CN114172815B - Behavior traffic transmission method, device, computer equipment and computer readable storage medium - Google Patents
Behavior traffic transmission method, device, computer equipment and computer readable storage medium Download PDFInfo
- Publication number
- CN114172815B CN114172815B CN202111401538.XA CN202111401538A CN114172815B CN 114172815 B CN114172815 B CN 114172815B CN 202111401538 A CN202111401538 A CN 202111401538A CN 114172815 B CN114172815 B CN 114172815B
- Authority
- CN
- China
- Prior art keywords
- traffic
- network
- terminal
- real
- behavior
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 42
- 230000005540 biological transmission Effects 0.000 title claims abstract description 38
- 230000006399 behavior Effects 0.000 claims description 93
- 230000003542 behavioural effect Effects 0.000 claims description 48
- 238000004891 communication Methods 0.000 claims description 21
- 238000004590 computer program Methods 0.000 claims description 20
- 238000002716 delivery method Methods 0.000 claims description 3
- 238000004088 simulation Methods 0.000 description 19
- 238000010586 diagram Methods 0.000 description 12
- 230000008901 benefit Effects 0.000 description 4
- 230000006870 function Effects 0.000 description 4
- 238000004519 manufacturing process Methods 0.000 description 4
- 230000008569 process Effects 0.000 description 3
- 238000013461 design Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000012905 input function Methods 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000000638 solvent extraction Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/12—Discovery or management of network topologies
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application relates to a behavior traffic transmission method, a device, a computer device and a computer readable storage medium, wherein a second network topology structure is obtained by newly establishing a traffic generation node as a front-end device of a sending terminal in a first network topology structure corresponding to a real network scene; setting the network address of the traffic generating node as the network address of the transmitting terminal in the second network topology; and transmitting the pre-generated behavior traffic to the receiving terminal according to a real traffic path on the traffic generation node according to a preset rule. By newly creating a traffic generation node to impersonate a sending terminal needing to send the behavior traffic, the traffic generation node transmits the pre-generated behavior traffic to a receiving terminal needing to receive the behavior traffic according to a real traffic path according to a preset rule, the original network topology structure is not damaged, and the network security problem is effectively avoided.
Description
Technical Field
The present invention relates to the field of network simulation, and in particular, to a behavioral traffic transmission method, apparatus, computer device, and computer readable storage medium.
Background
The network target range is a technology or product for simulating and reproducing the running states and running environments of network architecture, system equipment and business processes in a real network space based on a virtualization technology so as to more effectively realize the behaviors of learning, researching, checking, competing, exercising and the like related to network safety, thereby improving the network safety countermeasure level of personnel and institutions. In order to realize high simulation and other virtual scenes, the network target range needs to provide network traffic simulation besides performing virtual simulation on terminal equipment and network function equipment in the simulation scene, so that background traffic, normal traffic, security event traffic and the like exist in the virtual scene and are closer to the real network scene, and the simulation of the background traffic, the security event traffic and the like is generally called behavior traffic simulation.
In the prior art, a layer of hidden network is constructed on an original network topology structure obtained by simulating a real scene, a receiving terminal which needs to receive the behavior traffic is connected, and the pre-generated behavior traffic is transmitted to the receiving terminal through the hidden network. However, hiding the network causes network reachability for terminals that are not otherwise connected to each other, causing network security problems.
Disclosure of Invention
In view of the foregoing, it is desirable to provide a behavioral traffic transmission method, apparatus, computer device, and computer-readable storage medium, so as to solve the network security problem of behavioral traffic transmission in the related art.
In a first aspect, an embodiment of the present application provides a behavioral traffic transmission method for transmitting behavioral traffic in a network target range, where the method includes the following steps:
in a first network topology structure corresponding to a real network scene, newly establishing a flow generation node as a front-end device of a sending terminal to obtain a second network topology structure; the sending terminal is a terminal which needs to send the behavior traffic;
setting the network address of the traffic generating node to the network address of the transmitting terminal in the second network topology;
transmitting the pre-generated behavior traffic to a receiving terminal according to a real traffic path on the traffic generation node according to a preset rule; the real traffic path is a path for transmitting traffic packets from the sending terminal to the receiving terminal in the real network scene; the receiving terminal is a terminal which needs to receive the behavior traffic.
In some embodiments, in the first network topology structure corresponding to the real network scenario, before the newly-built traffic generating node is used as a front-end device of the sending terminal that needs to send the behavioral traffic, the method further includes:
and acquiring network addresses of the sending terminal and the receiving terminal.
In some embodiments, in the first network topology structure corresponding to the real network scenario, before the newly-built traffic generating node is used as a front-end device of the sending terminal that needs to send the behavioral traffic, the method further includes:
and simulating the real network scene to obtain the first network topological structure.
In some of these embodiments, the method further comprises the steps of:
traffic arrangement is carried out on the second network topological structure, so that first traffic is forwarded out from the traffic generation node according to the current real traffic path of the first traffic; the first flow is a flow sent from the sending terminal;
and when the first flow is acquired at the flow generation node, transmitting the first flow according to a real flow path of the first flow at the flow generation node.
In some of these embodiments, the method further comprises the steps of:
traffic arrangement is carried out on the second network topological structure, so that second traffic is transmitted to the sending terminal through the traffic generating node; the second flow is a flow sent to the sending terminal;
when the second traffic is acquired at the traffic generating node, detecting the second traffic, and judging whether the second traffic is the communication traffic related to the behavior traffic or not;
if yes, responding to the second flow at the flow generating node.
In some of these embodiments, the method further comprises the steps of:
and if the second traffic is not the communication traffic related to the behavior traffic, transmitting the second traffic to the sending terminal through the traffic generating node.
In some of these embodiments, the behavioral traffic includes one or more of ping event traffic, web access event traffic, and security event traffic.
In a second aspect, in this embodiment, there is provided a behavioral traffic transmission apparatus for transmitting behavioral traffic in a network target range, the apparatus including: new module, setting module and generating module:
the new building module is used for building a flow generating node serving as a front-end device of the sending terminal in a first network topological structure corresponding to the real network scene to obtain a second network topological structure; the sending terminal is a terminal which needs to send the behavior traffic;
the setting module is configured to set, in the second network topology, a network address of the traffic generating node to a network address of the sending terminal;
the generating module is used for transmitting the pre-generated behavior traffic to a receiving terminal according to a real traffic path on the traffic generating node according to a preset rule; the real traffic path is a path for transmitting traffic packets from the sending terminal to the receiving terminal in the real network scene; the receiving terminal is a terminal which needs to receive the behavior traffic.
In a third aspect, in this embodiment, there is provided a computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the steps of the method of the first aspect described above when the computer program is executed.
In a fourth aspect, in this embodiment a computer-readable storage medium is provided, on which a computer program is stored, which computer program, when being executed by a processor, carries out the steps of the method according to the first aspect described above.
According to the behavior traffic transmission method, the behavior traffic transmission device, the computer equipment and the computer readable storage medium, the second network topology structure is obtained by newly establishing a traffic generation node as a front-end device of a sending terminal in the first network topology structure corresponding to the real network scene; the sending terminal is a terminal which needs to send the behavior flow; setting the network address of the traffic generating node as the network address of the transmitting terminal in the second network topology; transmitting the pre-generated behavior traffic to a receiving terminal according to a real traffic path on a traffic generation node according to a preset rule; the real traffic path is a path for transmitting traffic packets from a transmitting terminal to a receiving terminal in a real network scene; the receiving terminal is a terminal which needs to receive the behavior traffic. By newly creating a traffic generation node to impersonate a sending terminal needing to send the behavior traffic, the traffic generation node transmits the pre-generated behavior traffic to a receiving terminal needing to receive the behavior traffic according to a real traffic path according to a preset rule, the original network topology structure is not damaged, and the network security problem is effectively avoided.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiments of the application and together with the description serve to explain the application and do not constitute an undue limitation to the application. In the drawings:
fig. 1 is an application scenario diagram of a behavioral traffic transmission method according to an embodiment of the present application;
FIG. 2 is a flow chart of a behavioral traffic delivery method provided in accordance with an embodiment of the present application;
fig. 3 is a schematic diagram of a real network scenario provided according to an embodiment of the present application;
fig. 4 is a schematic diagram of a first network topology corresponding to the real network scenario of fig. 3 provided according to an embodiment of the present application;
fig. 5 is a schematic diagram of a second network topology obtained by newly building a traffic generating node in the first network topology of fig. 4 according to an embodiment of the present application;
fig. 6 is a schematic diagram of a real network scenario corresponding to the second network topology of fig. 5 provided according to an embodiment of the present application;
FIG. 7 is a schematic diagram of a behavioral flow transmission device according to an embodiment of the present application;
fig. 8 is a schematic structural diagram of a computer device according to an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described and illustrated below with reference to the accompanying drawings and examples. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the present application. All other embodiments, which can be made by one of ordinary skill in the art without undue burden on the person of ordinary skill in the art based on the embodiments provided herein, are intended to be within the scope of the present application.
It is apparent that the drawings in the following description are only some examples or embodiments of the present application, and it is possible for those of ordinary skill in the art to apply the present application to other similar situations according to these drawings without inventive effort. Moreover, it should be appreciated that while such a development effort might be complex and lengthy, it would nevertheless be a routine undertaking of design, fabrication, or manufacture for those of ordinary skill having the benefit of this disclosure, and thus should not be construed as having the benefit of this disclosure.
Reference in the specification to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment may be included in at least one embodiment of the application. The appearances of such phrases in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. It is to be expressly and implicitly understood by those of ordinary skill in the art that the embodiments described herein can be combined with other embodiments without conflict.
Unless defined otherwise, technical or scientific terms used herein should be given the ordinary meaning as understood by one of ordinary skill in the art to which this application belongs. Reference to "a," "an," "the," and similar terms herein do not denote a limitation of quantity, but rather denote the singular or plural. The terms "comprising," "including," "having," and any variations thereof, are intended to cover a non-exclusive inclusion; for example, a process, method, system, article, or apparatus that comprises a list of steps or modules (elements) is not limited to only those steps or elements but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus. The terms "connected," "coupled," and the like in this application are not limited to physical or mechanical connections, but may include electrical connections, whether direct or indirect. The term "plurality" as used herein refers to two or more. "and/or" describes an association relationship of an association object, meaning that there may be three relationships, e.g., "a and/or B" may mean: a exists alone, A and B exist together, and B exists alone. The character "/" generally indicates that the context-dependent object is an "or" relationship. The terms "first," "second," "third," and the like, as used herein, are merely distinguishing between similar objects and not representing a particular ordering of objects.
Fig. 1 is an application scenario diagram of a traffic transmission method according to an embodiment of the present application. As shown in fig. 1, data transmission between the server 101 and the mobile terminal 102 may be performed through a network. The mobile terminal 102 is configured to obtain a first network topology structure corresponding to the real network scene, and transmit the first network topology structure corresponding to the real network scene to the server 101. After the server 101 receives a first network topology structure corresponding to a real network scene, newly creating a flow generating node as a front-end device of a sending terminal in the first network topology structure corresponding to the real network scene to obtain a second network topology structure; the sending terminal is a terminal which needs to send behavior flow; setting the network address of the traffic generating node as the network address of the transmitting terminal in the second network topology; transmitting the pre-generated behavior traffic to a receiving terminal according to a real traffic path on a traffic generation node according to a preset rule; the real traffic path is a path for transmitting traffic packets from a transmitting terminal to a receiving terminal in a real network scene; the receiving terminal is a terminal which needs to receive the behavior traffic. The server 101 may be implemented by a stand-alone server or a server cluster formed by a plurality of servers, and the mobile terminal 102 may be any display screen with an input function.
The embodiment provides a behavior traffic transmission method, which can be used for behavior traffic transmission in the field of network simulation, as shown in fig. 2, and comprises the following steps:
step S210, in a first network topology structure corresponding to a real network scene, newly creating a flow generation node as a front-end device of a sending terminal to obtain a second network topology structure; the sending terminal is a terminal which needs to send the behavior traffic.
Specifically, the real network scene is a real working scene of each network device, and in order to more effectively realize the behaviors of network safety related learning, research, inspection, competition, exercise and the like, thereby improving the network safety countermeasure level of personnel and institutions, the exercise needs to be performed in the virtual scene corresponding to the real network scene. In order to realize high simulation and other virtual scenes, besides performing virtual simulation on terminal equipment and network function equipment in a simulation scene, network traffic simulation needs to be provided, so that background traffic, normal service traffic, security event traffic and the like exist in the virtual scene and are more similar to the real network scene, and the simulation of the background traffic, the security event traffic and the like is generally called behavior traffic simulation. The first network topological structure corresponding to the real network scene can be obtained by performing operations such as simulation, emulation and the like on the real network scene. Taking the schematic diagram of the real network scenario shown in fig. 3 as an example, fig. 4 is a schematic diagram of a first network topology structure corresponding to the real network scenario in fig. 3, where a terminal a, a terminal B, and a terminal C in fig. 3 correspond to a computing instance a, a computing instance B, and a computing instance C in fig. 4, respectively, and a subnet and a route in fig. 3 correspond to a network function instance in fig. 4, respectively. In the first network topology structure, traffic of each node is organized, so that the traffic of each node is transmitted according to a transmission path of the traffic in a real network scene. Newly building a traffic generating node on the first network topology structure shown in fig. 4 as a front-end device of the sending terminal, and obtaining a second network topology structure as shown in fig. 5. Taking the example of the calculation example a as an example, the sending terminal then corresponds to the real network scenario as shown in fig. 6.
Step S220, in the second network topology, sets the network address of the traffic generating node to the network address of the transmitting terminal.
Step S230, on the flow generation node, the pre-generated behavior flow is transmitted to the receiving terminal according to a real flow path according to a preset rule; the real traffic path is a path for transmitting traffic packets from a transmitting terminal to a receiving terminal in a real network scene; the receiving terminal is a terminal which needs to receive the behavior traffic.
Specifically, the network address generally includes an IP address or a MAC address, and if the network address of the traffic generating node is set to the network address of the transmitting terminal, the traffic sent from the traffic generating node is considered as the traffic sent from the transmitting terminal. As one embodiment, the pre-generated behavior traffic generally includes one or more traffic of ping event traffic, web access event traffic and security event traffic, and the behavior traffic can be made according to actual requirements. The preset rule refers to what rule is used for sending the behavior traffic, for example, the real network scene needs to initiate an attack to the receiving terminal every 5 minutes, and then the preset rule is used for sending the attack event traffic to the receiving terminal every 5 minutes, and the preset rule can be adjusted according to the actual requirement. In the second network topology, traffic of each node may be rearranged so that the behavior traffic sent by the traffic generating node is transmitted to the receiving terminal according to a path for transmitting traffic packets from the transmitting terminal to the receiving terminal in the real network scenario. And transmitting the pre-generated behavior traffic to the receiving terminal according to a real traffic path on the traffic generating node according to a preset rule, wherein the receiving terminal can successfully receive the behavior traffic and the behavior traffic is considered to be transmitted from the transmitting terminal needing to transmit the behavior traffic.
In the related art, a layer of hidden network is constructed on an original network topology structure obtained by simulating a real scene, a receiving terminal which needs to receive the behavior traffic is connected, and the pre-generated behavior traffic is transmitted to the receiving terminal through the hidden network. However, hiding the network causes network reachability for terminals that are not otherwise connected to each other, causing network security problems.
In the method, through the steps S210 to S230, a second network topology structure is obtained by creating a traffic generating node as a front-end device of a transmitting terminal in a first network topology structure corresponding to a real network scene; the sending terminal is a terminal which needs to send the behavior flow; setting the network address of the traffic generating node as the network address of the transmitting terminal in the second network topology; transmitting the pre-generated behavior traffic to a receiving terminal according to a real traffic path on a traffic generation node according to a preset rule; the real traffic path is a path for transmitting traffic packets from a transmitting terminal to a receiving terminal in a real network scene; the receiving terminal is a terminal which needs to receive the behavior traffic. By newly creating a traffic generation node to impersonate a sending terminal needing to send the behavior traffic, the traffic generation node transmits the pre-generated behavior traffic to a receiving terminal needing to receive the behavior traffic according to a real traffic path according to a preset rule, the original network topology structure is not damaged, and the network security problem is effectively avoided.
In one embodiment, in the step S210, in the first network topology structure corresponding to the real network scenario, a traffic generating node is newly built as a front-end device of the sending terminal, so as to obtain a second network topology structure; before the sending terminal is the terminal which needs to send the behavior traffic, the behavior traffic transmission method provided by the application further comprises the following steps:
network addresses of a transmitting terminal and a receiving terminal are acquired.
Specifically, the network address generally includes an IP address or a MAC address, the transmitting terminal and the receiving terminal may be determined in advance by a user, the network addresses of the transmitting terminal and the receiving terminal are generally stored in a server, and the network addresses of the transmitting terminal and the receiving terminal may be acquired from the server. The network addresses of the transmitting terminal and the receiving terminal may be stored in the traffic generating node, and the network addresses of the transmitting terminal and the receiving terminal may be acquired from the traffic generating node. Network addresses of the sending terminal and the receiving terminal are obtained, and subsequent behavior traffic transmission is facilitated.
In one embodiment, in the step S210, in the first network topology structure corresponding to the real network scenario, a traffic generating node is newly built as a front-end device of the sending terminal, so as to obtain a second network topology structure; before the sending terminal is the terminal which needs to send the behavior traffic, the behavior traffic transmission method provided by the application further comprises the following steps:
and simulating the real network scene to obtain a first network topological structure.
Specifically, the method for simulating the real network scene to obtain the first network topology structure includes SDN (Software Defined Network ), a flow table or iptables. The real network scenario may involve a web application server, mail server, database server; network function devices may involve routers, switches, firewalls; network architecture aspects may involve physical connectivity simulation, media attribute simulation, vlan partitioning, DMZ (Demilitarized Zone, isolation zone) setup, etc. After the simulation of each network device is realized, the simulation scene can work as the real network scene, and the 1:1 restoration is basically completed.
In one embodiment, the behavioral traffic transmission method provided in the present application further includes the following steps:
step S310, traffic arrangement is carried out on the second network topological structure, so that the first traffic is forwarded out from the traffic generation node according to the real traffic path of the current first traffic; the first flow is a flow sent from the sending terminal;
in step S320, when the first traffic is acquired at the traffic generation node, the first traffic is transmitted at the traffic generation node according to the real traffic path of the first traffic.
Specifically, in the second network topology, in addition to the transmission of the behavior traffic, normal traffic needs to be transmitted between the terminals. Because the newly built traffic generating node is used as a front-end device of the sending terminal, the normal traffic of the sending terminal is blocked by the traffic generating node. In order to enable the service traffic of the sending terminal to be normally forwarded to other terminals, traffic arrangement is performed on the second network topology structure, and the first traffic sent from the sending terminal is forwarded out from the traffic generating node according to the real traffic path of the current first traffic. The traffic sent out by the sending terminal can be effectively guaranteed to be communicated normally.
In one embodiment, the behavioral traffic transmission method provided in the present application further includes the following steps:
step S410, traffic arrangement is carried out on the second network topology structure, so that second traffic is transmitted to a sending terminal through a traffic generation node; the second flow is the flow sent to the sending terminal;
step S420, when the second traffic is obtained at the traffic generation node, the second traffic is detected, and whether the second traffic is the communication traffic related to the behavior traffic is judged;
and step S430, if yes, responding to the second traffic at the traffic generation node.
Specifically, in order to further ensure that the traffic sent to the sending terminal can be normally received by the sending terminal, traffic arrangement is performed on the second network topology structure, so that the second traffic sent to the sending terminal is transmitted to the sending terminal through the traffic generating node, and the second traffic sent to the sending terminal is ensured not to be blocked by the traffic generating node. However, since the network address used by the behavioural traffic sent from the traffic generating node is the network address of the sending terminal, the second traffic sent to the sending terminal may include the behavioural traffic related communication traffic, and if the second traffic sent to the sending terminal is not processed at the traffic generating node, the behavioural traffic related communication traffic is also transmitted to the sending terminal, and the behavioural traffic related communication traffic affects the normal communication of the sending terminal. Therefore, when the second traffic is acquired at the traffic generating node, it is necessary to detect the second traffic and determine whether the second traffic is a communication traffic related to the behavior traffic. If the second traffic is judged to be the communication traffic related to the behavior traffic, the traffic generation node responds to the second traffic, so that the communication of the sending terminal is not interfered. For example, if the behavioural traffic is ping event traffic, then the response to the behavioural traffic related communication traffic at the traffic generating node is to send the next ping event traffic. Whether the current second traffic is communication traffic related to the behavior traffic can be judged according to the characteristics of the data packet, for example, judgment is performed according to the principle of a TCP protocol, whether SEQ values of the current second traffic and the behavior traffic are continuous or not is detected, whether application layer protocol contents of the current second traffic and the behavior traffic are continuous or not is detected, whether a port of the current second traffic is matched with a port of the behavior traffic or not is detected, and the like.
In one embodiment, after the second traffic is acquired at the traffic generating node and the second traffic is detected and whether the second traffic is the communication traffic related to the behavior traffic is determined in step S420, the behavior traffic transmission method provided in the present application further includes the following steps:
step S440, if the second traffic is not the communication traffic related to the behavior traffic, the second traffic is transmitted to the sending terminal through the traffic generating node.
Specifically, if the second traffic is judged not to be the traffic related to the behavior traffic, the second traffic is proved to be the normal traffic sent to the sending terminal, and the second traffic is transmitted to the sending terminal through the traffic generating node, so that the normal communication of the sending terminal is ensured.
Fig. 7 is a schematic diagram of a behavioral traffic transmission device according to an embodiment of the present invention, and as shown in fig. 7, there is provided a behavioral traffic transmission device 50, including a new module 51, a setting module 52, and a generating module 53:
a new module 51, configured to create, in a first network topology structure corresponding to a real network scenario, a traffic generating node as a front-end device of a sending terminal, so as to obtain a second network topology structure; the sending terminal is a terminal which needs to send behavior flow;
a setting module 52, configured to set, in the second network topology, a network address of the traffic generating node to a network address of the transmitting terminal;
the generating module 53 is configured to transmit, at the traffic generating node, the pre-generated behavioral traffic to the receiving terminal according to a real traffic path according to a preset rule; the real traffic path is a path for transmitting traffic packets from a transmitting terminal to a receiving terminal in a real network scene; the receiving terminal is a terminal which needs to receive the behavior traffic.
The behavioral traffic transmission device 50 obtains a second network topology by creating a traffic generation node as a front-end device of the sending terminal in a first network topology corresponding to the real network scene; the sending terminal is a terminal which needs to send the behavior flow; setting the network address of the traffic generating node as the network address of the transmitting terminal in the second network topology; transmitting the pre-generated behavior traffic to a receiving terminal according to a real traffic path on a traffic generation node according to a preset rule; the real traffic path is a path for transmitting traffic packets from a transmitting terminal to a receiving terminal in a real network scene; the receiving terminal is a terminal which needs to receive the behavior traffic. By newly creating a traffic generation node to impersonate a sending terminal needing to send the behavior traffic, the traffic generation node transmits the pre-generated behavior traffic to a receiving terminal needing to receive the behavior traffic according to a real traffic path according to a preset rule, the original network topology structure is not damaged, and the network security problem is effectively avoided.
In one embodiment, the behavioral traffic transmission device 50 further includes an obtaining module, where in the first network topology structure corresponding to the real network scenario, the newly-built traffic generating node is used as a front-end device of the sending terminal that needs to send the behavioral traffic, and before obtaining the second network topology structure, the obtaining module is configured to obtain the network addresses of the sending terminal and the receiving terminal.
In one embodiment, the behavioral traffic transmission device 50 further includes a simulation module, where in the first network topology structure corresponding to the real network scenario, the newly-built traffic generating node is used as a front-end device of the sending terminal that needs to send the behavioral traffic, and before obtaining the second network topology structure, the simulation module is used to simulate the real network scenario to obtain the first network topology structure.
In one embodiment, the traffic transmission device 50 further includes an orchestration module, configured to orchestrate traffic of the second network topology, so that the first traffic is forwarded from the traffic generating node according to the current real traffic path of the first traffic; the first flow is a flow sent from the sending terminal;
when the first traffic is acquired at the traffic generating node, the first traffic is transmitted at the traffic generating node according to the real traffic path of the first traffic.
In one embodiment, the arrangement module is further configured to perform traffic arrangement on the second network topology, so that the second traffic is transmitted to the sending terminal through the traffic generating node; the second flow is the flow sent to the sending terminal;
when a second flow is acquired at the flow generating node, detecting the second flow, and judging whether the second flow is a communication flow related to the behavior flow or not;
if so, responding to the second traffic at the traffic generating node.
In one embodiment, the orchestration module is further configured to transmit the second traffic to the sending terminal through the traffic generating node if it is determined that the second traffic is not a communication traffic related to the behavior traffic.
In one embodiment, the behavioral traffic includes one or more of ping event traffic, web access event traffic, and security events.
The above-described respective modules may be functional modules or program modules, and may be implemented by software or hardware. The above modules may be embedded in hardware or may be independent of a processor in the computer device, or may be stored in software in a memory in the computer device, so that the processor may call and execute operations corresponding to the above modules.
In one embodiment, a computer device is provided, which may be a server, and the internal structure of which may be as shown in fig. 8. The computer device includes a processor, a memory, a network interface, and a database connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, computer programs, and a database. The memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The database of the computer device is used for storing a preset configuration information set. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program, when executed by a processor, implements the behavioural traffic transmission method described above.
In one embodiment, a computer device is provided, which may be a terminal. The computer device includes a processor, a memory, a network interface, a display screen, and an input device connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a behavioral traffic delivery method. The display screen of the computer equipment can be a liquid crystal display screen or an electronic ink display screen, and the input device of the computer equipment can be a touch layer covered on the display screen, can also be keys, a track ball or a touch pad arranged on the shell of the computer equipment, and can also be an external keyboard, a touch pad or a mouse and the like.
It will be appreciated by those skilled in the art that the structure shown in fig. 8 is merely a block diagram of some of the structures associated with the present application and is not limiting of the computer device to which the present application may be applied, and that a particular computer device may include more or fewer components than shown, or may combine certain components, or have a different arrangement of components.
In one embodiment, a computer readable storage medium is provided having a computer program stored thereon, which when executed by a processor, performs the steps of:
in a first network topology structure corresponding to a real network scene, newly establishing a flow generation node as a front-end device of a sending terminal to obtain a second network topology structure; the sending terminal is a terminal which needs to send behavior flow;
setting the network address of the traffic generating node as the network address of the transmitting terminal in the second network topology;
transmitting the pre-generated behavior traffic to a receiving terminal according to a real traffic path on a traffic generation node according to a preset rule; the real traffic path is a path for transmitting traffic packets from a transmitting terminal to a receiving terminal in a real network scene; the receiving terminal is a terminal which needs to receive the behavior traffic.
In one embodiment, in the first network topology structure corresponding to the real network scenario, the newly-built traffic generating node is used as a front-end device of the sending terminal that needs to send the behavioral traffic, and before obtaining the second network topology structure, the processor further implements the following steps when executing the computer program:
network addresses of a transmitting terminal and a receiving terminal are acquired.
In one embodiment, in the first network topology structure corresponding to the real network scenario, the newly-built traffic generating node is used as a front-end device of the sending terminal that needs to send the behavioral traffic, and before obtaining the second network topology structure, the processor further implements the following steps when executing the computer program:
and simulating the real network scene to obtain a first network topological structure.
In one embodiment, the processor when executing the computer program further performs the steps of:
traffic arrangement is carried out on the second network topological structure, so that the first traffic is forwarded out from the traffic generation node according to the actual traffic path of the current first traffic; the first flow is a flow sent from the sending terminal;
when the first traffic is acquired at the traffic generating node, the first traffic is transmitted at the traffic generating node according to the real traffic path of the first traffic.
In one embodiment, the processor when executing the computer program further performs the steps of:
traffic arrangement is carried out on the second network topological structure, so that second traffic is transmitted to a sending terminal through a traffic generation node; the second flow is the flow sent to the sending terminal;
when a second flow is acquired at the flow generating node, detecting the second flow, and judging whether the second flow is a communication flow related to the behavior flow or not;
if so, responding to the second traffic at the traffic generating node.
In one embodiment, the processor when executing the computer program further performs the steps of:
and if the second traffic is judged not to be the communication traffic related to the behavior traffic, transmitting the second traffic to the sending terminal through the traffic generation node.
In one embodiment, the behavioral traffic includes one or more of ping event traffic, web access event traffic, and security events.
The storage medium is used for obtaining a second network topological structure by newly creating a flow generating node as a front-end device of a sending terminal in a first network topological structure corresponding to a real network scene; the sending terminal is a terminal which needs to send the behavior flow; setting the network address of the traffic generating node as the network address of the transmitting terminal in the second network topology; transmitting the pre-generated behavior traffic to a receiving terminal according to a real traffic path on a traffic generation node according to a preset rule; the real traffic path is a path for transmitting traffic packets from a transmitting terminal to a receiving terminal in a real network scene; the receiving terminal is a terminal which needs to receive the behavior traffic. By newly creating a traffic generation node to impersonate a sending terminal needing to send the behavior traffic, the traffic generation node transmits the pre-generated behavior traffic to a receiving terminal needing to receive the behavior traffic according to a real traffic path according to a preset rule, the original network topology structure is not damaged, and the network security problem is effectively avoided.
It should be understood that the specific embodiments described herein are merely illustrative of this application and are not intended to be limiting. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the present application, are within the scope of the present application in light of the embodiments provided herein.
It is evident that the drawings are only examples or embodiments of the present application, from which the present application can also be adapted to other similar situations by a person skilled in the art without the inventive effort. In addition, it should be appreciated that while the development effort might be complex and lengthy, it would nevertheless be a routine undertaking of design, fabrication, or manufacture for those of ordinary skill having the benefit of this disclosure, and thus should not be construed as an admission of insufficient detail.
The term "embodiment" in this application means that a particular feature, structure, or characteristic described in connection with the embodiment may be included in at least one embodiment of the application. The appearances of such phrases in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive. It will be clear or implicitly understood by those of ordinary skill in the art that the embodiments described in this application can be combined with other embodiments without conflict.
The above examples only represent a few embodiments of the present application, which are described in more detail and are not to be construed as limiting the scope of the patent. It should be noted that it would be apparent to those skilled in the art that various modifications and improvements could be made without departing from the spirit of the present application, which would be within the scope of the present application. Accordingly, the scope of protection of the present application shall be subject to the appended claims.
Claims (10)
1. A behavioral traffic delivery method for delivering behavioral traffic in a network target range, the method comprising the steps of:
in a first network topology structure corresponding to a real network scene, newly establishing a flow generation node as a front-end device of a sending terminal to obtain a second network topology structure; the sending terminal is a terminal which needs to send the behavior traffic;
setting the network address of the traffic generating node to the network address of the transmitting terminal in the second network topology;
transmitting the pre-generated behavior traffic to a receiving terminal according to a real traffic path on the traffic generation node according to a preset rule; the real traffic path is a path for transmitting traffic packets from the sending terminal to the receiving terminal in the real network scene; the receiving terminal is a terminal which needs to receive the behavior traffic;
wherein the behavioral traffic includes background traffic and security event traffic.
2. The behavioral traffic transmission method according to claim 1, wherein in the first network topology corresponding to the real network scenario, the newly-built traffic generating node is used as a front-end device of the transmitting terminal, and before obtaining the second network topology, the method further includes:
and acquiring network addresses of the sending terminal and the receiving terminal.
3. The behavioral traffic transmission method according to claim 1, wherein in the first network topology corresponding to the real network scenario, the newly-built traffic generating node is used as a front-end device of the transmitting terminal, and before obtaining the second network topology, the method further includes:
and simulating the real network scene to obtain the first network topological structure.
4. The behavioral traffic transmission method according to claim 1, further comprising the steps of:
traffic arrangement is carried out on the second network topological structure, so that first traffic is forwarded out from the traffic generation node according to the current real traffic path of the first traffic; the first flow is a flow sent from the sending terminal;
and when the first flow is acquired at the flow generation node, transmitting the first flow according to a real flow path of the first flow at the flow generation node.
5. The behavioral traffic transmission method according to claim 1, further comprising the steps of:
traffic arrangement is carried out on the second network topological structure, so that second traffic is transmitted to the sending terminal through the traffic generating node; the second flow is a flow sent to the sending terminal;
when the second traffic is acquired at the traffic generating node, detecting the second traffic, and judging whether the second traffic is the communication traffic related to the behavior traffic or not;
if yes, responding to the second flow at the flow generating node.
6. The behavioral traffic transmission method according to claim 5, further comprising the steps of:
and if the second traffic is not the communication traffic related to the behavior traffic, transmitting the second traffic to the sending terminal through the traffic generating node.
7. The behavioral traffic transmission method according to any one of claims 1 to 6, wherein the behavioral traffic comprises one or more of ping event traffic, web access event traffic, and security event traffic.
8. A behavioral traffic transmission device for transmitting behavioral traffic in a network target range, the device comprising: new module, setting module and generating module:
the new building module is used for building a flow generating node serving as a front-end device of the sending terminal in a first network topological structure corresponding to the real network scene to obtain a second network topological structure; the sending terminal is a terminal which needs to send the behavior traffic;
the setting module is configured to set, in the second network topology, a network address of the traffic generating node to a network address of the sending terminal;
the generating module is used for transmitting the pre-generated behavior traffic to a receiving terminal according to a real traffic path on the traffic generating node according to a preset rule; the real traffic path is a path for transmitting traffic packets from the sending terminal to the receiving terminal in the real network scene; the receiving terminal is a terminal which needs to receive the behavior traffic; wherein the behavioral traffic includes background traffic and security event traffic.
9. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the steps of the method according to any one of claims 1 to 7 when the computer program is executed by the processor.
10. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111401538.XA CN114172815B (en) | 2021-11-19 | 2021-11-19 | Behavior traffic transmission method, device, computer equipment and computer readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111401538.XA CN114172815B (en) | 2021-11-19 | 2021-11-19 | Behavior traffic transmission method, device, computer equipment and computer readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114172815A CN114172815A (en) | 2022-03-11 |
| CN114172815B true CN114172815B (en) | 2024-04-09 |
Family
ID=80480256
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111401538.XA Active CN114172815B (en) | 2021-11-19 | 2021-11-19 | Behavior traffic transmission method, device, computer equipment and computer readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114172815B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115086250B (en) * | 2022-07-20 | 2022-11-22 | 南京赛宁信息技术有限公司 | Network target range distributed flow generation system and method |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111555913A (en) * | 2020-04-24 | 2020-08-18 | 北京安码科技有限公司 | Simulation method, system, electronic device and storage medium for simulating real network environment based on virtualization |
| CN111935188A (en) * | 2020-10-12 | 2020-11-13 | 南京赛宁信息技术有限公司 | KS detection-based method and device for maximizing attack flow in shooting range environment |
| CN113259257A (en) * | 2021-06-21 | 2021-08-13 | 南京赛宁信息技术有限公司 | Background traffic generation method and device for custom rate distribution in network shooting range |
-
2021
- 2021-11-19 CN CN202111401538.XA patent/CN114172815B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111555913A (en) * | 2020-04-24 | 2020-08-18 | 北京安码科技有限公司 | Simulation method, system, electronic device and storage medium for simulating real network environment based on virtualization |
| CN111935188A (en) * | 2020-10-12 | 2020-11-13 | 南京赛宁信息技术有限公司 | KS detection-based method and device for maximizing attack flow in shooting range environment |
| CN113259257A (en) * | 2021-06-21 | 2021-08-13 | 南京赛宁信息技术有限公司 | Background traffic generation method and device for custom rate distribution in network shooting range |
Non-Patent Citations (1)
| Title |
|---|
| 网络空间安全靶场技术研究及系统架构设计;赵静;;电脑知识与技术;20200125(第03期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114172815A (en) | 2022-03-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110417915B (en) | Push message transmission method and device, storage medium and electronic equipment | |
| CN106657370B (en) | Data transmission method and device | |
| US8270306B2 (en) | Fault management apparatus and method for identifying cause of fault in communication network | |
| US10212126B2 (en) | System for mediating connection | |
| CN106921578B (en) | Method and device for generating forwarding table item | |
| CN112221121A (en) | Application software networking acceleration method and device and storage medium | |
| JPWO2016042587A1 (en) | Attack observation device and attack observation method | |
| CN113132293B (en) | Attack detection method and device and public honeypot system | |
| US11606258B2 (en) | Determining network topology based on packet traffic | |
| CN108141409A (en) | Communication system, address notice device, communication control unit, terminal, communication means and program | |
| CN105960784A (en) | System and method for creating service chains and virtual networks in the cloud | |
| CN112134866A (en) | Service access control method, device, system and computer readable storage medium | |
| CN112245907A (en) | Game data acceleration method, storage medium, electronic device and system | |
| CN103401954B (en) | The implementation method of virtual DHCP | |
| CN114172815B (en) | Behavior traffic transmission method, device, computer equipment and computer readable storage medium | |
| CN106550058A (en) | Network address translation penetration method and system using same | |
| CN106341333A (en) | Packet loss positioning method and device applied to VXLAN | |
| CN114584354A (en) | Construction method and system of network security practical training platform | |
| WO2019043804A1 (en) | Log analysis device, log analysis method, and computer-readable recording medium | |
| CN106992893A (en) | The management method and device of router | |
| CN115499323B (en) | Method and device for constructing target virtual scene and electronic equipment | |
| CN115412512A (en) | IPv 6-based multi-cloud cross-network intercommunication method and device | |
| US20230051229A1 (en) | Transmission device for transmitting data | |
| CN112003853B (en) | Network security emergency response system supporting ipv6 | |
| CN112751944A (en) | Streaming data acceleration method, server and load balancing equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |