CN114257506B - Network target range construction method and device, back-end server and readable storage medium - Google Patents
Network target range construction method and device, back-end server and readable storage medium Download PDFInfo
- Publication number
- CN114257506B CN114257506B CN202111571964.8A CN202111571964A CN114257506B CN 114257506 B CN114257506 B CN 114257506B CN 202111571964 A CN202111571964 A CN 202111571964A CN 114257506 B CN114257506 B CN 114257506B
- Authority
- CN
- China
- Prior art keywords
- range
- target range
- network
- parameters
- trainee
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000010276 construction Methods 0.000 title claims abstract description 57
- 238000000034 method Methods 0.000 claims abstract description 34
- 238000012795 verification Methods 0.000 claims abstract description 15
- 230000009471 action Effects 0.000 claims description 6
- 230000006399 behavior Effects 0.000 claims description 6
- 238000004590 computer program Methods 0.000 claims description 3
- 230000008569 process Effects 0.000 abstract description 11
- 238000010586 diagram Methods 0.000 description 12
- 238000005516 engineering process Methods 0.000 description 4
- 230000003993 interaction Effects 0.000 description 4
- 238000012545 processing Methods 0.000 description 4
- 239000000243 solution Substances 0.000 description 4
- 238000011161 development Methods 0.000 description 3
- 238000002347 injection Methods 0.000 description 3
- 239000007924 injection Substances 0.000 description 3
- 230000007123 defense Effects 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000011835 investigation Methods 0.000 description 2
- 238000006467 substitution reaction Methods 0.000 description 2
- 206010063385 Intellectualisation Diseases 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000007613 environmental effect Effects 0.000 description 1
- 238000002474 experimental method Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 238000012502 risk assessment Methods 0.000 description 1
- 230000008685 targeting Effects 0.000 description 1
- 238000012549 training Methods 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
- 238000012800 visualization Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/02—Standardisation; Integration
- H04L41/024—Standardisation; Integration using relational databases for representation of network management data, e.g. managing via structured query language [SQL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
- H04L41/0813—Configuration setting characterised by the conditions triggering a change of settings
- H04L41/0816—Configuration setting characterised by the conditions triggering a change of settings the condition being an adaptation, e.g. in response to network events
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/145—Network analysis or design involving simulating, designing, planning or modelling of a network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
Abstract
The embodiment of the application provides a network target range construction method, a device, a back-end server and a readable storage medium, and relates to the technical field of computers. After the user selects the range parameters through the front-end interface, the client sends the range parameters to the back-end server, the back-end server performs validity verification on the range parameters, a configuration file can be generated only under the condition that the range parameters are legal, and finally the back-end server constructs a range configuration environment according to the configuration file to generate the network range. The network target range can be constructed by manually configuring the target range parameters once through the front-end interface, the construction process of the network target range is simplified, the network target range is automatically constructed through the rear-end server, and the construction efficiency of the network target range is improved while the automation degree of the network target range is improved.
Description
Technical Field
The present application relates to the field of computer technologies, and in particular, to a method and an apparatus for constructing a network target range, a backend server, and a readable storage medium.
Background
The network target Range (Cyber Range) is a product for simulating and reproducing the network architecture, the running state of system equipment and the running environment in the real network space through a virtualization technology, and the attack and defense combat environment in the real network space can be simulated through the combination of the virtual environment and the real equipment, so that the investigation of combat capability and the verification of weaponry can be supported.
Along with the development of network warfare weapons, the construction of a network shooting range to demonstrate the network warfare weapons and train tactical tactics of network fighters becomes an important task in the development of information security technology in various countries. And each manufacturer also develops a network target range under different scenes, and in order to simulate a complex network environment, the network topology scenes are constructed by interconnecting the multiple network target ranges together.
However, the current construction method needs to manually configure configuration information such as an IP address, a port and the like of the network target range for a plurality of times, which results in complex process of constructing the network target range and also needs to have a certain professional basis for configuration personnel. The method has the advantages of low automation degree, complicated process and easy error, and often causes the conditions of long configuration time, low efficiency, high maintenance cost and the like, thereby seriously affecting the normal operation, popularization and application of the network target range experiment environment.
Disclosure of Invention
The application provides a network target range construction method, a device, a back-end server and a readable storage medium, and aims to improve the automation degree of the network target range and provide convenience for the creation of the network target range.
In order to achieve the above purpose, the technical solution adopted in the embodiment of the present application is as follows:
in a first aspect, an embodiment of the present application provides a network target range construction method applied to a backend server, where the backend server is communicatively connected to a client, and the client includes a front end interface, and the method includes:
receiving a target range parameter sent by the client, wherein the target range parameter is selected by a user through the front-end interface;
carrying out validity verification on the target range parameter;
if the range parameters are legal, generating a configuration file according to the range parameters;
and constructing a range configuration environment according to the configuration file to generate a network range.
Further, the method further comprises:
and if the target range parameters are illegal, returning configuration error information to the front-end interface so as to remind the user to reselect the target range parameters.
Further, the range parameters include a range template and a trainee group, and the step of verifying the validity of the range parameters includes:
if the target range template belongs to a preset template library and the trainee grouping belongs to a preset trainee grouping, determining that the target range parameters are legal;
and if the target range template does not belong to a preset template library or the trainee group does not belong to a preset trainee group, determining that the target range parameter is illegal.
Further, the back-end server comprises a database, and the network target range comprises IP address information and port information;
after the step of building a range configuration environment from the configuration file to generate a network range, the method further comprises:
and writing the IP address information and the port information of the network target range into the database so that the user can inquire through the front-end interface.
Further, after the step of generating a configuration file according to the range parameter if the range parameter is legal, the method further includes:
judging whether hacking actions exist or not;
if the hacking behavior exists, deleting the configuration file;
and if the hacking behavior is not generated, executing the step of constructing a range configuration environment according to the configuration file to generate a network range.
In a second aspect, an embodiment of the present application further provides a network target range construction device, which is applied to a backend server, where the backend server is communicatively connected to a client, and the client includes a front end interface, and the device includes:
the receiving module is used for receiving the range parameters sent by the client, wherein the range parameters are selected by a user through the front-end interface;
the verification module is used for carrying out validity verification on the shooting range parameters;
the generation module is used for generating a configuration file according to the shooting range parameters if the shooting range parameters are legal;
and the construction module is used for constructing a range configuration environment according to the configuration file so as to generate a network range.
Further, the apparatus further comprises:
and the return module is used for returning configuration error information to the front-end interface to remind the user to reselect the target range parameters if the target range parameters are illegal.
Further, the verification module includes:
the determining submodule is used for determining that the target range parameters are legal if the target range templates belong to a preset template library and the trainee groups belong to preset trainee groups;
and if the target range template does not belong to a preset template library or the trainee group does not belong to a preset trainee group, determining that the target range parameter is illegal.
In a third aspect, an embodiment of the present application further provides a backend server, including: the system comprises a processor, a memory and a bus, wherein the memory stores program instructions executable by the processor, when the back-end server runs, the processor and the memory are communicated through the bus, and the processor executes the program instructions to execute the network target range construction method according to any one of the first aspect.
In a fourth aspect, embodiments of the present application further provide a readable storage medium having stored thereon a computer program which, when executed by a processor, performs a network range construction method according to any of the first aspects.
Compared with the prior art, the embodiment of the application provides a network target range construction method, a device, a back-end server and a readable storage medium, after a user selects a target range parameter through a front-end interface, a client sends the target range parameter to the back-end server, then the back-end server performs validity verification on the target range parameter, a configuration file can be generated only under the condition that the target range parameter is legal, and finally the back-end server constructs a target range configuration environment according to the configuration file to generate the network target range. Compared with the prior art, the network target range can be constructed by manually configuring the target range parameters once through the front-end interface by a user, the construction process of the network target range is simplified, the network target range is automatically constructed through the rear-end server, and the efficiency of constructing the network target range is improved while the automation degree of the network target range is improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the embodiments will be briefly described below, it being understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered limiting the scope, and that other related drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 shows an application scenario diagram of a network shooting range construction method provided in an embodiment of the present application.
Fig. 2 shows a flowchart of a network target range construction method according to an embodiment of the present application.
Fig. 3 shows an example diagram of a front end interface provided by an embodiment of the present application.
Fig. 4 illustrates another example diagram of a front end interface provided by an embodiment of the present application.
Fig. 5 shows another flow chart of the network target range construction method according to the embodiment of the present application.
Fig. 6 shows another flow chart of the network target range construction method according to the embodiment of the present application.
Fig. 7 shows a schematic structural diagram of a network target range construction device according to an embodiment of the present application.
Fig. 8 shows a schematic structural diagram of a backend server according to an embodiment of the present application.
Icon: 10-a back-end server; 20-client; 100-network target range construction device; 110-a receiving module; 120-checking module; 130-a generation module; 140, judging the module; 150-building a module; 160-a write module; 170-a return module; 180-delete module; 11-a processor; 12-memory; 13-bus.
Detailed Description
For the purposes of making the objects, technical solutions and advantages of the embodiments of the present application more clear, the technical solutions of the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is apparent that the described embodiments are some embodiments of the present application, but not all embodiments. The components of the embodiments of the present application, which are generally described and illustrated in the figures herein, may be arranged and designed in a wide variety of different configurations.
Thus, the following detailed description of the embodiments of the present application, as provided in the accompanying drawings, is not intended to limit the scope of the application, as claimed, but is merely representative of selected embodiments of the application. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments herein without undue burden, are within the scope of the present application.
It should be noted that: like reference numerals and letters denote like items in the following figures, and thus once an item is defined in one figure, no further definition or explanation thereof is necessary in the following figures.
The network target range is a product for simulating and reproducing the network architecture, the running state of system equipment and the running environment in the real network space through a virtualization technology, and the attack and defense combat environment in the real network space can be simulated through the combination of the virtual environment and the real equipment, so that the investigation of combat capability and the verification of weaponry can be supported.
The existing network target range construction method needs to manually configure configuration information such as IP addresses, ports and the like of the network target range for a plurality of times, so that the network target range construction process becomes complex, and certain professional basic knowledge is required for configuration personnel. Because the automation degree is low, the process is tedious and easy to make mistakes, the normal operation of the network shooting range experimental environment is seriously affected.
Aiming at the technical problems, the embodiment of the application provides a network target range construction method, wherein a user can construct a network target range only by manually configuring target range parameters once, the construction process of the network target range is simplified, a rear-end server can also automatically construct the network target range, the degree of automation of the network target range is improved, and the method is described in detail below.
Referring to fig. 1, fig. 1 shows an application scenario diagram of a network target range construction method provided in an embodiment of the present application, including a back-end server 10 and a client 20.
The client 20 and the back-end server 10 are connected through a network to implement data communication interaction between the client 20 and the back-end server 10, where the interaction manner may be, for example, a wired network, where the wired network may include, for example, a coaxial cable, a twisted pair wire, an optical fiber, etc., and may also be a wireless network, where the wireless network may be a 2G network, a 3G network, a 4G network, or a 5G network, a WIFI network, etc., where the embodiments of the present application are not limited in any way.
The backend server 10 is configured to perform validity verification on the range parameter, generate a configuration file for the range parameter if the range parameter is legal, and then construct a range configuration environment by using the configuration file to generate a network range. The scale parameters include scale templates, trainee groups, availability and other parameters, and the comparison of the embodiment of the application is not limited.
The client 20 is configured to send the target range parameter to the backend server 10, and may be an intelligent electronic device such as a smart phone, a tablet computer, or a desktop computer with an Application program (APP) or loaded on a web Application, which is not limited in this Application.
The client 20 includes a front-end interface, which refers to an interface capable of being displayed in various platforms, and is an overall design of man-machine interaction, operation logic and attractive interface for software, and is a medium for interaction and information exchange between a system and a user. Wherein, platform refers to an environmental system suitable for front-end interface presentation, including but not limited to: web, H5, android, iOS, etc. Front end interfaces include, but are not limited to: UI (User Interface) displayed by the application program at the client 20, an operation Interface displayed by the application program at the PC (Personal Computer ) side, and the like.
The network target range construction method applied to the back-end server 10 provided by the embodiment of the application can not only demonstrate the equipment of the network combat weapon, train the tactical tactics of the network combat personnel, but also be applied to the following scenes:
1. the cloud computing management platform can visually manage cloud computing resources to improve operation and engineering efficiency.
2. Information security research and teaching effort, including but not limited to: risk assessment, training education, technical development, emergency exercises, and the like.
On the basis of the application scenario schematic diagram shown in fig. 1, please refer to fig. 2, fig. 2 shows a flowchart of a network target range construction method provided in an embodiment of the present application, where the network target range construction method is applied to the backend server 10, and may include the following steps:
s110, receiving the target range parameters sent by the client, wherein the target range parameters are selected by a user through a front-end interface.
When the user needs to construct the network target, the client 20 presents a front-end interface to the user for the user to select the target parameters for constructing the network target, such as the target template, the trainee group, whether the target parameters are available, and when the user selects the target parameters, the client 20 sends the target parameters selected by the user to the back-end server 10 for processing.
The front-end interface can enable a user to rapidly and conveniently configure the shooting range parameters through simple drag-and-drop operation, and can also set the attributes of various network devices. The user selected range parameters are determined by providing a front-end interface and detecting user-triggered operations in the front-end interface.
In one possible implementation, after the user selects the range parameters as the range template, the trainee group, and whether the user is available, the client 20 pops up a new front-end interface, and referring to fig. 3, fig. 3 shows an exemplary diagram of the front-end interface provided in the embodiment of the present application.
In the front-end interface shown in fig. 3, the front-end interface presents a specific range configuration to the user, including: the target range template selection, the trainee grouping selection, the first configuration page, the second configuration page, the high availability and key generation and the like, and different software environments for user selection, such as a first software environment, a second software environment, a third software environment and the like, are contained in the target range template selection, and likewise, the trainee grouping selection also has the options of a first class, a second class, a third class and the like.
The first configuration interface is used for carrying a target range template selected by a user, and prompt information can be displayed on the first configuration interface, for example, the prompt information can be "please drag target range templates which are desired to be set (a plurality of target range templates are allowed to be dragged)". Similarly, the second configuration interface is used for carrying the group of the students selected by the user, and prompt information can be displayed to the user on the second configuration interface, for example, the prompt information is "please drag the target range template which is desired to be set (allowing to drag a plurality of target range templates)".
Referring to fig. 4 when a user operates on the front-end interface, fig. 4 shows another exemplary diagram of the front-end interface provided in an embodiment of the present application.
The user wants the back-end server 10 to generate the network target range required by the user, drags the second software environment in the target range template selection to the first configuration interface through a mouse in the front-end interface, drags the first class and the second class in the grouping selection of the students to the second configuration interface, selects the high-availability option, and finally clicks the generating case to finish the operation of the user on the front-end interface, and the client 20 sends the information selected by the user to the back-end server 10.
In one possible implementation, the manner in which the client 20 sends the targeting parameter to the backend server 10 may be implemented by using an API (Application Programming Interface, application program interface) calling method, where the API calling method is a calling method in the HTTP protocol, such as get, post, put, head, trace, for example, the API calling method is a calling method in the HTTP protocol, which is called by using an API access request.
According to the embodiment of the application, a vivid front-end interface can be quickly generated according to the network environment, so that the preparation of constructing a network target range is achieved, the automation, the intellectualization and the visualization effects are strong, and excellent user experience is achieved.
S120, carrying out validity check on the shooting range parameters.
After receiving the range parameters, the backend server 10 needs to perform validity check on the range parameters in order to prevent problems such as program errors caused by incorrect range parameters.
S130, if the range parameters are legal, generating a configuration file according to the range parameters.
The configuration file may be a yaml file, taking yaml file as an example, and the back-end server 10 generates yaml file from the range parameters after judging that the range parameters are legal.
In one possible implementation manner, if the process of generating the yaml file by the shooting range parameter is in a windows system software environment, generating the yaml file by creating a virtual machine through an OpenStack cloud platform, and if the process is in a Linux system software environment, generating the yaml file by calling a dock container through a K8S cluster.
The method for creating the virtual machine through the OpenStack cloud platform comprises the following steps: arranging basic resources provided by OpenStack, including calculation, network, storage and the like, creating a basic virtual machine, providing Software Configuration, software Deployment and the like for complex configuration of the virtual machine, installing and configuring specific software, providing load balancing for supporting, creating a group of virtual machines with load balancing, and analyzing target range parameters into yaml files through horizons;
the manner of calling the docker container by using the K8S cluster is as follows: the backend server 10 uses project codes configured by a developer to pull the substitution codes through a gate clone/pull command to generate a yaml file, creates a docker image, pushes the generated docker image to an image warehouse, then sends out a kubecl apply-f yaml file name command to acquire the docker image from the image warehouse, creates a container by utilizing the configuration in the yaml file, starts the container, and deploys the container into a k8s cluster.
S140, constructing a range configuration environment according to the configuration file to generate a network range.
The backend server 10 searches out the range environment resources corresponding to the yaml file according to the yaml file, and loads the range environment resources into the running environment to construct a range configuration environment, so as to generate a network range.
Next, a detailed description will be given of step S120, referring to fig. 2 on the basis of fig. 5, fig. 5 shows another flow chart of the network target range construction method provided in the embodiment of the present application, where step S120 includes:
s121, if the target range template belongs to a preset template library and the trainee grouping belongs to a preset trainee grouping, determining that the target range parameters are legal.
S122, if the target range template does not belong to a preset template library or the trainee grouping does not belong to a preset trainee grouping, determining that the target range parameters are illegal.
The back-end server 10 stores a preset template library and preset trainee groups in advance, and when the back-end server 10 receives that there are target range templates and trainee groups in the target range parameters, the validity check can be performed on the target range templates and trainee groups, where the validity check mode may be as follows: and respectively judging whether the target range templates belong to a preset template library or not, judging whether the trainee groups belong to preset trainee groups or not, determining that the target range parameters are legal when the target range templates belong to the preset template library and the trainee groups belong to the preset trainee groups, and determining that the target range parameters are illegal when the back-end server 10 judges that the target range templates do not belong to the preset template library or the trainee groups do not belong to the preset trainee groups.
When the target range parameter is illegal, please refer to fig. 5 again, after S122, the method further includes:
and S160, if the target range parameters are illegal, returning configuration error information to the front-end interface so as to remind the user to reselect the target range parameters.
When the backend server 10 determines that the range template in the range parameter does not belong to the preset template library or the trainee group does not belong to the preset trainee group after verifying the validity of the range parameter, and when the range parameter is not legal, the backend server 10 generates configuration error information, and returns the configuration error information to the front-end interface of the client 20 to display, so as to remind the user to reselect the range parameter.
After the back-end server 10 generates the configuration file according to the target range parameter, referring to fig. 6 on the basis of fig. 5, fig. 6 shows another flow schematic diagram of the network target range construction method provided in the embodiment of the present application, and after step S130, steps S101 to S102 are further included:
s101, judging whether hacking actions exist.
In the present embodiment, if the determination result of step S101 is yes, that is, there is a hacking behavior, step S102 is executed; if the judgment result of step S101 is "no", i.e., there is no hacking behavior, step S140 is performed.
S102, deleting the configuration file.
S140, constructing a range configuration environment according to the configuration file to generate a network range.
The backend server 10 characterizes whether there is hacking action by detecting the feature string containing SQL (Structured Query Language ) injection or the feature string of XSS (Cross Site Scripting, cross-site scripting) attack, and if the backend server 10 detects the feature string containing SQL injection or the feature string of XSS attack, it indicates that there is hacking action, and the backend server 10 immediately deletes the configuration file. When the backend server 10 does not detect the feature string containing the SQL injection or the feature string of the XSS attack, step S140 is performed.
Optionally, after step S140, the method for constructing a network target range according to the embodiment of the present application further includes S150.
And S150, writing the IP address information and the port information of the network target range into a database so that a user can inquire through a front-end interface.
The network target includes IP address information and port information, and the back-end server 10 includes a database for storing information required by the back-end server 10 according to the target parameters, such as the IP address information and the port information, and after the network target is generated by the back-end server 10, the IP address information and the port information of the network target are stored in the database, and when the user wants to query the IP address information or the port information of the network target, the client 20 obtains the IP address information or the port information from the back-end server 10 and displays the IP address information or the port information in the front-end interface.
Compared with the prior art, the embodiment of the application has the following beneficial effects:
firstly, compared with the prior art, the method and the device have the advantages that the construction of the network target range can be completed by manually configuring the target range parameters once through the front-end interface, the construction process of the network target range is simplified, the experience of use is greatly enhanced, and the method and the device are more humanized.
Secondly, the network target range is automatically built through the back-end server, so that the automation degree of the network target range is improved, and meanwhile, the efficiency of building the network target range is also improved.
Further, by verifying the validity of the range parameter, it is possible to prevent a problem such as a program error caused by incorrect range parameter.
A possible implementation of the network range construction device 100 is given below, which is used to perform the steps and corresponding technical effects of the network range construction method shown in the above embodiments and possible implementations. Referring to fig. 7, fig. 7 is a schematic structural diagram of a network target range construction device 100 according to an embodiment of the present application, where the device is applied to a backend server 10, and the network target range construction device 100 includes: a receiving module 110, a verifying module 120, a generating module 130, a returning module 170, a judging module 140, a constructing module 150, a deleting module 180 and a writing module 160;
and the receiving module 110 is configured to receive the range parameter sent by the client, where the range parameter is selected by the user through the front-end interface.
And the verification module 120 is used for verifying the legality of the shooting range parameters.
The generating module 130 is configured to generate a configuration file according to the range parameter if the range parameter is legal.
A construction module 150 is configured to construct a range configuration environment from the configuration file to generate a network range.
Optionally, the verification module 120 is specifically configured to:
if the target range template belongs to a preset template library and the trainee grouping belongs to a preset trainee grouping, determining that the target range parameters are legal.
If the target range template does not belong to the preset template library or the trainee grouping does not belong to the preset trainee grouping, determining that the target range parameters are illegal.
Optionally, the network target range construction device 100 further includes:
and a return module 170, configured to return a configuration error message to the front-end interface to prompt the user to reselect the target range parameters if the target range parameters are illegal.
Optionally, the network target range construction device 100 further includes:
the writing module 160 is configured to write the IP address information and the port information of the network target range into the database, so that a user can query through the front-end interface.
Optionally, the network target range construction device 100 further includes:
the judging module 140 is configured to judge whether there is a hacking action, if so, skip to the deleting module 180, and if not, skip to the constructing module 150.
And a deleting module 180, configured to delete the configuration file.
A construction module 150 is configured to construct a range configuration environment from the configuration file to generate a network range.
Referring to fig. 8, fig. 8 shows a schematic structural diagram of the backend server 10 according to an embodiment of the present application.
The back-end server 10 includes a processor 11, a memory 12, and a bus 13, and the processor 11 is connected to the memory 12 through the bus 13. The memory 12 is used for storing a program, such as the network target construction device 100 shown in fig. 7, and the network target construction device 100 includes at least one software functional module that may be stored in the memory 12 in the form of software or firmware (firmware) or cured in an Operating System (OS) of the client 20, and the processor 11 executes the program after receiving the execution instruction to implement the network target construction method disclosed in the above embodiment.
The memory 12 may include high-speed random access memory (Random Access Memory, RAM) and may also include non-volatile memory (NVM).
The processor 11 may be an integrated circuit chip with signal processing capabilities. In implementation, the steps of the above method may be performed by integrated logic circuits of hardware in the processor 11 or by instructions in the form of software. The processor 11 may be a general-purpose processor, including a central processing unit (Central Processing Unit, CPU for short), a micro control unit (Microcontroller Unit, MCU), a complex programmable logic device (Complex Programmable Logic Device, CPLD), a Field-programmable gate array (Field-Programmable Gate Array, FPGA), an embedded ARM, or the like.
The embodiment of the present application further provides a readable storage medium, on which a computer program is stored, which when executed by the processor 11 implements the network target range construction method disclosed in the above embodiment.
In summary, the embodiments of the present application provide a method, an apparatus, a backend server, and a readable storage medium for constructing a network target range, where after a user selects a target range parameter through a front-end interface, a client sends the target range parameter to the backend server, and then the backend server performs validity verification on the target range parameter, and only if the target range parameter is legal, a configuration file can be generated, and finally the backend server constructs a target range configuration environment according to the configuration file to generate the network target range. The network target range can be constructed by manually configuring the target range parameters once through the front-end interface, the construction process of the network target range is simplified, the network target range is automatically constructed through the rear-end server, and the construction efficiency of the network target range is improved while the automation degree of the network target range is improved.
The foregoing is merely specific embodiments of the present application, but the scope of the present application is not limited thereto, and any changes or substitutions easily conceivable by those skilled in the art within the technical scope of the present application should be covered in the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (8)
1. A network target range construction method, applied to a back-end server, the back-end server being communicatively connected to a client, the client including a front-end interface, the method comprising:
receiving a target range parameter sent by the client, wherein the target range parameter is selected by a user through the front-end interface; the range parameters comprise a range template and a trainee group;
carrying out validity verification on the target range parameters, and if the target range templates belong to a preset template library and the trainee groups belong to preset trainee groups, determining that the target range parameters are legal;
if the target range template does not belong to a preset template library or the trainee group does not belong to a preset trainee group, determining that the target range parameter is illegal;
if the range parameters are legal, generating a configuration file according to the range parameters;
and constructing a range configuration environment according to the configuration file to generate a network range.
2. A network target range construction method according to claim 1, wherein after the step of determining that the target range parameter is illegal, the method further comprises:
and if the target range parameters are illegal, returning configuration error information to the front-end interface so as to remind the user to reselect the target range parameters.
3. The network target range construction method according to claim 1, wherein the back-end server comprises a database, and the network target range comprises IP address information and port information;
after the step of building a range configuration environment from the configuration file to generate a network range, the method further comprises:
and writing the IP address information and the port information of the network target range into the database so that the user can inquire through the front-end interface.
4. The network range construction method according to claim 1, wherein after the step of generating a configuration file from the range parameters if the range parameters are legal, the method further comprises:
judging whether hacking actions exist or not;
if the hacking behavior exists, deleting the configuration file;
and if the hacking behavior is not generated, executing the step of constructing a range configuration environment according to the configuration file to generate a network range.
5. A network target range construction device, applied to a back-end server, the back-end server being communicatively connected to a client, the client including a front-end interface, the device comprising:
the receiving module is used for receiving the range parameters sent by the client, wherein the range parameters are selected by a user through the front-end interface; the range parameters comprise a range template and a trainee group;
the verification module is used for carrying out validity verification on the target range parameters, and if the target range templates belong to a preset template library and the trainee groups belong to preset trainee groups, determining that the target range parameters are legal; if the target range template does not belong to a preset template library or the trainee group does not belong to a preset trainee group, determining that the target range parameter is illegal;
the generation module is used for generating a configuration file according to the shooting range parameters if the shooting range parameters are legal;
and the construction module is used for constructing a range configuration environment according to the configuration file so as to generate a network range.
6. The network target range construction device of claim 5, wherein the device further comprises:
and the return module is used for returning configuration error information to the front-end interface to remind the user to reselect the target range parameters if the target range parameters are illegal.
7. A back-end server, comprising: a processor, a memory and a bus, the memory storing program instructions executable by the processor, the processor and the memory communicating via the bus when the backend server is running, the processor executing the program instructions to perform the network range construction method of any of claims 1-4 when executed.
8. A readable storage medium, characterized in that the readable storage medium has stored thereon a computer program which, when executed by a processor, performs the network range construction method according to any of claims 1-4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111571964.8A CN114257506B (en) | 2021-12-21 | 2021-12-21 | Network target range construction method and device, back-end server and readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111571964.8A CN114257506B (en) | 2021-12-21 | 2021-12-21 | Network target range construction method and device, back-end server and readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114257506A CN114257506A (en) | 2022-03-29 |
| CN114257506B true CN114257506B (en) | 2024-04-02 |
Family
ID=80793734
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111571964.8A Active CN114257506B (en) | 2021-12-21 | 2021-12-21 | Network target range construction method and device, back-end server and readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114257506B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116208519B (en) * | 2023-04-27 | 2023-08-22 | 南京赛宁信息技术有限公司 | Network target range background flow generation system and method based on behavior agent |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109802852A (en) * | 2018-12-13 | 2019-05-24 | 烽台科技(北京)有限公司 | The construction method and system of network simulation topology applied to network target range |
| CN110351271A (en) * | 2019-07-09 | 2019-10-18 | 广东工业大学 | Network-combination yarn experimental system building method, system, device and storage medium |
| CN110351255A (en) * | 2019-06-25 | 2019-10-18 | 北京永信至诚科技股份有限公司 | Collecting method and data collection system in a kind of system of network target range |
| CN111478820A (en) * | 2020-06-24 | 2020-07-31 | 南京赛宁信息技术有限公司 | Network equipment configuration system and method for large-scale network environment of network target range |
| CN111555913A (en) * | 2020-04-24 | 2020-08-18 | 北京安码科技有限公司 | Simulation method, system, electronic device and storage medium for simulating real network environment based on virtualization |
| CN112055026A (en) * | 2020-09-11 | 2020-12-08 | 湖南泛联新安信息科技有限公司 | Network target range physical environment construction method and system |
| CN112448857A (en) * | 2021-02-01 | 2021-03-05 | 博智安全科技股份有限公司 | Construction method, device and equipment of target range and storage medium |
| CN113067728A (en) * | 2021-03-17 | 2021-07-02 | 中国人民解放军海军工程大学 | Network security attack and defense test platform |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20160011732A1 (en) * | 2014-07-11 | 2016-01-14 | Shape Security, Inc. | Disrupting automated attacks on client-server interactions using polymorphic application programming interfaces |
-
2021
- 2021-12-21 CN CN202111571964.8A patent/CN114257506B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109802852A (en) * | 2018-12-13 | 2019-05-24 | 烽台科技(北京)有限公司 | The construction method and system of network simulation topology applied to network target range |
| CN110351255A (en) * | 2019-06-25 | 2019-10-18 | 北京永信至诚科技股份有限公司 | Collecting method and data collection system in a kind of system of network target range |
| CN110351271A (en) * | 2019-07-09 | 2019-10-18 | 广东工业大学 | Network-combination yarn experimental system building method, system, device and storage medium |
| CN111555913A (en) * | 2020-04-24 | 2020-08-18 | 北京安码科技有限公司 | Simulation method, system, electronic device and storage medium for simulating real network environment based on virtualization |
| CN111478820A (en) * | 2020-06-24 | 2020-07-31 | 南京赛宁信息技术有限公司 | Network equipment configuration system and method for large-scale network environment of network target range |
| CN112055026A (en) * | 2020-09-11 | 2020-12-08 | 湖南泛联新安信息科技有限公司 | Network target range physical environment construction method and system |
| CN112448857A (en) * | 2021-02-01 | 2021-03-05 | 博智安全科技股份有限公司 | Construction method, device and equipment of target range and storage medium |
| CN113067728A (en) * | 2021-03-17 | 2021-07-02 | 中国人民解放军海军工程大学 | Network security attack and defense test platform |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114257506A (en) | 2022-03-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20210256088A1 (en) | Method, apparatus, computer device and storage medium of page displaying | |
| US9720799B1 (en) | Validating applications using object level hierarchy analysis | |
| US20180267885A1 (en) | Determining application test results using screenshot metadata | |
| CA2925015C (en) | System and method for testing data representation for different mobile devices | |
| US9679090B1 (en) | Systematically exploring programs during testing | |
| US10255151B1 (en) | Security testing using a computer add-in card | |
| CN108154197B (en) | Method and device for realizing image annotation verification in virtual scene | |
| US11843674B2 (en) | Virtual workspace experience visualization and optimization | |
| CN108111364B (en) | Service system testing method and device | |
| JP7387773B2 (en) | Continuous integration testing methods, systems and devices, electronic equipment, storage media and computer programs | |
| CN114257506B (en) | Network target range construction method and device, back-end server and readable storage medium | |
| US20230035104A1 (en) | Verification method, apparatus and device, and storage medium | |
| CN111444103A (en) | Automatic testing method for Web page and related equipment | |
| CN112418259A (en) | Method for configuring real-time rules based on user behaviors in live broadcast process, computer equipment and readable storage medium | |
| CN115499323B (en) | Method and device for constructing target virtual scene and electronic equipment | |
| CN114629682B (en) | Industrial control network target range allocation method, device, terminal and storage medium | |
| CN112631949B (en) | Debugging method and device, computer equipment and storage medium | |
| Park et al. | Self-adaptive middleware framework for internet of things | |
| CN111897582B (en) | All-in-one machine Ethernet refreshing method and device, storage medium and all-in-one machine equipment | |
| CN116566629A (en) | Security testing method and device, computer equipment and storage medium | |
| CN111625379A (en) | Information processing method and device, electronic equipment and readable storage medium | |
| CN117478440B (en) | POC batch verification method, device, equipment and medium | |
| CN115334698B (en) | Construction method, device, terminal and medium of target 5G safety network of target range | |
| KR102660039B1 (en) | Integrated modeling and simulation system based on plug in model and its operation method | |
| US20230315826A1 (en) | User verification with state machines |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |