CN116015968A - Automatic network attack and defense system and method based on simulation environment - Google Patents
Automatic network attack and defense system and method based on simulation environment Download PDFInfo
- Publication number
- CN116015968A CN116015968A CN202310020022.3A CN202310020022A CN116015968A CN 116015968 A CN116015968 A CN 116015968A CN 202310020022 A CN202310020022 A CN 202310020022A CN 116015968 A CN116015968 A CN 116015968A
- Authority
- CN
- China
- Prior art keywords
- attack
- automatic
- module
- script
- event
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000007123 defense Effects 0.000 title claims abstract description 24
- 238000000034 method Methods 0.000 title claims abstract description 12
- 238000004088 simulation Methods 0.000 title claims abstract description 9
- 238000013515 script Methods 0.000 claims abstract description 93
- 125000004122 cyclic group Chemical group 0.000 claims description 8
- 230000008569 process Effects 0.000 claims description 4
- 230000000875 corresponding effect Effects 0.000 description 5
- 230000000694 effects Effects 0.000 description 5
- 230000009286 beneficial effect Effects 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 238000012216 screening Methods 0.000 description 2
- 230000001960 triggered effect Effects 0.000 description 2
- 230000007547 defect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 239000002699 waste material Substances 0.000 description 1
Images
Landscapes
- Stored Programmes (AREA)
Abstract
The invention discloses an automatic network attack and defense system based on an analog simulation environment, which comprises an attack module management submodule, wherein the attack module management submodule is used for managing an attack module, and comprises an attack script management unit, an attack module management unit and an attack script and attack module management relation management unit; the automatic attack event management submodule is used for managing automatic attack events and comprises an automatic attack event management unit and an automatic attack event and attack module relation management unit; an attack execution sub-module; the invention also provides an automatic network attack and defense method based on the simulated environment. Compared with the traditional automatic attack system, the system is simple and quick to operate, reduces the workload of users, can be used in association with other systems in suitability, and is easy to separate.
Description
Technical Field
The invention relates to the field of network attack and defense, in particular to an automatic network attack and defense system and method based on an analog simulation environment.
Background
The network target is a technology or product for simulating and reproducing the running state and running environment of a network architecture, system equipment and business processes in a real network space based on a virtualization technology so as to more effectively realize the actions of learning, researching, checking, competing, exercising and the like related to network safety, thereby improving the network safety countermeasure level of personnel and institutions, the network target is a main platform system for constructing a network simulation environment at present, as network attack events are more frequent, the national importance is attached to the network safety industry, the product technology of the network target generated aiming at the requirement of network safety countermeasure is also rapidly developed, and a plurality of difficult problems are caused in the development of the network target, wherein how to perform automatic attack in the network target is one of the most main problems;
the automatic attack and defense technology of the network target range is a technology for attacking or defending target cranes in the target range by using a network attack and defense means in the network target range, a large amount of manual participation is not needed when corresponding actions are implemented, only instructions are needed to be issued, the conventional attack and defense technology realized by using a large amount of custom scripts is poor in reusability degree, low in automation degree and relatively complicated and difficult to use, a large amount of manual repeated operations are caused, a large amount of time waste is caused for users of the network target range, the traditional automatic attack system is also tightly connected with the network target range and is not easy to separate, and the traditional automatic attack system cannot be basically used for other systems, so that how to solve the problems is considered.
Disclosure of Invention
The invention aims to solve the defects in the prior art, and provides an automatic network attack and defense system and method based on an analog simulation environment. The automatic attack event can be matched with a plurality of different automatic attack modules, so that the degree of freedom of automatic attack is increased, the automatic attack event can be reused after configuration is finished, manual repeated operation is reduced, a plurality of modes such as manual triggering, timing triggering and cyclic triggering can be set when the automatic attack event is triggered, the operation is simple and quick, and the workload of users is reduced. The system can be used in association with other systems in terms of suitability, and is easy to separate.
In order to achieve the above purpose, the present invention adopts the following technical scheme:
an automated network attack and defense system based on an analog simulation environment, comprising:
the attack module management submodule is used for managing the attack module and comprises an attack script management unit, an attack module management unit and an attack script and attack module management relation management unit; the automatic attack event management submodule is used for managing automatic attack events and comprises an automatic attack event management unit and an automatic attack event and attack module relation management unit; the attack execution submodule is used for binding the automatic attack event to the related network target range virtualized scene, running the automatic attack event according to a triggering mode and executing the automatic attack, and comprises an automatic attack event and scene relation management unit and an automatic attack event triggering management unit.
Preferably, the attack script management unit includes creation of an attack script, and the specific steps are as follows: 1) Filling in the name and description as marks;
2) Selecting the type of the attack script;
3) Selecting an attack script applicable platform;
4) Selecting an attack script language;
5) Filling in a specific sentence sequence of the attack script;
6) Filling script parameters;
7) And saving the attack script.
Preferably, the attack module management unit includes creation of an attack module, and specifically includes the following steps:
a) Filling in the name and description as marks;
b) Selecting an attack module pattern;
c) Selecting the type of the attack module;
d) Selecting an attack module applicable platform;
e) And saving the attack module.
Preferably, the attack script and attack module management relation management unit comprises association of an attack module and a script, and the specific steps are as follows:
a) Selecting an attack module;
b) Searching the attack script according to the name, the type and the language of the applicable platform and the attack script;
c) The attack module selects script parameters of the attack script as parameters of the attack module, and sets a default value;
d) And saving the relation between the attack module and the attack script.
Preferably, the automatic attack event management unit includes creation and editing of an automatic attack event, and the specific steps are as follows:
step one, filling in names and descriptions as marks;
and step two, entering an automatic attack event and starting the process of editing the automatic attack event.
Preferably, the automatic attack event and attack module relation management unit includes association of the attack event and the attack module, and the specific steps are as follows:
step a, selecting a required attack module, and connecting according to a designated sequence;
b, filling parameters of the attack module;
and c, saving the automatic attack event.
Preferably, the automatic attack event and scene relation management unit comprises automatic attack event and virtualized scene association, and the specific steps are as follows:
step A: selecting a virtualized scene;
and (B) step (B): searching for an automatic attack event according to the name;
step C: selecting a triggering mode, filling corresponding parameters, wherein the triggering mode is divided into manual triggering, timing triggering, signal triggering and cyclic triggering;
step D: confirming parameters of an attack module in an automatic attack event according to information of the virtualized scene;
step E: and saving the relation between the automatic attack event and the virtualized scene.
Preferably, the automatic attack event triggering management unit includes execution of an automatic attack, and specific steps thereof are as follows:
step I: starting a virtualized scene;
step II: executing an automatic attack event according to the triggering mode;
step III: when triggering the automatic attack event, sequentially analyzing according to an attack module and a connection sequence in the automatic attack event, and executing an attack script in the attack module according to parameters;
step IV: and obtaining an execution result of the automatic attack event.
Preferably, the attack module can be used for three platforms of window, macos and linux.
The invention also provides an automatic network attack and defense method based on the simulated environment, which comprises the following steps:
s1, adding an automatic attack script;
s2, adding an attack module;
s3, associating the attack module with the attack script;
s4, establishing an automatic attack event;
s5, selecting a virtualization scene;
s6, associating the automatic attack event with the scene;
s7, starting a virtualized scene;
and S8, triggering an automatic attack event.
Compared with the prior art, the invention has the beneficial effects that:
the automatic attack system carries out classified management on the automatic attack script, compared with the traditional mode, can carry out quick screening and inquiring according to script names, script types, script applicable platforms, script languages and the like, is convenient for users to find out appointed scripts, associates the automatic attack script with an attack module, facilitates the selection and configuration of the script, can more conveniently check related configuration information, is more beneficial to displaying the types and functions of the automatic attack script, can set various modes such as manual triggering, timing triggering, cyclic triggering and the like when triggering the automatic attack event, is simple and quick to operate, and reduces the workload of users. The system can be used in association with other systems in terms of suitability, and is easy to separate.
Drawings
FIG. 1 is a flow chart of an automated attack system submodule;
FIG. 2 is a flow chart of an attack module management submodule;
FIG. 3 is a flow chart of an automatic attack event management submodule;
fig. 4 is a flow chart of the attack execution submodule.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention.
Referring to fig. 1-4, an automated network attack and defense system based on a simulated environment, comprising:
the attack module management submodule is used for managing the attack module, and comprises an attack script management unit, an attack module management unit and an attack script and attack module management relation management unit, wherein the attack script management unit comprises the following specific steps:
1) Filling in the name and description as marks;
2) Selecting an attack script type, such as rdp attack or dos attack;
3) Selecting an attack script applicable platform, wherein the platform can be window, macos, linux;
4) Selecting an attack script language, wherein the script language can be python or shell;
5) Filling in a specific sentence sequence of the attack script;
6) Filling script parameters;
7) Storing an attack script;
the attack module management unit comprises the creation of an attack module and comprises the following specific steps:
a) Filling in the name and description as marks;
b) Selecting an attack module pattern;
c) Selecting the type of an attack module, such as rdp attack and dos attack;
d) The attack module is selected to be applicable to the platform. Such as windows, macos, and linux platforms;
e) Storing an attack module;
the attack script and attack module management relation management unit comprises the association of an attack module and a script, and comprises the following specific steps:
a) Selecting an attack module;
b) Searching the attack script according to the name, the type and the language of the applicable platform and the attack script;
c) The attack module selects script parameters of the attack script as parameters of the attack module, and sets a default value;
d) And saving the relation between the attack module and the attack script.
The automatic attack event management submodule is used for managing the automatic attack event and providing functions of creating, deleting, editing, copying and configuring the automatic attack event, and can carry out parameter configuration on the automatic attack event after dragging the attack module on a page during configuration of the automatic attack event, and then the automatic attack event management submodule is connected in a certain sequence to complete configuration of the automatic attack event, wherein the automatic attack event management submodule comprises an automatic attack event management unit and an automatic attack event and attack module relation management unit, and the automatic attack event management unit comprises the creation and editing of the automatic attack event and comprises the following specific steps:
step one, filling in names and descriptions as marks;
step two, entering an automatic attack event, and starting the process of editing the automatic attack event;
the automatic attack event and attack module relation management unit comprises the association of the attack event and the attack module, and comprises the following specific steps:
step a, selecting a required attack module, and connecting according to a designated sequence;
b, filling parameters of the attack module;
step c, saving an automatic attack event;
the attack execution submodule is used for binding an automatic attack event to a related network target field virtualized scene, running the automatic attack event according to a triggering mode and executing the automatic attack, and comprises an automatic attack event and scene relation management unit and an automatic attack event triggering management unit, wherein the automatic attack event and scene relation management unit comprises the automatic attack event and virtualized scene association and comprises the following specific steps:
step A: selecting a virtualized scene;
and (B) step (B): searching for an automatic attack event according to the name;
step C: selecting a triggering mode, filling corresponding parameters, wherein the triggering mode is divided into manual triggering, timing triggering, signal triggering and cyclic triggering, for example, the signal triggering needs to fill in a signal source and actions, the cyclic triggering needs to fill in cyclic time and occurrence probability, the timing triggering needs to fill in timing time, and the manual triggering does not need to be filled in;
step D: confirming parameters of an attack module in an automatic attack event according to information of the virtualized scene;
step E: storing the relation between the automatic attack event and the virtualized scene;
the automatic attack event triggering management unit comprises the execution of automatic attack, and the specific steps are as follows:
step I: starting a virtualized scene;
step II: executing an automatic attack event according to a triggering mode, wherein the triggering mode is manual triggering, the button can be manually clicked for triggering, the triggering mode is timing triggering, the triggering can be performed when the appointed time is reached, the triggering mode is cyclic triggering, the triggering is performed according to the occurrence frequency and the occurrence probability, and the triggering mode is signal triggering, and the triggering can be performed when the appointed signal is received;
step III: when triggering the automatic attack event, sequentially analyzing according to an attack module and a connection sequence in the automatic attack event, and executing an attack script in the attack module according to parameters;
step IV: and obtaining an execution result of the automatic attack event.
The invention also provides an automatic network attack and defense method based on the simulated environment, which comprises the following steps:
s1, adding an automatic attack script, creating an automatic attack script with the name of ddos attack script, selecting the type of the attack script as ddos attack, selecting an applicable platform of the attack script as linux, selecting an attack script language as python, filling in the ddos attack script, reserving parameters such as configurable attack duration time, attack times, attack range and the like, adding the parameters as parameters of the attack script, and finally storing the attack script;
s2, adding an attack module, creating an attack module named ddos attack, selecting an icon for the module, selecting the type of the attack module as ddos attack, selecting an applicable platform of the attack module as linux, and storing the attack module;
s3, associating the attack module with the attack script, selecting the ddos attack module which is already created, inquiring the ddos attack script according to the name, associating the script with the attack module, wherein the parameter of the attack script after association is the parameter of the attack module, setting the parameter of the attack module as a default value, and storing the association relation;
s4, establishing an automatic attack event, creating an automatic attack event named ddos attack, entering a page of the automatic attack event, searching a ddos attack module, dragging the attack module to the page, adding attack module parameters, connecting a starting module to the ddos attack module, namely, after execution starts, running an attack script corresponding to the ddos attack module, and storing the automatic attack event;
s5, selecting a virtualization scene, creating a web service scene in a relevant target range platform, namely creating a plurality of web service instances in the virtualization scene, and displaying the running condition of ddos automatic attack by viewing the effect of the web page after ddos attack;
s6, associating the automatic attack event with a scene, searching ddos automatic attack event according to the name, selecting manual triggering in a triggering mode, namely triggering after clicking a button, triggering at any time, facilitating the effect check of a web page, confirming specific parameters of an attack module in the ddos automatic attack event, such as 10 seconds of attack duration and 3 times of attack times, and keeping the relation between the virtualized scene and the automatic attack event according to the virtualized scene and different effects, wherein the parameters are 1 minute each time;
s7, starting a virtualization scene, starting a corresponding web virtualization scene, checking a page effect, wherein the accessed page is smooth and is not attacked by ddos;
s8, triggering an automatic attack event, manually triggering a ddos automatic attack event, firstly acquiring a truly executed statement according to configuration and a ddos attack script, then performing ddos attack on a specified web instance, and checking the page effect again at the moment, so that the web page access is obviously blocked when the ddos attack is triggered;
it should be noted that this embodiment is exemplified by the creation of ddos automation attack events and the execution of ddos automation attacks.
In summary, compared with the traditional mode, the automatic attack system carries out classified management on the automatic attack script, can carry out quick screening and inquiring according to script names, script types, script applicable platforms, script languages and the like, is convenient for users to find out appointed scripts, associates the automatic attack script with an attack module, facilitates the selection and configuration of the script, can more conveniently check related configuration information, and is also more beneficial to displaying the types and functions of the graphical module.
The foregoing is only a preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art, who is within the scope of the present invention, should make equivalent substitutions or modifications according to the technical scheme of the present invention and the inventive concept thereof, and should be covered by the scope of the present invention.
Claims (10)
1. An automated network attack and defense system based on an analog simulation environment is characterized by comprising:
the attack module management submodule is used for managing the attack module and comprises an attack script management unit, an attack module management unit and an attack script and attack module management relation management unit;
the automatic attack event management submodule is used for managing automatic attack events and comprises an automatic attack event management unit and an automatic attack event and attack module relation management unit;
the attack execution submodule is used for binding the automatic attack event to the related network target range virtualized scene, running the automatic attack event according to a triggering mode and executing the automatic attack, and comprises an automatic attack event and scene relation management unit and an automatic attack event triggering management unit.
2. The automated network attack and defense system based on the simulated environment according to claim 1, wherein the attack script management unit comprises the creation of an attack script, and the specific steps are as follows:
1) Filling in the name and description as marks;
2) Selecting the type of the attack script;
3) Selecting an attack script applicable platform;
4) Selecting an attack script language;
5) Filling in a specific sentence sequence of the attack script;
6) Filling script parameters;
7) And saving the attack script.
3. The automated network attack and defense system based on the simulated environment according to claim 2, wherein the attack module management unit comprises the creation of an attack module, and the specific steps are as follows:
a) Filling in the name and description as marks;
b) Selecting an attack module pattern;
c) Selecting the type of the attack module;
d) Selecting an attack module applicable platform;
e) And saving the attack module.
4. The automated network attack and defense system based on the simulated environment according to claim 3, wherein the attack script and attack module management relationship management unit comprises association of an attack module and a script, and the specific steps are as follows:
a) Selecting an attack module;
b) Searching the attack script according to the name, the type and the language of the applicable platform and the attack script;
c) The attack module selects script parameters of the attack script as parameters of the attack module, and sets a default value;
d) And saving the relation between the attack module and the attack script.
5. The automated network attack and defense system based on the simulated environment according to claim 4, wherein the automatic attack event management unit comprises the creation and editing of an automatic attack event, and the specific steps are as follows:
step one, filling in names and descriptions as marks;
and step two, entering an automatic attack event and starting the process of editing the automatic attack event.
6. The automated network attack and defense system based on the simulated environment according to claim 5, wherein the automatic attack event and attack module relation management unit comprises association of an attack event and an attack module, and the specific steps are as follows:
step a, selecting a required attack module, and connecting according to a designated sequence;
b, filling parameters of the attack module;
and c, saving the automatic attack event.
7. The automated network attack and defense system based on the simulated environment according to claim 6, wherein the automated attack event and scenario relationship management unit comprises an automated attack event and virtualized scenario association, and the specific steps are as follows:
step A: selecting a virtualized scene;
and (B) step (B): searching for an automatic attack event according to the name;
step C: selecting a triggering mode, filling corresponding parameters, wherein the triggering mode is divided into manual triggering, timing triggering, signal triggering and cyclic triggering;
step D: confirming parameters of an attack module in an automatic attack event according to information of the virtualized scene;
step E: and saving the relation between the automatic attack event and the virtualized scene.
8. The automated network attack and defense system based on the simulated environment according to claim 7, wherein the automatic attack event trigger management unit comprises the execution of an automatic attack, which comprises the following specific steps:
step I: starting a virtualized scene;
step II: executing an automatic attack event according to the triggering mode;
step III: when triggering the automatic attack event, sequentially analyzing according to an attack module and a connection sequence in the automatic attack event, and executing an attack script in the attack module according to parameters;
step IV: and obtaining an execution result of the automatic attack event.
9. The automated network attack and defense system based on a simulated environment according to claim 6, wherein the attack module is used for three platforms, window, macos and linux.
10. The automatic network attack and defense method based on the simulation environment is characterized by comprising the following steps of:
s1, adding an automatic attack script;
s2, adding an attack module;
s3, associating the attack module with the attack script;
s4, establishing an automatic attack event;
s5, selecting a virtualization scene;
s6, associating the automatic attack event with the scene;
s7, starting a virtualized scene;
and S8, triggering an automatic attack event.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310020022.3A CN116015968A (en) | 2023-01-06 | 2023-01-06 | Automatic network attack and defense system and method based on simulation environment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310020022.3A CN116015968A (en) | 2023-01-06 | 2023-01-06 | Automatic network attack and defense system and method based on simulation environment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116015968A true CN116015968A (en) | 2023-04-25 |
Family
ID=86020817
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310020022.3A Pending CN116015968A (en) | 2023-01-06 | 2023-01-06 | Automatic network attack and defense system and method based on simulation environment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116015968A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116208519A (en) * | 2023-04-27 | 2023-06-02 | 南京赛宁信息技术有限公司 | Network target range background flow generation system and method based on behavior agent |
| CN117097560A (en) * | 2023-10-17 | 2023-11-21 | 北京开运联合信息技术集团股份有限公司 | Virtualized attack-defense countermeasure environment construction method |
| CN117640260A (en) * | 2024-01-25 | 2024-03-01 | 天津丈八网络安全科技有限公司 | Event-driven simulation network attack and defense exercise method |
-
2023
- 2023-01-06 CN CN202310020022.3A patent/CN116015968A/en active Pending
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116208519A (en) * | 2023-04-27 | 2023-06-02 | 南京赛宁信息技术有限公司 | Network target range background flow generation system and method based on behavior agent |
| CN116208519B (en) * | 2023-04-27 | 2023-08-22 | 南京赛宁信息技术有限公司 | Network target range background flow generation system and method based on behavior agent |
| CN117097560A (en) * | 2023-10-17 | 2023-11-21 | 北京开运联合信息技术集团股份有限公司 | Virtualized attack-defense countermeasure environment construction method |
| CN117097560B (en) * | 2023-10-17 | 2023-12-26 | 北京开运联合信息技术集团股份有限公司 | Virtualized attack-defense countermeasure environment construction method |
| CN117640260A (en) * | 2024-01-25 | 2024-03-01 | 天津丈八网络安全科技有限公司 | Event-driven simulation network attack and defense exercise method |
| CN117640260B (en) * | 2024-01-25 | 2024-04-12 | 天津丈八网络安全科技有限公司 | Event-driven simulation network attack and defense exercise method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN116015968A (en) | Automatic network attack and defense system and method based on simulation environment | |
| CN106528395B (en) | The generation method and device of test case | |
| CN110875920A (en) | Network threat analysis method and device, electronic equipment and storage medium | |
| CN104572446B (en) | A kind of automated testing method and system | |
| CN104778073A (en) | Novel information security attack and defense experiment platform and implementation method thereof | |
| CN112732576B (en) | Automatic testing method, device and equipment based on user interface | |
| CN114003451B (en) | Interface testing method, device, system and medium | |
| US9110942B2 (en) | Programmer interface for manufacturing execution system | |
| CN112882930B (en) | Automatic test method and device, storage medium and electronic equipment | |
| CN113535567B (en) | Software testing method, device, equipment and medium | |
| CN112988267A (en) | Loading method and device, storage medium and electronic equipment | |
| CN109815121B (en) | Interface automation test case generation method and related equipment | |
| Coleman et al. | Software process in practice: A grounded theory of the Irish software industry | |
| CN114580170B (en) | Data processing method and device for multi-task parallel construction | |
| CN110334014A (en) | For user interface automated testing method, system, server and storage medium | |
| CN109582582A (en) | A kind of automated testing method and system of web interface | |
| CN114399804A (en) | Virtual laboratory teaching realization method, system, medium and equipment based on 3D simulation | |
| CN112799956B (en) | Asset identification capability test method, device and system device | |
| CN117540474B (en) | BIM-based whole process management method and related device | |
| WO2020059992A1 (en) | Apparatus and method for simulating satellite mission performance state | |
| CN116165914B (en) | Simulation method of avionics system and related products | |
| CN117011097A (en) | Workflow-based online examination management method, device, equipment and storage medium | |
| CN111013156B (en) | Scene detection method, device, terminal and medium based on robot | |
| CN117131508A (en) | Automatic penetration attack testing method and system for intelligent Internet of things terminal container | |
| CN114443467A (en) | Interface interaction method and device based on sandbox, electronic equipment, medium and product |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |