CN115499323B - Method and device for constructing target virtual scene and electronic equipment - Google Patents

Method and device for constructing target virtual scene and electronic equipment Download PDF

Info

Publication number
CN115499323B
CN115499323B CN202211431107.2A CN202211431107A CN115499323B CN 115499323 B CN115499323 B CN 115499323B CN 202211431107 A CN202211431107 A CN 202211431107A CN 115499323 B CN115499323 B CN 115499323B
Authority
CN
China
Prior art keywords
target
devices
equipment
scene
preset
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202211431107.2A
Other languages
Chinese (zh)
Other versions
CN115499323A (en
Inventor
卜佑军
马海龙
伊鹏
邬江兴
张进
刘慧�
余蕾蕾
张鹏
陈博
陈祥
江逸茗
周锟
胡先君
陈韵
陈垚
蔡翰智
王涵
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Network Communication and Security Zijinshan Laboratory
China National Digital Switching System Engineering and Technological R&D Center
Original Assignee
Network Communication and Security Zijinshan Laboratory
China National Digital Switching System Engineering and Technological R&D Center
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Network Communication and Security Zijinshan Laboratory, China National Digital Switching System Engineering and Technological R&D Center filed Critical Network Communication and Security Zijinshan Laboratory
Priority to CN202211431107.2A priority Critical patent/CN115499323B/en
Publication of CN115499323A publication Critical patent/CN115499323A/en
Application granted granted Critical
Publication of CN115499323B publication Critical patent/CN115499323B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/145Network analysis or design involving simulating, designing, planning or modelling of a network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02PCLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
    • Y02P90/00Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
    • Y02P90/02Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention provides a method and a device for constructing a target virtual scene and electronic equipment, relates to the technical field of virtual scene construction, and solves the problem that the virtual scene cannot be flexibly constructed in the prior art. The method comprises the following steps: when a target virtual scene is constructed, an input scene construction instruction can be received, the scene construction instruction comprises a device type of target equipment required by the target virtual scene to be constructed and a first field used for indicating the device type of the target equipment, and the device type of the target equipment comprises a mimicry device type, a non-mimicry device type or a custom mimicry device type; determining target equipment from a preset scene construction library according to the equipment type and the equipment selection type of the target equipment; and then, a target virtual scene is constructed based on the target equipment, so that different virtual scenes can be flexibly constructed according to the construction requirements of users, and the flexibility of virtual scene construction is effectively improved.

Description

Method and device for constructing target virtual scene and electronic equipment
Technical Field
The invention relates to the technical field of virtual scene construction, in particular to a method and a device for constructing a target virtual scene and electronic equipment.
Background
With the rapid development of information technology, network space security becomes more important, and network space security technology verification and network risk assessment analysis are effectively performed, which is an important operation for realizing network space security.
At present, a network shooting range platform is mainly used as an important platform for supporting network space security technology verification and network risk assessment analysis, and is used for realizing network space security. The network target range is formed by combining a virtual environment and real equipment, simulating and simulating a real network space attack and defense combat environment, and can support a network attack and defense combat capability research and network space weapon equipment verification test platform.
When a virtual scene is constructed based on the existing network shooting range platform, the corresponding virtual scene can only be constructed based on the existing equipment in the scene construction library, and the constructed virtual scene is relatively fixed and cannot be flexibly constructed according to the construction requirements of users, so that how to flexibly construct the virtual scene is a problem to be solved urgently by technical personnel in the field.
Disclosure of Invention
The invention provides a method and a device for constructing a target virtual scene and electronic equipment, which can flexibly construct the virtual scene according to the construction requirements of users and improve the flexibility of virtual scene construction.
The invention provides a method for constructing a target virtual scene, which comprises the following steps:
receiving an input scene construction indication; the construction instruction comprises a device type and a first field of target devices required by a target virtual scene to be constructed; the first field is used for indicating the device type of the target device, the device type of the target device comprises a mimicry device type, a non-mimicry device type or a custom mimicry device type, and the target device of the custom mimicry device type comprises a heterogeneous execution body set with a different value larger than a preset threshold value.
And determining the target equipment from a preset scene construction library according to the equipment type and the equipment type selection of the target equipment.
And constructing the target virtual scene based on the target equipment.
According to the method for constructing the target virtual scene provided by the invention, under the condition that the device type of the target device is the non-mimicry device type or the mimicry device type, the target device is determined from a preset scene construction library according to the device type and the device type of the target device, and the method comprises the following steps:
and determining and displaying a plurality of first devices which have the same device type and the same device type from the scene construction library according to the device type and the device type of the target device.
And according to the selection instructions of the plurality of first devices, determining the first device corresponding to the selection instructions as the target device.
According to the construction method of the target virtual scene, provided by the invention, under the condition that the device model of the target device is the user-defined mimicry device model, the scene construction indication further comprises a second field, wherein the second field is used for indicating the target number of preset devices included in the target device, and the preset devices comprise non-mimicry devices and/or mimicry devices; wherein, the determining the target device from a preset scene building library according to the device type and the device selection type of the target device includes:
and under the condition that the number of the non-mimicry devices or the number of the mimicry devices is determined to be at least two based on the second field, determining a plurality of second devices with the same device type from the scene construction library according to the device type of the target device, and determining different values between every two second devices in the plurality of second devices.
And determining the target number of preset devices from the plurality of second devices according to the dissimilarity value between every two second devices, wherein the target number of preset devices is a heterogeneous execution set of the target devices.
And determining an input/output agent and a resolver corresponding to the heterogeneous executive body set from a scene construction library, and constructing the target equipment based on the heterogeneous executive body set, the input/output agent and the resolver.
According to the method for constructing the target virtual scene provided by the invention, the determining the different values between every two second devices in the plurality of second devices comprises the following steps:
and determining a target attribute value corresponding to each second device according to the parameter and the parameter weight corresponding to each second device in the plurality of second devices.
And determining a dissimilarity value between every two second devices according to the target attribute value corresponding to each second device.
According to the method for constructing the target virtual scene provided by the invention, the step of determining the target number of preset devices from the plurality of second devices according to the difference value between every two second devices comprises the following steps:
s1, according to the dissimilarity value between every two second devices, determining a third device and a fourth device corresponding to the maximum dissimilarity value in the plurality of second devices as the preset devices.
And S2, judging whether the number of the preset devices is equal to the target number or not.
And S3, determining the preset equipment as the preset equipment with the target quantity under the condition that the preset equipment is equal to the target quantity.
And S4, under the condition that the number of the second devices is smaller than the target number, determining fifth devices from other devices except the third devices and the fourth devices in the plurality of second devices, updating the preset devices according to the fifth devices, determining the updated preset devices to be the fifth devices, repeatedly executing the steps S2-S4 until the number of the updated preset devices is equal to the target number, and determining the updated preset devices to be the target number of the preset devices.
According to the method for constructing the target virtual scene provided by the present invention, the determining the fifth device from the other devices except the third device and the fourth device in the plurality of second devices includes:
and respectively determining the dissimilarity value between the other equipment and each preset equipment aiming at each other equipment, and determining the minimum dissimilarity value corresponding to the other equipment according to the dissimilarity value between the other equipment and each preset equipment.
And determining the fifth equipment from the other equipment according to the minimum dissimilarity value corresponding to each other equipment.
According to the method for constructing the target virtual scene provided by the present invention, the determining the fifth device from the other devices according to the minimum dissimilarity value corresponding to each of the other devices includes:
determining a maximum value among a plurality of minimum dissimilarity values according to the minimum dissimilarity values corresponding to the other devices,
and determining other equipment corresponding to the maximum value as the fifth equipment.
According to the construction method of the target virtual scene provided by the invention, the construction of the target virtual scene based on the target equipment comprises the following steps:
and determining a corresponding scene template from the scene construction library according to the device type of the target device, and adding the target device into the scene template according to the position information of the device in the scene template to obtain an initial scene.
And configuring the Internet protocol address of the target equipment in the initial scene to obtain the target virtual scene.
The invention provides a device for constructing a target virtual scene, which comprises:
a receiving unit configured to receive an input scene construction instruction; the construction instruction comprises a device type and a first field of target devices required by a target virtual scene to be constructed; the first field is used for indicating the device type of the target device, the device type of the target device comprises a mimicry device type, a non-mimicry device type or a custom mimicry device type, and the target device of the custom mimicry device type comprises a heterogeneous execution body set with a different value larger than a preset threshold value.
And the processing unit is used for determining the target equipment from a preset scene construction library according to the equipment type and the equipment type selection of the target equipment.
A construction unit, configured to construct the target virtual scene based on the target device.
According to the construction device of the target virtual scene, provided by the invention, under the condition that the equipment type of the target equipment is non-mimicry equipment type or mimicry equipment type; the processing unit is specifically configured to determine and display a plurality of first devices, which are the same as the device types and the device types, from the scene construction library according to the device types and the device types of the target devices; and according to the selection instructions of the plurality of first devices, determining the first device corresponding to the selection instructions as the target device.
According to the constructing device of the target virtual scene provided by the invention, under the condition that the device type of the target device is the user-defined mimicry device type, the scene constructing indication further comprises a second field, the second field is used for indicating the target number of the preset device included in the target device, and the preset device comprises a non-mimicry device and/or a mimicry device.
The processing unit is specifically configured to, when it is determined that the number of non-mimetic devices or the number of mimetic devices is at least two based on the second field, determine, according to the device type of the target device, a plurality of second devices of the same type as the device type from the scene construction library, and determine a difference value between every two second devices of the plurality of second devices; determining the target number of preset devices from the plurality of second devices according to the dissimilarity value between every two second devices, wherein the target number of preset devices is a heterogeneous execution set of the target devices; and determining an input/output agent and a resolver corresponding to the heterogeneous executive body set from a scene building library, and building the target device based on the heterogeneous executive body set, the input/output agent and the resolver.
According to the device for constructing the target virtual scene, the processing unit is specifically configured to determine the target attribute value corresponding to each second device according to the parameter and the parameter weight corresponding to each second device in the plurality of second devices; and determining a dissimilarity value between every two second devices according to the target attribute value corresponding to each second device.
According to the device for constructing the target virtual scene, provided by the invention, the processing unit is specifically configured to, in S1, determine, as the preset device, a third device and a fourth device, which correspond to a maximum dissimilarity value, of the plurality of second devices, according to the dissimilarity value between every two second devices; s2, judging whether the number of the preset devices is equal to the target number or not; s3, determining the preset equipment as the preset equipment with the target quantity under the condition that the preset equipment is equal to the target quantity; and S4, under the condition that the number of the second devices is smaller than the target number, determining fifth devices from other devices except the third devices and the fourth devices in the plurality of second devices, updating the preset devices according to the fifth devices, determining the updated preset devices to be the fifth devices, repeatedly executing the steps S2-S4 until the number of the updated preset devices is equal to the target number, and determining the updated preset devices to be the target number of the preset devices.
According to the device for constructing the target virtual scene, provided by the invention, the processing unit is specifically configured to respectively determine, for each other device, a difference value between the other device and each preset device, and determine, according to the difference value between the other device and each preset device, a minimum difference value corresponding to the other device; and determining the fifth device from the other devices according to the minimum dissimilarity value corresponding to each other device.
According to the apparatus for constructing a target virtual scene provided by the present invention, the processing unit is specifically configured to determine a maximum value of a plurality of minimum dissimilarity values according to the minimum dissimilarity values corresponding to the other devices; and determining other equipment corresponding to the maximum value as the fifth equipment.
According to the device for constructing the target virtual scene, the constructing unit is specifically configured to determine a corresponding scene template from the scene construction library according to the device type of the target device, and add the target device to the scene template according to the position information of the device in the scene template to obtain an initial scene; and configuring the Internet protocol address of the target equipment in the initial scene to obtain the target virtual scene.
The invention further provides an electronic device, which comprises a memory, a processor and a computer program stored on the memory and capable of running on the processor, wherein the processor executes the program to realize the construction method of the target virtual scene.
The present invention also provides a non-transitory computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the method of constructing a target virtual scene as described in any of the above.
The present invention also provides a computer program product comprising a computer program, which when executed by a processor implements the method for constructing a target virtual scene as described in any of the above.
According to the method, the device and the electronic equipment for constructing the target virtual scene, when the target virtual scene is constructed, an input scene construction instruction can be received firstly, the scene construction instruction comprises an equipment type of target equipment required by the target virtual scene to be constructed and a first field used for indicating the equipment type of the target equipment, the equipment type of the target equipment comprises a mimicry equipment type, a non-mimicry equipment type or a user-defined mimicry equipment type, and the target equipment of the user-defined mimicry equipment type comprises a heterogeneous execution body set of which the different value is greater than a preset threshold value; determining target equipment from a preset scene construction library according to the equipment type and equipment type selection of the target equipment; and then, a target virtual scene is constructed based on the target equipment, so that different virtual scenes can be flexibly constructed according to the construction requirements of users, and the flexibility of virtual scene construction is effectively improved.
Drawings
In order to more clearly illustrate the technical solutions of the present invention or the prior art, the drawings needed for the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and those skilled in the art can also obtain other drawings according to the drawings without creative efforts.
Fig. 1 is a schematic flow chart of a method for constructing a target virtual scene according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of a system for constructing a network target range according to the present invention;
fig. 3 is a schematic flowchart of determining a target device according to an embodiment of the present invention;
FIG. 4 is a schematic diagram of a target virtual scene according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of a device for constructing a target virtual scene according to an embodiment of the present invention;
fig. 6 illustrates a physical structure diagram of an electronic device.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings, and it is obvious that the described embodiments are some, but not all embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In the embodiments of the present invention, "at least one" means one or more, "a plurality" means two or more. "and/or" describes the association relationship of the associated objects, meaning that there may be three relationships, e.g., a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone, wherein A and B can be singular or plural. In the description of the present invention, the character "/" generally indicates that the former and latter associated objects are in an "or" relationship.
The technical scheme provided by the embodiment of the invention can be applied to virtual scene construction, in particular to virtual scene construction based on an endogenous security network target range. The intrinsic Safety and Security (ESS) refers to a Safety function or attribute obtained by using intrinsic factors such as the architecture, mechanism, scenario, and rule of the system.
The network shooting range platform is used as an important platform for supporting network space security technology verification and network risk assessment analysis, and particularly needs further research in the aspects of evaluation and exercise of advanced defense technology. The advanced defense technology is mainly changed from the traditional passive defense technology to the active defense technology, the dynamic randomness and unpredictability of the system are increased, so that the dependence on the prior knowledge of the network attack can be effectively reduced, and the advanced defense technology is of great importance for supporting the verification of the network space security technology and the evaluation and analysis of the network risk.
Therefore, based on the endogenous security network target range, how to flexibly construct a virtual scene is a problem to be urgently solved by those skilled in the art.
In order to flexibly construct a virtual scene according to the construction requirements of a user, the embodiment of the invention provides a method for constructing a target virtual scene, wherein when the user constructs a corresponding target virtual scene according to the actual construction requirements, the user firstly determines equipment required by the target virtual scene to be constructed, and inputs a scene construction instruction to a virtual scene construction platform, such as a network shooting range platform, wherein the scene construction instruction comprises the equipment type and a first field of the target equipment required by the target virtual scene to be constructed; the device type of the target device refers to which type of device the target device is, for example, a router, a firewall, or a Domain Name System (DNS) device, and may be specifically set according to actual needs; the first field is used for indicating the device type selection of the target device, and the device type selection of the target device comprises a mimicry device type selection, a non-mimicry device type selection or a self-defined mimicry device type selection; correspondingly, the virtual scene construction platform determines the target equipment from a preset scene construction library according to the equipment type and the equipment type selection of the target equipment; and then, a target virtual scene is constructed based on the target equipment, so that the virtual scene can be flexibly constructed according to the construction requirements of the user, and the flexibility of virtual scene construction is improved.
Illustratively, for the type selection of the user-defined mimicry device, mainly under the condition that existing devices in a scene building library do not meet requirements, therefore, a user can select and build a required target device according to actual needs by inputting a first field for indicating the type selection of the user-defined mimicry device; of course, it is not necessary to determine whether the existing devices in the scene building library meet the requirements, but the first field for indicating the type selection of the custom mimicry device is directly input, so as to select and build the required target device according to the actual requirements, and the setting can be specifically performed according to the actual requirements. For example, when determining whether an existing device in the scene building library meets the requirement, the determination may be performed according to indexes such as the number of execution units, a Central Processing Unit (CPU), a device memory, and an operating system, and may be specifically set according to actual needs.
Hereinafter, the method for constructing the target virtual scene according to the present invention will be described in detail by using specific embodiments. It is to be understood that the following detailed description may be combined with other embodiments, and that the same or similar concepts or processes may not be repeated in some embodiments.
Fig. 1 is a flowchart illustrating a method for constructing a target virtual scene according to an embodiment of the present invention, where the method for constructing a target virtual scene may be executed by software and/or a hardware device. For example, referring to fig. 1, the method for constructing the target virtual scene may include:
s101, receiving an input scene construction instruction; the construction instruction comprises a device type and a first field of target devices required by a target virtual scene to be constructed; the first field is used for indicating the device type selection of the target device, the device type selection of the target device comprises a mimicry device type selection, a non-mimicry device type selection or a custom mimicry device type selection, and the target device of the custom mimicry device type selection comprises a heterogeneous execution body set with a dissimilar value larger than a preset threshold value.
The device type of the target device refers to which type of device the target device is, for example, a router, a firewall, or a DNS device, and may be specifically set according to actual needs. The dissimilarity value is used for measuring the difference between two functionally equivalent and structurally heterogeneous devices, one device is a heterogeneous executive body, and the device can be a non-mimicry device or a mimicry device and can be set according to actual needs.
For example, when the target devices required by the target virtual scene to be constructed include a plurality of target devices, the device types and the first fields of the plurality of target devices may be input through a scene construction instruction at one time, or may be input through scene construction instructions respectively, that is, through a plurality of times of scene construction instruction inputs, and may be specifically set according to actual needs.
Illustratively, when the device type of the target device is indicated by the first field, the first field may be a number. For example, when the first field is a number 0, the device type of the target device is represented as a non-mimicry device type, and the virtual scene construction platform can display all non-mimicry devices of the same device type in a preset scene construction library according to the device type of the target device for selection by a user; when the first field is number 1, the device type of the target device is represented as the mimicry device type, and the virtual scene construction platform can display all mimicry devices of the same device type in a preset scene construction library according to the device type of the target device for selection by a user; and when the first field is the number 2, the device type of the target device is the user-defined mimicry device type, and the virtual scene construction platform needs to be combined with the device type of the target device to jointly screen and determine the user-defined mimicry device.
It can be understood that, in the embodiment of the present invention, by setting the selection of the custom mimicry device, target devices of different types can be simulated according to the selection of the custom mimicry device, and the target devices of different types can be used as target devices in a mimicry defense scene, so that the target devices can be enriched well, the diversity of the target devices can be improved, and various different virtual scenes can be constructed based on the different simulated target devices, thereby providing rich test scenes for the mimicry defense.
Illustratively, in the embodiment of the present invention, the method for constructing the target virtual scene may be implemented by a system for constructing a network shooting range. For example, as shown in fig. 2, fig. 2 is a schematic diagram of a system for constructing a network shooting range provided by the present invention, and in combination with fig. 2, the system for constructing a network shooting range may include a network shooting range platform, a virtual machine management module, an entity device management module, a resource scheduling module, and a fast construction module.
The network target range platform is mainly used for receiving a scene construction instruction input by a user and sending the scene construction instruction to the resource scheduling module, so that the resource scheduling module determines corresponding target equipment from a preset scene construction library according to the scene construction instruction input by the user; in addition, the network shooting range platform is also used for storing the virtual scene created by the user and the quick construction information of each virtual machine in the virtual scene. The quick construction information refers to all information contained in the constructed virtual scene, including device information, network topology, network settings and the like in the virtual scene.
And the virtual machine management module is mainly used for creating, displaying and controlling each virtual machine so as to fit various typical application scenes.
The entity device management module is mainly used for registering and editing entity devices, and illustratively, the entity devices mainly comprise a traditional firewall, a mimicry Web server, a traditional Web server, a mimicry domain name server, a mimicry distributed storage system, a mimicry router, a traditional router, a host, a switch, a mail server and the like.
And the resource scheduling module is mainly used for determining corresponding target equipment from a preset scene construction library according to a scene construction instruction input by a user, and especially executing a scheduling task when the equipment type of the target equipment is the user-defined mimicry equipment type, so that the dissimilarity of a heterogeneous execution set in the finally constructed user-defined mimicry equipment is maximum.
The rapid construction module is mainly used for determining a corresponding scene template from a scene construction library according to the device type of the target device and constructing an initial scene; and configuring the Internet protocol address of the target equipment in the initial scene to obtain a target virtual scene.
After the device type and the device type of the target device required by the input target virtual scene to be constructed are obtained, the target device can be determined from a preset scene construction library according to the device type and the device type of the target device, that is, the following S102 is executed:
s102, determining the target equipment from a preset scene building library according to the equipment type and the equipment type selection of the target equipment.
For example, the preset scene building library may include a plurality of mimicry devices, a plurality of non-mimicry devices, and input/output agents and resolvers corresponding to the mimicry devices.
For example, when determining a target device from a preset scene building library, if the target device is a virtual machine, it may be checked whether the scene building library includes the virtual machine through a virtual machine management module shown in fig. 2, and if the scene building library does not include the virtual machine, the virtual machine is added through the virtual machine management module; if the target device is an entity device, it may be checked whether the scene building library includes the entity device through the entity device module shown in fig. 2, and if not, the entity device is added through the entity device module. By way of example, when adding a virtual machine, the following parameters may be filled in together: name, device type (mimicry/non-mimicry), description, firmware, computing scheme, application scenario, scenario description, operating system, system username, internet Protocol (IP) type, password, IP address, mask and gateway, database, etc. Illustratively, when adding a physical device, the following parameters may be filled in together: device type, device type (mimic device/non-mimic device), name, brand, model, serial port, management port, central Processing Unit (CPU), memory model, operating system, database, firmware, etc.
For example, determining the target device from the preset scene building library according to the device type and the device type of the target device may be implemented by the resource scheduling module shown in fig. 2. The resource scheduling module may include at least three possible scenarios as follows when determining the target device from a preset scenario construction library according to the device type and the device type of the target device:
in a possible scenario, when the device type of the target device is a non-mimicry device type, determining and displaying a plurality of first devices which are the same as the device type and have the same device type from a scenario construction library according to the device type of the target device; and according to the selection instructions of the plurality of first devices, determining the first device corresponding to the selection instruction as the target device.
In such a scenario, the first device is a non-mimetic device, and correspondingly, the target device is also a non-mimetic device.
Exemplarily, assuming that the device type of the target device included in the scene construction indication is a router, and the first field used for indicating the device type of the target device is 0, the resource scheduling module may determine, according to the device type, that the device type of the target device is a router, and may determine, according to the first field 0, that the device type of the target device is a non-mimetic device type, and may screen out all the routers of the non-mimetic device types from the scene construction library according to the device type and the device type of the target device, and display all the routers of the non-mimetic device types to the user, so as to be selected by the user; the user can randomly select one router of the non-mimicry equipment type selection from all the displayed routers of the non-mimicry equipment type selection, and input a selection instruction; correspondingly, the resource scheduling module can determine the router of the non-mimicry device type selected by the user as the target device according to the selection instruction, so that the target device is determined from the preset scene building library according to the device type and the device type of the target device.
In another possible scenario, when the device type of the target device is the mimicry device type, a plurality of first devices with the same device types and the same device types can be determined and displayed from the scenario construction library according to the device type of the target device; and according to the selection instructions of the plurality of first devices, determining the first devices corresponding to the selection instructions as target devices.
Exemplarily, assuming that the device type of the target device included in the scene construction indication is a router, and the first field used for indicating the device type of the target device is 1, the resource scheduling module may determine, according to the device type, that the device type of the target device is a router, and may determine, according to the first field 1, that the device type of the target device is a mimetic device type, and may screen out all routers of the mimetic device types from the scene construction library according to the device type of the target device and the device type, and display all routers of the mimetic device types to the user, so as to be selected by the user; the user can randomly select a router of the mimic device model from all displayed routers of the mimic device model, and inputs a selection instruction; correspondingly, the resource scheduling module can determine the router of the mimic device model selected by the user as the target device according to the selection instruction, so that the target device is determined from the preset scene building library according to the device type and the device model of the target device.
In the possible scene, it can be understood that existing mimicry devices in the preset scene construction library include mimicry devices meeting the scene construction requirements, and a user can directly determine target devices required by the virtual scene construction from the mimicry devices meeting the scene requirements without the need of custom mimicry device model selection, so that the target devices do not need to be constructed based on the custom mimicry device model selection.
In another possible scenario, when the device type of the target device is the user-defined mimicry device type, the scenario construction indication may further include a second field, where the second field is used to indicate a target number of preset devices included in the target device. The target number of preset devices may be used as a heterogeneous executive set in the target device, where the preset devices include non-mimicry devices and/or mimicry devices, that is, the heterogeneous executive set in the target device may include three cases, and in one case, the target number of preset devices are all non-mimicry devices, that is, the target number of heterogeneous executors in the target device are all non-mimicry devices; in another case, the target number of preset devices is a mimicry device, that is, the target number of heterogeneous executors in the target device is a mimicry device; in another case, the target number of preset devices includes a mimicry device and a non-mimicry device, that is, the target number of heterogeneous executors in the target device includes a mimicry device and a non-mimicry device, in this case, when the heterogeneous executors in the target device include a non-mimicry device and a mimicry device, the second field may include two parameters, i.e., a number 1 and a number 2, where the number 1 is used to indicate the number of non-mimicry devices included in the target device for which the user constructs the selection of the custom mimicry device, and the number 2 is used to indicate the number of mimicry devices included in the target device for which the selection of the custom mimicry device is made. Wherein, the functions of a plurality of heterogeneous executors in the heterogeneous executors set in the target device are the same.
It should be noted that, for the first two possible scenarios, when the device type of the target device is a non-mimic device type, or when the device type of the target device is a mimic device type, the input scene construction instruction may also include the second field, as long as the value of the second field including the number 1 and the number 2 is set to 0, which may be specifically set according to actual needs, and herein, the embodiment of the present invention is not limited specifically.
It can be understood that, considering that the mimicry device includes at least three heterogeneous executives in a general case, the target device is a heterogeneous execution set of the mimicry device of the custom device model, and when the target number of target devices is all non-mimicry devices, the target number of the non-mimicry devices is at least three; when the target devices with the target number are all mimicry devices, the target number of the mimicry devices is at least three; when the target number of target devices includes a mimicry device and a non-mimicry device, the sum of the number of the mimicry devices and the non-mimicry devices is at least three.
Exemplarily, assuming that the target device includes one number of mimicry devices, it includes at least two numbers of non-mimicry devices; alternatively, assuming that the target device includes one non-mimetic device, it includes at least two mimetic devices. When the number of the mimicry devices included in the target device is one, the resource scheduling module may arbitrarily select one mimicry device from the plurality of mimicry devices as the mimicry device included in the target device; or; in a case where the target device includes one non-mimetic device, the resource scheduling module may arbitrarily select one non-mimetic device from the plurality of non-mimetic devices as the non-mimetic device included in the target device.
For any one of the third possible scenarios, when the number of non-mimicry devices or the number of mimicry devices is determined to be at least two based on the second field, and the target device is determined from a preset scene construction library according to the device type and the device type of the target device, the resource scheduling module may determine a target number of preset devices from the plurality of second devices according to different values between every two second devices in the plurality of second devices in the scene construction library, which are the same as the device type, by using a scheduling algorithm, where the target number of preset devices may be used as a heterogeneous execution entity set in the target device; and constructing the target equipment based on the heterogeneous execution body set. The method comprises the following specific steps: the resource scheduling module may adopt a scheduling algorithm, and first determine, according to the device type of the target device, a plurality of second devices of the same device type from the scene construction library, and determine a difference value between every two second devices of the plurality of second devices; and determining a target number of preset devices from the plurality of second devices according to the dissimilarity value between every two second devices, wherein the target number of preset devices can be used as a heterogeneous executive body set in the target device, determining an input/output agent and a resolver corresponding to the heterogeneous executive body set from a scene construction library, and constructing the target device based on the heterogeneous executive body set, the input/output agent and the resolver. The target quantity of preset devices are used as heterogeneous execution sets in the target devices and only correspond to one input/output agent and one resolver.
The input agent is mainly used for being responsible for distributing external input requests, so that a plurality of downstream heterogeneous executors can receive the same request at the same time. Illustratively, the input agents include a mimetic input agent based on a Secure Shell (SSH) Protocol and a mimetic input agent based on a Transmission Control Protocol (TCP) Protocol.
And the resolver is mainly used for receiving the response of each online heterogeneous executive and calling various intelligent resolving algorithms so as to make attack judgment and transmit dynamic scheduling signals. Illustratively, the voting modes of the arbitrator are mainly a large number vote, a global consistency vote, a strong HASH vote, a dynamic switching vote combining a weak HASH vote, and the like.
It can be understood that, in the embodiment of the present invention, the target device for customizing the type of the mimic device includes at least 3 heterogeneous executors, so that heterogeneous redundancy is required in view of the mimic defense itself, and for multiple mimic devices having the same class of executors, which may have the same vulnerability, an attacker may penetrate through multiple mimic devices having the same class of executors through one vulnerability; the probability that the same vulnerability exists in the mimicry equipment with a plurality of heterogeneous executives with larger dissimilarities is lower, and the probability that an attacker penetrates the mimicry equipment with a plurality of heterogeneous executives through one vulnerability is lower, so that the security of mimicry defense is improved.
For example, when determining a difference value between every two second devices in the plurality of second devices, a target attribute value corresponding to each second device may be determined according to a parameter and a parameter weight corresponding to each second device in the plurality of second devices; and determining the different values between every two second devices according to the target attribute values corresponding to the second devices.
Illustratively, the parameters corresponding to the second device may include hardware vendor, operating system device type, and the like, the parameters of the same device type are defined on a number sequence, and the difference of the parameter values is related to the a priori knowledge. For example, the operating system device model is defined as { Ubuntu 16.04, window 7, window 10} = {1,2,3}, and since Window 7 and Window 10 are from the same company, placing them in adjacent numbers means that the difference is smaller; the parameters of different device types correspond to a different weight.
After the parameters and the parameter weights corresponding to the second device are respectively determined, the parameters in all the parameters can be calculated, multiplied by the corresponding weights and then accumulated, and the superposition result is determined as a target attribute value corresponding to the second device; thus, after the target attribute values corresponding to the second devices are determined, for any two second devices, the absolute value of the difference between the target attribute values corresponding to the two second devices may be calculated, and the absolute value of the difference may be determined as the difference between the two second devices. It is clear that the larger the difference between the attribute values, the correspondingly larger the dissimilarity between the two second devices.
It is understood that, with the method according to the embodiment of the present invention, compared to setting a fixed value only according to the same or different parameters, for example, plotting the different value between Ubuntu 16.04 and Window 7 and the different value between Ubuntu 16.04 and Window 10 to be the same, the difference degree cannot be further refined, and with the method according to the embodiment of the present invention, the target attribute value is determined by the parameter and the parameter weight corresponding to the second device, and the different value is calculated according to the target attribute value, so that the difference degree can be divided into multiple levels by the different value, and thus the difference degree between two second devices can be effectively refined by multiple levels.
After the dissimilarity value between every two second devices is determined, a target number of preset devices can be determined from the plurality of second devices according to the dissimilarity value between every two second devices. For example, when a target number of preset devices are determined from the plurality of second devices according to the difference value between every two second devices, S1 may be executed first, and according to the difference value between every two second devices, a third device and a fourth device, which correspond to the maximum difference value, of the plurality of second devices may be determined as the preset devices, that is, two devices with the maximum difference value are determined first, then S2 is executed, and it is determined whether the number of the preset devices is equal to the target number; s3, determining the preset equipment as preset equipment with the target quantity under the condition that the target quantity is equal to the preset equipment with the target quantity; and S4, under the condition that the number of the preset devices is smaller than the target number, determining fifth devices from other devices except the third device and the fourth device in the plurality of second devices, updating the preset devices according to the fifth devices, wherein the updated preset devices comprise the fifth devices, determining the updated preset devices as the preset devices, repeatedly executing the S2-S4 until the number of the updated preset devices is equal to the target number, and determining the updated preset devices as the target number of the preset devices.
For example, when the fifth device is determined from other devices except the third device and the fourth device in the plurality of second devices, for each other device, a difference value between the other device and each preset device is determined, and a minimum difference value corresponding to the other device is determined according to the difference value between the other device and each preset device; and determining the fifth equipment from the other equipment according to the minimum dissimilarity value corresponding to each other equipment.
For example, in the embodiment of the present invention, when the fifth device is determined from the other devices according to the minimum variance values corresponding to the other devices, a maximum value of the minimum variance values may be determined according to the minimum variance values corresponding to the other devices; and determining other devices corresponding to the maximum value as fifth devices.
In the possible scene, the user needs to define the selection of the mimicry equipment, so that the user can select all equipment in the scene construction library according to the scene construction need by introducing the selection of the user-defined mimicry equipment, so that the required target equipment can be constructed, different types of target equipment can be simulated, the different types of target equipment can be used as target equipment in the mimicry defense scene, the target equipment can be enriched well, the diversity of the target equipment is improved, and various different virtual scenes can be constructed on the basis of the different types of target equipment simulated subsequently, so that abundant test scenes are provided for the mimicry defense; and the equipment in the scene construction library can be used for multiple purposes, the flexible splitting and combining of the equipment are realized, and the utilization rate of the equipment is improved.
In order to facilitate understanding of how to determine the target number of preset devices from the plurality of second devices according to the difference value between two second devices, an example will be described below. Assuming that there are 5 second devices, where the 5 second devices are respectively a device a, a device b, a device c, a device d, and a device e, and the target number is 3, when determining 3 preset devices as heterogeneous executors of the target device from the 5 second devices, the difference value between every two second devices in the 5 second devices may be calculated first, and assuming that the difference value between the device a and the device b is the largest, the device a and the device b are determined as the first two preset devices first, and since the number of the device a and the device b is 2 and is smaller than the target number 3, it is further necessary to screen one device from the device c, the device d, and the device e as the preset device. When the preset devices are screened from the device c, the device d, and the device e, the difference values between the device c and the device a and the device b, the difference values between the device d and the device a and the device b, and the difference values between the device e and the device a and the device b, respectively, may be calculated, as shown in the following table 1:
TABLE 1
Figure 259788DEST_PATH_IMAGE001
As shown in table 1, assuming that a dissimilarity value between the device c and the device a is c1, a dissimilarity value between the device c and the device b is c2, a dissimilarity value between the device d and the device a is d1, a dissimilarity value between the device d and the device b is d2, a dissimilarity value between the device e and the device a is e1, a dissimilarity value between the device e and the device b is e2, a dissimilarity value c2 is smaller than c1, a dissimilarity value d1 is smaller than d2, and a dissimilarity value e2 is smaller than e1, the dissimilarity value c2 is further compared with the dissimilarity value e2, the device c is determined as a third preset device, the previously determined preset device is updated, the updated preset devices include the device a, device b, and device c, and the preset number is 3, so that the device a, the device b, and the device c can be determined as 3 preset devices finally selected, that is a target device b, and a target device c.
It should be noted that, assuming that 4 preset devices need to be determined from 5 second devices, after the device a, the device b, and the device c are selected, after the 3 preset devices are selected, the device a, the device b, and the device c may be used as the first 3 selected preset devices, and different values between the device d and the device a, between the device b, and between the device d and the device c are respectively calculated, different values between the device e and the device a, between the device b, and between the device e and the device c are respectively calculated, and a preset device is further determined from the device d and the device e according to the different values, so that the number of the determined preset devices is equal to the target number. It can be understood that, similar to the above-mentioned method for determining the preset device c from the device c, the device d, and the device e according to the difference values between the device c and the device a and the device b, the difference value between the device d and the device a and the device b, and the difference value between the device e and the device a and the device b, respectively, according to the difference values between the device c and the device b, reference may be made to the above-mentioned related description, and here, the embodiment of the present invention is not described again.
In combination with the above three possible scenarios, for example, the three device types of the target device may be respectively represented by numbers 0, 1, and 2, and for example, as shown in fig. 3, fig. 3 is a schematic flow chart of determining the target device provided in the embodiment of the present invention, it is assumed that the received scenario construction indication includes the device type of the target device, a first field for indicating the device type of the target device, and a second field for indicating the number of mimicry devices and/or non-mimicry devices included in the target device. When the target equipment is determined from a preset scene building library according to the equipment type and the equipment type of the target equipment, assuming that a first field is 0, determining that the equipment type of the target equipment is a non-mimicry equipment type according to the first field 0, displaying all non-mimicry equipment with the same equipment type as the target equipment in the scene building library for a user to select, and determining the equipment corresponding to a selection instruction as the target equipment according to the selection instruction of the user; assuming that the first field is 1, determining that the device type of the target device is a mimicry device type according to the first field 1, displaying all mimicry devices with the same device type as the target device in a scene construction library for a user to select, and determining a device corresponding to a selection instruction as the target device according to the selection instruction of the user; assuming that the first field is 2, determining that the device type of the target device is the user-defined mimicry device type according to the first field 2, and determining the number of mimicry devices and/or non-mimicry devices included in the target device of the user-defined mimicry device type according to the second field; and then selecting the preset equipment with the largest difference according to a scheduling algorithm, and further constructing target equipment based on the preset equipment, the input/output agent and the resolver so as to determine the target equipment.
After the target device is determined from the preset scene building library according to the device type and the device type of the target device, a target virtual scene may be built based on the target device, that is, the following S103 is performed:
and S103, constructing a target virtual scene based on the target equipment.
For example, when a target virtual scene is constructed based on target devices, a corresponding scene template may be determined from a scene construction library according to the device types of the target devices, and the target devices are added to the field Jing Moban according to the location information of the devices in the scene template to obtain an initial scene; and then configuring the Internet protocol address of the target equipment in the initial scene to obtain a target virtual scene.
For example, when determining a corresponding scene template from a scene construction library according to the device type of the target device, it may be determined whether the scene construction library includes the scene template corresponding to the device type of the target device, and in the case of including, the scene template may be directly determined as the corresponding scene template; if the device type of the target device is not included, it may be determined whether a scene template corresponding to a device type close to the device type of the target device is included in the scene construction library, and if the scene template corresponding to the device type close to the device type of the target device is included, it may be determined that the scene template corresponding to the device type close to the device type of the target device is a corresponding scene template, and if the scene template corresponding to the device type close to the device type of the target device is not included, it may be determined that a general scene template is a corresponding scene template, and the setting may be specifically performed according to actual needs.
For example, after the internet protocol address of the target device in the initial scenario is configured, the network resource of the target device may also be initialized. When initializing the network resource of the target device, the device type selection of the target device can be judged first; if the equipment type of the target equipment is entity equipment, directly loading a configuration starting file to initialize network resources of the target equipment; and if the equipment type of the target equipment is the virtual equipment, starting the mirror image of the virtual equipment, and initializing the network resource of the target equipment according to the type selection of the mirror image equipment.
Exemplarily, when initializing a network resource of a target device according to a type selection of an image device, when the type selection of the image device is an image format supported by a Kernel-based Virtual Machine (KVM), the Virtual device may connect to a host through a serial port, and load a configuration start file from the host to initialize the network resource of the target device; when the type of the mirror image equipment is a mirror image format supported by an application container engine (Docker), judging whether a specified configuration starting file needs to be loaded or not, if the specified configuration starting file needs to be loaded, acquiring the specified configuration starting file from a host configuration management center through a container command line interface of the virtual equipment, and copying the specified configuration starting file to a configuration starting file storage path of the virtual equipment; and if the specified configuration starting file does not need to be loaded, loading a default configuration starting file through an external interface of the virtual equipment so as to initialize the network resource of the target equipment. Wherein the configuration start-up file is automatically generated by the target device.
The method comprises the steps of configuring an internet protocol address of target equipment in an initial scene, initializing network resources of the target equipment, performing machine starting test after a target virtual scene is obtained, mainly testing connectivity and usability of the target virtual scene, and storing the target virtual scene in a virtual scene construction platform after the target virtual scene passes the test.
It can be seen that, in the embodiment of the present invention, when a target virtual scene is constructed, an input scene construction instruction may be received first, where the scene construction instruction includes a device type of a target device required by the target virtual scene to be constructed and a first field for indicating a device type of the target device, the device type of the target device includes a mimicry device type, a non-mimicry device type, or a custom mimicry device type, and a target device of the custom mimicry device type includes a heterogeneous execution entity set whose dissimilar value is greater than a preset threshold; determining target equipment from a preset scene construction library according to the equipment type and equipment type selection of the target equipment; and then, a target virtual scene is constructed based on the target equipment, so that different virtual scenes can be flexibly constructed according to the construction requirements of users, and the flexibility of virtual scene construction is effectively improved.
In order to facilitate understanding of the method for constructing a virtual scene provided in the embodiment of the present invention, the method for constructing a virtual scene provided in the embodiment of the present invention will be described below by way of example.
When constructing a target virtual scene, a user generally determines a target virtual scene to be constructed according to actual construction requirements, and determines target devices required by the target virtual scene. Assuming that target devices required by a target virtual scene comprise a traditional firewall, a mimicry DNS, a mimicry Web server, a mimicry router, a mimicry distributed system, a mimicry firewall, a DNS and a mimicry host, when the target devices are determined from a scene construction library, whether the target devices are included in the scene construction library or not can be judged, and if the target devices are not included in the scene construction library, corresponding virtual machines and entity devices are added; and if the scene construction library comprises the target equipment, determining the traditional firewall, the mimicry DNS, the mimicry Web server and the mimicry router from the scene construction library one by one.
When determining a traditional firewall from the scene building library, the input scene building indication may include the device type of the target device, i.e., the firewall, the first field 0, and the second fields 0 and 0, for example, the scene building indication is described in the format of (firewall, 0,0,0); the first field 0 represents that the device type of the traditional firewall is a non-mimicry device type, the second field 0 represents that the target traditional firewall comprises 0 traditional firewalls, the second field 0 represents that the target traditional firewall comprises 0 mimicry firewalls, and the virtual scene construction platform displays all the traditional firewalls for the user to select, and determines the traditional firewall corresponding to the selection instruction as the selected traditional firewall.
When the mimicry DNS is determined from the scene building library, whether the existing mimicry DNS in the scene building library meets the requirement is determined, for example, when it is determined whether the existing mimicry DNS in the scene building library meets the requirement, the determination may be performed from the indexes of the number of execution entities, the device CPU, the device memory, the operating system, and the like, and in the case that the requirement is not met, the mimicry device, that is, the device type of the target device may be defined as the user-defined mimicry device type. Assuming that the mimicry DNS of the custom mimicry device model includes 3 conventional DNS devices, the input scene construction indication may include the device type of the target device, i.e., the domain name server, the first field 2, and the second fields 3 and 0, for example, the scene construction indication is described in the format of (domain name server, 2,3,0); wherein, the second field 3 represents that the mimicry DNS of the custom mimicry device model comprises 3 traditional DNS, and the second field 0 represents that the mimicry DNS of the custom mimicry device model comprises 0 mimicry DNS. The resource scheduling module calls a scheduling algorithm to determine the dissimilarity value between every two traditional DNS in all the traditional DNS in the scene construction library; determining 2 traditional DNS with the largest dissimilarity from all traditional DNS according to dissimilarity values between every two traditional DNS; then in other traditional DNS calculation, each traditional DNS respectively with the greatest dissimilarity between 2 traditional DNS difference values, and according to each traditional DNS respectively with the greatest dissimilarity between two traditional DNS difference values, from other traditional DNS selection a traditional DNS, the 3 traditional DNS can be used as the self-defined mimicry device selection type of the mimicry DNS in 3 heterogeneous executors; and then selecting an input/output agent and a resolver corresponding to the 3 heterogeneous executives, and constructing a mimicry DNS for the type selection of the custom mimicry equipment according to the 3 heterogeneous executives, the input/output agent and the resolver.
When the mimicry Web server is determined from the scene construction library, whether the existing mimicry Web server in the scene construction library meets the requirement is judged, under the condition that the requirement is met, the virtual scene construction platform displays all the mimicry Web servers to a user for the user to select, and the mimicry Web server corresponding to the selection instruction is determined as the selected mimicry Web server.
When the mimicry router is determined from the scene building library, whether the existing mimicry router in the scene building library meets the requirement or not is judged, and the mimicry equipment can be defined under the condition that the requirement is not met, namely the equipment type of the target equipment is the user-defined mimicry equipment type. Assuming that the mimic router of the custom mimic device model includes 2 legacy routers and 1 mimic router, the input scene construction indication may include the device type of the target device, i.e., the router, the first field 2, and the second fields 2 and 1, for example, describing the scene construction indication in the format of (router, 2,2,1); the second field 2 represents that the mimic router of the user-defined mimic device model comprises 2 traditional routers, and the second field 1 represents that the mimic router of the user-defined mimic device model comprises 1 mimic router. When 2 traditional routers are determined, the resource scheduling module calls a scheduling algorithm to determine the dissimilarity value between every two traditional routers in all the traditional routers in the scene construction library; determining 2 traditional routers with the largest dissimilarity from all traditional routers according to dissimilarity values between every two traditional routers, and determining the 2 traditional routers with the largest dissimilarity as the selected 2 traditional routers; determining any one mimic router in the scene construction library as 1 selected mimic router, wherein the 2 traditional routers and the 1 mimic router can be used as 3 heterogeneous executors in the mimic router selected by the user-defined mimic device; and then selecting the input/output agent and the resolver corresponding to the 3 heterogeneous executives, and constructing the self-defined mimic router of the mimic device model according to the 3 heterogeneous executives, the input/output agent and the resolver.
After a traditional firewall, a mimicry DNS, a mimicry Web server, a mimicry router, a mimicry distributed system, a mimicry firewall, a DNS and a mimicry host which correspond to a target virtual scene are respectively determined, a corresponding scene template can be determined from a scene construction library according to the device types of the target devices, and if a plurality of scene templates are determined, the plurality of scene templates can be output to a user, so that the user selects one scene template to be used from the plurality of scene templates, and the target devices are added into a field Jing Moban according to the position information of the devices in the scene template to be used to obtain an initial scene; the internet protocol address of the target device in the initial scene is configured to obtain the target virtual scene, for example, as shown in fig. 4, fig. 4 is a schematic diagram of the target virtual scene provided in the embodiment of the present invention, it can be seen that the target virtual scene includes a plurality of target devices, so that different virtual scenes can be flexibly constructed according to the construction requirements of the user, thereby effectively improving the flexibility of virtual scene construction.
The following describes the target virtual scene constructing apparatus provided by the present invention, and the target virtual scene constructing apparatus described below and the target virtual scene constructing method described above may be referred to in correspondence with each other.
Fig. 5 is a schematic structural diagram of a target virtual scene constructing apparatus 50 according to an embodiment of the present invention, and for example, please refer to fig. 5, the target virtual scene constructing apparatus 50 may include:
a receiving unit 501, configured to receive an input scene construction instruction; the construction instruction comprises a device type and a first field of target devices required by a target virtual scene to be constructed; the first field is used for indicating the device type selection of the target device, the device type selection of the target device comprises a mimicry device type selection, a non-mimicry device type selection or a custom mimicry device type selection, and the target device of the custom mimicry device type selection comprises a heterogeneous execution body set with a dissimilar value larger than a preset threshold value.
The processing unit 502 is configured to determine the target device from a preset scene building library according to the device type and the device type of the target device.
A constructing unit 503, configured to construct a target virtual scene based on the target device.
Optionally, in a case that the device type of the target device is a non-mimic device type or a mimic device type, the processing unit 502 is specifically configured to determine and display a plurality of first devices that are the same as the device type and have the same device type from the scene construction library according to the device type and the device type of the target device; and according to the selection instructions of the plurality of first devices, determining the first device corresponding to the selection instructions as the target device.
Optionally, in a case that the device type of the target device is a custom mimic device type, the scene construction indication further includes a second field, where the second field is used to indicate a target number of preset devices included in the target device, and the preset devices include non-mimic devices and/or mimic devices.
A processing unit 502, configured to determine, according to the device type of the target device, a plurality of second devices with the same device type from the scene building library when it is determined that the number of non-mimetic devices or the number of mimetic devices is at least two based on the second field, and determine a difference value between every two second devices of the plurality of second devices; determining a target number of preset devices from the plurality of second devices according to the dissimilarity value between every two second devices, wherein the target number of preset devices are heterogeneous executive sets of the target devices; and determining an input/output agent and a resolver corresponding to the heterogeneous executive body set from the scene building library, and building a target device based on the heterogeneous executive body set, the input/output agent and the resolver.
Optionally, the processing unit 502 is specifically configured to determine, according to a parameter and a parameter weight corresponding to each second device in the plurality of second devices, a target attribute value corresponding to each second device; and determining the different values between every two second devices according to the target attribute values corresponding to the second devices.
Optionally, the processing unit 502 is specifically configured to, in step S1, determine, as preset devices, a third device and a fourth device, which correspond to a maximum dissimilarity value in the multiple second devices, according to the dissimilarity value between every two second devices; s2, judging whether the number of the preset devices is equal to the target number or not; s3, determining the preset equipment as the preset equipment with the target quantity under the condition that the preset equipment is equal to the target quantity; and S4, under the condition that the number of the preset devices is smaller than the target number, determining fifth devices from other devices except the third device and the fourth device in the plurality of second devices, updating the preset devices according to the fifth devices, wherein the updated preset devices comprise the fifth devices, determining the updated preset devices as the preset devices, repeatedly executing the S2-S4 until the number of the updated preset devices is equal to the target number, and determining the updated preset devices as the target number of the preset devices.
Optionally, the processing unit 502 is specifically configured to, for each other device, respectively determine a difference value between each preset device and each other device, and determine a minimum difference value corresponding to each other device according to the difference value between each preset device and each other device; and determining the fifth equipment from the other equipment according to the minimum dissimilarity value corresponding to each other equipment.
Optionally, the processing unit 502 is specifically configured to determine a maximum value of the multiple minimum variance values according to the minimum variance values corresponding to each other device; and determining other equipment corresponding to the maximum value as fifth equipment.
Optionally, the constructing unit 503 is specifically configured to determine a corresponding scene template from the scene construction library according to the device type of the target device, and add the target device to the field Jing Moban according to the location information of the device in the scene template to obtain an initial scene; and configuring the Internet protocol address of the target equipment in the initial scene to obtain a target virtual scene.
The apparatus 50 for constructing a target virtual scene provided in the embodiment of the present invention may execute the technical solution of the method for constructing a target virtual scene in any of the above embodiments, and its implementation principle and beneficial effect are similar to those of the method for constructing a target virtual scene, and reference may be made to the implementation principle and beneficial effect of the method for constructing a target virtual scene, which are not described herein again.
Fig. 6 illustrates a physical structure diagram of an electronic device, which may include, as shown in fig. 6: a processor (processor) 601, a communication Interface (Communications Interface) 602, a memory (memory) 603 and a communication bus 604, wherein the processor 601, the communication Interface 602 and the memory 603 complete communication with each other through the communication bus 604. The processor 601 may call the logic instructions in the memory 603 to execute a method of constructing a target virtual scene, the method comprising: receiving an input scene construction indication; the construction instruction comprises a device type and a first field of target devices required by a target virtual scene to be constructed; the first field is used for indicating the device type selection of the target device, the device type selection of the target device comprises a mimicry device type selection, a non-mimicry device type selection or a custom mimicry device type selection, and the target device of the custom mimicry device type selection comprises a heterogeneous execution body set of which the dissimilar value is greater than a preset threshold value; determining target equipment from a preset scene construction library according to the equipment type and the equipment type selection of the target equipment; and constructing a target virtual scene based on the target equipment.
In addition, the logic instructions in the memory 603 may be implemented in the form of software functional units and stored in a computer readable storage medium when the logic instructions are sold or used as independent products. Based on such understanding, the technical solution of the present invention or a part thereof which substantially contributes to the prior art may be embodied in the form of a software product, which is stored in a storage medium and includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
In another aspect, the present invention further provides a computer program product, where the computer program product includes a computer program, the computer program can be stored on a non-transitory computer readable storage medium, and when the computer program is executed by a processor, a computer can execute the method for constructing a target virtual scene provided by the above methods, where the method includes: receiving an input scene construction instruction; the construction instruction comprises a device type and a first field of target devices required by a target virtual scene to be constructed; the first field is used for indicating the device type selection of the target device, the device type selection of the target device comprises mimicry device type selection, non-mimicry device type selection or custom mimicry device type selection, and the target device of the custom mimicry device type selection comprises a heterogeneous execution body set of which the dissimilar value is greater than a preset threshold value; determining target equipment from a preset scene construction library according to the equipment type and the equipment type selection of the target equipment; and constructing a target virtual scene based on the target equipment.
In another aspect, the present invention also provides a non-transitory computer-readable storage medium, on which a computer program is stored, where the computer program is implemented by a processor to execute the method for constructing a target virtual scene provided by the above methods, where the method includes: receiving an input scene construction indication; the construction instruction comprises a device type and a first field of target devices required by a target virtual scene to be constructed; the first field is used for indicating the device type selection of the target device, the device type selection of the target device comprises a mimicry device type selection, a non-mimicry device type selection or a custom mimicry device type selection, and the target device of the custom mimicry device type selection comprises a heterogeneous execution body set of which the dissimilar value is greater than a preset threshold value; determining target equipment from a preset scene construction library according to the equipment type and the equipment selection type of the target equipment; and constructing a target virtual scene based on the target equipment.
The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment may be implemented by software plus a necessary general hardware platform, and may also be implemented by hardware. With this understanding in mind, the above-described technical solutions may be embodied in the form of a software product, which can be stored in a computer-readable storage medium such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods described in the embodiments or some parts of the embodiments.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.

Claims (11)

1. A method for constructing a target virtual scene is characterized by comprising the following steps:
receiving an input scene construction instruction; the construction instruction comprises a device type and a first field of target equipment required by a target virtual scene to be constructed; the first field is used for indicating the device type of the target device, the device type of the target device comprises a mimicry device type, a non-mimicry device type or a custom mimicry device type, and the target device of the custom mimicry device type comprises a heterogeneous execution body set with a different value larger than a preset threshold value;
determining the target equipment from a preset scene construction library according to the equipment type and the equipment type selection of the target equipment;
and constructing the target virtual scene based on the target equipment.
2. The method for constructing a target virtual scene according to claim 1, wherein in a case that the device type of the target device is a non-mimic device type or a mimic device type, the determining the target device from a preset scene construction library according to the device type and the device type of the target device includes:
determining and displaying a plurality of first devices which are the same as the device types and the device types from the scene construction library according to the device types and the device types of the target devices;
and according to the selection instructions of the plurality of first devices, determining the first device corresponding to the selection instructions as the target device.
3. The method for constructing the target virtual scene according to claim 1 or 2, wherein in a case that the device type of the target device is a custom mimicry device type, the scene construction indication further includes a second field, the second field is used for indicating a target number of preset devices included in the target device, and the preset devices include non-mimicry devices and/or mimicry devices;
wherein, the determining the target device from a preset scene building library according to the device type and the device selection type of the target device includes:
under the condition that the number of non-mimicry devices or the number of mimicry devices is determined to be at least two based on the second field, according to the device type of the target device, determining a plurality of second devices with the same device type from the scene construction library, and determining different values between every two second devices in the plurality of second devices;
determining the target number of preset devices from the plurality of second devices according to the dissimilarity value between every two second devices, wherein the target number of preset devices is a heterogeneous execution set of the target devices;
and determining an input/output agent and a resolver corresponding to the heterogeneous executive body set from a scene construction library, and constructing the target equipment based on the heterogeneous executive body set, the input/output agent and the resolver.
4. The method for constructing a target virtual scene according to claim 3, wherein the determining the dissimilarity value between two second devices of the plurality of second devices comprises:
determining a target attribute value corresponding to each second device according to the parameter and the parameter weight corresponding to each second device in the plurality of second devices;
and determining a dissimilarity value between every two second devices according to the target attribute value corresponding to each second device.
5. The method for constructing a target virtual scene according to claim 3, wherein the determining the target number of preset devices from the plurality of second devices according to the dissimilarity value between each two second devices comprises:
s1, according to the dissimilarity value between every two second devices, determining a third device and a fourth device corresponding to the maximum dissimilarity value in the plurality of second devices as the preset devices;
s2, judging whether the number of the preset devices is equal to the target number or not;
s3, determining the preset equipment as the preset equipment with the target quantity under the condition that the preset equipment is equal to the target quantity;
and S4, under the condition that the number of the preset devices is smaller than the target number, determining fifth devices from other devices except the third devices and the fourth devices in the plurality of second devices, updating the preset devices according to the fifth devices, determining the updated preset devices to be the fifth devices, repeatedly executing the S2-S4 until the number of the updated preset devices is equal to the target number, and determining the updated preset devices to be the preset devices with the target number.
6. The method for constructing a target virtual scene according to claim 5, wherein the determining a fifth device from the devices other than the third device and the fourth device in the plurality of second devices comprises:
respectively determining the dissimilarity values between the other equipment and each preset equipment aiming at each other equipment, and determining the minimum dissimilarity value corresponding to the other equipment according to the dissimilarity values between the other equipment and each preset equipment;
and determining the fifth device from the other devices according to the minimum dissimilarity value corresponding to each other device.
7. The method for constructing a target virtual scene according to claim 6, wherein the determining the fifth device from the other devices according to the minimum dissimilarity value corresponding to each other device includes:
determining the maximum value of the minimum dissimilarity values according to the minimum dissimilarity values corresponding to the other devices;
and determining other equipment corresponding to the maximum value as the fifth equipment.
8. The method for constructing the target virtual scene according to claim 1 or 2, wherein the constructing the target virtual scene based on the target device comprises:
determining a corresponding scene template from the scene construction library according to the device type of the target device, and adding the target device into the scene template according to the position information of the device in the scene template to obtain an initial scene;
and configuring the Internet protocol address of the target equipment in the initial scene to obtain the target virtual scene.
9. An apparatus for constructing a target virtual scene, comprising:
a receiving unit configured to receive an input scene construction instruction; the construction instruction comprises a device type and a first field of target devices required by a target virtual scene to be constructed; the first field is used for indicating the device type of the target device, the device type of the target device comprises a mimicry device type, a non-mimicry device type or a custom mimicry device type, and the target device of the custom mimicry device type comprises a heterogeneous execution body set with a different value larger than a preset threshold value;
the processing unit is used for determining the target equipment from a preset scene construction library according to the equipment type and the equipment type selection of the target equipment;
a construction unit, configured to construct the target virtual scene based on the target device.
10. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the method of constructing the target virtual scene according to any one of claims 1 to 8 when executing the program.
11. A non-transitory computer-readable storage medium, on which a computer program is stored, wherein the computer program, when executed by a processor, implements the method for constructing a target virtual scene according to any one of claims 1 to 8.
CN202211431107.2A 2022-11-16 2022-11-16 Method and device for constructing target virtual scene and electronic equipment Active CN115499323B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211431107.2A CN115499323B (en) 2022-11-16 2022-11-16 Method and device for constructing target virtual scene and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211431107.2A CN115499323B (en) 2022-11-16 2022-11-16 Method and device for constructing target virtual scene and electronic equipment

Publications (2)

Publication Number Publication Date
CN115499323A CN115499323A (en) 2022-12-20
CN115499323B true CN115499323B (en) 2023-03-24

Family

ID=85115856

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211431107.2A Active CN115499323B (en) 2022-11-16 2022-11-16 Method and device for constructing target virtual scene and electronic equipment

Country Status (1)

Country Link
CN (1) CN115499323B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117097560B (en) * 2023-10-17 2023-12-26 北京开运联合信息技术集团股份有限公司 Virtualized attack-defense countermeasure environment construction method

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1004987A1 (en) * 1998-11-27 2000-05-31 France Telecom Method and system for generating virtual scenes
CN107358105A (en) * 2017-06-01 2017-11-17 上海红阵信息科技有限公司 Isomery function equivalence body phase opposite sex measuring method, distribution method, device and equipment
CN114363187A (en) * 2021-07-16 2022-04-15 网络通信与安全紫金山实验室 Deployment method and system of virtual industrial equipment nodes

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1004987A1 (en) * 1998-11-27 2000-05-31 France Telecom Method and system for generating virtual scenes
CN107358105A (en) * 2017-06-01 2017-11-17 上海红阵信息科技有限公司 Isomery function equivalence body phase opposite sex measuring method, distribution method, device and equipment
CN114363187A (en) * 2021-07-16 2022-04-15 网络通信与安全紫金山实验室 Deployment method and system of virtual industrial equipment nodes

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
6G网络内生安全新范式探讨(英文);季新生等;《Frontiers of Information Technology & Electronic Engineering》;20221003;全文 *
A Survey on Trust Models in Heterogeneous Networks;Jie Wang等;《IEEE Communications Surveys & Tutorials》;20220721;全文 *
基于领域专用软硬件协同的多模态网络环境构造技术;胡宇翔等;《通信学报》;20220420;全文 *

Also Published As

Publication number Publication date
CN115499323A (en) 2022-12-20

Similar Documents

Publication Publication Date Title
US9680867B2 (en) Network stimulation engine
EP3574965A1 (en) Method for realizing user matching and related device
CN111555913A (en) Simulation method, system, electronic device and storage medium for simulating real network environment based on virtualization
CN111064749B (en) Network connection method, device and storage medium
CN115499323B (en) Method and device for constructing target virtual scene and electronic equipment
US10846377B2 (en) Secure file sharing using semantic watermarking
US20220280870A1 (en) Method, apparatus, device, and storage medium, and program product for displaying voting result
CN112491789B (en) OpenStack framework-based virtual firewall construction method and storage medium
US11349724B2 (en) Predictive analysis in a software defined network
Rathore Performance of hybrid load balancing algorithm in distributed web server system
CN110197075A (en) Resource access method, calculates equipment and storage medium at device
CN110784515A (en) Data storage method based on distributed cluster and related equipment thereof
CN112333289A (en) Reverse proxy access method, device, electronic equipment and storage medium
CN116431282A (en) Cloud virtual host server management method, device, equipment and storage medium
EP3059692A1 (en) System and method for antivirus checking of objects from a plurality of virtual machines
CN114745280B (en) Asset information management method, device, equipment and readable storage medium
CN114257506B (en) Network target range construction method and device, back-end server and readable storage medium
CN114629682B (en) Industrial control network target range allocation method, device, terminal and storage medium
CN114172815A (en) Behavior traffic transmission method and device, computer equipment and computer readable storage medium
CN115334698B (en) Construction method, device, terminal and medium of target 5G safety network of target range
CN109600657B (en) Object control method, device, terminal and storage medium
US20170164153A1 (en) Distance display method based on social networking application, terminal, and server
US11935101B2 (en) Programming verification rulesets visually
CN108540440A (en) DDOS attack solution, server and computer readable storage medium
CN117932624B (en) System and method for constructing virtual network security function chain

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant