CN114422255A - Cloud security simulation detection system and detection method - Google Patents

Cloud security simulation detection system and detection method Download PDF

Info

Publication number
CN114422255A
CN114422255A CN202210076210.3A CN202210076210A CN114422255A CN 114422255 A CN114422255 A CN 114422255A CN 202210076210 A CN202210076210 A CN 202210076210A CN 114422255 A CN114422255 A CN 114422255A
Authority
CN
China
Prior art keywords
network
unit
security
attack
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210076210.3A
Other languages
Chinese (zh)
Inventor
陈易平
原峰山
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangzhou Institute of Technology
Original Assignee
Guangzhou Institute of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangzhou Institute of Technology filed Critical Guangzhou Institute of Technology
Priority to CN202210076210.3A priority Critical patent/CN114422255A/en
Publication of CN114422255A publication Critical patent/CN114422255A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/145Network analysis or design involving simulating, designing, planning or modelling of a network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Abstract

The invention discloses a cloud security simulation detection system which comprises a data acquisition module, a network shooting range module, a security protection system construction module, a defensive power description module and a comprehensive attack analysis module, wherein the comprehensive attack analysis module comprises an attack unit, a cracking unit, a evidence obtaining unit and a comprehensive analysis unit, and the cloud security simulation detection method comprises the following steps: collecting data, setting a network target range, constructing a safety protection system, setting a defensive power attribute value and detecting and analyzing. According to the scheme, network attack simulation detection is carried out according to the preset network attack type, the safety detection result of the network system is obtained, the detection result is comprehensive, the safety level of the network system can be obtained, a basis can be provided for pertinently improving the defense capability of the network system, and the external problem of cloud safety simulation detection and the characteristic condition of an internal safety defense system are considered.

Description

Cloud security simulation detection system and detection method
Technical Field
The invention relates to the technical field of computer network information security, in particular to a cloud security simulation detection system and a detection method.
Background
With the rapid development of computer and communication technologies, along with the continuous increase of user demands, computer network systems are more and more widely applied and have larger and larger scale; the cloud computing module based on the service is an important form of information infrastructure in the internet era, is a latest form of high-performance and distributed computing development, provides high-performance and low-cost computing and data services in a new business mode, supports various kinds of informatization applications, and is used as a novel informatization form which is based on virtualization, characterized by the service and used as a business mode according to needs; after the cloud computing concept is born, the cloud computing concept quickly draws strong attention of governments, industrial circles and academic circles, popularization and application of the cloud computing concept are irrevocable, and various large enterprises develop and research cloud computing products and services and strive to seize the high points of the cloud computing application market.
As a new thing, cloud computing brings new challenges while providing characteristics of convenience, easy use and low cost, security problems are rushed first, nowadays, network system security events are endless, various threats come up, so that a computer network faces a severe information security situation, and along with the continuous popularization of cloud computing, the importance of the network system presents a gradually rising trend and becomes a core factor restricting the development of cloud computing, a plurality of major security events at home and abroad fully prove the reality and harm of the security risks, a plurality of security problems such as whether a cloud module can resist network attacks or not, whether a defense system is complete or not and the like cause the misjudgment of cloud computing products and services by potential users of cloud computing, and are also main obstacles for cloud computing application and popularization, the development of the cloud computing industry is seriously influenced, and therefore, the security detection of the network system is particularly important.
The traditional approach is to detect the characteristics of various threats, such as: although the method focuses on external problems, the method does not pay enough attention to the characteristics and conditions of an internal security defense system, so that the network system cannot be comprehensively detected and the security condition of the network system cannot be obtained.
Disclosure of Invention
The invention mainly aims to provide a cloud security simulation detection system and a detection method, which aim to solve the problems that various external threats are detected by detecting the characteristics of various threats in the related technology, the security condition of the whole network system is judged, although the external problems are concerned, the attention degree on the characteristics and the condition of an internal security defense system is insufficient, and the network system cannot be comprehensively detected and the security condition of the network system cannot be obtained.
In order to achieve the above object, the present invention provides a cloud security simulation detection system, including: the system comprises a data acquisition module, a network shooting range module, a safety protection system construction module, a defensive power description module and a comprehensive strike analysis module;
the network target range module is in signal connection with the data acquisition module, the data acquisition module is used for acquiring a security system structure of a network system and the attribute of each network device in the security system structure, and the network target range module is used for designing a virtual environment, manufacturing a vulnerability mirror image, simulating a vulnerability, providing opportunity for attacking a network and practicing an attack and detecting the attack effect;
the security system building module is in signal connection with the network shooting range module and is used for building a set of completed security system for coping with network attacks, so that on one hand, an actual service system can be protected, and on the other hand, a defense means and a reference module can be provided for attack and defense drilling;
the defensive power description module is in signal connection with the safety protection system construction module and is used for setting a defensive power attribute value according to the attribute of network equipment of each node of the network system;
the comprehensive attack analysis module is in signal connection with the defense strength description module and is used for providing centralized management and personalized customization service of attack and defense tools, recognizing existing attacks, recognizing unknown attack behaviors and unknown malicious codes through characteristics, behaviors and the like, and starting network attack simulation detection according to preset network attack types so as to obtain a security detection result of a network system.
In an embodiment of the present invention, the data acquisition module includes a security unit and a network device unit, the security unit is configured to acquire a security architecture of a network system, and the network device unit is configured to acquire an attribute of each network device in the security unit.
In an embodiment of the present invention, the network device unit includes a computer, an internet, a firewall, and a router, the computer is a computer in a broad sense, including a desktop computer, a notebook computer, a palm computer, and a smart phone, the internet is a source of network attack, including a plurality of computer networks interconnected, and a network using any protocol and technology, the firewall is used to strengthen access control between networks, prevent an external network user from invading an internal network by an illegal means, steal user information, and protect a special network interconnection device of internal network security, the router is a main node device of the internet, and is a device for routing information flow or data packets.
In an embodiment of the present invention, the network shooting range module includes a simulation unit and a drilling unit, the simulation unit is used for simulating vulnerabilities of an operating system level, an application level and a network level and deploying attacked objects rapidly and dynamically as required, and the drilling unit is used for providing opportunities for attacking networks to drill attacks and detecting effects of the attacks.
In an embodiment of the present invention, the security protection system building module includes an information security audit unit, an intrusion detection unit, a patch management unit, and a code detection unit, where the security audit unit is configured to audit all data information that is desired to enter a cloud system, the intrusion detection unit detects unsafe data information suspected of intrusion according to a work result of the security audit unit, the patch management unit is configured to install patch files that are missing or damaged in various cloud systems, and the code detection unit is configured to detect a system code, perform vulnerability scanning, and prevent virus intrusion.
In an embodiment of the present invention, the defense strength description module includes an intrusion defense strength description unit and a vulnerability scanning defense strength description unit, the intrusion defense strength description unit sets the defense strength attribute value according to the intrusion detection unit, and the vulnerability scanning defense strength description unit sets the defense strength attribute value according to the working condition of vulnerability scanning performed by the code detection unit.
In one embodiment of the invention, the defensive power description module sets a defensive power attribute value according to the attribute of the network equipment unit of each node of the network system.
In an embodiment of the present invention, the comprehensive attack analysis module includes an attack unit, a cracking unit, a forensics unit, and a comprehensive analysis unit, where the attack unit is configured to provide a main remote attack tool for the comprehensive attack analysis module when facing remote scanning and penetration, the cracking unit is configured to provide a tool for analysis of trojans, dynamic tracking and static analysis of application programs, and encryption and decryption, the forensics unit is configured to provide a tool for forensics and log management such as electronic evidence, log analysis, and data recovery, and the comprehensive analysis unit is configured to perform network attack simulation detection from data information in the security protection system construction module according to a preset network attack type, so as to obtain a security detection result of a network system.
In an embodiment of the present invention, the comprehensive analysis unit includes a server, a tool library, and a security analysis unit, where the server is configured to provide centralized management and personalized customization services for defense and attack tools, support customization of tool environment configuration for each terminal, and provide environment mapping services for the tool library, the tool library is configured to store a data storage space of the tool library, and the security analysis unit is configured to obtain a security detection result of the network system.
Meanwhile, the invention also provides a cloud security simulation detection method, which specifically comprises the following steps:
s1, collecting data: the method comprises the steps that a data acquisition module is used for acquiring a security system structure of a network system, a security unit is used for acquiring the security system structure of the network system, and a network equipment unit is used for acquiring the attribute of each network equipment of the security system structure of the network system;
s2, setting a network target range: firstly, running a virtualization environment by adopting one or more servers to realize a shooting range network, wherein each virtual server is designed to have defects and is used for simulating bugs of a host layer, a system layer, an application layer and a network layer, then rapidly and dynamically deploying an attacked object according to needs, thereby providing opportunities for attacking the network and practicing, and finally, detecting the attacking effect;
s3, constructing a safety protection system: according to the acquired security system structure of the network system and the set network target range, a set of complete security system for coping with network attacks is established, so that the actual service system can be protected on one hand, and a defense means and a reference platform can be provided for attack and defense drilling on the other hand;
s4, setting a defensive power attribute value: setting a defensive power attribute value of the defensive power description module according to the constructed safety protection system and the attribute of the network equipment of each node;
s5, detection and analysis: the method comprises the steps of firstly launching virtual remote attack to a system through an attack unit, then carrying out dynamic tracking and static analysis on the virtual remote attack through a cracking unit and a evidence obtaining unit, providing related evidence obtaining and management tools, and finally carrying out network attack simulation detection from data information in a safety protection system building module through a comprehensive analysis unit according to a preset network attack type, so as to obtain a safety detection result of a network system.
Compared with the prior art, the invention has the beneficial effects that:
1. according to the cloud security simulation detection system provided by the invention, the data acquisition module can acquire the security system structure of the network system and the attribute of each network device, the security system is constructed through the security system construction module, the defensive power attribute value of each node is set through the defensive power description module, and then network attack simulation detection is carried out according to the preset network attack type, so that the security detection result of the network system is obtained, the detection result is relatively comprehensive, and a basis can be provided for pertinently improving the defensive capability of the network system;
2. according to the cloud security simulation detection system provided by the invention, the network target range module can be provided with the network target range, a virtual environment design is adopted, and various vulnerability images are manufactured, so that not only can hardware resources be saved, but also the target drone can be dynamically deployed and restored, the system is convenient and flexible, the vulnerability images are inactivated target drone sample examples, one virtual target drone example can be quickly established only by releasing and activating, and the system has the functions of snapshot, backup, reconstruction, destruction and the like, so that the network attack type can be preset, and network attack simulation detection can be carried out;
3. according to the cloud security simulation detection system provided by the invention, the comprehensive attack analysis module can complete the final detection and analysis of the system, the server can provide the centralized management and personalized customization service of attack and defense tools, support the customization of tool environment configuration of each terminal and provide the environment mapping service of the tool library, the tool library is used for storing the data storage space of the tool library, and the security analysis unit finally obtains the security detection result of the network system, so that the security level of the internal defense system of the network system under the network attack can be comprehensively detected;
4. according to the cloud security simulation detection method provided by the invention, the network attack simulation detection is based on the structure of the network system, the data are collected and the network target range is set, then the security protection system is constructed and the defense force attribute value is set, finally, the detection analysis is carried out, after the detection analysis is finished, a relatively comprehensive detection analysis result can be obtained, the security level of the network system can be obtained, a basis can be provided for pertinently improving the defense capability of the network system, and the external problem of the cloud security simulation detection and the characteristic condition of the internal security defense system are considered.
Drawings
Fig. 1 is a schematic block diagram of a cloud security simulation detection system provided according to an embodiment of the present invention;
fig. 2 is a schematic block diagram of a data acquisition module of a cloud security simulation detection system provided in an embodiment of the present invention;
fig. 3 is a schematic block diagram of a network range module of the cloud security simulation detection system provided according to an embodiment of the present invention;
FIG. 4 is a schematic block diagram of a security protection system building module of the cloud security simulation detection system according to an embodiment of the present invention;
fig. 5 is a schematic block diagram of a defensive power description module of the cloud security simulation detecting system provided in an embodiment of the invention;
FIG. 6 is a schematic block diagram of an integrated strike analysis module of a cloud security simulation detection system provided in accordance with an embodiment of the present invention;
fig. 7 is a schematic block diagram of a flow of a cloud security simulation detection method according to an embodiment of the present invention.
Detailed Description
In order to make the technical solutions of the present invention better understood, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that the terms "first," "second," and the like in the description and claims of the present invention and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged under appropriate circumstances in order to facilitate the description of the embodiments of the invention herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
In the present invention, the terms "upper", "lower", "left", "right", "front", "rear", "top", "bottom", "inner", "outer", "center", "vertical", "horizontal", "lateral", "longitudinal", and the like indicate an orientation or positional relationship based on the orientation or positional relationship shown in the drawings. These terms are used primarily to better describe the invention and its embodiments and are not intended to limit the indicated devices, elements or components to a particular orientation or to be constructed and operated in a particular orientation.
Moreover, some of the above terms may be used to indicate other meanings besides the orientation or positional relationship, for example, the term "on" may also be used to indicate some kind of attachment or connection relationship in some cases. The specific meanings of these terms in the present invention can be understood by those skilled in the art as appropriate.
In addition, the term "plurality" shall mean two as well as more than two.
It should be noted that the embodiments and features of the embodiments may be combined with each other without conflict. The present invention will be described in detail below with reference to the embodiments with reference to the attached drawings.
Example 1
Referring to fig. 1 to 6, the present invention provides a cloud security simulation detection system, including: the system comprises a data acquisition module, a network shooting range module, a safety protection system construction module, a defensive power description module and a comprehensive strike analysis module;
the network target range module is in signal connection with the data acquisition module, the safety protection system construction module is in signal connection with the network target range module, the defensive power description module is in signal connection with the safety protection system construction module, and the comprehensive attack analysis module is in signal connection with the defensive power description module.
Referring to fig. 1 and 2, the data collection module is used for collecting the security architecture of the network system and the attributes of each network device therein;
the acquisition module comprises a safety precaution unit and a network equipment unit, the safety precaution unit is used for acquiring a safety precaution system structure of the network system, and the network equipment unit is used for acquiring the attribute of each network equipment in the safety precaution unit;
the network equipment unit comprises a computer, an internet, a firewall and a router, wherein the computer is a computer in a broad sense and comprises a desktop computer, a notebook computer, a palm computer and a smart phone, the internet is a source of network attack and comprises a plurality of computer networks which are connected with one another, the network adopts any protocol and technology, the firewall is used for strengthening access control between the networks, preventing external network users from invading an internal network by illegal means and stealing user information, and protecting the safety of the internal network, the router is a main node equipment of the internet and an equipment for selecting a route for information flow or data grouping.
Referring to fig. 1 and 3, the network shooting range module is used for designing a virtualized environment, making a bug image, simulating a bug, providing opportunities for attacking a network, and detecting an attack effect;
the network shooting range module comprises a simulation unit and a drilling unit, wherein the simulation unit is used for simulating vulnerabilities of an operating system level, an application level and a network level and rapidly and dynamically deploying an attacked object according to needs, and the drilling unit is used for providing attack drilling opportunities for attacking a network and detecting attack effects.
Referring to fig. 1 and 4, the security protection system construction module is used to establish a complete set of security protection system for dealing with network attacks, so that on one hand, the actual service system can be protected, and on the other hand, a module for providing a defense means and reference for attack and defense drilling can be provided;
the security protection system construction module comprises an information security examination unit, an intrusion detection unit, a patch management unit and a code detection unit, wherein the security examination unit is used for examining all data information which is expected to enter the cloud system, the intrusion detection unit detects unsafe data information suspected of intrusion according to the working result of the security examination unit, the patch management unit is used for installing patch files which are lacked or damaged in various cloud systems, and the code detection unit is used for detecting system codes, scanning vulnerabilities and preventing virus intrusion.
Referring to fig. 1 and 5, the defensive power description module is configured to set a defensive power attribute value according to an attribute of a network device of each node of the network system;
the defense force description module comprises an invasion defense force description unit and a vulnerability scanning defense force description unit, the invasion defense force description unit sets the defense force attribute value according to the invasion detection unit, and the vulnerability scanning defense force description unit sets the defense force attribute value according to the working condition of vulnerability scanning performed by the code detection unit;
the defensive power description module sets defensive power attribute values according to the attributes of the network equipment units of each node of the network system.
Referring to fig. 1 and 6, the comprehensive attack analysis module is configured to provide centralized management and personalized customization service for attack and defense tools, identify existing attacks, identify unknown attack behaviors and unknown malicious codes through characteristics, behaviors and the like, and start network attack simulation detection according to a preset network attack type, so as to obtain a security detection result of a network system;
the comprehensive attack analysis module comprises an attack unit, a cracking unit, a evidence obtaining unit and a comprehensive analysis unit, wherein the attack unit is used for providing a main remote attack tool for the comprehensive attack analysis module when remote scanning and penetration are performed, the cracking unit is used for providing tools for Trojan horse analysis, dynamic tracking and static analysis of an application program and encryption and decryption, the evidence obtaining unit is used for providing tools for evidence obtaining and log management such as electronic evidence, log analysis and data recovery, and the comprehensive analysis unit is used for performing network attack simulation detection from data information in the safety protection system construction module according to a preset network attack type so as to obtain a safety detection result of a network system;
the comprehensive analysis unit comprises a server, a tool library and a security analysis unit, wherein the server is used for providing centralized management and personalized customization services of the attack and defense tools, supporting tool environment configuration customization of each terminal and providing environment mapping services of the tool library, the tool library is used for storing data storage space of the tool library, and the security analysis unit is used for obtaining security detection results of the network system.
Referring to fig. 7, the present invention further provides a cloud security simulation detection method, which specifically includes the following steps:
s1, collecting data: the method comprises the steps that a data acquisition module is used for acquiring a security system structure of a network system, a security unit is used for acquiring the security system structure of the network system, and a network equipment unit is used for acquiring the attribute of each network equipment of the security system structure of the network system;
s2, setting a network target range: firstly, running a virtualization environment by adopting one or more servers to realize a shooting range network, wherein each virtual server is designed to have defects and is used for simulating bugs of a host layer, a system layer, an application layer and a network layer, then rapidly and dynamically deploying an attacked object according to needs, thereby providing opportunities for attacking the network and practicing, and finally, detecting the attacking effect;
s3, constructing a safety protection system: according to the acquired security system structure of the network system and the set network target range, a set of complete security system for coping with network attacks is established, so that the actual service system can be protected on one hand, and a defense means and a reference platform can be provided for attack and defense drilling on the other hand;
s4, setting a defensive power attribute value: setting a defensive power attribute value of the defensive power description module according to the constructed safety protection system and the attribute of the network equipment of each node;
s5, detection and analysis: the method comprises the steps of firstly launching virtual remote attack to a system through an attack unit, then carrying out dynamic tracking and static analysis on the virtual remote attack through a cracking unit and a evidence obtaining unit, providing related evidence obtaining and management tools, and finally carrying out network attack simulation detection from data information in a safety protection system building module through a comprehensive analysis unit according to a preset network attack type, so as to obtain a safety detection result of a network system.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (10)

1. A cloud security simulation detection system, comprising: the system comprises a data acquisition module, a network shooting range module, a safety protection system construction module, a defensive power description module and a comprehensive strike analysis module;
the network target range module is in signal connection with the data acquisition module, the data acquisition module is used for acquiring a security system structure of a network system and the attribute of each network device in the security system structure, and the network target range module is used for designing a virtual environment, manufacturing a vulnerability mirror image, simulating a vulnerability, providing opportunity for attacking a network and practicing an attack and detecting the attack effect;
the security system building module is in signal connection with the network shooting range module and is used for building a set of completed security system for coping with network attacks, so that on one hand, an actual service system can be protected, and on the other hand, a defense means and a reference module can be provided for attack and defense drilling;
the defensive power description module is in signal connection with the safety protection system construction module and is used for setting a defensive power attribute value according to the attribute of network equipment of each node of the network system;
the comprehensive attack analysis module is in signal connection with the defense strength description module and is used for providing centralized management and personalized customization service of attack and defense tools, recognizing existing attacks, recognizing unknown attack behaviors and unknown malicious codes through characteristics, behaviors and the like, and starting network attack simulation detection according to preset network attack types so as to obtain a security detection result of a network system.
2. The cloud security simulation detection system of claim 1, wherein the data collection module comprises a security unit and a network device unit, the security unit is configured to collect a security architecture of the network system, and the network device unit is configured to collect an attribute of each network device in the security unit.
3. The cloud security simulation detection system of claim 2, wherein the network device unit includes a computer, an internet, a firewall and a router, the computer is a computer in a broad sense including a desktop computer, a notebook computer, a palm computer and a smart phone, the internet is a source of network attack and includes a plurality of computer networks interconnected by any protocol and technology, the firewall is used to enhance access control between networks, prevent external network users from invading an internal network by illegal means, steal user information, protect special network interconnection devices for internal network security, and the router is a main node device of the internet and a device for routing information streams or data packets.
4. The cloud security simulation detection system of claim 1, wherein the network shooting range module comprises a simulation unit and a drilling unit, the simulation unit is used for simulating vulnerabilities of an operating system level, an application level and a network level and rapidly and dynamically deploying attacked objects according to needs, and the drilling unit is used for providing opportunities for attack drilling for an attack network and detecting effects of the attack.
5. The cloud security simulation detection system according to claim 1, wherein the security system building module includes an information security examination unit, an intrusion detection unit, a patch management unit, and a code detection unit, the security examination unit is configured to examine all data information that is desired to enter the cloud system, the intrusion detection unit detects unsafe data information suspected of intrusion according to a work result of the security examination unit, the patch management unit is configured to install patch files that are missing or damaged in various cloud systems, and the code detection unit is configured to detect system codes, perform vulnerability scanning, and prevent virus intrusion.
6. The cloud security simulation detection system according to claim 5, wherein the defense force description module includes an intrusion defense force description unit and a vulnerability scanning defense force description unit, the intrusion defense force description unit sets the defense force attribute value according to the intrusion detection unit, and the vulnerability scanning defense force description unit sets the defense force attribute value according to the working condition of vulnerability scanning performed by the code detection unit.
7. The cloud security simulation detection system of claim 1, wherein the defense description module sets the defense attribute value according to the attribute of the network equipment unit of each node of the network system.
8. The cloud security simulation detection system of claim 1, wherein the comprehensive attack analysis module comprises an attack unit, a cracking unit, a forensics unit and a comprehensive analysis unit, the attack unit is used for providing a main remote attack tool for the comprehensive attack analysis module when facing remote scanning and penetration, the cracking unit is used for providing a tool for analysis of Trojan, dynamic tracking and static analysis and encryption and decryption of an application program, the forensics unit is used for providing a tool for forensics and log management such as electronic evidence, log analysis and data recovery, and the comprehensive analysis unit is used for performing network attack simulation detection from data information in the security protection system construction module according to a preset network attack type so as to obtain a security detection result of a network system.
9. The cloud security simulation detection system of claim 8, wherein the comprehensive analysis unit includes a server, a tool library, and a security analysis unit, the server is configured to provide centralized management and personalized customization services for defense and attack tools, support tool environment configuration customization for each terminal, and provide environment mapping services for the tool library, the tool library is configured to store a data storage space of the tool library, and the security analysis unit is configured to obtain a security detection result of the network system.
10. A cloud security simulation detection method is characterized by comprising the following steps:
s1, collecting data: the method comprises the steps that a data acquisition module is used for acquiring a security system structure of a network system, a security unit is used for acquiring the security system structure of the network system, and a network equipment unit is used for acquiring the attribute of each network equipment of the security system structure of the network system;
s2, setting a network target range: firstly, running a virtualization environment by adopting one or more servers to realize a shooting range network, wherein each virtual server is designed to have defects and is used for simulating bugs of a host layer, a system layer, an application layer and a network layer, then rapidly and dynamically deploying an attacked object according to needs, thereby providing opportunities for attacking the network and practicing, and finally, detecting the attacking effect;
s3, constructing a safety protection system: according to the acquired security system structure of the network system and the set network target range, a set of complete security system for coping with network attacks is established, so that the actual service system can be protected on one hand, and a defense means and a reference platform can be provided for attack and defense drilling on the other hand;
s4, setting a defensive power attribute value: setting a defensive power attribute value of the defensive power description module according to the constructed safety protection system and the attribute of the network equipment of each node;
s5, detection and analysis: the method comprises the steps of firstly launching virtual remote attack to a system through an attack unit, then carrying out dynamic tracking and static analysis on the virtual remote attack through a cracking unit and a evidence obtaining unit, providing related evidence obtaining and management tools, and finally carrying out network attack simulation detection from data information in a safety protection system building module through a comprehensive analysis unit according to a preset network attack type, so as to obtain a safety detection result of a network system.
CN202210076210.3A 2022-01-24 2022-01-24 Cloud security simulation detection system and detection method Pending CN114422255A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210076210.3A CN114422255A (en) 2022-01-24 2022-01-24 Cloud security simulation detection system and detection method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210076210.3A CN114422255A (en) 2022-01-24 2022-01-24 Cloud security simulation detection system and detection method

Publications (1)

Publication Number Publication Date
CN114422255A true CN114422255A (en) 2022-04-29

Family

ID=81275211

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210076210.3A Pending CN114422255A (en) 2022-01-24 2022-01-24 Cloud security simulation detection system and detection method

Country Status (1)

Country Link
CN (1) CN114422255A (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115065551A (en) * 2022-07-27 2022-09-16 军事科学院系统工程研究院网络信息研究所 Associated network construction and co-modeling method
CN115225410A (en) * 2022-08-30 2022-10-21 四川安洵信息技术有限公司 Independent dynamic network security shooting range system, device and application method thereof
CN116527332A (en) * 2023-04-13 2023-08-01 广州科技职业技术大学 Network attack drilling method, device, equipment and storage medium
CN117455228A (en) * 2023-09-28 2024-01-26 永信至诚科技集团股份有限公司 Evaluation method and device for network risk identification capability
CN116527332B (en) * 2023-04-13 2024-04-19 广州科技职业技术大学 Network attack drilling method, device, equipment and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103401843A (en) * 2013-07-11 2013-11-20 广州中长康达信息技术有限公司 Method and system for simulating and detecting cloud security
WO2014066500A1 (en) * 2012-10-23 2014-05-01 Hassell Suzanne P Cyber analysis modeling evaluation for operations (cameo) simulation system
CN104410617A (en) * 2014-11-21 2015-03-11 西安邮电大学 Information safety attack and defense system structure of cloud platform
CN112153010A (en) * 2020-08-31 2020-12-29 北京全路通信信号研究设计院集团有限公司 Network security shooting range system and operation method thereof

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014066500A1 (en) * 2012-10-23 2014-05-01 Hassell Suzanne P Cyber analysis modeling evaluation for operations (cameo) simulation system
CN103401843A (en) * 2013-07-11 2013-11-20 广州中长康达信息技术有限公司 Method and system for simulating and detecting cloud security
CN104410617A (en) * 2014-11-21 2015-03-11 西安邮电大学 Information safety attack and defense system structure of cloud platform
CN112153010A (en) * 2020-08-31 2020-12-29 北京全路通信信号研究设计院集团有限公司 Network security shooting range system and operation method thereof

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115065551A (en) * 2022-07-27 2022-09-16 军事科学院系统工程研究院网络信息研究所 Associated network construction and co-modeling method
CN115225410A (en) * 2022-08-30 2022-10-21 四川安洵信息技术有限公司 Independent dynamic network security shooting range system, device and application method thereof
CN116527332A (en) * 2023-04-13 2023-08-01 广州科技职业技术大学 Network attack drilling method, device, equipment and storage medium
CN116527332B (en) * 2023-04-13 2024-04-19 广州科技职业技术大学 Network attack drilling method, device, equipment and storage medium
CN117455228A (en) * 2023-09-28 2024-01-26 永信至诚科技集团股份有限公司 Evaluation method and device for network risk identification capability

Similar Documents

Publication Publication Date Title
Chen et al. Finding unknown malice in 10 seconds: Mass vetting for new threats at the {Google-Play} scale
Jian et al. A defense method against docker escape attack
Costin et al. A {Large-scale} analysis of the security of embedded firmwares
Schmidt et al. Enhancing security of linux-based android devices
KR101737726B1 (en) Rootkit detection by using hardware resources to detect inconsistencies in network traffic
Lanzi et al. Accessminer: using system-centric models for malware protection
US9594881B2 (en) System and method for passive threat detection using virtual memory inspection
CN105991595B (en) Network security protection method and device
KR101890272B1 (en) Automated verification method of security event and automated verification apparatus of security event
US10417420B2 (en) Malware detection and classification based on memory semantic analysis
CN107612924B (en) Attacker positioning method and device based on wireless network intrusion
CN114422255A (en) Cloud security simulation detection system and detection method
CN109586282B (en) Power grid unknown threat detection system and method
CN112685737A (en) APP detection method, device, equipment and storage medium
JP2019082989A (en) Systems and methods of cloud detection, investigation and elimination of targeted attacks
CN111737696A (en) Method, system and equipment for detecting malicious file and readable storage medium
US9876806B2 (en) Behavioral detection of malware agents
EP2998901B1 (en) Unauthorized-access detection system and unauthorized-access detection method
Oberheide et al. Rethinking Antivirus: Executable Analysis in the Network Cloud.
RU2726032C2 (en) Systems and methods for detecting malicious programs with a domain generation algorithm (dga)
CN108369541B (en) System and method for threat risk scoring of security threats
Grégio et al. Ontology for malware behavior: A core model proposal
CN1731310A (en) Intrusion detection method for host under Windows environment
CN109818972B (en) Information security management method and device for industrial control system and electronic equipment
CN112583841B (en) Virtual machine safety protection method and system, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination