a database adopts a read-write separation strategy, so that each management platform processes an activity creating request, the exercise data of the simulated mails are input into the database, the management platform scans a remote service dictionary, the remote service dictionary sends the simulated mails, and the management platform receives the simulated target terminals to be connected back and extracts the simulated target data and the like, and the operations are kept stable, so that the bottleneck in the exercise process of the whole simulated mails is not easy to occur, and the simulation effect of the exercise of the simulated mails is improved.
Drawings
In order to more clearly illustrate the technical solutions of the present disclosure or related art, the drawings required for the embodiments or related art description will be briefly described below, and it is apparent that the drawings in the following description are only embodiments of the present disclosure, and other drawings may be obtained according to these drawings without inventive effort to those of ordinary skill in the art.
FIG. 1 is a flow chart of a simulated mail exercise method according to an embodiment of the present disclosure;
FIG. 2 is a schematic diagram of an exercise system simulating mail according to an embodiment of the present disclosure;
FIG. 3 is a schematic diagram of a simulated mail exercise architecture according to an embodiment of the present disclosure;
FIG. 4 is a block diagram of a management platform according to an embodiment of the present disclosure;
fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the disclosure.
Detailed Description
For the purposes of promoting an understanding of the principles and advantages of the disclosure, reference will now be made to the embodiments illustrated in the drawings and specific language will be used to describe the same.
It should be noted that unless otherwise defined, technical or scientific terms used in the embodiments of the present disclosure should be given the ordinary meaning as understood by one of ordinary skill in the art to which the present disclosure pertains. The use of the terms "first," "second," and the like in embodiments of the present disclosure does not denote any order, quantity, or importance, but rather are used to distinguish one element from another. The word "comprising" or "comprises", and the like, means that elements or items preceding the word are included in the element or item listed after the word and equivalents thereof, but does not exclude other elements or items. The terms "connected" or "connected," and the like, are not limited to physical or mechanical connections, but may include electrical connections, whether direct or indirect.
Related simulated mail exercise methods, systems and electronic devices are also difficult to meet the needs of realistic simulation exercises.
The applicant finds that in implementing the present disclosure, the main problems of the related exercise method for simulating mails are: in the exercise method and system of the simulated mail for executing the single point deployment strategy when a large number of simulated mail activities are created and a large number of simulated mails are constructed, when a node is in a problem, which means that the whole exercise system is in a paralyzed state, the node can be a reverse proxy, a database proxy, a remote service dictionary, a management platform and the like, so that the stability is lacking; when a large amount of simulated mails are processed, any node or any server has a processing bottleneck, and the processing capacity of the whole platform is reduced; further, in the related scheme, when the database processes the exercise data of the simulated mail and the simulated target terminal data, the read-write request is not distinguished, so that the processing pressure of the data is completely transmitted to the database server, the time for processing the request of the database is prolonged, the request is lost, and even the database is crashed and other results are caused.
In order to realize that a large number of simulated mails are simultaneously created and sent to simulate real network attack and obtain the best effect of network attack and defense exercise, the exercise method, system and electronic equipment of the simulated mails are provided.
It is understood that the method may be performed by any apparatus, device, platform, cluster of devices having computing, processing capabilities.
Hereinafter, the technical method of the present disclosure will be described in detail by means of specific embodiments, and specifically with reference to a flowchart of an exercise method of simulated mail shown in fig. 1.
Referring to fig. 1, the exercise method of the simulated mail according to an embodiment of the present disclosure includes the steps of:
step S101, through an agent for executing a dual-machine hot standby strategy, an administrator terminal sends a plurality of creation activity requests aiming at different simulation targets to a plurality of management platforms, and each management platform calls related construction data in a database according to the received activity requests and constructs simulated mail activities; wherein simulating mail activity includes: exercise data and simulated mail.
In the embodiment of the disclosure, when the simulated mail is exercised, the simulated mail is sent from an administrator terminal to a plurality of different simulated target terminals through the architecture of the simulated mail system, and further, each node in the architecture of the simulated mail system adopts a multi-point deployment mode and a master-slave mode deployment mode, so that the task of simultaneously processing a plurality of simulated mail activities is strictly prevented from being influenced by single machine faults.
First, the administrator terminal transmits a plurality of creation activity requests to a plurality of management platforms through the agent. The agent comprises a main agent and a standby agent, and a dual-machine hot standby strategy is executed between the main agent and the standby agent; specifically, the manager terminal sends a plurality of creation activity requests through the main agent, and when the main agent fails or is down, the standby agent is switched to send the creation activity requests.
Further, as shown in fig. 3, the plurality of create activity requests are responsible for accepting a plurality of create activity requests for different simulation target terminals in a decentralized manner by a plurality of management platforms, wherein the management platforms operate based on servers, and each server is responsible for operating one management platform.
Further, after each management platform receives the request for creating the activity, it starts to create the simulated mail activity, which specifically includes: and packaging the exercise data simulating the mail activities, and constructing the simulated mail.
In the embodiment of the disclosure, each management platform invokes preset simulated target address data, preset mail template data, preset page template data and preset simulated sender data in a database, encapsulates the data into exercise data for simulating mail activities, and further constructs simulated mails in the management platform according to the data; among other things, the database used in this disclosure may be a MySQL database (relational database management system).
Specifically, as shown in fig. 4, each management platform includes: the system comprises a receiver management unit, a mail template unit, a page template unit, a sender service unit, a sender management unit, an activity management unit and a statistical overview unit.
In the present disclosure, the recipient management unit may store the simulated target address data of multiple simulated target terminals in the form of groups as recipient groups, where each group of simulated target address data may include addresses of multiple simulated target terminals, and store the recipient groups in the MySQL database for use in creating simulated mail activities, and as another alternative, the method also supports the use of files to pour the simulated target address data into the MySQL database.
The address data of the simulation target may be a mailbox address of the corresponding simulation target.
In the present disclosure, the mail template unit may save the mail content sent to the simulation target terminal in a mail template manner for use in creating the simulated mail activity a plurality of times.
Furthermore, the mail template also supports the import of mail source codes, for example, eml format files can be exported from other mail agents and the content is put on a management platform, and a mail template unit of the management platform can automatically generate a mail template according to eml format content.
Wherein, the mail content in the mail template can be provided with a tracking function and a simulation link; specifically, the tracking function of the simulated target terminal can be checked as required when the mail template is created, and after the checking, a tracking icon is added in the mail template, wherein the icon address of the tracking icon can be connected to the management platform, and specifically, the tracking icon can be connected back to the statistical overview unit of the management platform. When the simulated mail is opened at the simulated target terminal, the tracking icon is automatically loaded and connected back to the management platform so as to inform the management platform that the simulated target opens the simulated mail.
The mail template data may be stored in MySQL database.
In the present disclosure, the page template unit may preset what the simulation target can see after clicking the simulation link. The content can be saved as a page template in the MySQL database in a template mode after being edited by the page template unit, so that the content is convenient to use for multiple times.
Further, in the page template unit, the existing website can also be imported into the page template by filling in the URL address of the existing website.
In the present disclosure, the sender management unit may process the sender displayed in the simulated mail received by the simulated target terminal.
Specifically, the sender management unit simulates addresses, mailboxes, IP (internet protocol) and names of a plurality of pre-built simulated senders, takes the addresses, mailboxes, IP (internet protocol) and names as sender data, stores the sender data in a MySQL database in a group mode, and can also support a file-using mode to import the sender data into the MySQl database; wherein there may be multiple simulated sender data within each group.
In the present disclosure, a simulated mail activity is initiated according to the mail template, the page template, the sender data, and the simulated target address data described above.
Specifically, the activity management unit may select a constructed mail content, a simulated exercise website accessed by a simulation target, a plurality of pre-constructed simulated sender data and a plurality of simulated target address data, and package them as exercise data simulating a mail activity.
Further, the transmission time, transmission frequency, and the like may be added to the exercise data, and the transmission time may be set as a condition that triggers transmission of the analog mail.
Step S102, each management platform puts the exercise data of the simulated mail activity into the database in a read-write separation mode, and puts the simulated mail in the simulated mail activity into a queue of a remote service dictionary executing a dual-machine hot standby strategy to wait for sending.
In an embodiment of the disclosure, each management platform saves exercise data into a MySQL database, wherein the MySQL database uses a master MySQL agent and a slave MySQL agent, and a dual hot standby policy is executed between the master MySQL agent and the slave MySQL agent; specifically, the main MySQL proxy reads and writes the sent data, and when the main MySQL proxy fails or goes down, the standby MySQL proxy is switched to read and write the data.
Further, the MySQL database further includes: the system comprises a master MySQL database and a plurality of slave MySQL databases, wherein when the MySQL database queries or stores data, a MySQL proxy processes the data in a read-write separation mode; specifically, the read requests will be distributed to the master MySQL database and all slave MySQL databases to relieve the pressure of a large number of read requests; and requests related to save, modify, delete will be distributed to the master MySQL database; further, the master MySQL database can uniformly synchronize the change of the data to other slave MySQL databases so as to realize the transverse expansion of the MySQL database.
Further, mySQL data may be vertically expanded in a manner of setting a plurality of master MySQL databases, and accordingly, each master MySQL database will have a plurality of slave MySQL databases corresponding thereto.
Further, when the drilling data in the MySQL database needs to be queried, the drilling data can be queried through any one management platform.
In the present disclosure, after a simulated mail activity is created, a simulated mail constructed in the simulated mail activity is put into a dis (remote service dictionary) to wait for transmission, and when a plurality of simulated mails are put into the dis, a simulated mail queue is formed in the dis.
Wherein, redis includes: a main Redis and a standby Redis, and a dual hot standby strategy is executed between the main Redis and the standby Redis; specifically, the main Redis executes the sending task of the simulated mail, and when the main Redis fails or is down, the standby Redis is switched to carry out the sending task of the simulated mail.
Step S103, each management platform scans a plurality of simulated mails in a remote service dictionary at regular time, and the remote service dictionary simultaneously transmits at least one simulated mail meeting the transmission time condition to at least one simulated target terminal.
In the embodiment of the present disclosure, the sending service unit in the management platform is configured to initiate a sending service to send the simulated mail to the address of the simulated target terminal, where the sending service may be a local mail service or other mail service.
In the present disclosure, a management platform will periodically scan a simulated mail queue in Redis to query a simulated mail that meets a sending condition, where the sending condition is set as a time condition; when the Redis is provided with the simulated mail which accords with the currently set time condition, the sending service unit enables the Redis to start sending the simulated mail.
Further, the delivery service unit may store a plurality of delivery services to implement lateral expansion of the delivery services; thus, it is possible to realize simultaneously transmitting at least one simulated mail to the address of at least one simulated target terminal using at least one delivery service.
Further, by configuring a plurality of pre-built simulated sender data and a plurality of stored sender services. The simulated mail is sent out through different pre-built simulated sender mailboxes and different sender services.
Therefore, in the simulated mail activity, the sender data such as the sender IP, the sender mailbox, and the sender name displayed by all the simulated target terminals will be different.
Further, the pre-constructed simulated sender mailbox and the sender service can be matched evenly according to the number of the simulated targets, so that each sender mailbox is ensured to send out the simulated mail by using different sender services. Therefore, the mailbox server where the simulation target terminal is located is prevented from inquiring that the pre-constructed simulated sender mailbox and sender IP are sent repeatedly, and the simulated mail is filtered out.
Step S104, each management platform responds to the determination of receiving the loop sent by the simulation target terminal, extracts the simulation target data from the loop, and records the simulation target data in a database in a read-write separation mode.
In an embodiment of the present disclosure, according to fig. 4, after a simulation target terminal receives and opens a simulation mail, a HTTP (hypertext transfer protocol) callback request is sent to a management platform through an operation that a simulation target opens a click on a simulation link.
Further, a statistical overview unit in the management platform acquires simulation target data according to the HTTP callback request and records the simulation target data into a MySQL database in the read-write classification mode; the statistics overview unit can display the record on an administrator terminal in the form of an echartis data report.
It can be seen that the exercise method of the simulated mail according to the embodiment of the present disclosure is based on the agent and remote service dictionary that execute the dual hot standby policy, and the management platform and database of the multi-node setting; the method is characterized in that the conditions of constructing a plurality of simulated mails aiming at a plurality of different simulated target terminals are comprehensively considered, the simulated mail activities are created, and a database adopts a read-write separation strategy, so that each management platform processes an activity creation request, the exercise data of the simulated mails are input into the database, the management platform scans a remote service dictionary, the remote service dictionary sends the simulated mails, and the management platform receives the simulated target terminals to be connected back and extracts the simulated target data and the like, and the operations remain stable, thereby realizing that the exercise system of the whole simulated mails is not easy to generate bottlenecks, and improving the simulation effect of the exercise of the simulated mails.
It should be noted that the method of the embodiments of the present disclosure may be performed by a single device, such as a computer or server. The method of the embodiment can also be applied to a distributed scene, and is completed by mutually matching a plurality of devices. In the case of such a distributed scenario, one of the devices may perform only one or more steps of the methods of embodiments of the present disclosure, the devices interacting with each other to accomplish the methods.
It should be noted that the foregoing describes some embodiments of the present disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments described above and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing are also possible or may be advantageous.
Based on the same inventive concept, the embodiment of the disclosure also provides a training system for simulating mails, which corresponds to the method of any embodiment.
Referring to fig. 2, the exercise system for simulating mail includes: creating an activity module, constructing a mail module, a sending module and a connecting module;
wherein the create activity module 201 is configured to: through the agent for executing the dual-machine hot standby strategy, an administrator terminal sends a plurality of creation activity requests aiming at different simulation targets to a plurality of management platforms, and each management platform calls related construction data in a database according to the received activity requests and constructs simulated mail activities; wherein the simulated mail activity comprises: exercise data and simulated mail;
a structured mail module 202 configured to: each management platform puts the exercise data of the simulated mail activity into the database for executing the dual-machine hot standby strategy in a read-write separation mode, and puts the simulated mail in the simulated mail activity into a queue of a remote service dictionary for executing the dual-machine hot standby strategy to wait for sending;
a sender module 203 configured to: each management platform scans a plurality of simulated mails in a remote service dictionary at fixed time, and sends at least one simulated mail meeting the sending time condition to at least one simulated target terminal at the same time;
A loop module 204 configured to: and each management platform responds to the determination of receiving the loop sent by the simulation target terminal, extracts the simulation target data from the loop, and records the simulation target data into the database in a read-write separation mode.
As an optional embodiment, the creation activity module 201 is specifically configured to send, when performing exercise of the simulated mail, the simulated mail from the administrator terminal to the several different simulated target terminals through the architecture of the simulated mail system, and further, each node in the architecture of the simulated mail system adopts a multi-point deployment mode and a master-slave mode deployment mode, so that tasks of simultaneously processing multiple simulated mail activities are strictly prevented from being affected due to a single machine fault.
First, the administrator terminal transmits a plurality of creation activity requests to a plurality of management platforms through the agent. The agent comprises a main agent and a standby agent, and a dual-machine hot standby strategy is executed between the main agent and the standby agent; specifically, the manager terminal sends a plurality of creation activity requests through the main agent, and when the main agent fails or is down, the standby agent is switched to send the creation activity requests.
Further, as shown in fig. 3, the plurality of create activity requests are responsible for accepting a plurality of create activity requests for different simulation target terminals in a decentralized manner by a plurality of management platforms, wherein the management platforms operate based on servers, and each server is responsible for operating one management platform.
Further, after each management platform receives the request for creating the activity, it starts to create the simulated mail activity, which specifically includes: and packaging the exercise data simulating the mail activities, and constructing the simulated mail.
In the embodiment of the disclosure, each management platform invokes preset simulated target address data, preset mail template data, preset page template data and preset simulated sender data in a database, encapsulates the data into exercise data for simulating mail activities, and further constructs simulated mails in the management platform according to the data; wherein the database used in the present disclosure may be MySQL database.
Specifically, as shown in fig. 4, each management platform includes: the system comprises a receiver management unit, a mail template unit, a page template unit, a sender service unit, a sender management unit, an activity management unit and a statistical overview unit.
In the present disclosure, the recipient management unit may store the simulated target address data of multiple simulated target terminals in the form of groups as recipient groups, where each group of simulated target address data may include addresses of multiple simulated target terminals, and store the recipient groups in the MySQL database, so as to create simulated mail activity for use, and as another alternative, support a file-using manner to pour the simulated target address data into the MySQL database.
The address data of the simulation target may be a mailbox address of the corresponding target simulation target.
In the present disclosure, the mail template unit may save the mail content sent to the simulation target terminal in a mail template manner for use in creating the simulated mail activity a plurality of times.
Furthermore, the mail template also supports the import of mail source codes, for example, eml format files can be exported from other mail agents and the content is put on a management platform, and a mail template unit of the management platform can automatically generate a mail template according to eml format content.
Wherein, the mail content in the mail template can be provided with a tracking function and a simulation link; specifically, the tracking function of the simulated target terminal can be checked as required when the mail template is created, and after the checking, a tracking icon is added in the mail template, wherein the icon address of the tracking icon can be connected to the management platform, and specifically, the tracking icon can be connected back to the statistical overview unit of the management platform. When the simulated mail is opened at the simulated target terminal, the tracking icon is automatically loaded and connected back to the management platform so as to inform the management platform that the simulated target opens the simulated mail.
The mail template data may be stored in MySQL database.
In the present disclosure, the page template unit may preset what the simulation target can see after clicking the simulation link. The content can be saved as a page template in the MySQL database in a template mode after being edited by the page template unit, so that the content is convenient to use for multiple times.
Further, in the page template unit, the existing website can also be imported into the page template by filling in the URL address of the existing website.
In the present disclosure, the sender management unit may process the sender displayed in the simulated mail received by the simulated target terminal.
Specifically, the sender management unit simulates addresses, mailboxes, IPs and names of a plurality of pre-built simulated senders, takes the addresses, mailboxes, IPs and names as sender data, stores the sender data in a MySQL database in a group mode, and can also support a file-using mode to import sender data into the MySQl database; wherein there may be multiple simulated sender data within each group.
In the present disclosure, a simulated mail activity is initiated according to the mail template, the page template, the sender data, and the simulated target address data described above.
Specifically, the activity management unit may select a constructed mail content, a simulated exercise website accessed by a simulation target, a plurality of pre-constructed simulated sender data and a plurality of simulated target address data, and package them as exercise data simulating a mail activity.
Further, the transmission time, transmission frequency, and the like may be added to the exercise data, and the transmission time may be set as a condition that triggers transmission of the analog mail.
As an optional embodiment, the email constructing module 202 is specifically configured to store the exercise data in the MySQL database by each management platform, where the MySQL database uses a main MySQL agent and a standby MySQL agent, and execute a dual hot standby policy between the main MySQL agent and the standby MySQL agent; specifically, the main MySQL proxy reads and writes the sent data, and when the main MySQL proxy fails or goes down, the standby MySQL proxy is switched to read and write the data.
Further, the MySQL database further includes: the system comprises a master MySQL database and a plurality of slave MySQL databases, wherein when the MySQL database queries or stores data, a MySQL proxy processes the data in a read-write separation mode; specifically, the read requests will be distributed to the master MySQL database and all slave MySQL databases to relieve the pressure of a large number of read requests; and requests related to save, modify, delete will be distributed to the master MySQL database; further, the master MySQL database can uniformly synchronize the change of the data to other slave MySQL databases so as to realize the transverse expansion of the MySQL database.
Further, mySQL data may be vertically expanded in a manner of setting a plurality of master MySQL databases, and accordingly, each master MySQL database will have a plurality of slave MySQL databases corresponding thereto.
Further, when the drilling data in the MySQL database needs to be queried, the drilling data can be queried through any one management platform.
In the present disclosure, after a simulated mail activity is created, a simulated mail constructed in the simulated mail activity is put into a dis (remote service dictionary) to wait for transmission, and when a plurality of simulated mails are put into the dis, a simulated mail queue is formed in the dis.
Wherein, redis includes: a main Redis and a standby Redis, and a dual hot standby strategy is executed between the main Redis and the standby Redis; specifically, the main Redis executes the sending task of the simulated mail, and when the main Redis fails or is down, the standby Redis is switched to carry out the sending task of the simulated mail.
As an optional embodiment, the sending module 203 is specifically configured to enable a sending service to send the simulated mail to the address of the simulated target terminal by using a sending service unit in the management platform, where the sending service may be a local mail service or other mail services.
In the present disclosure, a management platform will periodically scan a simulated mail queue in Redis to query a simulated mail that meets a sending condition, where the sending condition is set as a time condition; when the Redis is provided with the simulated mail which accords with the currently set time condition, the sending service unit enables the Redis to start sending the simulated mail.
Further, the delivery service unit may store a plurality of delivery services to implement lateral expansion of the delivery services; thus, it is possible to realize simultaneously transmitting at least one simulated mail to the address of at least one simulated target terminal using at least one delivery service.
Further, by configuring a plurality of pre-built simulated sender data and a plurality of stored sender services. The simulated mail is sent out through different pre-built simulated sender mailboxes and different sender services.
Therefore, in the simulated mail activity, the sender data such as the sender IP, the sender mailbox, and the sender name displayed by all the simulated target terminals will be different.
Further, the pre-constructed simulated sender mailbox and the sender service can be matched evenly according to the number of the simulated targets, so that each sender mailbox is ensured to send out the simulated mail by using different sender services. Therefore, the mailbox server where the simulation target terminal is located is prevented from inquiring that the pre-constructed simulated sender mailbox and sender IP are sent repeatedly, and the simulated mail is filtered out.
As an alternative embodiment, the loopback module 204 is specifically configured to send an HTTP (hypertext transfer protocol) loopback request to the management platform according to fig. 4 after the simulation target terminal receives and opens the simulation mail, by opening the operation of clicking the simulation link by the simulation target.
Further, a statistical overview unit in the management platform acquires simulation target data according to the HTTP callback request and records the simulation target data into a MySQL database in the read-write classification mode; the statistics overview unit can display the record on an administrator terminal in the form of an echartis data report.
For convenience of description, the above devices are described as being functionally divided into various modules, respectively. Of course, the functions of the various modules may be implemented in the same one or more pieces of software and/or hardware when implementing embodiments of the present disclosure.
The device of the above embodiment is used for implementing the exercise method of the corresponding simulated mail in any of the foregoing embodiments, and has the beneficial effects of the corresponding method embodiment, which is not described herein.
Based on the same inventive concept, corresponding to the method of any embodiment, the embodiment of the disclosure further provides an electronic device, including a memory, a processor, and a computer program stored on the memory and capable of running on the processor, where the processor executes the program to implement the method for simulating email according to any embodiment.
Fig. 5 shows a more specific hardware architecture of an electronic device according to this embodiment, where the device may include: a processor 1010, a memory 1020, an input/output interface 1030, a communication interface 1040, and a bus 1050. Wherein processor 1010, memory 1020, input/output interface 1030, and communication interface 1040 implement communication connections therebetween within the device via a bus 1050.
The processor 1010 may be implemented by a general-purpose CPU (Central Processing Unit ), microprocessor, application specific integrated circuit (Application Specific Integrated Circuit, ASIC), or one or more integrated circuits, etc. for executing relevant programs to implement the technical solutions provided by the embodiments of the present disclosure.
The Memory 1020 may be implemented in the form of ROM (Read Only Memory), RAM (Random Access Memory ), static storage device, dynamic storage device, or the like. Memory 1020 may store an operating system and other application programs, and when the techniques provided by embodiments of the present disclosure are implemented in software or firmware, the associated program code is stored in memory 1020 and executed by processor 1010.
The input/output interface 1030 is used to connect with an input/output module for inputting and outputting information. The input/output module may be configured as a component in a device (not shown) or may be external to the device to provide corresponding functionality. Wherein the input devices may include a keyboard, mouse, touch screen, microphone, various types of sensors, etc., and the output devices may include a display, speaker, vibrator, indicator lights, etc.
Communication interface 1040 is used to connect communication modules (not shown) to enable communication interactions of the present device with other devices. The communication module may implement communication through a wired manner (such as USB, network cable, etc.), or may implement communication through a wireless manner (such as mobile network, WIFI, bluetooth, etc.).
Bus 1050 includes a path for transferring information between components of the device (e.g., processor 1010, memory 1020, input/output interface 1030, and communication interface 1040).
It should be noted that although the above-described device only shows processor 1010, memory 1020, input/output interface 1030, communication interface 1040, and bus 1050, in an implementation, the device may include other components necessary to achieve proper operation. Furthermore, those skilled in the art will appreciate that the above-described apparatus may include only the components necessary to implement the embodiments of the present disclosure, and not all of the components shown in the figures.
The device of the above embodiment is used for implementing the exercise method of the corresponding simulated mail in any of the foregoing embodiments, and has the beneficial effects of the corresponding method embodiment, which is not described herein.
Those of ordinary skill in the art will appreciate that: the discussion of any of the embodiments above is merely exemplary and is not intended to suggest that the scope of the disclosure, including the claims, is limited to these examples; the technical features of the above embodiments or in the different embodiments may also be combined under the idea of the present disclosure, the steps may be implemented in any order, and there are many other variations of the different aspects of the embodiments of the present disclosure as described above, which are not provided in details for the sake of brevity.
Additionally, well-known power/ground connections to Integrated Circuit (IC) chips and other components may or may not be shown within the provided figures, in order to simplify the illustration and discussion, and so as not to obscure the embodiments of the present disclosure. Furthermore, the devices may be shown in block diagram form in order to avoid obscuring the embodiments of the present disclosure, and this also accounts for the fact that specifics with respect to implementation of such block diagram devices are highly dependent upon the platform on which the embodiments of the present disclosure are to be implemented (i.e., such specifics should be well within purview of one skilled in the art). Where specific details (e.g., circuits) are set forth in order to describe example embodiments of the disclosure, it should be apparent to one skilled in the art that embodiments of the disclosure can be practiced without, or with variation of, these specific details. Accordingly, the description is to be regarded as illustrative in nature and not as restrictive.
While the present disclosure has been described in conjunction with specific embodiments thereof, many alternatives, modifications, and variations of those embodiments will be apparent to those skilled in the art in light of the foregoing description. For example, other memory architectures (e.g., dynamic RAM (DRAM)) may use the embodiments discussed.
The embodiments of the present disclosure are intended to embrace all such alternatives, modifications and variances which fall within the broad scope of the appended claims. Accordingly, any omissions, modifications, equivalents, improvements, and the like, which are within the spirit and principles of the embodiments of the disclosure, are intended to be included within the scope of the disclosure.

Claims (10)

1. A method of modeling mail, comprising:
through the agent for executing the dual-machine hot standby strategy, an administrator terminal sends a plurality of creation activity requests aiming at different simulation targets to a plurality of management platforms, and each management platform calls related construction data in a database according to the received activity requests and constructs simulated mail activities; wherein the simulated mail activity comprises: exercise data and simulated mail;
each management platform puts the exercise data of the simulated mail activity into the database in a read-write separation mode, and puts the simulated mail in the simulated mail activity into a queue of a remote service dictionary for executing a dual-machine hot standby strategy to wait for sending;
Each management platform scans a plurality of simulated mails in a remote service dictionary at regular time, and the remote service dictionary simultaneously transmits at least one simulated mail meeting the transmission time condition to at least one simulated target terminal;
each management platform responds to the determination of receiving the loop connection sent by the simulation target terminal, extracts simulation target data from the loop connection, and records the simulation target data into the database in a read-write separation mode.
2. The method of claim 1, wherein the agent comprises: a master agent and a standby agent;
the executing the dual hot standby strategy comprises the following steps:
transmitting a plurality of creation activity requests to a plurality of management platforms by using a master agent;
in response to determining that the primary agent failed, switching to a backup agent to send the create activity request.
3. The method of claim 1, wherein the invoking the relevant build data in the database comprises:
and the management platform calls preset simulated target address data, preset mail template data, preset page template data and preset simulated sender data in the database, and encapsulates the simulated target address data, the preset mail template data, the preset page template data and the preset simulated sender data into the exercise data of the simulated mail activity.
4. A method according to claim 3, wherein the simulating the preset pattern of the target address data comprises:
the addressee management unit in the management platform stores the simulated target address data into the database in a group mode, wherein each group of simulated target address data comprises a plurality of addresses of the simulated target terminals;
the preset mode of the mail template data comprises the following steps:
mail template unit in the management platform stores mail content sent to the simulation target terminal in the database in a template mode, wherein tracking icons and simulation links are arranged in the mail content;
the preset mode of the page template data comprises the following steps:
the page template unit in the management platform presets the content which is searched after the simulation target clicks the simulation link;
the pre-construction mode of the sender data comprises the following steps:
and a sender management unit in the management platform takes the sender displayed by the simulation target terminal as sender data and stores the sender data into the database in a group mode, wherein each group of sender data comprises a plurality of senders.
5. A method according to claim 3, wherein said constructing simulated mail activity comprises:
and an activity management unit in the management platform constructs a plurality of simulated mails according to the simulated target address data, the mail template data, the page template data, the simulated sender data and the sending time in the database.
6. The method of claim 1, wherein the database comprises: a master database and a plurality of slave databases;
the management platform puts the exercise data simulating the mail activity into the database in a read-write separation mode, and the method comprises the following steps:
each management platform dispersedly saves the read requests to all the databases, and saves the data requests which are saved, modified and deleted in a processing way to the main database; wherein the plurality of slave databases and the master database maintain data synchronization with each other.
7. The method of claim 4, wherein the responding to determining that the loop sent by the simulation target terminal is received and extracting simulation target data from the loop comprises:
responding to the fact that the management platform receives a return connection request of the hypertext transfer protocol sent by the simulation target terminal, and acquiring the simulation target data by a statistics overview unit in the management platform according to the return connection request of the hypertext transfer protocol;
And opening the simulation mail and clicking the simulation link trigger through the simulation target according to the return connection request of the hypertext transfer protocol sent by the simulation target terminal.
8. An exercise system that simulates mail, comprising: creating an activity module, constructing a mail module, a sending module and a connecting module;
wherein the create activity module is configured to: through the agent for executing the dual-machine hot standby strategy, an administrator terminal sends a plurality of creation activity requests aiming at different simulation targets to a plurality of management platforms, and each management platform calls related construction data in a database according to the received activity requests and constructs simulated mail activities; wherein the simulated mail activity comprises: exercise data and simulated mail;
the compose mail module is configured to: each management platform puts the exercise data of the simulated mail activity into the database in a read-write separation mode, and puts the simulated mail in the simulated mail activity into a queue of a remote service dictionary for executing a dual-machine hot standby strategy to wait for sending;
the sender module is configured to: each management platform scans a plurality of simulated mails in a remote service dictionary at regular time, and the remote service dictionary simultaneously transmits at least one simulated mail meeting the transmission time condition to at least one simulated target terminal;
The loop module is configured to: each management platform responds to the determination of receiving the loop connection sent by the simulation target terminal, extracts simulation target data from the loop connection, and records the simulation target data into the database in a read-write separation mode.
9. The system of claim 8, wherein the management platform comprises: the system comprises a receiver management unit, a mail template unit, a page template unit, a sender management unit, an activity management unit and a statistics overview unit;
the addressee management unit is configured to store simulated target address data into the database in a group mode, wherein each group of simulated target address data comprises addresses of a plurality of simulated target terminals;
the mail template unit is configured to store mail contents sent to the simulation target terminal in the database in a template mode, wherein tracking icons and simulation links are arranged in the mail contents;
the page template unit is configured to preset the content which is searched after the simulation target clicks the simulation link;
the sender management unit is configured to take the sender displayed by the simulation target terminal as sender data and store the sender data into the database in a group mode, wherein each group of sender data comprises a plurality of senders;
The activity management unit module is configured to construct a plurality of simulated mails according to the simulated target address data, mail template data, page template data, pre-constructed sender data and sending time in the database;
the statistical overview unit module is configured to acquire the simulation target data according to a callback request of a hypertext transfer protocol and record the simulation target data in the database in a read-write separation mode;
and opening the simulation mail and clicking the simulation link trigger through the simulation target according to a return connection request of the hypertext transfer protocol sent by the simulation target terminal.
10. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable by the processor, wherein the processor implements the method of any one of claims 1 to 7 when executing the computer program.
CN202111006727.7A 2021-08-30 2021-08-30 Exercise method, system and electronic equipment for simulating mail Active CN114050909B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111006727.7A CN114050909B (en) 2021-08-30 2021-08-30 Exercise method, system and electronic equipment for simulating mail

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111006727.7A CN114050909B (en) 2021-08-30 2021-08-30 Exercise method, system and electronic equipment for simulating mail

Publications (2)

Publication Number Publication Date
CN114050909A CN114050909A (en) 2022-02-15
CN114050909B true CN114050909B (en) 2023-08-18

Family

ID=80205109

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111006727.7A Active CN114050909B (en) 2021-08-30 2021-08-30 Exercise method, system and electronic equipment for simulating mail

Country Status (1)

Country Link
CN (1) CN114050909B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115665257B (en) * 2022-12-27 2023-04-28 成都同步新创科技股份有限公司 Request processing method and device based on reverse proxy and dynamic scenario

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016172151A1 (en) * 2015-04-20 2016-10-27 SafeBreach Ltd. System and method for securing a computer system against malicious actions by utilizing virtualized elements
CN109067637A (en) * 2018-06-15 2018-12-21 北京首联信通科技有限公司 Network information security Consciousness Education method and device, storage medium
CN111416801A (en) * 2020-03-11 2020-07-14 时时同云科技(成都)有限责任公司 Mail processing method and device
CN111770086A (en) * 2020-06-28 2020-10-13 深圳前海微众银行股份有限公司 Fishing user simulation collection method, device, system and computer readable storage medium
CN113259321A (en) * 2021-04-13 2021-08-13 上海碳泽信息科技有限公司 System and method for verifying security awareness of personnel on network attack and utilization

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9894092B2 (en) * 2016-02-26 2018-02-13 KnowBe4, Inc. Systems and methods for performing or creating simulated phishing attacks and phishing attack campaigns
US11108822B2 (en) * 2019-09-10 2021-08-31 KnowBe4, Inc. Systems and methods for simulated phishing attacks involving message threads

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016172151A1 (en) * 2015-04-20 2016-10-27 SafeBreach Ltd. System and method for securing a computer system against malicious actions by utilizing virtualized elements
CN109067637A (en) * 2018-06-15 2018-12-21 北京首联信通科技有限公司 Network information security Consciousness Education method and device, storage medium
CN111416801A (en) * 2020-03-11 2020-07-14 时时同云科技(成都)有限责任公司 Mail processing method and device
CN111770086A (en) * 2020-06-28 2020-10-13 深圳前海微众银行股份有限公司 Fishing user simulation collection method, device, system and computer readable storage medium
CN113259321A (en) * 2021-04-13 2021-08-13 上海碳泽信息科技有限公司 System and method for verifying security awareness of personnel on network attack and utilization

Also Published As

Publication number Publication date
CN114050909A (en) 2022-02-15

Similar Documents

Publication Publication Date Title
US20210289045A1 (en) Offline client replay and sync
US11809300B2 (en) Trace chain information query method and device
CN104426925B (en) Web page resources acquisition methods and device
US11436066B2 (en) System for offline object based storage and mocking of rest responses
CN111478956B (en) Deployment and preview method and device of small program package
CN113010827B (en) Page rendering method and device, electronic equipment and storage medium
CN111026634A (en) Interface automation test system, method, device and storage medium
CN111338893A (en) Process log processing method and device, computer equipment and storage medium
CN105516261A (en) Web page loading control method and load balancer
CN114050909B (en) Exercise method, system and electronic equipment for simulating mail
CN113419818B (en) Basic component deployment method, device, server and storage medium
CN107105004B (en) Cross-platform service calling method and device
CN103561113B (en) The generation method and device of Web Service interface
CN116776030A (en) Gray release method, device, computer equipment and storage medium
CN111857985A (en) Calling method and device of browser plug-in, storage medium and terminal
CN110933145A (en) Remote scheduling method, device, equipment and medium
CN110597783A (en) Database management method, device, equipment and storage medium
CN112131095B (en) Pressure testing method and device
CN111176782B (en) Online experiment method and device
CN114466000A (en) CDN gateway source returning method and device
CN110768855B (en) Method and device for testing linkmzation performance
CN112346979A (en) Software performance testing method, system and readable storage medium
CN113434384A (en) Pressure testing method and device
CN111078736A (en) Data aggregation processing method and device, terminal and storage medium
CN114840372A (en) Interface testing method and device, electronic equipment and computer readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant