CN116599762A - Distributed denial of service attack and defense exercise system and method - Google Patents
Distributed denial of service attack and defense exercise system and method Download PDFInfo
- Publication number
- CN116599762A CN116599762A CN202310747707.8A CN202310747707A CN116599762A CN 116599762 A CN116599762 A CN 116599762A CN 202310747707 A CN202310747707 A CN 202310747707A CN 116599762 A CN116599762 A CN 116599762A
- Authority
- CN
- China
- Prior art keywords
- attack
- distributed denial
- defense
- attacker
- defender
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000007123 defense Effects 0.000 title claims abstract description 96
- 238000000034 method Methods 0.000 title claims abstract description 49
- 230000008569 process Effects 0.000 claims abstract description 17
- 238000004088 simulation Methods 0.000 claims abstract description 3
- 238000004590 computer program Methods 0.000 claims description 14
- 238000004422 calculation algorithm Methods 0.000 claims description 12
- 238000001514 detection method Methods 0.000 claims description 10
- 238000004140 cleaning Methods 0.000 claims description 9
- 230000007246 mechanism Effects 0.000 claims description 7
- 230000004044 response Effects 0.000 abstract description 12
- 230000000694 effects Effects 0.000 description 10
- 230000008901 benefit Effects 0.000 description 7
- 238000003860 storage Methods 0.000 description 7
- 230000002159 abnormal effect Effects 0.000 description 6
- 238000011156 evaluation Methods 0.000 description 5
- 238000009472 formulation Methods 0.000 description 5
- 230000002452 interceptive effect Effects 0.000 description 5
- 239000000203 mixture Substances 0.000 description 5
- 238000005457 optimization Methods 0.000 description 5
- 230000000007 visual effect Effects 0.000 description 5
- 238000012360 testing method Methods 0.000 description 3
- 238000013459 approach Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000000977 initiatory effect Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000013515 script Methods 0.000 description 2
- 238000013461 design Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
Abstract
The invention provides a distributed denial of service attack and defense exercise system and a method, wherein the system comprises the following steps: an attacker simulator and an defender simulator; the attacker simulator is used for automatically searching an attack target, selecting the number of puppet sets, the attack mode and the attack speed, and carrying out distributed denial of service attack on the attack target; the defender simulator is used for simulating the process of defending the distributed denial of service attack, selecting a plurality of preset defending measures and constructing a simulation website. The invention can better adapt to various attack scenes by simulating attack types and network topological structures, can learn about distributed denial of service attack by fast and convenient attack and defense exercise experience, analyzes the performance and weakness of a company network defense system, further improves and optimizes the network security defense system, improves network security, exercises emergency response skills of network security personnel, and improves the accuracy of network security emergency response.
Description
Technical Field
The invention relates to the technical field of network security, in particular to a distributed denial of service attack and defense exercise system and method.
Background
The distributed denial of service attack is a common network security attack, and uses a large amount of computer resources to occupy the bandwidth and CPU resources of a target server, so that the target server cannot normally provide services. This approach to attack has become a dominant approach in hacking and has become increasingly more frequent and complex in recent years.
The distributed denial of service attack and defense exercise aims to test the network security awareness of enterprise staff and improve the network security defense level by simulating the strategy of the distributed denial of service attack and defense. The traditional distributed denial of service attack and defense exercise has certain limitation and implementation difficulty, large-scale network traffic is simulated and generated, a large amount of computing resources and network bandwidth are needed, meanwhile, the distributed denial of service attack and defense exercise technology depends on specific testing tools and software, has certain dependence, and also needs professional knowledge and experience to operate and maintain.
Disclosure of Invention
The present invention has been made in view of the above problems, and it is an object of the present invention to provide a distributed denial of service attack and defense exercise system and method that overcomes or at least partially solves the above problems.
The invention provides a distributed denial of service attack and defense exercise system, which comprises: attacker simulator and defender simulator:
the attacker simulator is used for automatically searching an attack target, selecting the number of puppet sets, the attack mode and the attack speed, and carrying out distributed denial of service attack on the attack target;
the defender simulator is used for simulating the process of defending the distributed denial of service attack, selecting a plurality of preset defending measures and constructing a simulation website.
In some optional embodiments, the attacker simulator is further configured to automatically determine an attack index of an attacker and a protection index of a defender according to a preset algorithm, and determine an attack result according to the attack index of the attacker and the protection index of the defender.
In some alternative embodiments, the defensive measures include: the real IP of the server is hidden, a multi-layer protection mechanism is adopted, a network intrusion detection system is utilized, a flow cleaning technology is adopted, a load balancing technology is utilized, and a firewall technology is utilized.
In some optional embodiments, the defender simulator is further configured to automatically determine an attack index of an attacker and a defending index of a defender according to a preset algorithm, and determine a defending result according to the attack index of the attacker and the defending index of the defending party.
In some alternative embodiments, further comprising: the pre-acquired distributed denial of service attack knowledge is combined with the pre-acquired news.
The second aspect of the present invention provides a distributed denial of service attack and defense exercise method, which includes:
automatically searching an attack target, selecting the number of puppet sets, the attack mode and the attack speed, and carrying out distributed denial of service attack on the attack target;
simulating a distributed denial of service attack defense process, selecting a plurality of preset defense measures, and constructing a simulated website.
In some alternative embodiments, further comprising: according to a preset algorithm, automatically judging an attack index of an attacker and a protection index of a defender, and judging an attack result according to the attack index of the attacker and the protection index of the defender.
In some alternative embodiments, the defensive measures include: the real IP of the server is hidden, a multi-layer protection mechanism is adopted, a network intrusion detection system is utilized, a flow cleaning technology is adopted, a load balancing technology is utilized, and a firewall technology is utilized.
In some alternative embodiments, further comprising: according to a preset algorithm, automatically judging an attack index of an attacker and a protection index of a defender, and judging a defending result according to the attack index of the attacker and the protection index of the defender.
In yet another aspect of the present invention, there is also provided an electronic device comprising a storage controller including a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the steps of the distributed denial of service attack and defense exercise method as described above when the computer program is executed.
According to the distributed denial of service attack and defense exercise system and method provided by the embodiment of the invention, various attack scenes can be better adapted by simulating attack types and network topology structures, the distributed denial of service attack can be known by fast and convenient attack and defense exercise experience, the performance and the weakness of a company network defense system are analyzed, the network security defense system is further improved and optimized, the network security is improved, the emergency response skills of network security personnel can be trained by exercise, and the accuracy of network security emergency response is improved; the method has the advantages that an exquisite visual interface is provided, a user can intuitively check attack flow and defense effects, and attack and defense exercises and optimization can be better performed; the system has higher expandability, can be flexibly adjusted and expanded according to actual needs, and updates attack forms or defensive measures so as to better meet the demands of users; combining the distributed denial of service attack with news, and improving the importance of users on network security and information security; the whole attack and defending actions of the system are only carried out in the system, the external influence is avoided, and the security of user operation exercise is ensured; the system provides an interactive experience form of two roles, comprising an attacker and a defender, so that a user can experience a distributed denial of service attack and defense process more immersively; the whole process of distributed denial of service attack and defense is covered, and the links of defense scheme formulation and defense effect evaluation are adopted, so that the user can comprehensively perform distributed denial of service attack and defense exercise.
The foregoing description is only an overview of the present invention, and is intended to be implemented in accordance with the teachings of the present invention in order that the same may be more clearly understood and to make the same and other objects, features and advantages of the present invention more readily apparent.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to designate like parts throughout the figures. In the drawings:
fig. 1 is a schematic diagram of a distributed denial of service attack and defense exercise system according to an embodiment of the present invention;
fig. 2 is a flowchart of a distributed denial of service attack and defense exercise method according to an embodiment of the present invention;
fig. 3 is a flowchart of another attack and defense exercise method for distributed denial of service attack provided in an embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
As used herein, the singular forms "a", "an", "the" and "the" are intended to include the plural forms as well, unless expressly stated otherwise, as understood by those skilled in the art. It will be further understood that the terms "comprises" and/or "comprising," when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
It will be understood by those skilled in the art that all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs unless defined otherwise. It will be further understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the prior art and will not be interpreted in an idealized or overly formal sense unless expressly so defined herein.
Fig. 1 schematically illustrates a schematic diagram of a distributed denial of service attack and defense exercise system in accordance with one embodiment of the present invention.
Referring to fig. 1, a distributed denial of service attack and defense exercise system according to an embodiment of the present invention specifically includes:
an attacker simulator 101 and an defender simulator 102;
the attacker simulator 101 is configured to automatically search an attack target, select a puppet set number, an attack mode and an attack speed, and perform distributed denial of service attack on the attack target;
the defender simulator 102 is used for simulating the process of defending the distributed denial of service attack, selecting a plurality of preset defending measures and constructing a simulated website.
In this embodiment, the expression form of the distributed denial of service attack includes: traffic attacks and resource exhaustion attacks; where traffic attacks are attacks against network bandwidth, such as: the large number of attack packets causes the network bandwidth to be blocked, and the legal network packets are submerged by false attack packets and cannot reach the host; the resource exhaustion attack is an attack against the server host, for example: the memory of the host is exhausted or the CPU is occupied by the kernel and the application programs by a large number of attack packets, so that network services cannot be provided.
In this embodiment, the Ping command is used to test, and if Ping timeout or serious packet loss is found, the Ping command may be subjected to a traffic attack.
In this embodiment, if the Ping website host and the accessing website are normal at ordinary times, the website access is very slow or impossible, and Ping may also be Ping-on, then a resource exhaustion attack may be suffered.
In this embodiment, the management of the distributed denial of service attack traffic includes: a single distributed denial of service attack script control, a single API interface controlling multiple distributed denial of service attack scripts and a single CMS or API controlling multiple API interfaces.
In some optional embodiments, the attacker simulator 101 is further configured to automatically determine an attack index of an attacker and a protection index of a defender according to a preset algorithm, and determine an attack result according to the attack index of the attacker and the protection index of the defender.
In some alternative embodiments, the defensive measures include: the real IP of the server is hidden, a multi-layer protection mechanism is adopted, a network intrusion detection system is utilized, a flow cleaning technology is adopted, a load balancing technology is utilized, and a firewall technology is utilized.
In this embodiment, different security defense indexes can be obtained by selecting different defense measures; selecting reasonable defensive measures is the key of whether hacker distributed denial of service attacks can be successfully resisted;
selecting a first defensive measure: the CDN is utilized to hide the real IP of the server, so that 25% of security protection index can be obtained;
selecting a second defensive measure: network design is carried out by utilizing a load balancing technology, and a safety protection index of 25% can be obtained;
selecting a third defensive measure: the abnormal flow is cleaned and filtered, and the safety protection index of 20% can be obtained.
Selecting a fourth defensive measure: the safety protection index can be obtained by selecting a large-broadband machine room by 15%.
Selecting a fifth defensive measure: the ICMP packets are prohibited by the firewall, the single IP request frequency is limited, and the security protection index is 15%.
In this embodiment, according to the index corresponding to the security defensive measure selected by the defensive party building website, adding; if the security protection index of the website built by the defender is more than or equal to 50%, the attack fails, and if the security protection index of the website built by the defender is less than 50%, the attack is successful.
In this embodiment, the multi-layer protection mechanism includes: the network layer detects abnormal traffic and intercepts the abnormal traffic by detecting a source IP address, a target IP address, a port number, a protocol type and a traffic size; the application layer adopts a Web utilization firewall, and common attacks are intercepted through detection of Web utilization, so that the distributed denial of service attacks are effectively defended.
In this embodiment, the network intrusion detection system is a technology for analyzing network traffic information, and can effectively detect a distributed denial of service attack and timely take defensive measures; the network intrusion detection system is based on the principle that network data are collected, the collected network data are analyzed, abnormal traffic is found, the abnormal traffic is intercepted, the network intrusion detection system can analyze the network data, and the IP address of an attacker is tracked, so that the distributed denial of service attack is effectively defended.
In this embodiment, the flow cleaning is a technology for cleaning the network flow by detecting the network flow, so as to effectively resist the distributed denial of service attack; the flow cleaning technology can also select network flow and only save effective flow, thereby improving the effectiveness of the network.
In this embodiment, the load balancing technology is a technology for distributing network traffic to multiple servers, so that a distributed denial of service attack can be effectively defended; the principle of the load balancing technology is that network traffic is distributed to a plurality of servers, so that an attacker cannot find out a real server, and the distributed denial of service attack is effectively defended.
In the embodiment, the firewall technology can effectively detect attack traffic and intercept abnormal traffic in time; the firewall technology can also effectively resist distributed denial of service attacks by detecting the source IP address, the destination IP address, the port number, the protocol type and the traffic size.
In this embodiment, a network encryption technology and a traffic isolation technology may be adopted to effectively defend against a distributed denial of service attack.
In some optional embodiments, the defender simulator 102 is further configured to automatically determine an attack index of an attacker and a defender protection index according to a preset algorithm, and determine a defending result according to the attack index of the attacker and the defender protection index.
In some alternative embodiments, further comprising: the pre-acquired distributed denial of service attack knowledge is combined with the pre-acquired news.
The distributed denial of service attack and defense exercise system provided by the embodiment of the invention can better adapt to various attack scenes by simulating attack types and network topology structures, can learn about distributed denial of service attack by fast and convenient attack and defense exercise experience, analyzes the performance and weakness of a company network defense system, further improves and optimizes the network security defense system, improves network security, exercises emergency response skills of network security personnel, and improves the accuracy of network security emergency response; the visual interface of the smart gateway is provided, so that a user can intuitively check attack flow and defense effect, and attack and defense exercise and optimization can be better performed; the system has higher expandability, can be flexibly adjusted and expanded according to actual needs, and updates attack forms or defensive measures so as to better meet the demands of users; combining the distributed denial of service attack with news, and improving the importance of users on network security and information security; the whole attack and defending actions of the system are only carried out in the system, the external influence is avoided, and the security of user operation exercise is ensured; the system provides an interactive experience form of two roles, comprising an attacker and a defender, so that a user can experience a distributed denial of service attack and defense process more immersively; the whole process of distributed denial of service attack and defense is covered, and the links of defense scheme formulation and defense effect evaluation are adopted, so that the user can comprehensively perform distributed denial of service attack and defense exercise.
Fig. 2 is a flowchart of a distributed denial of service attack and defense exercise method provided by an embodiment of the present invention, and referring to fig. 2, the distributed denial of service attack and defense exercise method of the embodiment of the present invention specifically includes:
s21: automatically searching an attack target, selecting the number of puppet sets, the attack mode and the attack speed, and carrying out distributed denial of service attack on the attack target;
s22: simulating a distributed denial of service attack defense process, selecting a plurality of preset defense measures, and constructing a simulated website.
In some alternative embodiments, further comprising: according to a preset algorithm, automatically judging an attack index of an attacker and a protection index of a defender, and judging an attack result according to the attack index of the attacker and the protection index of the defender.
In some alternative embodiments, the defensive measures include: the real IP of the server is hidden, a multi-layer protection mechanism is adopted, a network intrusion detection system is utilized, a flow cleaning technology is adopted, a load balancing technology is utilized, and a firewall technology is utilized.
In some alternative embodiments, further comprising: according to a preset algorithm, automatically judging an attack index of an attacker and a protection index of a defender, and judging a defending result according to the attack index of the attacker and the protection index of the defender.
According to the distributed denial of service attack and defense exercise method provided by the embodiment of the invention, various attack scenes can be better adapted by simulating attack types and network topology structures, the distributed denial of service attack can be known by fast and convenient attack and defense exercise experience, the performance and the weakness of a company network defense system are analyzed, the network security defense system is further improved and optimized, the network security is improved, the exercise can train the emergency response skills of network security personnel, and the accuracy of the network security emergency response is improved; the method has the advantages that an exquisite visual interface is provided, a user can intuitively check attack flow and defense effects, and attack and defense exercises and optimization can be better performed; the system has higher expandability, can be flexibly adjusted and expanded according to actual needs, and updates attack forms or defensive measures so as to better meet the demands of users; combining the distributed denial of service attack with news, and improving the importance of users on network security and information security; the whole attack and defending actions of the system are only carried out in the system, the external influence is avoided, and the security of user operation exercise is ensured; the system provides an interactive experience form of two roles, comprising an attacker and a defender, so that a user can experience a distributed denial of service attack and defense process more immersively; the whole process of distributed denial of service attack and defense is covered, and the links of defense scheme formulation and defense effect evaluation are adopted, so that the user can comprehensively perform distributed denial of service attack and defense exercise.
Fig. 3 is a flowchart of another attack and defense exercise method for a distributed denial of service attack provided by an embodiment of the present invention, and referring to fig. 3, the attack and defense exercise method for a distributed denial of service attack in the embodiment of the present invention specifically includes:
building government websites and selecting defense means; judging whether a CDN hidden server real IP defense means is selected to be used or not; if yes, preparing to be completed, waiting for attack; if not, displaying the real IP of the server;
searching an attack target by an attacker; finding a target; initiating a distributed denial of service attack; selecting an attack means; initiating an attack; judging whether the safety protection index is more than or equal to 50%; if yes, the defense is successful, and the attack fails; if not, the defense fails, the attack is successful, and the experience is ended.
According to the method for attacking and defending the distributed denial of service attack, provided by the embodiment of the invention, various attack scenes can be better adapted by simulating the attack type and the network topology structure, the distributed denial of service attack can be known by fast and convenient attacking and defending exercise experience, the performance and the weakness of a company network defense system are analyzed, the network security defense system is further improved and optimized, the network security is improved, the emergency response skills of network security personnel can be trained by exercise, and the accuracy of the network security emergency response is improved; the method has the advantages that an exquisite visual interface is provided, a user can intuitively check attack flow and defense effects, and attack and defense exercises and optimization can be better performed; the system has higher expandability, can be flexibly adjusted and expanded according to actual needs, and updates attack forms or defensive measures so as to better meet the demands of users; combining the distributed denial of service attack with news, and improving the importance of users on network security and information security; the whole attack and defending actions of the system are only carried out in the system, the external influence is avoided, and the security of user operation exercise is ensured; the system provides an interactive experience form of two roles, comprising an attacker and a defender, so that a user can experience a distributed denial of service attack and defense process more immersively; the whole process of distributed denial of service attack and defense is covered, and the links of defense scheme formulation and defense effect evaluation are adopted, so that the user can comprehensively perform distributed denial of service attack and defense exercise.
In addition, the embodiment of the invention also provides a computer readable storage medium, on which a computer program is stored, the program when being executed by a processor realizes the steps of the distributed denial of service attack and defense exercise method.
In this embodiment, the modules/units integrated with the distributed denial of service attack and defense exercise device may be stored in a computer readable storage medium if implemented as software functional units and sold or used as independent products. Based on such understanding, the present invention may implement all or part of the flow of the method of the above embodiment, or may be implemented by a computer program to instruct related hardware, where the computer program may be stored in a computer readable storage medium, and when the computer program is executed by a processor, the computer program may implement the steps of each of the method embodiments described above. Wherein the computer program comprises computer program code which may be in source code form, object code form, executable file or some intermediate form etc. The computer readable medium may include: any entity or device capable of carrying the computer program code, a recording medium, a U disk, a removable hard disk, a magnetic disk, an optical disk, a computer Memory, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), an electrical carrier signal, a telecommunications signal, a software distribution medium, and so forth. It should be noted that the computer readable medium contains content that can be appropriately scaled according to the requirements of jurisdictions in which such content is subject to legislation and patent practice, such as in certain jurisdictions in which such content is subject to legislation and patent practice, the computer readable medium does not include electrical carrier signals and telecommunication signals.
In addition, the embodiment of the invention also provides an electronic device, which comprises a storage controller, wherein the storage controller comprises a memory, a processor and a computer program stored on the memory and capable of running on the processor, and the processor realizes the functions of each module/unit in the embodiment of the distributed denial of service attack and defense exercise device when executing the computer program, such as an attacker simulator 101 and an defender simulator 102 shown in fig. 1. Or, the steps of the distributed denial of service attack and defense exercise method are realized when the processor executes the program. For example, steps S21 to S22 shown in fig. 2.
According to the distributed denial of service attack and defense exercise system and method provided by the embodiment of the invention, various attack scenes can be better adapted by simulating attack types and network topology structures, the distributed denial of service attack can be known by fast and convenient attack and defense exercise experience, the performance and the weakness of a company network defense system are analyzed, the network security defense system is further improved and optimized, the network security is improved, the emergency response skills of network security personnel can be trained by exercise, and the accuracy of network security emergency response is improved; the method has the advantages that an exquisite visual interface is provided, a user can intuitively check attack flow and defense effects, and attack and defense exercises and optimization can be better performed; the system has higher expandability, can be flexibly adjusted and expanded according to actual needs, and updates attack forms or defensive measures so as to better meet the demands of users; combining the distributed denial of service attack with news, and improving the importance of users on network security and information security; the whole attack and defending actions of the system are only carried out in the system, the external influence is avoided, and the security of user operation exercise is ensured; the system provides an interactive experience form of two roles, comprising an attacker and a defender, so that a user can experience a distributed denial of service attack and defense process more immersively; the whole process of distributed denial of service attack and defense is covered, and the links of defense scheme formulation and defense effect evaluation are adopted, so that the user can comprehensively perform distributed denial of service attack and defense exercise.
The apparatus embodiments described above are merely illustrative, wherein the elements illustrated as separate elements may or may not be physically separate, and the elements shown as elements may or may not be physical elements, may be located in one place, or may be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. Those of ordinary skill in the art will understand and implement the present invention without undue burden.
From the above description of the embodiments, it will be apparent to those skilled in the art that the embodiments may be implemented by means of software plus necessary general hardware platforms, or of course may be implemented by means of hardware. Based on this understanding, the foregoing technical solution may be embodied essentially or in a part contributing to the prior art in the form of a software product, which may be stored in a computer readable storage medium, such as ROM/RAM, a magnetic disk, an optical disk, etc., including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method described in the respective embodiments or some parts of the embodiments.
Furthermore, those skilled in the art will appreciate that while some embodiments herein include some features but not others included in other embodiments, combinations of features of different embodiments are meant to be within the scope of the invention and form different embodiments. For example, any of the claimed embodiments can be used in any combination.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and are not limiting; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.
Claims (10)
1. A distributed denial of service attack and defense exercise system, the system comprising:
an attacker simulator and an defender simulator;
the attacker simulator is used for automatically searching an attack target, selecting the number of puppet sets, the attack mode and the attack speed, and carrying out distributed denial of service attack on the attack target;
the defender simulator is used for simulating the process of defending the distributed denial of service attack, selecting a plurality of preset defending measures and constructing a simulation website.
2. The system of claim 1, wherein the attacker simulator is further configured to automatically determine an attack index of an attacker and a protection index of a defender according to a preset algorithm, and determine an attack result according to the attack index of the attacker and the protection index of the defender.
3. The system of claim 1, wherein the defensive measure comprises: the real IP of the server is hidden, a multi-layer protection mechanism is adopted, a network intrusion detection system is utilized, a flow cleaning technology is adopted, a load balancing technology is utilized, and a firewall technology is utilized.
4. The system of claim 1, wherein the defender simulator is further configured to automatically determine an attack index of an attacker and a defender protection index according to a preset algorithm, and determine a defending result according to the attack index of the attacker and the defender protection index.
5. The system of claim 1, further comprising: the pre-acquired distributed denial of service attack knowledge is combined with the pre-acquired news.
6. A distributed denial of service attack and defense exercise method, the method comprising:
automatically searching an attack target, selecting the number of puppet sets, the attack mode and the attack speed, and carrying out distributed denial of service attack on the attack target;
simulating a distributed denial of service attack defense process, selecting a plurality of preset defense measures, and constructing a simulated website.
7. The method as recited in claim 6, further comprising: according to a preset algorithm, automatically judging an attack index of an attacker and a protection index of a defender, and judging an attack result according to the attack index of the attacker and the protection index of the defender.
8. The method of claim 6, wherein the defensive measure comprises: the real IP of the server is hidden, a multi-layer protection mechanism is adopted, a network intrusion detection system is utilized, a flow cleaning technology is adopted, a load balancing technology is utilized, and a firewall technology is utilized.
9. The method as recited in claim 6, further comprising: according to a preset algorithm, automatically judging an attack index of an attacker and a protection index of a defender, and judging a defending result according to the attack index of the attacker and the protection index of the defender.
10. An electronic device comprising a memory controller, the memory controller comprising a memory, a processor, and a computer program stored on the memory and executable on the processor, the processor implementing the steps of the method according to any one of claims 6-9 when the computer program is executed.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310747707.8A CN116599762A (en) | 2023-06-25 | 2023-06-25 | Distributed denial of service attack and defense exercise system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310747707.8A CN116599762A (en) | 2023-06-25 | 2023-06-25 | Distributed denial of service attack and defense exercise system and method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116599762A true CN116599762A (en) | 2023-08-15 |
Family
ID=87593899
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310747707.8A Pending CN116599762A (en) | 2023-06-25 | 2023-06-25 | Distributed denial of service attack and defense exercise system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116599762A (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108377238A (en) * | 2018-02-01 | 2018-08-07 | 国网江苏省电力有限公司苏州供电分公司 | Information network security of power system policy learning device and method based on Attack Defence |
| CN109194684A (en) * | 2018-10-12 | 2019-01-11 | 腾讯科技(深圳)有限公司 | A kind of method, apparatus and calculating equipment of simulation Denial of Service attack |
| CN109361534A (en) * | 2018-09-20 | 2019-02-19 | 中国航天系统科学与工程研究院 | A kind of network security emulation system |
| CN110855715A (en) * | 2019-11-29 | 2020-02-28 | 国家电网有限公司客户服务中心 | DOS attack and defense simulation method based on stochastic Petri network |
| CN114859758A (en) * | 2022-06-22 | 2022-08-05 | 支付宝(杭州)信息技术有限公司 | Attack-defense confrontation simulation test method and system for network model |
| CN115549965A (en) * | 2022-08-24 | 2022-12-30 | 复旦大学 | Network security training method based on simulation network |
| CN116208505A (en) * | 2022-12-26 | 2023-06-02 | 中国人民解放军国防大学联合作战学院 | Electric power infrastructure network security behavior model |
-
2023
- 2023-06-25 CN CN202310747707.8A patent/CN116599762A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108377238A (en) * | 2018-02-01 | 2018-08-07 | 国网江苏省电力有限公司苏州供电分公司 | Information network security of power system policy learning device and method based on Attack Defence |
| CN109361534A (en) * | 2018-09-20 | 2019-02-19 | 中国航天系统科学与工程研究院 | A kind of network security emulation system |
| CN109194684A (en) * | 2018-10-12 | 2019-01-11 | 腾讯科技(深圳)有限公司 | A kind of method, apparatus and calculating equipment of simulation Denial of Service attack |
| CN110855715A (en) * | 2019-11-29 | 2020-02-28 | 国家电网有限公司客户服务中心 | DOS attack and defense simulation method based on stochastic Petri network |
| CN114859758A (en) * | 2022-06-22 | 2022-08-05 | 支付宝(杭州)信息技术有限公司 | Attack-defense confrontation simulation test method and system for network model |
| CN115549965A (en) * | 2022-08-24 | 2022-12-30 | 复旦大学 | Network security training method based on simulation network |
| CN116208505A (en) * | 2022-12-26 | 2023-06-02 | 中国人民解放军国防大学联合作战学院 | Electric power infrastructure network security behavior model |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Wang et al. | DDoS attack protection in the era of cloud computing and software-defined networking | |
| Chonka et al. | Cloud security defence to protect cloud computing against HTTP-DoS and XML-DoS attacks | |
| KR101460589B1 (en) | Server for controlling simulation training in cyber warfare | |
| Tsikerdekis et al. | Approaches for preventing honeypot detection and compromise | |
| CN110381041B (en) | Distributed denial of service attack situation detection method and device | |
| CN110401638B (en) | Network traffic analysis method and device | |
| Yang et al. | IoT-based DDoS attack detection and mitigation using the edge of SDN | |
| Chandra et al. | Design of cyber warfare testbed | |
| Ádám et al. | Artificial neural network based IDS | |
| Karthika et al. | Simulation of SDN in mininet and detection of DDoS attack using machine learning | |
| Zheng et al. | The impact of address changes and host diversity on the effectiveness of moving target defense strategy | |
| CN112702347A (en) | SDN-based intrusion detection technology | |
| CN105025067A (en) | Information security technology research platform | |
| Zhao et al. | Network security model based on active defense and passive defense hybrid strategy | |
| Yang et al. | Design a hybrid flooding attack defense scheme under the cloud computing environment | |
| CN116599762A (en) | Distributed denial of service attack and defense exercise system and method | |
| CN112003853B (en) | Network security emergency response system supporting ipv6 | |
| Huang et al. | A hybrid association rule-based method to detect and classify botnets | |
| KR102381277B1 (en) | Method And Apparatus for Providing Security for Defending Cyber Attack | |
| Chen et al. | A proactive approach to intrusion detection and malware collection | |
| Mugitama et al. | An evidence-based technical process for openflow-based SDN forensics | |
| Huang et al. | APT attack detection method based on traffic log features | |
| Alhamami et al. | DDOS attack detection using machine learning algorithm in SDN network | |
| Bindra et al. | Is SDN the real solution to security threats in networks? A security update on various SDN models | |
| Hirata et al. | INTERCEPT+: SDN support for live migration-based honeypots |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |