CN115952496A - Defense method, device, equipment and storage medium - Google Patents
Defense method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN115952496A CN115952496A CN202310108532.6A CN202310108532A CN115952496A CN 115952496 A CN115952496 A CN 115952496A CN 202310108532 A CN202310108532 A CN 202310108532A CN 115952496 A CN115952496 A CN 115952496A
- Authority
- CN
- China
- Prior art keywords
- defense
- tool
- target
- strategy
- image
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention belongs to the field of computers, and discloses a defense method, a defense device, defense equipment and a defense storage medium. The method comprises the following steps: determining a defense strategy according to the defense requirement and the defense tool information; performing environment conflict detection on the defense strategy according to an execution environment influence table corresponding to the defense tool in the defense tool information to obtain a conflict detection result; determining a target defense strategy according to the conflict detection result, and constructing a defense mirror image according to the target defense strategy; and sending the defense image to a target terminal so that the target terminal performs defense according to the defense image. The invention determines the defense strategy according to the defense requirement and the defense tool information; and detecting the environmental conflict of the defense strategy to determine a target defense strategy. Compared with the existing mode of manually installing and deploying the defense tools, the mode provided by the invention can improve the defense efficiency and avoid defense conflicts caused by the cross use of the defense tools.
Description
Technical Field
The present invention relates to the field of computer technologies, and in particular, to a defense method, apparatus, device, and storage medium.
Background
When the existing shooting range blue-side user executes the security defense operation, the following problems are encountered inevitably: the security defense operation still mainly depends on manual installation, deployment, document-based operation and use of defense tools, which will present challenges to repeated deployment in batches and encounter the problem of defense strategy conflict due to cross use of defense tools, resulting in low defense efficiency. Therefore, how to improve defense efficiency is a technical problem to be solved is only to assist understanding of the technical solution of the present invention, and does not represent an admission that the above is the prior art.
Disclosure of Invention
The invention mainly aims to provide a defense method, a defense device, defense equipment and a defense storage medium, and aims to solve the technical problems that defense strategies are easy to conflict and defense efficiency is low due to the fact that defense tools are used in a crossed mode in the prior art.
To achieve the above object, the present invention provides a defense method, comprising the steps of:
determining a defense strategy according to the defense requirement and defense tool information;
performing environment conflict detection on the defense strategy according to an execution environment influence table corresponding to the defense tool in the defense tool information to obtain a conflict detection result;
determining a target defense strategy according to the conflict detection result, and constructing a defense mirror image according to the target defense strategy;
and sending the defense image to a target terminal so that the target terminal performs defense according to the defense image.
Optionally, the step of performing environment conflict detection on the defense strategy according to the execution environment influence table corresponding to the defense tool in the defense tool information to obtain a conflict detection result includes:
determining a target defense tool involved in the defense strategy;
determining an execution environment influence table corresponding to the target defense tool according to the defense tool information;
and judging whether the defense strategy has an environmental conflict during execution according to the execution environment influence table, and generating a conflict detection result.
Optionally, the step of determining a target defense policy according to the collision detection result includes:
when the conflict detection result indicates that no conflict exists, taking the defense strategy as a target defense strategy;
and when the conflict detection result indicates that a conflict exists, determining a target defense strategy according to the conflict detection result, the defense requirement and the defense tool information.
Optionally, the step of constructing a defense image according to the target defense policy includes:
determining a defense tool storage position and a tool running script path corresponding to the target defense strategy according to the defense tool information;
and constructing a defense image according to the defense tool storage position and the tool running script path.
Optionally, the step of sending the defense image to a target terminal to enable the target terminal to perform defense according to the defense image includes:
storing the defense image to an image repository;
generating a deployment task according to the defense requirement and the mirror image warehouse;
receiving a task obtaining request sent by a target terminal, and determining a deployment task corresponding to the target terminal according to the task obtaining request;
and sending the deployment task to the target terminal so that the target terminal issues the deployment task for defense.
Optionally, after the step of receiving the task obtaining request sent by the target terminal, the method further includes:
and completing protocol upgrading according to the protocol upgrading information in the task acquisition request, and communicating with the target terminal according to the upgraded protocol.
Optionally, after the step of sending the defense image to a target terminal to enable the target terminal to perform defense according to the defense image, the method further includes:
receiving a defense tool execution result sent by the target terminal;
and generating a defense tool operation statistical result according to the defense tool execution result.
Further, to achieve the above object, the present invention also provides a defense apparatus, comprising:
the defense strategy determining module is used for determining a defense strategy according to the defense requirement and the defense tool information;
the conflict detection module is used for carrying out environment conflict detection on the defense strategy according to an execution environment influence table corresponding to the defense tool in the defense tool information to obtain a conflict detection result;
the defense mirror image construction module is used for determining a target defense strategy according to the conflict detection result and constructing a defense mirror image according to the target defense strategy;
and the defense module is used for sending the defense image to a target terminal so that the target terminal performs defense according to the defense image.
In addition, to achieve the above object, the present invention also proposes a defense apparatus, the apparatus including: a memory, a processor and a defense program stored on the memory and executable on the processor, the defense program configured to implement the steps of the defense method as described above.
In addition, to achieve the above object, the present invention further proposes a storage medium having a defense program stored thereon, the defense program implementing the steps of the defense method as described above when executed by a processor.
The method determines a defense strategy according to defense requirements and defense tool information; performing environment conflict detection on the defense strategy according to an execution environment influence table corresponding to the defense tool in the defense tool information to obtain a conflict detection result; determining a target defense strategy according to the conflict detection result, and constructing a defense mirror image according to the target defense strategy; and sending the defense image to a target terminal so that the target terminal performs defense according to the defense image. The invention determines the defense strategy according to the defense requirement and the defense tool information; and detecting the environmental conflict of the defense strategy to determine a target defense strategy. Compared with the existing mode of manually installing and deploying the defense tools, the mode provided by the invention can improve the defense efficiency and avoid defense conflicts caused by the cross use of the defense tools.
Drawings
Fig. 1 is a schematic structural diagram of a defense device of a hardware operating environment according to an embodiment of the present invention;
FIG. 2 is a schematic flow chart of a defense method according to a first embodiment of the present invention;
FIG. 3 is a D3FENDOWL ontology model diagram according to a first embodiment of the defense method of the present invention;
FIG. 4 is an execution environment influence table of the first embodiment of the defense method of the present invention;
FIG. 5 is a flowchart illustrating a second embodiment of the defense method of the present invention;
FIG. 6 is a block diagram of a first embodiment of the defense apparatus of the present invention.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Referring to fig. 1, fig. 1 is a schematic structural diagram of a defense device of a hardware operating environment according to an embodiment of the present invention.
As shown in fig. 1, the defense device may include: a processor 1001, such as a Central Processing Unit (CPU), a communication bus 1002, a user interface 1003, a network interface 1004, and a memory 1005. Wherein a communication bus 1002 is used to enable connective communication between these components. The user interface 1003 may include a Display (Display), an input unit such as a Keyboard (Keyboard), and the optional user interface 1003 may also include a standard wired interface, a wireless interface. The network interface 1004 may optionally include a standard wired interface, a Wireless interface (e.g., a Wireless-Fidelity (WI-FI) interface). The Memory 1005 may be a Random Access Memory (RAM) or a Non-Volatile Memory (NVM), such as a disk Memory. The memory 1005 may alternatively be a storage device separate from the processor 1001.
Those skilled in the art will appreciate that the configuration shown in FIG. 1 does not constitute a limitation of the defence device, and may include more or fewer components than those shown, or some components may be combined, or a different arrangement of components.
As shown in fig. 1, a memory 1005, which is a kind of storage medium, may include therein an operating system, a network communication module, a user interface module, and a defense program.
In the defense apparatus shown in fig. 1, the network interface 1004 is mainly used for data communication with a network server; the user interface 1003 is mainly used for data interaction with a user; the processor 1001 and the memory 1005 in the defense apparatus of the present invention may be provided in the defense apparatus, and the defense apparatus calls the defense program stored in the memory 1005 through the processor 1001 and executes the defense method provided by the embodiment of the present invention.
Based on the defense device, an embodiment of the present invention provides a defense method, and referring to fig. 2, fig. 2 is a schematic flow diagram of a first embodiment of the defense method of the present invention.
In this embodiment, the defense method includes the following steps:
step S10: and determining a defense strategy according to the defense requirement and the defense tool information.
It should be noted that the execution subject of the embodiment may be a computing service device with data processing, network communication and program running functions, such as a mobile phone, a tablet computer, a personal computer, etc., or an electronic device or a defense device capable of implementing the above functions. The present embodiment and the following embodiments will be described below by taking the defense apparatus as an example.
It should be noted that the defense requirements may include defense requirements determined according to historical attack information of each virtual machine or system that needs to be defended, defense information summarized according to the functional information of the virtual machine, and defense information obtained according to experience of a user. The defense tool information may be information including a defense technology corresponding to each defense tool and a tool name, a tool ID, a body ID, an adaptation platform, an adaptation system version number, a defense tool storage path, and the like of the defense tool, which is generated by creating a D3 fendlow ontology model using Prot g and associating a defense tactics and a basic technology, a basic technology and a defense technology, and an attribution relationship between the defense technology and the tool before the defense technology and the tool according to the created D3 fendlow ontology model. The defense tool information can be put into a MySQL database, and the defense tool is stored in a ceph distributed file system. In order to use the defense tool, the Windows-series platform-oriented tool is required to record the operation script of the AutoHotkey defense tool, construct the operation script of the Shell defense tool facing the Linux-series platform tool, and update the operation script to the ceph distributed file system so as to operate the defense tool. Referring to fig. 3, fig. 3 is a D3FEND OWL ontology model diagram according to a first embodiment of the defense method of the present invention; the reinforcement, detection, isolation, deception and exclusion in fig. 3 are defense tactics, the last adbhone, clscoasa, coupon and the like are defense tools, and a D3FEND OWL body model diagram is obtained according to collected defense tactic information and defense tool information and through continuous updating, so as to determine the defense tool information. The defense strategy can be formed by combining and arranging defense tools according to the defense requirements and the defense tool information and combining the defense tools according to the defense tool information according to a time sequence.
Step S20: and performing environment conflict detection on the defense strategy according to an execution environment influence table corresponding to the defense tool in the defense tool information to obtain a conflict detection result.
It should be noted that the execution environment influence table may be an environment parameter that the defense tool may influence when executing. The fields in the execution environment impact table may include: the tool name, the tool ID, the relative path of the running script of the defense tool, and the dynamically added environment type and environment path field according to the system environment influenced by the defense tool during the execution are used for detecting the environmental conflict of the defense tool. The performing of the environmental conflict detection on the defense strategy according to the execution environment influence table corresponding to the defense tools in the defense tool information may be determining whether an environmental conflict exists in each defense tool in the defense strategy during execution according to the execution environment influence table. The execution environment influence table can be stored in an unstructured MongoDB database, and the subsequent addition of the dynamic environment type and each field can be facilitated. Specifically, referring to fig. 4, fig. 4 is an execution environment influence table of the first embodiment of the defense method of the present invention, and the defense tool environment variable mapping table in fig. 4 is the execution environment influence table. L1, L2, L3 in fig. 4 are used to characterize the environment, the first column tool-name is the name of the tool, and true in the table is used to characterize that its corresponding tool will affect its corresponding environment when executed. For example, the second column, second row, true in the table may be understood as the tool, portsilolock, when executed, may affect the L1 environment. The environment variable mapping table in fig. 4 stores types and initial values corresponding to respective environments. Basic information of the affected environment may be further determined. And generating a conflict detection result.
Further, in order to avoid the environmental conflict when the defense policy is executed, the step S20 may include: determining a target defense tool involved in the defense strategy; determining an execution environment influence table corresponding to the target defense tool according to the defense tool information; and judging whether the defense strategy has an environmental conflict during execution according to the execution environment influence table, and generating a conflict detection result.
It is noted that the target defense tool may be a defense tool included in the defense strategy.
Step S30: and determining a target defense strategy according to the conflict detection result, and constructing a defense mirror image according to the target defense strategy.
It should be noted that, the determining a target defense policy according to the collision detection result may be to use the defense policy as a target defense policy when the collision detection result indicates that no collision exists; and when the conflict detection result indicates that a conflict exists, re-determining the defense strategy. The constructing of the defense image according to the target defense strategy may be constructing the defense image according to information of each defense tool in the target defense strategy.
Further, in order to avoid an environmental conflict caused by each defense tool in the defense strategies during execution, the determining a target defense strategy according to the conflict detection result may be to use the defense strategy as a target defense strategy when the conflict detection result indicates that no conflict exists; and when the conflict detection result indicates that a conflict exists, determining a target defense strategy according to the conflict detection result, the defense requirement and the defense tool information, namely re-determining the defense strategy.
Further, in order to improve the use efficiency of the defense strategy, the constructing of the defense image according to the target defense strategy may be determining a defense tool storage location and a tool running script path corresponding to the target defense strategy according to the defense tool information; and constructing a defense image according to the defense tool storage position and the tool running script path.
It should be noted that the tool run script path may be a storage path of a run script of the defense tool corresponding to the target defense policy. Different systems can construct the running script of the defense tool according to different modes, for example, the running script of the automatic Hotkey defense tool is recorded facing a Windows series platform tool, and the running script of the Shell defense tool is constructed facing a Linux series platform tool. Specifically, a Dockerfile can be dynamically generated according to a tool storage location and a tool running script path, and a mirror image can be constructed according to the generated Dockerfile, where the Dockerfile is a construction file for constructing a docker mirror image.
Step S40: and sending the defense image to a target terminal so that the target terminal performs defense according to the defense image.
It should be noted that the target terminal may be a virtual machine or other system that needs to be protected according to a protection policy in the protection image.
The embodiment determines a defense strategy according to defense requirements and defense tool information; performing environment conflict detection on the defense strategy according to an execution environment influence table corresponding to the defense tool in the defense tool information to obtain a conflict detection result; determining a target defense strategy according to the conflict detection result, and constructing a defense mirror image according to the target defense strategy; and sending the defense image to a target terminal so that the target terminal performs defense according to the defense image. The defense strategy is determined according to the defense requirement and the defense tool information; and detecting the environmental conflict of the defense strategy to determine a target defense strategy. Compared with the existing mode of manually installing and deploying the defense tools, the mode of the embodiment can improve the defense efficiency and avoid defense conflicts caused by the cross use of the defense tools.
Referring to fig. 5, fig. 5 is a flowchart illustrating a defense method according to a second embodiment of the present invention.
Based on the first embodiment described above, in the present embodiment, the step S40 includes:
step S401: storing the defending image to an image repository.
It should be noted that, storing the defense image to the image repository may be pushing the defense image to the image repository, so that the target terminal selects an image that can match the target terminal from the image repository, and maps the image to a local path for defense.
Step S402: and generating a deployment task according to the defense requirement and the mirror image warehouse.
It should be noted that the deployment task may be a task deployed in the target terminal to monitor the execution condition of each defense tool. The defense requirements may also include a need to monitor the performance of individual defense tools.
Step S403: receiving a task obtaining request sent by a target terminal, and determining a deployment task corresponding to the target terminal according to the task obtaining request.
It should be noted that the task obtaining request may be a request for obtaining a defense policy, which is sent by the target terminal to the defense device, and the defense device may determine the defense policy to be pulled by the target terminal in the task obtaining request and send the defense policy to the target terminal when receiving the task obtaining request. The defense device can also determine a deployment task corresponding to the target terminal according to the task acquisition request, so that the target terminal issues the deployment task to monitor the execution condition of each defense tool in the deployment task.
Further, in order to reduce the resource overhead in the information transfer process, after step S403, the method further includes: and completing protocol upgrading according to the protocol upgrading information in the task acquisition request, and communicating with the target terminal according to the upgraded protocol.
It should be noted that the protocol Upgrade is completed according to the protocol Upgrade information in the task acquisition request, and the protocol Upgrade information carried in the task acquisition request, namely, upgrad, webSocket, and the appended randomly generated check value and Version information Sec-WebSocket-Version, and the conventional half-duplex HTTP protocol is upgraded to the WebSocket protocol, so that a bidirectional full-duplex communication channel based on TCP is established for transmitting the deployment process monitoring data in real time, that is, the execution result of the defense tool, and when the defense device completes the protocol Upgrade (HTTP- > WebSocket), the defense device can actively push information to the target terminal, thereby solving the synchronization delay problem caused by polling. Because the WebSocket only needs one HTTP handshake, the defense equipment can keep communication with the target terminal until the connection is closed, so that the problem that the defense equipment needs to repeatedly analyze an HTTP protocol is solved, and simultaneously, the WebSocket does not need to carry a large amount of request header information in each message communication like HTTP, and the resource overhead is effectively reduced.
Step S404: and sending the deployment task to the target terminal so that the target terminal issues the deployment task to defend.
Further, in order to monitor the execution condition of the defense tool, after the step of sending the defense image to the target terminal so that the target terminal performs defense according to the defense image, the method further includes: receiving a defense tool execution result sent by the target terminal; and generating a defense tool operation statistical result according to the defense tool execution result.
It should be noted that the execution result of the defense tool may be information such as an action time range, an operating state, a target terminal name, and a defense tool name of each defense tool in the deployment task during execution. The generation of the operation statistical result of the defense tool according to the execution result of the defense tool can be realized by further integrating the execution results of the defense tool, integrating the operation time periods and the operation conditions of the same defense tool under different target terminals, and displaying the operation statistical result of the defense tool in a two-dimensional view.
The embodiment stores the defensive image to an image repository; generating a deployment task according to the defense requirement and the mirror image warehouse; receiving a task obtaining request sent by a target terminal, and determining a deployment task corresponding to the target terminal according to the task obtaining request; and sending the deployment task to the target terminal so that the target terminal issues the deployment task to defend. According to the embodiment, the deployment task is generated according to the defense requirement and the mirror image warehouse and is sent to the target terminal, so that the target terminal issues the deployment task for defense, and the defense efficiency can be improved.
Referring to fig. 6, fig. 6 is a block diagram of a first embodiment of the defense apparatus of the present invention.
As shown in fig. 6, the defense apparatus according to the embodiment of the present invention includes:
the defense strategy determining module 10 is used for determining a defense strategy according to the defense requirement and the defense tool information;
the conflict detection module 20 is configured to perform environment conflict detection on the defense strategy according to an execution environment influence table corresponding to the defense tool in the defense tool information to obtain a conflict detection result;
the defense mirror image construction module 30 is used for determining a target defense strategy according to the conflict detection result and constructing a defense mirror image according to the target defense strategy;
and the defense module 40 is used for sending the defense mirror image to a target terminal so that the target terminal performs defense according to the defense mirror image.
The embodiment determines a defense strategy according to defense requirements and defense tool information; performing environment conflict detection on the defense strategy according to an execution environment influence table corresponding to the defense tool in the defense tool information to obtain a conflict detection result; determining a target defense strategy according to the conflict detection result, and constructing a defense mirror image according to the target defense strategy; and sending the defense image to a target terminal so that the target terminal performs defense according to the defense image. The defense strategy is determined according to the defense requirement and the defense tool information; and detecting the environmental conflict of the defense strategy to determine a target defense strategy. Compared with the existing mode of manually installing and deploying the defense tools, the mode of the embodiment can improve the defense efficiency and avoid defense conflicts caused by the cross use of the defense tools.
It should be noted that the above-mentioned work flows are only illustrative and do not limit the scope of the present invention, and in practical applications, those skilled in the art may select some or all of them according to actual needs to implement the purpose of the solution of the present embodiment, and the present invention is not limited herein.
In addition, the technical details that are not described in detail in this embodiment can be referred to the defense method provided in any embodiment of the present invention, and are not described herein again.
Based on the first embodiment of the defense apparatus of the present invention, a second embodiment of the defense apparatus of the present invention is provided.
In this embodiment, the conflict detection module 20 is further configured to determine a target defense tool involved in the defense strategy;
determining an execution environment influence table corresponding to the target defense tool according to the defense tool information;
and judging whether the defense strategy has an environmental conflict during execution according to the execution environment influence table, and generating a conflict detection result.
Further, the defense mirror constructing module 30 is further configured to, when the conflict detection result indicates that no conflict exists, take the defense policy as a target defense policy;
and when the conflict detection result indicates that a conflict exists, determining a target defense strategy according to the conflict detection result, the defense requirement and the defense tool information.
Further, the defense image construction module 30 is further configured to determine, according to the defense tool information, a defense tool storage location and a tool running script path corresponding to the target defense policy;
and constructing a defense image according to the defense tool storage position and the tool running script path.
Further, the defense module 40 is further configured to store the defense image to an image repository;
generating a deployment task according to the defense requirement and the mirror image warehouse;
receiving a task obtaining request sent by a target terminal, and determining a deployment task corresponding to the target terminal according to the task obtaining request;
and sending the deployment task to the target terminal so that the target terminal issues the deployment task to defend.
Further, the defense module 40 is further configured to complete protocol upgrade according to the protocol upgrade information in the task acquisition request, and communicate with the target terminal according to the upgraded protocol.
Further, the defense module 40 is further configured to receive a defense tool execution result sent by the target terminal;
and generating a defense tool operation statistical result according to the defense tool execution result.
Other embodiments or specific implementations of the defense apparatus of the present invention may refer to the above method embodiments, and are not described herein again.
Furthermore, an embodiment of the present invention further provides a storage medium, where the storage medium stores a defense program, and the defense program implements the steps of the defense method as described above when executed by a processor.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrases "comprising a," "8230," "8230," or "comprising" does not exclude the presence of other like elements in a process, method, article, or system comprising the element.
The above-mentioned serial numbers of the embodiments of the present invention are only for description, and do not represent the advantages and disadvantages of the embodiments.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which is stored in a storage medium (e.g., a rom/ram, a magnetic disk, an optical disk) and includes instructions for enabling a terminal device (e.g., a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method according to the embodiments of the present invention.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.
Claims (10)
1. A defense method, characterized in that the defense method comprises the steps of:
determining a defense strategy according to the defense requirement and the defense tool information;
performing environment conflict detection on the defense strategy according to an execution environment influence table corresponding to the defense tool in the defense tool information to obtain a conflict detection result;
determining a target defense strategy according to the conflict detection result, and constructing a defense mirror image according to the target defense strategy;
and sending the defense image to a target terminal so that the target terminal performs defense according to the defense image.
2. The defense method according to claim 1, wherein the step of performing the environmental conflict detection on the defense policy according to the execution environment influence table corresponding to the defense tool in the defense tool information to obtain the conflict detection result includes:
determining a target defense tool involved in the defense strategy;
determining an execution environment influence table corresponding to the target defense tool according to the defense tool information;
and judging whether the defense strategy has an environmental conflict during execution according to the execution environment influence table, and generating a conflict detection result.
3. The defense method of claim 1, wherein the step of determining a target defense policy based on the collision detection result includes:
when the conflict detection result indicates that no conflict exists, taking the defense strategy as a target defense strategy;
and when the conflict detection result indicates that a conflict exists, determining a target defense strategy according to the conflict detection result, the defense requirement and the defense tool information.
4. The defense method of claim 1, wherein the step of building a defense image according to the target defense policy includes:
determining a defense tool storage position and a tool running script path corresponding to the target defense strategy according to the defense tool information;
and constructing a defense image according to the defense tool storage position and the tool running script path.
5. The defense method according to any one of claims 1 to 4, wherein the step of sending the defense image to a target terminal so that the target terminal defends against the defense image includes:
storing the defense image to an image repository;
generating a deployment task according to the defense requirement and the mirror image warehouse;
receiving a task obtaining request sent by a target terminal, and determining a deployment task corresponding to the target terminal according to the task obtaining request;
and sending the deployment task to the target terminal so that the target terminal issues the deployment task to defend.
6. The defense method of claim 5, wherein the step of receiving the task acquisition request sent by the target terminal is followed by further comprising:
and completing protocol upgrading according to the protocol upgrading information in the task acquisition request, and communicating with the target terminal according to the upgraded protocol.
7. The defense method of any one of claims 1-4, wherein the step of sending the defense image to a target terminal to enable the target terminal to perform defense according to the defense image is followed by further comprising:
receiving a defense tool execution result sent by the target terminal;
and generating a defense tool operation statistical result according to the defense tool execution result.
8. A defence apparatus, characterized in that it comprises:
the defense strategy determining module is used for determining a defense strategy according to the defense requirement and the defense tool information;
the conflict detection module is used for carrying out environment conflict detection on the defense strategy according to an execution environment influence table corresponding to the defense tool in the defense tool information to obtain a conflict detection result;
the defense mirror image construction module is used for determining a target defense strategy according to the conflict detection result and constructing a defense mirror image according to the target defense strategy;
and the defense module is used for sending the defense image to a target terminal so that the target terminal performs defense according to the defense image.
9. A defensive device, characterized in that the device comprises: a memory, a processor, and a defense program stored on the memory and executable on the processor, the defense program configured to implement the steps of the defense method of any of claims 1 to 7.
10. A storage medium, characterized in that the storage medium has stored thereon a defense program, which when executed by a processor implements the steps of the defense method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310108532.6A CN115952496B (en) | 2023-02-14 | 2023-02-14 | Defending method, defending device, defending equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310108532.6A CN115952496B (en) | 2023-02-14 | 2023-02-14 | Defending method, defending device, defending equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115952496A true CN115952496A (en) | 2023-04-11 |
| CN115952496B CN115952496B (en) | 2023-06-20 |
Family
ID=85892725
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310108532.6A Active CN115952496B (en) | 2023-02-14 | 2023-02-14 | Defending method, defending device, defending equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115952496B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| RU2390839C1 (en) * | 2008-10-23 | 2010-05-27 | ООО "НеоБИТ" | Method for centralised automatic setup, monitoring and analysing security of information systems and system for implementing said method |
| CN106301861A (en) * | 2015-06-09 | 2017-01-04 | 北京智谷睿拓技术服务有限公司 | Collision detection method, device and controller |
| WO2021216163A2 (en) * | 2020-02-17 | 2021-10-28 | Qomplx, Inc. | Ai-driven defensive cybersecurity strategy analysis and recommendation system |
| CN115549965A (en) * | 2022-08-24 | 2022-12-30 | 复旦大学 | Network security training method based on simulation network |
-
2023
- 2023-02-14 CN CN202310108532.6A patent/CN115952496B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| RU2390839C1 (en) * | 2008-10-23 | 2010-05-27 | ООО "НеоБИТ" | Method for centralised automatic setup, monitoring and analysing security of information systems and system for implementing said method |
| CN106301861A (en) * | 2015-06-09 | 2017-01-04 | 北京智谷睿拓技术服务有限公司 | Collision detection method, device and controller |
| WO2021216163A2 (en) * | 2020-02-17 | 2021-10-28 | Qomplx, Inc. | Ai-driven defensive cybersecurity strategy analysis and recommendation system |
| CN115549965A (en) * | 2022-08-24 | 2022-12-30 | 复旦大学 | Network security training method based on simulation network |
Non-Patent Citations (1)
| Title |
|---|
| 于文鹏;: "浅析计算机网络防御策略求精关键技术", 信息技术与信息化 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115952496B (en) | 2023-06-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3647981B1 (en) | Security scanning method and apparatus for mini program, and electronic device | |
| CN112054996B (en) | Attack data acquisition method and device for honeypot system | |
| CN110620812B (en) | Interactive information pushing method and device, computer equipment and storage medium | |
| CN109711170A (en) | Protect the method and device of the abnormal operation behavior of PDF | |
| CN106503584A (en) | A kind of session content methods of exhibiting and system | |
| CN109194684B (en) | Method and device for simulating denial of service attack and computing equipment | |
| CN107634964B (en) | WAF (Wireless Access Filter) testing method and device | |
| CN103023906A (en) | Method and system aiming at remote procedure calling conventions to perform status tracking | |
| CN112600852A (en) | Vulnerability attack processing method, device, equipment and storage medium | |
| CN106850349B (en) | Feature information extraction method and device | |
| CN115952496B (en) | Defending method, defending device, defending equipment and storage medium | |
| CN109495302B (en) | Link monitoring method, cloud server and computer readable storage medium | |
| CN108306937B (en) | Sending method and obtaining method of short message verification code, server and storage medium | |
| CN110752963B (en) | Event processing method and device, storage medium and electronic device | |
| CN105243315B (en) | Method, apparatus and system for the input of single type picture validation code | |
| CN108595274B (en) | Program synchronization control method, device, system, computer device and storage medium | |
| CN110177096A (en) | Client certificate method, apparatus, medium and calculating equipment | |
| CN112989355B (en) | Vulnerability threat perception method, device, storage medium and equipment | |
| CN113660134B (en) | Port detection method, device, electronic device and storage medium | |
| US11733989B2 (en) | Automated and dynamic system call sealing | |
| CN107908961B (en) | Malicious webpage detection method, equipment and storage medium based on virtualization | |
| US20220366041A1 (en) | Security-training support apparatus, security-training support method, and computer readable recording medium | |
| CN112395617A (en) | Method and device for protecting docker escape vulnerability, storage medium and computer equipment | |
| US20240056470A1 (en) | Method for generating attack graphs based on markov chains | |
| CN114257415B (en) | Network attack defending method, device, computer equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |