CN114301784B - Method and device for constructing network target range training environment, electronic equipment and storage medium - Google Patents
Method and device for constructing network target range training environment, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN114301784B CN114301784B CN202111499060.9A CN202111499060A CN114301784B CN 114301784 B CN114301784 B CN 114301784B CN 202111499060 A CN202111499060 A CN 202111499060A CN 114301784 B CN114301784 B CN 114301784B
- Authority
- CN
- China
- Prior art keywords
- network
- environment
- target range
- library
- range training
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000012549 training Methods 0.000 title claims abstract description 106
- 238000000034 method Methods 0.000 title claims abstract description 54
- 238000003860 storage Methods 0.000 title claims abstract description 14
- 230000006855 networking Effects 0.000 claims abstract description 64
- 238000013515 script Methods 0.000 claims abstract description 28
- 238000011068 loading method Methods 0.000 claims abstract description 23
- 238000010276 construction Methods 0.000 claims abstract description 22
- 230000007123 defense Effects 0.000 claims description 18
- 238000004590 computer program Methods 0.000 claims description 8
- 230000000007 visual effect Effects 0.000 claims description 7
- 238000012544 monitoring process Methods 0.000 claims description 6
- 230000001502 supplementing effect Effects 0.000 claims description 6
- 238000009434 installation Methods 0.000 claims description 4
- 238000005457 optimization Methods 0.000 claims 1
- 238000004891 communication Methods 0.000 abstract description 15
- 230000006870 function Effects 0.000 description 14
- 230000005540 biological transmission Effects 0.000 description 7
- 238000010586 diagram Methods 0.000 description 4
- 238000004088 simulation Methods 0.000 description 4
- 230000000694 effects Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 241000700605 Viruses Species 0.000 description 2
- 238000013475 authorization Methods 0.000 description 2
- 230000004888 barrier function Effects 0.000 description 2
- 230000002457 bidirectional effect Effects 0.000 description 2
- 238000004422 calculation algorithm Methods 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 238000005336 cracking Methods 0.000 description 2
- 210000001503 joint Anatomy 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000035515 penetration Effects 0.000 description 2
- 230000002093 peripheral effect Effects 0.000 description 2
- 230000008439 repair process Effects 0.000 description 2
- 238000012360 testing method Methods 0.000 description 2
- 241001391944 Commicarpus scandens Species 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000005553 drilling Methods 0.000 description 1
- 238000002474 experimental method Methods 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 238000000060 site-specific infrared dichroism spectroscopy Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/70—Reducing energy consumption in communication networks in wireless communication networks
Abstract
The invention provides a method and a device for constructing a network target range training environment, electronic equipment and a storage medium, wherein the method comprises the following steps: accessing the mobile terminal equipment into an ad hoc network environment in a dynamic host configuration protocol mode by utilizing an ad hoc network system, and acquiring network configuration from a dynamic host configuration protocol server; acquiring a target scene template library from a cloud security resource library according to a network target range training script, wherein the target scene template library comprises a basic software template, an application software template and a business data template; and loading the target scene template library into the ad hoc network system in an application container engine mode to form a network target range training environment for deploying the vulnerability environment. The invention realizes automatic deployment of the vulnerability environment on the basis of the ad hoc network, greatly improves the construction efficiency of the target range environment, and the dynamic network target range training environment formed by the method has excellent portability and can realize mutual networking communication in the network-free environment.
Description
Technical Field
The present invention relates to the field of network security, and in particular, to a method and apparatus for constructing a network target range training environment, an electronic device, and a storage medium.
Background
In an increasingly severe cyber security situation, the industry has emerged a vast number of platforms and systems called "cyber yards", most of which are designed to support cyber security training and competition, and some of which are designed to support more complex cyber security attack and defense exercises, assessment tests, technical verification and security research. From the construction and use of the network target range, how to quickly construct the target scene (i.e. target environment) required by various businesses such as target range drilling, training, testing, verifying, etc. is very important, and time cost is reduced, which is a difficult point and pain point of the network target range. Especially for urgent and rapid deployment demands, current static-based construction techniques often fail to meet the time requirements.
The current technical proposal mainly comprises the following modes: the method comprises the steps of performing large-scale copying or simulation on a target network and a system by using a virtualization technology to form a target scene of a network target range, storing scene information in a standardized (such as XML) or custom configuration file, developing a special software system, and performing operations such as maintenance, loading, modification, storage and the like on the configuration information so as to finish the use of the target scene. The SDN technology is utilized to strengthen the capability of a software definition network, construct, generate, modify, maintain and the like the complex network target range environment, rapidly and flexibly define the network topology structure required by the network target range system, rapidly and flexibly realize the change of the network topology and rapidly and flexibly realize the scale expansion of the target range experiment network.
The method for constructing the target scene of the network target range by using the prior art has the advantages of high cost, low efficiency and little change, and can not meet various requirements of emergency services. Traditional network target scenes lack portability and cannot be deployed in isolated environments quickly. The traditional network target training environment is very easy to break in various activities carried out on the target, but lacks self-regulation and self-repair functions, so that the maintenance cost is very high.
Disclosure of Invention
The invention provides a method and a device for constructing a network target range training environment, which are used for solving the technical defects in the prior art.
The invention provides a method for constructing a network target range training environment, which comprises the following steps:
accessing mobile terminal equipment into an ad hoc network environment in a dynamic host configuration protocol mode by utilizing an ad hoc network system, acquiring network configuration from a dynamic host configuration protocol server, and configuring the mobile terminal equipment according to the network configuration;
acquiring a target scene template library from a cloud security resource library according to a network target range training script, wherein the target scene template library comprises a basic software template, an application software template and a business data template;
and loading the target scene template library into the ad hoc network system in an application container engine mode to form a network target range training environment for deploying the vulnerability environment.
The method for constructing the network target range training environment according to the present invention, wherein the method for loading the target scene template library into the ad hoc network system in a container engine manner, after forming the network target range training environment for deploying the vulnerability environment, comprises the following steps:
after the target scene template library is loaded, reporting the loading condition to a command scheduling platform;
the command and dispatch platform is utilized to access the audio and video information of the dynamic network target range training environment into a visual large screen for real-time monitoring and dispatch command; the audio and video information comprises network topology, operating system information, application software information and security hole information.
The invention relates to a method for constructing a network target range training environment, wherein the method for constructing the network target range training environment comprises the steps of accessing mobile terminal equipment into the self-organizing network environment in a dynamic host configuration protocol mode by utilizing a self-organizing network system, acquiring network configuration from a dynamic host configuration protocol server, and before configuring the mobile terminal equipment according to the network configuration, comprising the following steps:
establishing a centerless multi-hop mesh networking structure by utilizing an ad hoc network system;
and the networking equipment nodes in the mesh networking structure are connected and communicated in a many-to-many mode, so that each networking equipment node in the constructed mesh networking structure has more than one wireless uplink link.
The method for constructing the network target range training environment according to the invention, wherein the method for constructing the network target range training environment by utilizing the ad hoc network system accesses the mobile terminal device into the ad hoc network environment in a dynamic host configuration protocol mode and comprises the following steps before the network configuration is acquired from a dynamic host configuration protocol server:
when a networking equipment node is started, each module in the networking equipment node automatically discovers and determines the working mode of each module and an intelligent scanning channel;
when one or more new nodes are added into the mesh networking structure, the new nodes are found; after the new node is authorized to be networked, the new node is configured.
The method for constructing the network target range training environment according to the invention, wherein the method for constructing the network target range training environment by utilizing the ad hoc network system accesses the mobile terminal device into the ad hoc network environment in a dynamic host configuration protocol mode and comprises the following steps before the network configuration is acquired from a dynamic host configuration protocol server:
each networking equipment node takes signal strength and network performance as indexes, and selects optimal path route flow from a plurality of wireless links at preset time intervals;
and adjusting the data path based on the optimal path routing traffic.
The method for constructing the network target range training environment according to the invention, wherein after acquiring the target scene template library from the cloud security resource library according to the network target range training script, comprises the following steps:
acquiring a network attack and defense tool library and a network security vulnerability library from the cloud security resource library; the network attack and defense tool library comprises an acquisition path, an installation script and a use instruction of each attack tool; the network security vulnerability library comprises an acquisition path, a technical principle, a deployment script and a use instruction of each vulnerability;
and supplementing the network target range training environment based on the network attack and defense tool library and the network security vulnerability library.
The method for constructing the network target range training environment according to the invention, wherein after acquiring the target scene template library from the cloud security resource library according to the network target range training script, comprises the following steps:
providing hardware virtualization capability, and deploying a virtualization layer supporting an application container engine, wherein the virtualization layer is provided with a cloud platform for uniformly managing virtualized resources of various basic software.
The invention also provides a device for constructing the training environment of the network target range, which comprises the following steps:
the dynamic network configuration module is used for accessing the mobile terminal equipment into an ad hoc network environment in a dynamic host configuration protocol mode by utilizing an ad hoc network system, acquiring network configuration from a dynamic host configuration protocol server, and configuring the mobile terminal equipment according to the network configuration;
the target scene template library acquisition module is used for acquiring a target scene template library from the cloud security resource library according to the network target range training script, wherein the target scene template library comprises a basic software template, an application software template and a business data template;
the loading module is used for automatically loading the target scene template library into the ad hoc network system in a container engine application mode to form a network target range training environment for deploying the vulnerability environment.
The invention also provides an electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the steps of the network range training environment construction method according to any one of the above are realized when the processor executes the program.
The invention also provides a non-transitory computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of a network range training environment construction method as described in any of the above.
According to the invention, on the basis of the ad hoc network, automatic deployment of the vulnerability environment is realized, the construction efficiency of the target range environment is greatly improved, the dynamic network target range training environment formed by the method has excellent portability, the network target range can be quickly constructed under the complex environment by mutual networking communication under the non-network environment, and even unmanned aerial vehicle target range nodes can be constructed; the network attack and defense exercise command cooperative system can well support bidirectional transmission of data, voice and video information and access of a database server by carrying the ad hoc network node.
Drawings
In order to more clearly illustrate the invention or the technical solutions of the prior art, the following description will briefly explain the drawings used in the embodiments or the description of the prior art, and it is obvious that the drawings in the following description are some embodiments of the invention, and other drawings can be obtained according to the drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic flow chart of a method for constructing a network target range training environment;
fig. 2 is a schematic diagram of a general architecture of a technical scheme in the method for constructing a network target range training environment provided by the invention.
FIG. 3 is a schematic diagram of a construction device for a network target range training environment provided by the invention;
fig. 4 is a schematic structural diagram of an electronic device provided by the present invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the present invention more apparent, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings, and it is apparent that the described embodiments are some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
A method for constructing a network target range training environment according to the present invention is described below with reference to fig. 1, and includes:
s1, accessing mobile terminal equipment into an ad hoc network environment in a dynamic host configuration protocol mode by utilizing an ad hoc network system, acquiring network configuration from a dynamic host configuration protocol server, and configuring the mobile terminal equipment according to the network configuration;
mobile terminal equipment (including smart phones, tablet computers, network cameras, notebook computers and the like) in the access ad hoc network environment is accessed in a DHCP (Dynamic Host Configuration Protocol ) mode, and network configuration is obtained from a DHCP server. DHCP is a network protocol for a local area network.
S2, acquiring a target scene template library from a cloud security resource library according to a network target range training script, wherein the target scene template library comprises a basic software template, an application software template and a business data template;
each target scenario template in the target scenario template library consists of the following common attributes: unique ID, template major class, template minor class, template name, template version number, template size, template MD5 check code, template acquisition path. Templates fall into three broad categories: basic software templates, application software templates and business data templates. The private attributes of each type of template consist of:
basic software templates, namely system attributes (CPU quantity and performance/memory size/disk size and type/external equipment/operating system version, and the like), basic software deployment scripts and template custom extension attributes.
Application software templates: run environment properties (number of CPUs and performance/memory size/disk size and type/external device/operating system version, etc.), application properties (port number/application service name/application service version number), application deployment scripts, template custom extension properties.
Business data templates: data content, data deployment script, template custom extension attribute.
S3, loading the target scene template library into the ad hoc network system in a container engine application mode to form a network target range training environment for deploying the vulnerability environment.
And automatically loading the vulnerability database into an ad hoc network system in a mode of applying a container engine (dock), thereby forming a dynamic network target range training environment for automatically deploying the vulnerability environment.
According to the invention, on the basis of the ad hoc network, automatic deployment of the vulnerability environment is realized, the construction efficiency of the target range environment is greatly improved, the dynamic network target range training environment formed by the method has excellent portability, the network target range can be quickly constructed under the complex environment by mutual networking communication under the non-network environment, and even unmanned aerial vehicle target range nodes can be constructed; the network attack and defense exercise command cooperative system can well support bidirectional transmission of data, voice and video information and access of a database server by carrying the ad hoc network node.
The method for constructing the network target range training environment according to the present invention, wherein the method for loading the target scene template library into the ad hoc network system in a container engine manner, after forming the network target range training environment for deploying the vulnerability environment, comprises the following steps:
after the target scene template library is loaded, reporting the loading condition to a command scheduling platform;
the command and dispatch platform is utilized to access the audio and video information of the dynamic network target range training environment into a visual large screen for real-time monitoring and dispatch command; the audio and video information comprises network topology, operating system information, application software information and security hole information.
After the information is loaded, the information is automatically reported to a command and dispatch platform, and the network topology, the operating system information, the application software information and the security vulnerability information of the whole training environment are combined into a visual large screen for subsequent command and dispatch operation. And by combining with scheduling software, the situation map dynamic display of each training unit is realized.
The method for constructing the network target range training environment according to the invention, wherein the method for constructing the network target range training environment by utilizing the ad hoc network system accesses the mobile terminal device into the ad hoc network environment in a dynamic host configuration protocol mode and comprises the following steps before the network configuration is acquired from a dynamic host configuration protocol server:
establishing a centerless multi-hop mesh networking structure by utilizing an ad hoc network system;
and the networking equipment nodes in the mesh networking structure are connected and communicated in a many-to-many mode, so that each networking equipment node in the constructed mesh networking structure has more than one wireless uplink link.
The invention has the mesh networking function: the wireless network topology structure is superior to the traditional wireless point-to-point and point-to-multipoint topology structure, the availability of wireless transmission service is improved, and therefore the influence of barriers such as buildings in large-scale wireless network deployment of a network target range is solved.
The method for constructing the network target range training environment according to the invention, wherein the method for constructing the network target range training environment by utilizing the ad hoc network system accesses the mobile terminal device into the ad hoc network environment in a dynamic host configuration protocol mode and comprises the following steps before the network configuration is acquired from a dynamic host configuration protocol server:
when a networking equipment node is started, each module in the networking equipment node discovers each other and determines the working mode of each module and an intelligent scanning channel;
when one or more new nodes are added into the mesh networking structure, the new nodes are found; after the new node is authorized to be networked, the new node is configured.
The invention has the function of configuration-free networking: and supporting automatic configuration capability, when the network node is started, each module in the node automatically discovers each other and automatically determines the functions of respective working modes, intelligent scanning channels and the like, and manual configuration of each device is not needed. When one or more newly added nodes in the network are selected, the system can automatically discover the new nodes, and the new nodes can be automatically configured after the nodes are subjected to networking authorization through the management interface. The ability of the present system to automatically configure and automatically discover is suitable for emergency situations and rapid deployment scenario requirements.
The method for constructing the network target range training environment according to the invention, wherein the method for constructing the network target range training environment by utilizing the ad hoc network system accesses the mobile terminal device into the ad hoc network environment in a dynamic host configuration protocol mode and comprises the following steps before the network configuration is acquired from a dynamic host configuration protocol server:
each networking equipment node takes signal strength and network performance as indexes, and selects optimal path route flow from a plurality of wireless links at preset time intervals;
and adjusting the data path based on the optimal path routing traffic.
The invention also has the intelligent routing function: after the wireless network connection is established, a centerless self-organizing network structure is formed, and each network node continuously executes a decision algorithm at certain time intervals. The distributed intelligence of each node takes signal strength and network performance as indexes, selects optimal path routing traffic among a plurality of wireless links, and continuously and dynamically adjusts data paths, thereby restricting broadcasting and eliminating bottlenecks. This ensures that any network topology changes due to the addition or removal of network elements can be immediately detected and associated measures taken to ensure that the network is always in optimal performance and operation. Thus, the network has two ad hoc network characteristics of self-regulation of performance and automatic link repair. Before a fault occurs, the ad hoc network node keeps information of a main link and an alternative link and continuously and dynamically updates a link information list; when a certain point in the network fails due to power supply, damage and the like, other peripheral equipment can quickly select an alternative link with optimal parameters from the alternative link table as a main link.
The method for constructing the network target range training environment according to the invention, wherein after acquiring the target scene template library from the cloud security resource library according to the network target range training script, comprises the following steps:
acquiring a network attack and defense tool library and a network security vulnerability library from the cloud security resource library; the network attack and defense tool library comprises an acquisition path, an installation script and a use instruction of each attack tool; the network security vulnerability library comprises an acquisition path, a technical principle, a deployment script and a use instruction of each vulnerability;
and supplementing the network target range training environment based on the network attack and defense tool library and the network security vulnerability library.
The attack tools in the network attack and defense tool library comprise various attack capacities such as port scanning, vulnerability discovery, password cracking, database penetration, cross-network attack, lux attack, phishing attack, social engineering attack, DDoS attack and the like; the defending tools comprise various defending capabilities such as a firewall, a WAF, virus killing, malicious code private killing, vulnerability protection, IDS, IPS, SOC and the like;
the security vulnerability database is in butt joint with important vulnerability platforms (CNVD, CNNVD, CVE and the like) in the industry, and obtains various security vulnerability information from a compliance channel, and the security vulnerability information is divided into six major categories, namely hardware, basic software, middleware, main stream application, network protocol and mobile Internet.
The method for constructing the network target range training environment according to the invention, wherein after acquiring the target scene template library from the cloud security resource library according to the network target range training script, comprises the following steps:
providing hardware virtualization capability, and deploying a virtualization layer supporting an application container engine, wherein the virtualization layer is provided with a cloud platform for uniformly managing virtualized resources of various basic software.
In order to further explain the method for constructing the network target range training environment, referring to fig. 2, the embodiment of the invention further provides a technical scheme overall architecture for implementing the method.
The whole technical scheme consists of two parts of a local automatic networking shooting range training environment and a cloud security capability resource library. Wherein:
1. the training environment of the local automatic networking target range is divided into four layers:
(1) And (5) automatically networking the layers.
The target range ad hoc network function comprises the following parts:
A. portable ad hoc hardware and supporting software: and the wireless router hardware and the matched software supporting the MESH networking function. A mesh network is automatically generated by a plurality of networking hardware, and the mesh network has four networking modes of star, tree, serial connection and bus, and can also be used for hybrid networking. The wireless network is composed of a plurality of wireless routing devices, but SSID numbers (Service set identifier) are unified, nodes with best signals can be automatically searched for connection for data transmission, and mobile terminal devices can be seamlessly switched to different nodes, so that good roaming effect is achieved.
B. And an ad hoc network communication module. The network connection between nodes is realized by adopting 340/580Mhz MESH, 1.4Ghz MESH and 2.4/5.8Ghz MESH technologies, and the signal diffraction capacity is improved by adopting ultrashort wave bands aiming at the uncertainty of the field environment. The 340Mhz main frequency point can vertically penetrate more than 3 floors, and is suitable for communication networking in the building and even in the basement; the 580Mhz main frequency point single-hop short-distance penetrable two buildings is suitable for indoor to outdoor networking and transmission; the 1.4G main frequency point has lower requirement on the overhead, and the single-hop transmission distance can reach more than 2KM, thereby being suitable for being used in outdoor scenes, roads, parks and the like; the 2.4G and 5.8G main frequency points can provide larger interconnection bandwidth in an unobstructed environment, and are generally used for communication of people and vehicles in scenes with elevated conditions or in close range.
And C, wiFi access communication module. The mobile terminal access function is provided, the 2.4Ghz or 5.8Ghz frequency band of the 802.11 standard is adopted, the channel capacity and compatibility are improved, and the access of portable terminals such as smart phones, notebook computers, tablet computers, PADs, cameras and sensors is supported.
D. And an Ethernet communication module. And providing access to a cable network, a satellite network and an operator base station, and realizing interconnection with an external public communication system.
(2) System virtual layer:
the system virtual layer provides hardware virtualization capability, and on the basis, a virtual layer supporting a Docker is deployed, wherein the virtual layer is provided with a simple cloud platform, and the virtual resources of various basic software on the upper layer are uniformly managed. The layer supports the conventional Windows, linux and other operating systems, and can also run complex system vulnerability environments through Bochs and other full-virtualization software.
(3) Applying a simulation layer:
the application simulation layer provides various application simulation systems with good equivalence for the shooting range training environment by running application software templates in the cloud security resource library. Including Web, mail, DB, ERP, OA, webcams, etc., and provides background data streams and business data streams, script execution by the data templates takes effect.
(4) Command dispatch layer:
the audio and video information collected by the front-end information collection equipment can be transmitted to the command platform in a wireless mode, and the ad hoc network portable node can extend and widen the signal coverage under a complex environment, can be used immediately, and has the characteristics of being rapid and flexible.
Each function of the command platform is also directly connected with audio and video information to a monitor or a large screen through movable ad hoc network node equipment for real-time monitoring and scheduling command, and meanwhile, scheduling software is utilized for video switching and browsing, and the video switching and browsing can be stored and browsed through the existing storage equipment, so that the command and scheduling functions of real-time visible, audible, talkback, controllable and other network target range training environments are realized.
The cloud security capability resource library consists of the following contents: the contents of the target scene template library, the network attack and defense tool library and the network security hole library are as in the embodiment.
Referring to fig. 3, the following describes a network target range training environment construction device provided by the present invention, where the network target range training environment construction device described below and the network target range training environment construction method described above may be referred to correspondingly, and the network target range training environment construction device includes:
the dynamic network configuration module 10 is configured to access a mobile terminal device into an ad hoc network environment in a dynamic host configuration protocol manner by using an ad hoc network system, acquire network configuration from a dynamic host configuration protocol server, and configure the mobile terminal device according to the network configuration;
mobile terminal equipment (including smart phones, tablet computers, network cameras, notebook computers and the like) in the access ad hoc network environment is accessed in a DHCP (Dynamic Host Configuration Protocol ) mode, and network configuration is obtained from a DHCP server. DHCP is a network protocol for a local area network.
The target scene template library acquisition module 20 is configured to acquire a target scene template library from a cloud security resource library according to a network target range training script, where the target scene template library includes a basic software template, an application software template and a business data template;
each target scenario template in the target scenario template library consists of the following common attributes: unique ID, template major class, template minor class, template name, template version number, template size, template MD5 check code, template acquisition path.
The loading module 30 is configured to load the target scene template library into the ad hoc network system in a manner of applying a container engine, so as to form a network target range training environment for deploying the vulnerability environment.
And automatically loading the vulnerability database into an ad hoc network system in a mode of applying a container engine (dock), thereby forming a dynamic network target range training environment for automatically deploying the vulnerability environment.
The invention relates to a network target range training environment construction device, which further comprises a command scheduling module, wherein the command scheduling module is used for:
after the target scene template library is automatically loaded, reporting the loading condition to a command and dispatch platform;
the command and dispatch platform is utilized to access the audio and video information of the dynamic network target range training environment into a visual large screen for real-time monitoring and dispatch command; the audio and video information comprises network topology, operating system information, application software information and security hole information.
After the information is loaded, the information is automatically reported to a command and dispatch platform, and the network topology, the operating system information, the application software information and the security vulnerability information of the whole training environment are combined into a visual large screen for subsequent command and dispatch operation. And by combining with scheduling software, the situation map dynamic display of each training unit is realized.
The invention relates to a network shooting range training environment construction device, which further comprises a mesh networking module, wherein the mesh networking module is used for:
establishing a centerless multi-hop mesh networking structure by utilizing an ad hoc network system;
and the networking equipment nodes in the mesh networking structure are connected and communicated in a many-to-many mode, so that each networking equipment node in the constructed mesh networking structure has more than one wireless uplink link.
The invention has the mesh networking function: the wireless network topology structure is superior to the traditional wireless point-to-point and point-to-multipoint topology structure, the availability of wireless transmission service is improved, and therefore the influence of barriers such as buildings in large-scale wireless network deployment of a network target range is solved.
The invention relates to a network target range training environment construction device, which further comprises a configuration-free networking module, wherein the configuration-free networking module is used for:
when a networking equipment node is started, each module in the networking equipment node discovers each other and determines the working mode of each module and an intelligent scanning channel;
when one or more new nodes are added into the mesh networking structure, the new nodes are found; after the new node is authorized to be networked, the new node is configured.
The invention has the function of configuration-free networking: and supporting automatic configuration capability, when the network node is started, each module in the node automatically discovers each other and automatically determines the functions of respective working modes, intelligent scanning channels and the like, and manual configuration of each device is not needed. When one or more newly added nodes in the network are selected, the system can automatically discover the new nodes, and the new nodes can be automatically configured after the nodes are subjected to networking authorization through the management interface. The ability of the present system to automatically configure and automatically discover is suitable for emergency situations and rapid deployment scenario requirements.
The invention relates to a network target range training environment construction device, which further comprises an intelligent routing module, wherein the intelligent routing module is used for:
each networking equipment node takes signal strength and network performance as indexes, and selects optimal path route flow from a plurality of wireless links at preset time intervals;
and adjusting the data path based on the optimal path routing traffic.
The invention also has the intelligent routing function: after the wireless network connection is established, a centerless self-organizing network structure is formed, and each network node continuously executes a decision algorithm at certain time intervals. The distributed intelligence of each node takes signal strength and network performance as indexes, selects optimal path routing traffic among a plurality of wireless links, and continuously and dynamically adjusts data paths, thereby restricting broadcasting and eliminating bottlenecks. This ensures that any network topology changes due to the addition or removal of network elements can be immediately detected and associated measures taken to ensure that the network is always in optimal performance and operation. Thus, the network has two ad hoc network characteristics of self-regulation of performance and automatic link repair. Before a fault occurs, the ad hoc network node keeps information of a main link and an alternative link and continuously and dynamically updates a link information list; when a certain point in the network fails due to power supply, damage and the like, other peripheral equipment can quickly select an alternative link with optimal parameters from the alternative link table as a main link.
The invention relates to a network shooting range training environment construction device, wherein the device further comprises an environment supplementing module, and the environment supplementing module is used for:
acquiring a network attack and defense tool library and a network security vulnerability library from the cloud security resource library; the network attack and defense tool library comprises an acquisition path, an installation script and a use instruction of each attack tool; the network security vulnerability library comprises an acquisition path, a technical principle, a deployment script and a use instruction of each vulnerability;
and supplementing the network target range training environment based on the network attack and defense tool library and the network security vulnerability library.
The attack tools in the network attack and defense tool library comprise various attack capacities such as port scanning, vulnerability discovery, password cracking, database penetration, cross-network attack, lux attack, phishing attack, social engineering attack, DDoS attack and the like; the defending tools comprise various defending capabilities such as a firewall, a WAF, virus killing, malicious code private killing, vulnerability protection, IDS, IPS, SOC and the like;
the security vulnerability database is in butt joint with important vulnerability platforms (CNVD, CNNVD, CVE and the like) in the industry, and obtains various security vulnerability information from a compliance channel, and the security vulnerability information is divided into six major categories, namely hardware, basic software, middleware, main stream application, network protocol and mobile Internet.
The invention relates to a network shooting range training environment construction device, wherein the device further comprises a virtualization module, and the virtualization module is used for:
providing hardware virtualization capability, and deploying a virtualization layer supporting an application container engine, wherein the virtualization layer is provided with a cloud platform for uniformly managing virtualized resources of various basic software.
Fig. 4 illustrates a physical schematic diagram of an electronic device, which may include: processor 310, communication interface (Communications Interface) 320, memory 330 and communication bus 340, wherein processor 310, communication interface 320, memory 330 accomplish communication with each other through communication bus 340. Processor 310 may invoke logic instructions in memory 330 to perform a network target training environment construction method comprising:
s1, accessing mobile terminal equipment into an ad hoc network environment in a dynamic host configuration protocol mode by utilizing an ad hoc network system, acquiring network configuration from a dynamic host configuration protocol server, and configuring the mobile terminal equipment according to the network configuration;
s2, acquiring a target scene template library from a cloud security resource library according to a network target range training script, wherein the target scene template library comprises a basic software template, an application software template and a business data template;
s3, loading the target scene template library into the ad hoc network system in a container engine application mode to form a network target range training environment for deploying the vulnerability environment.
Further, the logic instructions in the memory 330 described above may be implemented in the form of software functional units and may be stored in a computer-readable storage medium when sold or used as a stand-alone product. Based on this understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
In another aspect, the present invention also provides a computer program product comprising a computer program stored on a non-transitory computer readable storage medium, the computer program comprising program instructions which, when executed by a computer, enable the computer to perform a method of constructing a network target training environment provided by the methods described above, the method comprising:
s1, accessing mobile terminal equipment into an ad hoc network environment in a dynamic host configuration protocol mode by utilizing an ad hoc network system, acquiring network configuration from a dynamic host configuration protocol server, and configuring the mobile terminal equipment according to the network configuration;
s2, acquiring a target scene template library from a cloud security resource library according to a network target range training script, wherein the target scene template library comprises a basic software template, an application software template and a business data template;
s3, loading the target scene template library into the ad hoc network system in a container engine application mode to form a network target range training environment for deploying the vulnerability environment.
In yet another aspect, the present invention further provides a non-transitory computer readable storage medium having stored thereon a computer program which, when executed by a processor, is implemented to perform the above-provided network range training environment construction methods, the method comprising:
s1, accessing mobile terminal equipment into an ad hoc network environment in a dynamic host configuration protocol mode by utilizing an ad hoc network system, acquiring network configuration from a dynamic host configuration protocol server, and configuring the mobile terminal equipment according to the network configuration;
s2, acquiring a target scene template library from a cloud security resource library according to a network target range training script, wherein the target scene template library comprises a basic software template, an application software template and a business data template;
s3, loading the target scene template library into the ad hoc network system in a container engine application mode to form a network target range training environment for deploying the vulnerability environment.
The apparatus embodiments described above are merely illustrative, wherein the elements illustrated as separate elements may or may not be physically separate, and the elements shown as elements may or may not be physical elements, may be located in one place, or may be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. Those of ordinary skill in the art will understand and implement the present invention without undue burden.
From the above description of the embodiments, it will be apparent to those skilled in the art that the embodiments may be implemented by means of software plus necessary general hardware platforms, or of course may be implemented by means of hardware. Based on this understanding, the foregoing technical solution may be embodied essentially or in a part contributing to the prior art in the form of a software product, which may be stored in a computer readable storage medium, such as ROM/RAM, a magnetic disk, an optical disk, etc., including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method described in the respective embodiments or some parts of the embodiments.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and are not limiting; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.
Claims (7)
1. The method for constructing the network target range training environment is characterized by comprising the following steps of:
accessing mobile terminal equipment into an ad hoc network environment in a dynamic host configuration protocol mode by utilizing an ad hoc network system, acquiring network configuration from a dynamic host configuration protocol server, and configuring the mobile terminal equipment according to the network configuration;
acquiring a target scene template library from a cloud security resource library according to a network target range training script, wherein the target scene template library comprises a basic software template, an application software template and a business data template;
loading the target scene template library into the ad hoc network system in a container engine application mode to form a network target range training environment for deploying a vulnerability environment;
the method for accessing the mobile terminal equipment into the ad hoc network environment in a dynamic host configuration protocol mode by utilizing the ad hoc network system, and before obtaining the network configuration from a dynamic host configuration protocol server, comprises the following steps:
establishing a centerless multi-hop mesh networking structure by utilizing an ad hoc network system;
the networking equipment nodes in the mesh networking structure are connected and communicated in a many-to-many mode, so that each networking equipment node in the constructed mesh networking structure is provided with more than one wireless uplink link;
the method for accessing the mobile terminal equipment into the ad hoc network environment in a dynamic host configuration protocol mode by utilizing the ad hoc network system, and before obtaining the network configuration from a dynamic host configuration protocol server, comprises the following steps:
each networking equipment node takes signal strength and network performance as indexes, and selects optimal path route flow from a plurality of wireless links at preset time intervals;
adjusting a data path based on the optimal path routing traffic;
the method for loading the target scene template library into the ad hoc network system in a container engine mode to form a network target range training environment for deploying a vulnerability environment comprises the following steps:
after the target scene template library is loaded, reporting the loading condition to a command scheduling platform;
the command and dispatch platform is utilized to access the audio and video information of the dynamic network target range training environment into a visual large screen for real-time monitoring and dispatch command; the audio and video information comprises network topology, operating system information, application software information and security hole information.
2. The method for constructing a network target range training environment according to claim 1, wherein the step of using the ad hoc network system to access the mobile terminal device to the ad hoc network environment in a dynamic host configuration protocol manner and acquiring the network configuration from the dynamic host configuration protocol server comprises:
when a networking equipment node is started, each module in the networking equipment node discovers each other and determines the working mode of each module and an intelligent scanning channel;
when one or more new nodes are added into the mesh networking structure, the new nodes are found; after the new node is authorized to be networked, the new node is configured.
3. The method for constructing a network shooting range training environment according to claim 1, wherein after the target scene template library is obtained from the cloud security resource library according to the network shooting range training script, the method comprises:
acquiring a network attack and defense tool library and a network security vulnerability library from the cloud security resource library; the network attack and defense tool library comprises an acquisition path, an installation script and a use instruction of each attack tool; the network security vulnerability library comprises an acquisition path, a technical principle, a deployment script and a use instruction of each vulnerability;
and supplementing the network target range training environment based on the network attack and defense tool library and the network security vulnerability library.
4. The method for constructing a network shooting range training environment according to claim 1, wherein after the target scene template library is obtained from the cloud security resource library according to the network shooting range training script, the method comprises:
providing hardware virtualization capability, and deploying a virtualization layer supporting an application container engine, wherein the virtualization layer is provided with a cloud platform for uniformly managing virtualized resources of various basic software.
5. A network target range training environment construction apparatus, comprising:
the dynamic network configuration module is used for accessing the mobile terminal equipment into an ad hoc network environment in a dynamic host configuration protocol mode by utilizing an ad hoc network system, acquiring network configuration from a dynamic host configuration protocol server, and configuring the mobile terminal equipment according to the network configuration;
the target scene template library acquisition module is used for acquiring a target scene template library from the cloud security resource library according to the network target range training script, wherein the target scene template library comprises a basic software template, an application software template and a business data template;
the loading module is used for loading the target scene template library into the ad hoc network system in a container engine application mode to form a network target range training environment for deploying the vulnerability environment;
the system also comprises a network structure optimization module for:
establishing a centerless multi-hop mesh networking structure by utilizing an ad hoc network system;
the networking equipment nodes in the mesh networking structure are connected and communicated in a many-to-many mode, so that each networking equipment node in the constructed mesh networking structure is provided with more than one wireless uplink link;
each networking equipment node takes signal strength and network performance as indexes, and selects optimal path route flow from a plurality of wireless links at preset time intervals;
adjusting a data path based on the optimal path routing traffic;
the system further comprises a command scheduling module, wherein the command scheduling module is used for:
after the target scene template library is loaded, reporting the loading condition to a command scheduling platform;
the command and dispatch platform is utilized to access the audio and video information of the dynamic network target range training environment into a visual large screen for real-time monitoring and dispatch command; the audio and video information comprises network topology, operating system information, application software information and security hole information.
6. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor performs the steps of the method of constructing a network range training environment as claimed in any one of claims 1 to 4.
7. A non-transitory computer readable storage medium having stored thereon a computer program, which when executed by a processor, implements the steps of the network range training environment construction method of any of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111499060.9A CN114301784B (en) | 2021-12-09 | 2021-12-09 | Method and device for constructing network target range training environment, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111499060.9A CN114301784B (en) | 2021-12-09 | 2021-12-09 | Method and device for constructing network target range training environment, electronic equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114301784A CN114301784A (en) | 2022-04-08 |
| CN114301784B true CN114301784B (en) | 2024-02-09 |
Family
ID=80967378
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111499060.9A Active CN114301784B (en) | 2021-12-09 | 2021-12-09 | Method and device for constructing network target range training environment, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114301784B (en) |
Families Citing this family (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114915467A (en) * | 2022-04-21 | 2022-08-16 | 南京联成科技发展股份有限公司 | System and method for realizing network security attack and defense drilling |
| US11689420B1 (en) * | 2022-04-28 | 2023-06-27 | Cisco Technology, Inc. | Template based edge cloud core deployment |
| CN115190042B (en) * | 2022-06-16 | 2023-09-08 | 南京赛宁信息技术有限公司 | Network target range target access state detection system and method |
| CN114816513B (en) * | 2022-06-29 | 2022-09-20 | 湖南大佳数据科技有限公司 | Fusion system and method of network security target range and satellite navigation training system |
| CN114818396B (en) * | 2022-06-29 | 2022-09-20 | 湖南大佳数据科技有限公司 | Network security shooting range system and drilling method for satellite navigation system |
| CN115208660B (en) * | 2022-07-14 | 2024-03-22 | 软极网络技术(北京)有限公司 | Transparent access method for network target range equipment |
| CN116319482B (en) * | 2023-05-22 | 2023-08-22 | 南京赛宁信息技术有限公司 | Wazuh-based custom probe acquisition system and method in network target range |
| CN116506440B (en) * | 2023-06-19 | 2023-08-29 | 中国人民解放军陆军航空兵学院 | LVC (Linear variable capacitance) integration method and system for combined test training |
| CN117118868A (en) * | 2023-07-03 | 2023-11-24 | 合肥拓扑信息科技有限公司 | Distributed mobile ad hoc network target monitoring and evaluating system and method |
| CN117808275A (en) * | 2024-03-01 | 2024-04-02 | 江苏天创科技有限公司 | ACS visualization technology-based target range management method and system |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104936168A (en) * | 2015-05-04 | 2015-09-23 | 北京柏惠维康科技有限公司 | Efficient wireless mesh networking method |
| CN105792295A (en) * | 2016-03-02 | 2016-07-20 | 南京邮电大学 | Virtual fast switching method for wireless Mesh network based on dynamic cluster |
| CN108021428A (en) * | 2017-12-05 | 2018-05-11 | 华迪计算机集团有限公司 | A kind of method and system that network target range is realized based on Docker |
| CN110109756A (en) * | 2019-04-28 | 2019-08-09 | 北京永信至诚科技股份有限公司 | A kind of network target range construction method, system and storage medium |
| CN110912890A (en) * | 2019-11-22 | 2020-03-24 | 上海交通大学 | Novel vulnerability attack detection system for intranet |
| CN110943969A (en) * | 2019-10-08 | 2020-03-31 | 成都天和讯达科技有限公司 | Network attack scene reproduction method, system, equipment and storage medium |
| CN111464567A (en) * | 2020-06-16 | 2020-07-28 | 鹏城实验室 | Configuration method and device of attack and defense shooting range system and storage medium |
| CN111540245A (en) * | 2020-04-08 | 2020-08-14 | 深圳拼客信息科技有限公司 | Network information safety training system and method based on virtualization technology simulation |
| CN111600913A (en) * | 2020-07-22 | 2020-08-28 | 南京赛宁信息技术有限公司 | Self-adaptive access method and system for real equipment in attack and defense scene of network shooting range |
| CN112448857A (en) * | 2021-02-01 | 2021-03-05 | 博智安全科技股份有限公司 | Construction method, device and equipment of target range and storage medium |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR100789773B1 (en) * | 2006-12-08 | 2007-12-28 | 한국전자통신연구원 | A mesh networking auto configuration method, virtual link setting method, packet transmission method and terminal for its in multi hop wireless lan |
-
2021
- 2021-12-09 CN CN202111499060.9A patent/CN114301784B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104936168A (en) * | 2015-05-04 | 2015-09-23 | 北京柏惠维康科技有限公司 | Efficient wireless mesh networking method |
| CN105792295A (en) * | 2016-03-02 | 2016-07-20 | 南京邮电大学 | Virtual fast switching method for wireless Mesh network based on dynamic cluster |
| CN108021428A (en) * | 2017-12-05 | 2018-05-11 | 华迪计算机集团有限公司 | A kind of method and system that network target range is realized based on Docker |
| CN110109756A (en) * | 2019-04-28 | 2019-08-09 | 北京永信至诚科技股份有限公司 | A kind of network target range construction method, system and storage medium |
| CN110943969A (en) * | 2019-10-08 | 2020-03-31 | 成都天和讯达科技有限公司 | Network attack scene reproduction method, system, equipment and storage medium |
| CN110912890A (en) * | 2019-11-22 | 2020-03-24 | 上海交通大学 | Novel vulnerability attack detection system for intranet |
| CN111540245A (en) * | 2020-04-08 | 2020-08-14 | 深圳拼客信息科技有限公司 | Network information safety training system and method based on virtualization technology simulation |
| CN111464567A (en) * | 2020-06-16 | 2020-07-28 | 鹏城实验室 | Configuration method and device of attack and defense shooting range system and storage medium |
| CN111600913A (en) * | 2020-07-22 | 2020-08-28 | 南京赛宁信息技术有限公司 | Self-adaptive access method and system for real equipment in attack and defense scene of network shooting range |
| CN112448857A (en) * | 2021-02-01 | 2021-03-05 | 博智安全科技股份有限公司 | Construction method, device and equipment of target range and storage medium |
Non-Patent Citations (5)
| Title |
|---|
| "Formal Verification of orchestration Templates for Reliable Deployment with Openstack Heat";AdjiaNdeyeSylla等;《IEEE》;全文 * |
| "网络空间安全靶场技术研究及系统架构设计";赵静;;《电脑知识与技术》(03);全文 * |
| "铁路网络安全靶场设计与研究";祝咏升等;《铁路计算机应用》;第30卷(第8期);全文 * |
| "铁路网络安全靶场设计及构建技术研究";姚洪磊等;《2020中国网络安全等级保护和关键信息基础设施保护大会论文集》;全文 * |
| "面向网络空间的攻防靶场设计";吴怡晨;王轶骏;薛质;;《通信技术》(10);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114301784A (en) | 2022-04-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN114301784B (en) | Method and device for constructing network target range training environment, electronic equipment and storage medium | |
| Panwar et al. | A survey on 5G: The next generation of mobile communication | |
| CN105430688B (en) | A kind of wlan system based on software defined network | |
| WO2008011149A2 (en) | Managing wireless base stations using a distributed virtual base station manager | |
| CN109417492A (en) | A kind of network function NF management method and NF management equipment | |
| CN102170639B (en) | Authentication method of distributed wireless Ad Hoc network | |
| JP2023502393A (en) | Systems and methods for multi-operator distributed antenna systems | |
| CN106993302A (en) | A kind of method of testing and system of AP equipment | |
| US11558813B2 (en) | Apparatus and method for network automation in wireless communication system | |
| CN105873057A (en) | Pseudo base station protection method and system | |
| CN113727331B (en) | 5G base station deployment method and device | |
| CN104703211B (en) | A kind of virtualization cut-in method and equipment | |
| US20170063616A1 (en) | Rapid response networking kit | |
| CN113938874A (en) | Data processing method, device, equipment and system | |
| Rusdan | Design of wireless network system for digital village using wireless distribution system | |
| RU2693903C1 (en) | Method, apparatus and processing system for expanded port | |
| Xu et al. | Fast deployment of emergency fog service for disaster response | |
| CN102065509B (en) | Wireless mesh network system | |
| CN102905294A (en) | LWAPP (Light Weight Access Point Protocol) link backup method and device | |
| Ashraf et al. | WiMesh: leveraging mesh networking for disaster communication in resource-constrained settings | |
| Wetterwald et al. | SDN for public safety networks | |
| CN116867108A (en) | Method for reconstructing key service capability of user plane function network element and communication device | |
| WO2017219322A1 (en) | Visible light communication access method, apparatus, device, and system | |
| Gilani et al. | Mobility scenarios into future wireless access network | |
| CN114173318A (en) | Method, device and equipment for identifying to-be-optimized area |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |