CN114338185B - Method and device for processing flag, electronic equipment and computer readable medium - Google Patents
Method and device for processing flag, electronic equipment and computer readable medium Download PDFInfo
- Publication number
- CN114338185B CN114338185B CN202111652478.9A CN202111652478A CN114338185B CN 114338185 B CN114338185 B CN 114338185B CN 202111652478 A CN202111652478 A CN 202111652478A CN 114338185 B CN114338185 B CN 114338185B
- Authority
- CN
- China
- Prior art keywords
- flag
- user
- dynamic
- target tcp
- tcp message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 53
- 238000012545 processing Methods 0.000 title claims abstract description 46
- 238000013507 mapping Methods 0.000 claims abstract description 30
- 238000003672 processing method Methods 0.000 claims abstract description 10
- 238000001914 filtration Methods 0.000 claims description 7
- 230000009471 action Effects 0.000 claims description 5
- 238000004422 calculation algorithm Methods 0.000 claims description 3
- 238000004590 computer program Methods 0.000 claims description 3
- 230000002452 interceptive effect Effects 0.000 claims description 3
- 230000002441 reversible effect Effects 0.000 claims description 3
- 238000005516 engineering process Methods 0.000 claims description 2
- 230000006399 behavior Effects 0.000 abstract description 6
- 238000010586 diagram Methods 0.000 description 11
- 230000008569 process Effects 0.000 description 9
- 238000012986 modification Methods 0.000 description 4
- 230000004048 modification Effects 0.000 description 4
- 230000003287 optical effect Effects 0.000 description 4
- 230000004044 response Effects 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 3
- 238000004891 communication Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 230000035515 penetration Effects 0.000 description 3
- 238000010276 construction Methods 0.000 description 2
- 238000001514 detection method Methods 0.000 description 2
- 238000002347 injection Methods 0.000 description 2
- 239000007924 injection Substances 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- 239000013307 optical fiber Substances 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 239000000243 solution Substances 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000012937 correction Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000003252 repetitive effect Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000002123 temporal effect Effects 0.000 description 1
Abstract
The application relates to a method and a device for processing a flag based on a secure competition environment, electronic equipment and a computer readable medium. The method comprises the following steps: performing association mapping on the virtual machine service port based on browser access of the user; generating a dynamic flag based on a token of a user and a port of an associated map; extracting a target TCP message according to the matching rule; replacing the original flag in the target TCP message with the dynamic flag; and resending the replaced target TCP message. According to the safe competition environment-based Flag processing method, device, electronic equipment and computer readable medium, the safe Flag can be generated rapidly under the non-dock environment without the independent Flag page, isolated safe Flag information is provided for different competition players, and the resistance capability of a competition platform to cheating behaviors is improved.
Description
Technical Field
The present application relates to the field of network and information security, and in particular, to a method, an apparatus, an electronic device, and a computer readable medium for processing a flag based on a secure competition environment.
Background
The comprehensive penetration mode of the network security competition is generally used for simulating a relatively real enterprise production environment, and target aircraft authorities distributed in different network areas are acquired by a team through penetration, so that corresponding flag is read.
The generation and processing of dynamic flag are the main method for alleviating cheating in the network security competition process. Aiming at the dock environment with a flag page, the operation modes are divided into two types, wherein when the game question information is recorded to a CTF online competition platform, multiple sets of environments with different other contents and the same content are deployed in one question, so that the aim of different answers of partial users is fulfilled; the other is that the flash injection script for modifying the online environment rewrites the page in the sed-i mode to realize the flash non-uniqueness, so that the cheating behavior can be relieved.
Most of the methods in the prior art are based on a dynamic flag generation and processing mode of a dock environment and a problem solving mode security competition, and the obvious defects are as follows: 1) The method is realized by selecting a flag injection mode, the realization process needs to modify, inject and deploy scenes one by one, and the operation and maintenance work is complex; 2) The CTF competition outside the dock environment without the independent flag page cannot be supported, for example: and generating and processing dynamic flag based on KVM scene security competition under the modes of comprehensive penetration and the like.
Therefore, there is a need for a new method, apparatus, electronic device, and computer-readable medium for processing a flag based on a secure competition environment.
The above information disclosed in the background section is only for enhancement of understanding of the background of the application and therefore it may contain information that does not form the prior art that is already known to a person of ordinary skill in the art.
Disclosure of Invention
In view of this, the present application provides a method, an apparatus, an electronic device, and a computer readable medium for processing a Flag based on a secure competition environment, which can quickly generate a Flag that can verify security in a non-dock environment without an independent Flag page, and provide isolated security Flag information for different competitors, so as to improve the resistance of a competition platform to cheating actions.
Other features and advantages of the present application will be apparent from the following detailed description, or may be learned in part by the practice of the application.
According to an aspect of the present application, a method for processing a flag based on a secure competition environment is provided, the method including: performing association mapping on the virtual machine service port based on browser access of the user; generating a dynamic flag based on a token of a user and a port of an associated map; extracting a target TCP message according to the matching rule; replacing the original flag in the target TCP message with the dynamic flag; and resending the replaced target TCP message.
In an exemplary embodiment of the present application, performing association mapping on virtual machine service ports based on browser accesses of a user includes: user authentication is carried out on a user based on browser access of the user; after the user authentication is passed, the user is connected to an operating machine to perform association mapping on the virtual machine service port.
In an exemplary embodiment of the present application, connecting the user to an operator to perform association mapping on virtual machine service ports includes: connecting the user to an operator through a virtual network console; and performing association mapping on the virtual network console service ports of the virtual machines.
In an exemplary embodiment of the present application, generating a dynamic flag based on a token of a user and a port of an association map includes: and generating a dynamic flag based on the encryption reversible algorithm, the token of the user and the port of the associated mapping.
In an exemplary embodiment of the present application, extracting a target TCP packet according to a matching rule includes: determining the matching rule; filtering the flow data based on the matching rule; and extracting the target TCP message according to the filtering result.
In an exemplary embodiment of the present application, determining the matching rule includes: generating a virtual switch internal flow table of a range calculation node by the matching item based on the matching item and the action, and generating the matching rule based on the virtual switch internal flow table; and/or generating the matching rule based on a strategy matched with the original flag setting rule.
In an exemplary embodiment of the present application, replacing the original flag in the target TCP packet with the dynamic flag includes: the interactive data packet processing technology replaces the original flag in the target TCP message with the dynamic flag.
According to an aspect of the present application, there is provided a flag processing device based on a secure competition environment, the device including: the access module is used for carrying out association mapping on the virtual machine service port based on browser access of the user; the dynamic module is used for generating dynamic flag based on the token of the user and the ports of the associated mapping; the message module is used for extracting a target TCP message according to the matching rule; a replacing module, configured to replace an original flag in the target TCP packet with the dynamic flag; and the retransmission module is used for retransmitting the replaced target TCP message.
According to an aspect of the present application, there is provided an electronic device including: one or more processors; a storage means for storing one or more programs; when the one or more programs are executed by the one or more processors, the one or more processors are caused to implement the methods as described above.
According to an aspect of the present application, a computer-readable medium is presented, on which a computer program is stored, which program, when being executed by a processor, implements a method as described above.
According to the method, the device, the electronic equipment and the computer readable medium for processing the flag based on the secure competition environment, the virtual machine service port is subjected to association mapping through browser access based on a user; generating a dynamic flag based on a token of a user and a port of an associated map; extracting a target TCP message according to the matching rule; replacing the original flag in the target TCP message with the dynamic flag; the mode of retransmitting the replaced target TCP message can quickly generate the verifiable safe Flag under the non-dock environment without the independent Flag page, provide isolated safe Flag information for different contestants, and improve the resistance of the competition platform to cheating behaviors.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the application.
Drawings
The above and other objects, features and advantages of the present application will become more apparent by describing in detail exemplary embodiments thereof with reference to the attached drawings. The drawings described below are only some embodiments of the present application and other drawings may be obtained from these drawings without inventive effort for a person of ordinary skill in the art.
FIG. 1 is an application block diagram of a method and apparatus for processing a flag based on a secure competition environment, according to an example embodiment.
FIG. 2 is a schematic diagram illustrating a method and apparatus for processing a flag based on a secure competition environment, according to an example embodiment.
FIG. 3 is a flowchart illustrating a method of flag processing based on a secure competition environment, according to an example embodiment.
FIG. 4 is a flowchart illustrating a method of flag processing based on a secure competition environment, according to another exemplary embodiment.
FIG. 5 is a flowchart illustrating a method of flag processing based on a secure competition environment, according to another exemplary embodiment.
FIG. 6 is a block diagram of a flag processing device based on a secure competition environment, according to another illustrative embodiment.
Fig. 7 is a block diagram of an electronic device, according to an example embodiment.
Fig. 8 is a block diagram of a computer-readable medium shown according to an example embodiment.
Description of the embodiments
Example embodiments will now be described more fully with reference to the accompanying drawings. However, the exemplary embodiments can be embodied in many forms and should not be construed as limited to the embodiments set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of the example embodiments to those skilled in the art. The same reference numerals in the drawings denote the same or similar parts, and thus a repetitive description thereof will be omitted.
Furthermore, the described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. In the following description, numerous specific details are provided to give a thorough understanding of embodiments of the present application. One skilled in the relevant art will recognize, however, that the aspects of the application can be practiced without one or more of the specific details, or with other methods, components, devices, steps, etc. In other instances, well-known methods, devices, implementations, or operations are not shown or described in detail to avoid obscuring aspects of the application.
The block diagrams depicted in the figures are merely functional entities and do not necessarily correspond to physically separate entities. That is, the functional entities may be implemented in software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor devices and/or microcontroller devices.
The flow diagrams depicted in the figures are exemplary only, and do not necessarily include all of the elements and operations/steps, nor must they be performed in the order described. For example, some operations/steps may be decomposed, and some operations/steps may be combined or partially combined, so that the order of actual execution may be changed according to actual situations.
It will be understood that, although the terms first, second, third, etc. may be used herein to describe various components, these components should not be limited by these terms. These terms are used to distinguish one element from another element. Thus, a first component discussed below could be termed a second component without departing from the teachings of the present application concept. As used herein, the term "and/or" includes any one of the associated listed items and all combinations of one or more.
Those skilled in the art will appreciate that the drawings are schematic representations of example embodiments, and that the modules or flows in the drawings are not necessarily required to practice the present application, and therefore, should not be taken to limit the scope of the present application.
The method and the device for processing the flag based on the safe competition environment can be used for generating and processing the flag in the safe competition environment facing the operation scene of the KVM virtual machine; and the key modules in the patent can be independently deployed, and the generation and the processing of the dynamic flag of the dock environment are realized under the condition that the game environment is not modified one by one, so that the fairness of the safe competition is ensured.
The method and the device for processing the flag based on the safe competition environment cover user authentication, dynamic flag generation and flag safety detection.
The user authentication method in the application comprises user authentication, operation machine connection through the VNC, and associated mapping of the virtual machine VNC service ports, so that the effectiveness of the user on the competition environment operation is ensured. The protection points of the claims are as follows: unlike prior patents directed to the dock environment, the present patent is applicable to security contests involving KVM virtual machine operating scenarios.
The dynamic flag generation mode can realize the construction of dynamic flag based on a user token, a mapping port and the like;
the flag safety detection mode in the application can intercept key TCP messages (HTTP response head, HTTP response body and original flag of flag file), and complete dynamic flag information replacement and message reconstruction transmission. The protection points of the claims are as follows: no modification and rewriting of the game question environment is involved.
The following describes the content of the present application in detail with reference to specific examples.
FIG. 1 is an application block diagram of a method and apparatus for processing a flag based on a secure competition environment, according to an example embodiment.
As shown in fig. 1, the system architecture 10 may include client devices 101, 102, 103, a network 104, and a server 105. The network 104 is the medium used to provide communication links between the client devices 101, 102, 103 and the server 105. The network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, among others.
A user may interact with the server 105 via the network 104 using the client devices 101, 102, 103 to receive or send messages, etc. Various network security competition applications and the like can be installed on the user side devices 101, 102 and 103.
The client devices 101, 102, 103 may be a variety of electronic devices having a display screen and supporting web browsing, including but not limited to smartphones, tablets, laptop and desktop computers, and the like.
The server 105 may be a server providing various services, such as a background management server providing support for web-enabled racing applications that users browse with the client devices 101, 102, 103. The background management server can analyze the received data and feed back the processing result to the terminal equipment.
The server 105 may associate the virtual machine service ports, for example, based on the user's browser access; the server 105 may generate a dynamic flag, for example, based on the user's token and the port of the association map; server 105 may extract the target TCP message, for example, according to the matching rules; the server 105 may, for example, replace the original flag in the target TCP packet with the dynamic flag; server 105 may, for example, resend the replaced target TCP message.
The server 105 may be an entity server, or may be a plurality of servers, for example, it should be noted that the method for processing a flag based on a secure competition environment provided in the embodiments of the present application may be executed by the server 105, and accordingly, a flag processing device based on the secure competition environment may be set in the server 105. While the web page side provided to the user for the web secure contest application is typically located in the user side devices 101, 102, 103.
FIG. 2 is a schematic diagram illustrating a method and apparatus for processing a flag based on a secure competition environment, according to an example embodiment.
The logical flow of user operation virtual machine is shown in fig. 2, the server 105 obtains access from a browser of the internet, related operation of the user can be based on the remote desktop service connecting to the KVM server, dynamic flag is generated based on the access of the user, the user can continue to access other functions in the KVM server, and the operator can also be accessed.
The logic flow direction returned by the secure competition platform to the user is shown in fig. 2, message data generated by the related operation of the user on the operation machine is obtained, the target TCP message is extracted according to the matching rule, the original flag in the target TCP message is replaced by the dynamic flag, and then the replaced message is returned according to the original flow direction of the message and the original path.
FIG. 3 is a flowchart illustrating a method of flag processing based on a secure competition environment, according to an example embodiment. The safe competition environment-based flag processing method 30 includes at least steps S302 to S310.
As shown in fig. 3, in S302, the virtual machine service port is mapped based on the browser access of the user. User authentication may be performed on a user based on the user's browser access; after the user authentication is passed, the user is connected to an operating machine to perform association mapping on the virtual machine service port.
More specifically, the user may be connected to an operator through a Virtual Network Console (VNC); and performing association mapping on the virtual network console service ports of the virtual machines.
Details of the "associating mapping virtual machine service ports based on user browser access" are described in detail in the corresponding embodiment of fig. 4.
In S304, a dynamic flag is generated based on the token of the user and the port of the association map. Dynamic flag may be generated based on the encryption reversible algorithm and the token, port of the user, associated map.
In S306, the target TCP packet is extracted according to the matching rule. The matching rule may be determined; filtering the flow data based on the matching rule; and extracting the target TCP message according to the filtering result.
In S308, the original flag in the target TCP packet is replaced with the dynamic flag. The original flag in the target TCP message may be replaced with the dynamic flag based on an interactive packet processing technique.
The TCP message (HTTP response head, HTTP response body, original flag information in file content) can be intercepted by configuring the virtual switch flow table, and the dynamic flag information replacement and message reconstruction transmission can be completed.
In S310, the replaced target TCP message is resent. And after the original Flag is matched, replacing the safety Flag information and retransmitting the TCP message. The TCP message reconstruction and transmission can be carried out through a Scapy tool. Different from other patents, the method does not carry out flag correction or page rewriting one by one on the game environment.
According to the safe competition environment-based flag processing method, the virtual machine service ports are subjected to association mapping through browser access based on users; generating a dynamic flag based on a token of a user and a port of an associated map; extracting a target TCP message according to the matching rule; replacing the original flag in the target TCP message with the dynamic flag; the mode of retransmitting the replaced target TCP message can quickly generate the verifiable safe Flag under the non-dock environment without the independent Flag page, provide isolated safe Flag information for different contestants, and improve the resistance of the competition platform to cheating behaviors.
According to the flag processing method based on the safe competition environment, under the condition that a competition question rewriting flag page is not required to be modified, the robustness of a safe competition platform is enhanced, and the fairness of the safe competition is ensured.
It should be clearly understood that this application describes how to make and use particular examples, but the principles of this application are not limited to any details of these examples. Rather, these principles can be applied to many other embodiments based on the teachings of the present disclosure.
FIG. 4 is a flowchart illustrating a method of flag processing based on a secure competition environment, according to another exemplary embodiment. The process 40 shown in fig. 4 is a detailed description of S302 "associate mapping virtual machine service ports based on browser access of the user" in the process shown in fig. 3.
As shown in FIG. 4, in S402, the browser accesses, and more particularly HTTP accesses, with the screen ID parameter.
In S404, whether a session state exists.
In S406, whether it is a learner role.
In S408, the user identifier userID is extracted, the database is queried, and it is determined whether the user is a start scene.
In S410, the database is queried to determine if the scene has been started.
In S412, the VMMachine table is queried based on the screen ID, and access information such as IP of the operator is acquired.
In S414, guacamole is called, and protocol, IP, port, width, height parameters are filled in.
In S416, the process ends.
User authentication can adopt a shiro authentication framework, an operator is connected through a VNC and the association mapping of the VNC service ports of the virtual machine is realized, and the user authentication can be integrated with a secure competition platform by adopting a Guacamole for example: in the administrator interface and the learner interface, web remote desktop access is provided for the activated KVM scenario to operate the virtual machine. The effectiveness of the user on the competition environment operation is ensured.
FIG. 5 is a flowchart illustrating a method of flag processing based on a secure competition environment, according to another exemplary embodiment. The flow 50 shown in fig. 5 is a detailed description of S306 "extract target TCP packet according to matching rule" in the flow shown in fig. 3.
As shown in fig. 5, in S502, the matching rule is determined. Generating a virtual switch internal flow table of a target range computing node based on the matching item and the action, and generating the matching rule based on the virtual switch internal flow table; the matching rules may also be generated based on policies that match the original flag setting rules.
In S504, the traffic data is filtered based on the matching rule.
In S506, the target TCP packet is extracted according to the filtering result.
In one embodiment, the topic node virtual switch may be addressed by an ovsofctl command tool employing an OpenVswitch component; and issuing a stream table, wherein the stream table comprises a matching item and an action, and the matching item is set to be that the source IP is the IP address in the question-racing node, the target IP is the IP address in the operator node and the like.
In another embodiment, for more accurate matching of TCP packets carrying flags, fields matching the Flag setting rules may also be used by matching the protocol type.
Compared with the prior art, the application has the advantages that:
1. on the basis of generating a token through basic user authentication, the operation machine is connected through the VNC, and the association mapping of the VNC service ports of the virtual machine is realized, so that the safe verifiable flag can be quickly generated under the non-dock environment without an independent flag page, the KVM related to a multi-layer network structure and other virtual machine operation environments.
2. By configuring the internal flow table of the virtual switch on the CTF game node, intercepting the message is recorded, dynamic Flag is realized through message reconstruction and sending, no modification is made to the existing game terminal and game environment, isolated safe Flag information is provided for different game players, and the resistance of a game platform to cheating behaviors is improved.
3. The method can be singly transplanted to a dock environment covered by the prior patent for use, realizes generation and processing of dynamic flag, has no modification to the prior game environment, and greatly reduces operation and maintenance work.
Those skilled in the art will appreciate that all or part of the steps implementing the above described embodiments are implemented as a computer program executed by a CPU. When executed by a CPU, performs the functions defined by the above methods provided herein. The program may be stored in a computer readable storage medium, which may be a read-only memory, a magnetic disk or an optical disk, etc.
Furthermore, it should be noted that the above-described figures are merely illustrative of the processes involved in the method according to the exemplary embodiments of the present application, and are not intended to be limiting. It will be readily appreciated that the processes shown in the above figures do not indicate or limit the temporal order of these processes. In addition, it is also readily understood that these processes may be performed synchronously or asynchronously, for example, among a plurality of modules.
The following are device embodiments of the present application, which may be used to perform method embodiments of the present application. For details not disclosed in the device embodiments of the present application, please refer to the method embodiments of the present application.
FIG. 6 is a block diagram of a flag processing device based on a secure competition environment, according to another illustrative embodiment. As shown in fig. 6, the security competition environment-based flag processing apparatus 60 includes: an access module 602, a dynamic module 604, a message module 606, a replacement module 608, and a resending module 610.
The access module 602 is configured to perform association mapping on a virtual machine service port based on browser access of a user;
the dynamic module 604 is configured to generate a dynamic flag based on the token of the user and the port of the association map;
the message module 606 is configured to extract a target TCP message according to the matching rule;
the replacing module 608 is configured to replace an original flag in the target TCP packet with the dynamic flag;
the retransmission module 610 is configured to retransmit the replaced target TCP packet.
According to the flag processing device based on the secure competition environment, the virtual machine service port is subjected to association mapping through browser access based on a user; generating a dynamic flag based on a token of a user and a port of an associated map; extracting a target TCP message according to the matching rule; replacing the original flag in the target TCP message with the dynamic flag; the mode of retransmitting the replaced target TCP message can quickly generate the verifiable safe Flag under the non-dock environment without the independent Flag page, provide isolated safe Flag information for different contestants, and improve the resistance of the competition platform to cheating behaviors.
Fig. 7 is a block diagram of an electronic device, according to an example embodiment.
An electronic device 700 according to this embodiment of the present application is described below with reference to fig. 7. The electronic device 700 shown in fig. 7 is merely an example, and should not be construed as limiting the functionality and scope of use of the embodiments herein.
As shown in fig. 7, the electronic device 700 is embodied in the form of a general purpose computing device. Components of electronic device 700 may include, but are not limited to: at least one processing unit 710, at least one memory unit 720, a bus 730 connecting the different system components (including the memory unit 720 and the processing unit 710), a display unit 740, and the like.
Wherein the storage unit stores program code that is executable by the processing unit 710 such that the processing unit 710 performs steps described in the present specification according to various exemplary embodiments of the present application. For example, the processing unit 710 may perform the steps as shown in fig. 3, 4, and 5.
The memory unit 720 may include readable media in the form of volatile memory units, such as Random Access Memory (RAM) 7201 and/or cache memory 7202, and may further include Read Only Memory (ROM) 7203.
The storage unit 720 may also include a program/utility 7204 having a set (at least one) of program modules 7205, such program modules 7205 including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each or some combination of which may include an implementation of a network environment.
Bus 730 may be a bus representing one or more of several types of bus structures including a memory unit bus or memory unit controller, a peripheral bus, an accelerated graphics port, a processing unit, or a local bus using any of a variety of bus architectures.
The electronic device 700 may also communicate with one or more external devices 700' (e.g., keyboard, pointing device, bluetooth device, etc.), devices that enable a user to interact with the electronic device 700, and/or any devices (e.g., routers, modems, etc.) with which the electronic device 700 can communicate with one or more other computing devices. Such communication may occur through an input/output (I/O) interface 750. Also, electronic device 700 may communicate with one or more networks such as a Local Area Network (LAN), a Wide Area Network (WAN) and/or a public network, such as the Internet, through network adapter 760. Network adapter 760 may communicate with other modules of electronic device 700 via bus 730. It should be appreciated that although not shown, other hardware and/or software modules may be used in connection with electronic device 700, including, but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, data backup storage systems, and the like.
From the above description of embodiments, those skilled in the art will readily appreciate that the example embodiments described herein may be implemented in software, or may be implemented in software in combination with the necessary hardware. Thus, as shown in fig. 8, the technical solution according to the embodiments of the present application may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (may be a CD-ROM, a U-disk, a mobile hard disk, etc.) or on a network, and includes several instructions to cause a computing device (may be a personal computer, a server, or a network device, etc.) to perform the above-described method according to the embodiments of the present application.
The software product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. The readable storage medium can be, for example, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium would include the following: an electrical connection having one or more wires, a portable disk, a hard disk, random Access Memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), optical fiber, portable compact disk read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
The computer readable storage medium may include a data signal propagated in baseband or as part of a carrier wave, with readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A readable storage medium may also be any readable medium that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a readable storage medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Program code for carrying out operations of the present application may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C++ or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of remote computing devices, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., connected via the Internet using an Internet service provider).
The computer-readable medium carries one or more programs, which when executed by one of the devices, cause the computer-readable medium to perform the functions of: performing association mapping on the virtual machine service port based on browser access of the user; generating a dynamic flag based on a token of a user and a port of an associated map; extracting a target TCP message according to the matching rule; replacing the original flag in the target TCP message with the dynamic flag; and resending the replaced target TCP message.
Those skilled in the art will appreciate that the modules may be distributed throughout several devices as described in the embodiments, and that corresponding variations may be implemented in one or more devices that are unique to the embodiments. The modules of the above embodiments may be combined into one module, or may be further split into a plurality of sub-modules.
From the above description of embodiments, those skilled in the art will readily appreciate that the example embodiments described herein may be implemented in software, or in combination with the necessary hardware. Thus, the technical solutions according to the embodiments of the present application may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (may be a CD-ROM, a U-disk, a mobile hard disk, etc.) or on a network, and include several instructions to cause a computing device (may be a personal computer, a server, a mobile terminal, or a network device, etc.) to perform the methods according to the embodiments of the present application.
Exemplary embodiments of the present application are specifically illustrated and described above. It is to be understood that this application is not limited to the details of construction, arrangement or method of implementation described herein; on the contrary, the application is intended to cover various modifications and equivalent arrangements included within the spirit and scope of the appended claims.
Claims (10)
1. A flag processing method based on a secure competition environment is characterized by comprising the following steps:
performing association mapping on the virtual machine service port based on browser access of the user;
generating a dynamic flag based on a token of a user and a port of an associated map;
extracting a target TCP message according to the matching rule;
replacing the original flag in the target TCP message with the dynamic flag;
and resending the replaced target TCP message.
2. The flag processing method according to claim 1, wherein the association mapping of the virtual machine service port based on browser access of the user comprises:
user authentication is carried out on a user based on browser access of the user;
after the user authentication is passed, the user is connected to an operating machine to perform association mapping on the virtual machine service port.
3. The flag processing method according to claim 2, wherein connecting the user to an operator to perform association mapping on virtual machine service ports, comprises:
connecting the user to an operator through a virtual network console;
and performing association mapping on the virtual network console service ports of the virtual machines.
4. The flag processing method of claim 1, wherein generating the dynamic flag based on the token of the user and the port of the association map comprises:
and generating a dynamic flag based on the encryption reversible algorithm, the token of the user and the port of the associated mapping.
5. The flag processing method according to claim 1, wherein extracting the target TCP packet according to the matching rule comprises:
determining the matching rule;
filtering the flow data based on the matching rule;
and extracting the target TCP message according to the filtering result.
6. The flag processing method of claim 5, wherein determining the matching rule comprises:
generating a virtual switch internal flow table of a target range computing node based on the matching item and the action, and generating the matching rule based on the virtual switch internal flow table; and/or
And generating the matching rule according to a strategy matched with the original flag setting rule.
7. The method for processing the flag according to claim 1, wherein replacing the original flag in the target TCP packet with the dynamic flag comprises:
and replacing the original flag in the target TCP message with the dynamic flag based on an interactive data packet processing technology.
8. A flag processing device based on a secure competition environment, comprising:
the access module is used for carrying out association mapping on the virtual machine service port based on browser access of the user;
the dynamic module is used for generating dynamic flag based on the token of the user and the ports of the associated mapping;
the message module is used for extracting a target TCP message according to the matching rule;
a replacing module, configured to replace an original flag in the target TCP packet with the dynamic flag;
and the retransmission module is used for retransmitting the replaced target TCP message.
9. An electronic device, comprising:
one or more processors;
a storage means for storing one or more programs;
when executed by the one or more processors, causes the one or more processors to implement the method of any of claims 1-7.
10. A computer readable medium, on which a computer program is stored, characterized in that the program, when being executed by a processor, implements the method according to any of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111652478.9A CN114338185B (en) | 2021-12-30 | 2021-12-30 | Method and device for processing flag, electronic equipment and computer readable medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111652478.9A CN114338185B (en) | 2021-12-30 | 2021-12-30 | Method and device for processing flag, electronic equipment and computer readable medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114338185A CN114338185A (en) | 2022-04-12 |
| CN114338185B true CN114338185B (en) | 2024-01-30 |
Family
ID=81019274
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111652478.9A Active CN114338185B (en) | 2021-12-30 | 2021-12-30 | Method and device for processing flag, electronic equipment and computer readable medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114338185B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106909432A (en) * | 2017-02-15 | 2017-06-30 | 南京赛宁信息技术有限公司 | The online ambient intelligence deployment system and method for a kind of online competition platforms of CTF |
| KR20200037518A (en) * | 2018-10-01 | 2020-04-09 | 주식회사 시큐센 | Hacking Defense Contest System That Evaluates Optimization of Vulnerability Patch |
| CN111935176A (en) * | 2020-09-18 | 2020-11-13 | 南京赛宁信息技术有限公司 | Anti-cheating system and method for network security CTF competition |
-
2021
- 2021-12-30 CN CN202111652478.9A patent/CN114338185B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106909432A (en) * | 2017-02-15 | 2017-06-30 | 南京赛宁信息技术有限公司 | The online ambient intelligence deployment system and method for a kind of online competition platforms of CTF |
| KR20200037518A (en) * | 2018-10-01 | 2020-04-09 | 주식회사 시큐센 | Hacking Defense Contest System That Evaluates Optimization of Vulnerability Patch |
| CN111935176A (en) * | 2020-09-18 | 2020-11-13 | 南京赛宁信息技术有限公司 | Anti-cheating system and method for network security CTF competition |
Non-Patent Citations (1)
| Title |
|---|
| 用于网络攻防教学的AWS+Docker网络实训平台设计――以安徽公安职业学院为例;杨路;云南警官学院学报(第03期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114338185A (en) | 2022-04-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9229694B2 (en) | Systems and methods for facilitating application development utilizing plugins | |
| US8495358B2 (en) | Software based multi-channel polymorphic data obfuscation | |
| EP3424178A1 (en) | Deterministic reproduction of client/server computer state or output sent to one or more client computers | |
| US9864671B1 (en) | Systems and methods of live experimentation on content provided by a web site | |
| CN108322461A (en) | Method, system, device, equipment and the medium of application program automated log on | |
| US20120102465A1 (en) | Collaborative Software Debugging In A Distributed System With Client-Specific Access Control | |
| CN104935558B (en) | A kind of network user fast registers and login method and system | |
| CN108200089A (en) | Implementation method, device, system and the storage medium of information security | |
| Vacca | Cyber security and IT infrastructure protection | |
| CN107613005A (en) | Reverse proxy method and device, electronic equipment, storage medium | |
| US11765196B2 (en) | Attack scenario simulation device, attack scenario generation system, and attack scenario generation method | |
| CN115225707A (en) | Resource access method and device | |
| Nakata et al. | Cyexec*: A high-performance container-based cyber range with scenario randomization | |
| CN112308236A (en) | Method, device, electronic equipment and storage medium for processing user request | |
| Ye et al. | Web spoofing revisited: SSL and beyond | |
| CN111935092B (en) | Information interaction method and device based on third-party application and electronic equipment | |
| CN114338185B (en) | Method and device for processing flag, electronic equipment and computer readable medium | |
| Hasan et al. | E-Learning systems and their Security | |
| CN110177096A (en) | Client certificate method, apparatus, medium and calculating equipment | |
| KR102254693B1 (en) | Cyber security training system having network writing function | |
| US10826970B2 (en) | Systems and methods for terminal emulation and terminal emulators | |
| Jin et al. | Ar captcha: Recognizing robot by augmented reality | |
| AU2017412612B2 (en) | Systems and methods for distinguishing among human users and software robots | |
| US20230315826A1 (en) | User verification with state machines | |
| Buono et al. | Visual Discovery of Malware Patterns in Android Apps |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |