CN116866193B - Network attack drilling method and device, electronic equipment and storage medium - Google Patents

Network attack drilling method and device, electronic equipment and storage medium Download PDF

Info

Publication number
CN116866193B
CN116866193B CN202311133644.3A CN202311133644A CN116866193B CN 116866193 B CN116866193 B CN 116866193B CN 202311133644 A CN202311133644 A CN 202311133644A CN 116866193 B CN116866193 B CN 116866193B
Authority
CN
China
Prior art keywords
attack
network
preset
scheme
proportion
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202311133644.3A
Other languages
Chinese (zh)
Other versions
CN116866193A (en
Inventor
于运涛
霍朝宾
张大松
王力
杨晖
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
6th Research Institute of China Electronics Corp
Original Assignee
6th Research Institute of China Electronics Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 6th Research Institute of China Electronics Corp filed Critical 6th Research Institute of China Electronics Corp
Priority to CN202311133644.3A priority Critical patent/CN116866193B/en
Publication of CN116866193A publication Critical patent/CN116866193A/en
Application granted granted Critical
Publication of CN116866193B publication Critical patent/CN116866193B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/145Network analysis or design involving simulating, designing, planning or modelling of a network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02TCLIMATE CHANGE MITIGATION TECHNOLOGIES RELATED TO TRANSPORTATION
    • Y02T10/00Road transport of goods or passengers
    • Y02T10/10Internal combustion engine [ICE] based vehicles
    • Y02T10/40Engine management systems

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present disclosure provides a network attack drilling method, a device, an electronic device and a storage medium, by acquiring a preset network attack scheme, determining a planning parameter corresponding to the network attack scheme; loading planning parameters to an attack square array in a preset attack environment, and attacking the defending square array through a preset network map; counting attack damage parameters corresponding to the defending square array, and determining attack effect evaluation indexes corresponding to the network attack scheme according to the attack damage parameters; inputting a network attack scheme, planning parameters and attack damage parameters into a pre-trained attack scheme optimization model, and determining an optimization suggestion corresponding to the network attack scheme; updating the network attack scheme according to the optimization suggestion, and performing attack exercise according to the optimized network attack scheme until the attack effect evaluation index reaches a preset index level. The attack exercise of the large network system can be realized, so that the weak links of the large network can be found out, and the security defensive power of the large network is improved.

Description

Network attack drilling method and device, electronic equipment and storage medium
Technical Field
The disclosure relates to the technical field of network security, in particular to a network attack drilling method, a device, electronic equipment and a storage medium.
Background
Cyber Attacks (Cyber Attacks) are any type of attack action directed against a computer information system, infrastructure, computer network, or personal computer device. For computers and computer networks, breaking, exposing, modifying, disabling software or services, and stealing or accessing data from any computer without authorization may be considered attacks on the computer and computer network.
At present, network attack attacks systems and resources by utilizing loopholes and security defects existing in a network information system, in recent years, network attack events are frequently generated, trojan horse, worm and luxury software layers on the Internet are endless, serious threat is formed to network security, and meanwhile, from part of blogs, forums and open source websites, common users can easily obtain different kinds of network attack tools. The publicity of the Internet greatly reduces the attack cost of network attackers, so that aiming at the current situation that the current network security event is frequent and the related drilling technology is lagged, how to realize the attack drilling of a large network system so as to find out the weak link of the large network, and improve the security defense of the large network becomes a problem to be solved urgently.
Disclosure of Invention
The embodiment of the disclosure provides at least a network attack drilling method, a device, an electronic device and a storage medium, which can realize the attack drilling of a large-scale network system so as to find out weak links of the large-scale network and improve the security defenses of the large-scale network.
The embodiment of the disclosure provides a network attack drilling method, which comprises the following steps:
acquiring a preset network attack scheme, and determining planning parameters corresponding to the network attack scheme;
loading the planning parameters to an attack party array in a preset attack environment, and attacking the defending party array through a preset network map;
counting attack damage parameters corresponding to the defending square array, and determining attack effect evaluation indexes corresponding to the network attack scheme according to the attack damage parameters;
inputting the network attack scheme, the planning parameters and the attack damage parameters into a pre-trained attack scheme optimization model, and determining an optimization suggestion corresponding to the network attack scheme;
updating the network attack scheme according to the optimization suggestion, and performing attack exercise according to the optimized network attack scheme until the attack effect evaluation index reaches a preset index level.
In an alternative embodiment, the planning parameters include: attack virus category matching, attack strategy and attack path.
In an optional implementation manner, after the preset network attack scenario is obtained and the planning parameters corresponding to the network attack scenario are determined, the method further includes:
accessing a preset virus library with the attack virus type proportion, and extracting target viruses from the virus library;
accessing a preset strategy library with the attack strategy, and extracting a target attack strategy from the strategy library;
and accessing a preset path library with the attack path, and extracting a target attack path from the path library.
In an optional implementation manner, the loading the planning parameter into an attacker array in a preset attack environment attacks the defender array via a preset network map, and specifically includes:
selecting the preset attack environment from a preset attack environment library according to the network attack scheme;
loading the target virus, the target attack strategy and the target attack path as network attack examples to the attack party array;
and according to the network attack example, under the preset attack environment, initiating network attack to the defending party array through the preset network map.
In an alternative embodiment, the attack disruption parameters include: sink number, sink ratio, depth of attack, overall destruction ratio, overall disabling time.
In an optional implementation manner, the determining, according to the attack damage parameter, an attack effect evaluation index corresponding to the network attack scheme specifically includes:
respectively determining preset weight coefficients corresponding to the sinking quantity, the sinking proportion, the attacked depth, the overall destruction proportion and the overall disabling time;
and determining the attack effect evaluation index according to the sinking quantity, the sinking proportion, the attacked depth, the integral damage proportion, the integral disabling time and the corresponding preset weight coefficient.
In an alternative embodiment, the attack effectiveness evaluation index is determined based on the following formula:
wherein,representing the attack effect evaluation index, and f (S) represents a linear function relation; n represents the sink number; k represents the sink fraction; d represents the depth of attack; g represents the overall destruction proportion; h represents the overall disabling time, corresponding to W 1 Representing the preset weight coefficient corresponding to the sinking quantity; w (W) 2 Representing the preset weight coefficient corresponding to the sinking proportion; w (W) 3 Representing the preset weight coefficient corresponding to the attacked depth; w (W) 4 Representing the preset weight coefficient corresponding to the integral destruction proportion; w (W) 5 Representing the preset weight coefficient corresponding to the integral disabling time.
The embodiment of the disclosure also provides a network attack drilling device, which comprises:
the acquisition module is used for acquiring a preset network attack scheme and determining planning parameters corresponding to the network attack scheme;
the attack module is used for loading the planning parameters to an attack square array in a preset attack environment and attacking the defending square array through a preset network map;
the attack effect evaluation module is used for counting attack damage parameters corresponding to the defending square array and determining attack effect evaluation indexes corresponding to the network attack scheme according to the attack damage parameters;
the attack scheme optimization module is used for inputting the network attack scheme, the planning parameters and the attack damage parameters into a pre-trained attack scheme optimization model and determining an optimization proposal corresponding to the network attack scheme;
and the attack scheme updating module is used for updating the network attack scheme according to the optimization suggestion, and carrying out attack exercise according to the optimized network attack scheme until the attack effect evaluation index reaches a preset index level.
The embodiment of the disclosure also provides an electronic device, including: a processor, a memory and a bus, the memory storing machine-readable instructions executable by the processor, the processor and the memory in communication over the bus when the electronic device is running, the machine-readable instructions when executed by the processor performing the above-described cyber attack exercise method, or steps in any of the possible embodiments of the above-described cyber attack exercise method.
The disclosed embodiments also provide a computer readable storage medium having stored thereon a computer program which, when executed by a processor, performs the above-described cyber attack exercise method, or steps in any of the possible implementation manners of the above-described cyber attack exercise method.
The disclosed embodiments also provide a computer program product comprising a computer program/instructions which, when executed by a processor, implement the above-described cyber attack exercise method, or steps in any one of the possible implementation manners of the above-described cyber attack exercise method.
According to the network attack exercise method, the device, the electronic equipment and the storage medium, the planning parameters corresponding to the network attack scheme are determined by acquiring the preset network attack scheme; loading the planning parameters to an attack party array in a preset attack environment, and attacking the defending party array through a preset network map; counting attack damage parameters corresponding to the defending square array, and determining attack effect evaluation indexes corresponding to the network attack scheme according to the attack damage parameters; inputting the network attack scheme, the planning parameters and the attack damage parameters into a pre-trained attack scheme optimization model, and determining an optimization suggestion corresponding to the network attack scheme; updating the network attack scheme according to the optimization suggestion, and performing attack exercise according to the optimized network attack scheme until the attack effect evaluation index reaches a preset index level. The attack exercise of the large network system can be realized, so that the weak links of the large network can be found out, and the security defensive power of the large network is improved.
The foregoing objects, features and advantages of the disclosure will be more readily apparent from the following detailed description of the preferred embodiments taken in conjunction with the accompanying drawings.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present disclosure, the drawings required for the embodiments are briefly described below, which are incorporated in and constitute a part of the specification, these drawings showing embodiments consistent with the present disclosure and together with the description serve to illustrate the technical solutions of the present disclosure. It is to be understood that the following drawings illustrate only certain embodiments of the present disclosure and are therefore not to be considered limiting of its scope, for the person of ordinary skill in the art may admit to other equally relevant drawings without inventive effort.
Fig. 1 shows a flowchart of a network attack drilling method provided by an embodiment of the present disclosure;
FIG. 2 illustrates a schematic diagram of an attack drilling system provided by embodiments of the present disclosure;
FIG. 3 illustrates a functional schematic of an attack drilling system provided by embodiments of the present disclosure;
FIG. 4 shows a schematic diagram of a cyber attack exercise device provided by an embodiment of the present disclosure;
fig. 5 shows a schematic diagram of an electronic device provided by an embodiment of the disclosure.
Detailed Description
For the purposes of making the objects, technical solutions and advantages of the embodiments of the present disclosure more apparent, the technical solutions in the embodiments of the present disclosure will be clearly and completely described below with reference to the drawings in the embodiments of the present disclosure, and it is apparent that the described embodiments are only some embodiments of the present disclosure, but not all embodiments. The components of the embodiments of the present disclosure, which are generally described and illustrated in the figures herein, may be arranged and designed in a wide variety of different configurations. Thus, the following detailed description of the embodiments of the present disclosure provided in the accompanying drawings is not intended to limit the scope of the disclosure, as claimed, but is merely representative of selected embodiments of the disclosure. All other embodiments, which can be made by those skilled in the art based on the embodiments of this disclosure without making any inventive effort, are intended to be within the scope of this disclosure.
It should be noted that: like reference numerals and letters denote like items in the following figures, and thus once an item is defined in one figure, no further definition or explanation thereof is necessary in the following figures.
The term "and/or" is used herein to describe only one relationship, meaning that there may be three relationships, e.g., a and/or B, which may mean: a exists alone, A and B exist together, and B exists alone. In addition, the term "at least one" herein means any one of a plurality or any combination of at least two of a plurality, for example, including at least one of A, B, C, and may mean including any one or more elements selected from the group consisting of A, B and C.
According to research, at present, network attacks attack on systems and resources by utilizing loopholes and security defects existing in a network information system, in recent years, network attack events are frequent, trojan horse, worm and luxury software layers on the Internet are endless, serious threat is formed to network security, and meanwhile, from part of blogs, forums and open source websites, common users can easily obtain different kinds of network attack tools. The publicity of the Internet greatly reduces the attack cost of network attackers, so that aiming at the current situation that the current network security event is frequent and the related drilling technology is lagged, how to realize the attack drilling of a large network system so as to find out the weak link of the large network, and improve the security defense of the large network becomes a problem to be solved urgently.
Based on the above researches, the present disclosure provides a network attack exercise method, a device, an electronic device and a storage medium, by acquiring a preset network attack scheme, determining a planning parameter corresponding to the network attack scheme; loading the planning parameters to an attack party array in a preset attack environment, and attacking the defending party array through a preset network map; counting attack damage parameters corresponding to the defending square array, and determining attack effect evaluation indexes corresponding to the network attack scheme according to the attack damage parameters; inputting the network attack scheme, the planning parameters and the attack damage parameters into a pre-trained attack scheme optimization model, and determining an optimization suggestion corresponding to the network attack scheme; updating the network attack scheme according to the optimization suggestion, and performing attack exercise according to the optimized network attack scheme until the attack effect evaluation index reaches a preset index level. The attack exercise of the large network system can be realized, so that the weak links of the large network can be found out, and the security defensive power of the large network is improved.
For the sake of understanding the present embodiment, first, a detailed description will be given of a network attack drilling method disclosed in the present embodiment, where an execution body of the network attack drilling method provided in the present embodiment is generally a computer device with a certain computing capability, where the computer device includes, for example: the terminal device, or server or other processing device, may be a User Equipment (UE), mobile device, user terminal, cellular telephone, cordless telephone, personal digital assistant (Personal Digital Assistant, PDA), handheld device, computing device, vehicle mounted device, wearable device, etc. In some possible implementations, the cyber attack drilling method may be implemented by a processor invoking computer readable instructions stored in a memory.
Referring to fig. 1, a flowchart of a network attack drilling method provided by an embodiment of the present disclosure is shown, where the method includes steps S101 to S105, where:
s101, acquiring a preset network attack scheme, and determining planning parameters corresponding to the network attack scheme.
In the specific implementation, a preset network attack scheme is obtained, and an attack plan and a planning parameter corresponding to the attack plan, which are needed to be performed in the network attack drilling process, are determined.
Here, the planning parameters include: attack virus category matching, attack strategy and attack path.
It should be noted that, the preset network attack scheme may be a general attack scheme set through manual experience, and may be set according to actual needs, which is not limited in particular.
As a possible implementation manner, after determining the planning parameters corresponding to the present network attack exercise, the following steps 1-3 may be further performed:
step 1, accessing a preset virus library with the attack virus type proportion, and extracting target viruses from the virus library.
And step 2, accessing a preset strategy library with the attack strategy, and extracting a target attack strategy from the strategy library.
And step 3, accessing a preset path library with the attack path, and extracting a target attack path from the path library.
In the specific implementation, various virus samples required by the attack exercise are prestored in a preset virus library, various strategy rules required by the attack exercise are prestored in a preset strategy library, and various attack paths required by the attack exercise are prestored in a preset path library.
Here, the general attack scheme invokes a preset virus library, a strategy library and a path library to generate an initial attack virus category proportion, an attack strategy planning and an attack path planning network attack scheme.
Optionally, the planning parameters may also include attack topology.
As a possible implementation manner, the network attack drilling method provided by the embodiment of the present disclosure may be applied to an attack drilling system, as shown in fig. 2, which is a schematic diagram of the attack drilling system provided by the embodiment of the present disclosure, where the attack drilling system includes: the system comprises an attack database module, an attack topological structure module, an attack configuration module, an attack sand table module, an attack drilling module and an attack effect evaluation module.
Here, the attack database module mainly provides various virus samples, policy rules, attack paths, network environments and the like required by attack drilling for the system, including an attack virus library, an attack policy library, an attack path library and an attack environment library. The attack topological structure module is mainly used for setting the quantity proportion of the attack parties and mainly comprises a one-to-one mode, a one-to-many mode, a many-to-one mode and a many-to-many mode 4 types. The attack configuration module is mainly used for setting various basic parameter configurations of attack drilling, including topological structure, virus category proportion, attack strategy and path planning, network environment setting and the like. The attack sand table module is an actual entity for attack drilling and comprises an array of attack and defense parties, a network system map, a network real-time environment display and the like. The attack drilling module mainly reflects the dynamic process of attack drilling, and comprises initial information storage, attack process deduction, attack process iterative optimization, attack dynamic process storage and the like. The attack effect evaluation module is mainly used for performing various evaluations on the exercised attack effect, including objective result statistics, automatic intelligent evaluation, manual evaluation of field experts and final overall attack effect evaluation.
Further, the operation principle of the attack drilling system may be shown in fig. 3, which is an operation principle diagram of the attack drilling system provided by the embodiment of the present disclosure.
Thus, after the overall attack scheme is set manually, the attack drilling system can perform closed-loop iterative optimization automatic operation.
S102, loading the planning parameters into an attack party array in a preset attack environment, and attacking the defending party array through a preset network map.
In a specific implementation, step S102 may be implemented by the following steps 1-3:
step 1, selecting the preset attack environment from a preset attack environment library according to the network attack scheme.
And step 2, loading the target virus, the target attack strategy and the target attack path serving as network attack examples to the attack party array.
And 3, according to the network attack example, under the preset attack environment, initiating network attack to the defending party array through the preset network map.
Here, after the overall attack scheme calls the attack strategy library to generate initial attack virus category proportion, attack strategy planning and attack path planning, loading the virus from the virus library to the attack party array in the sand table according to the virus category proportion. And loading the policies and the paths from the policy library and the path library respectively to an attack square array in the sand table according to the attack policies and the paths.
S103, counting attack damage parameters corresponding to the defending party array, and determining attack effect evaluation indexes corresponding to the network attack scheme according to the attack damage parameters.
In a specific implementation, the objective result of the network attack is counted by the case that the defending square array is attacked, and attack damage parameters comprise: sink number, sink ratio, depth of attack, overall destruction ratio, overall disabling time.
Furthermore, the attack effect evaluation index is obtained by intelligently and comprehensively evaluating various indexes in the objective result according to the proper weight through automatic intelligent evaluation.
Specifically, the attack effect evaluation index can be realized through the following steps 1 to 2:
and step 1, respectively determining preset weight coefficients corresponding to the sinking quantity, the sinking proportion, the attacked depth, the overall destruction proportion and the overall disabling time.
And step 2, determining the attack effect evaluation index according to the sinking quantity, the sinking proportion, the attacked depth, the overall damage proportion, the overall disabling time and the corresponding preset weight coefficient.
Here, the attack effect evaluation index is determined based on the following formula:
wherein,representing the attack effect evaluation index, and f (S) represents a linear function relation; n represents the sink number; k represents the sink fraction; d represents the depth of attack; g represents the overall destruction proportion; h represents the overall disabling time, corresponding to W 1 Representing the preset weight coefficient corresponding to the sinking quantity; w (W) 2 Representing the preset weight coefficient corresponding to the sinking proportion; w (W) 3 Representing the preset weight coefficient corresponding to the attacked depth; w (W) 4 Representing the preset weight coefficient corresponding to the integral destruction proportion; w (W) 5 Representing the preset weight coefficient corresponding to the integral disabling time.
S104, inputting the network attack scheme, the planning parameters and the attack damage parameters into a pre-trained attack scheme optimization model, and determining optimization suggestions corresponding to the network attack scheme.
In specific implementation, through big data machine learning, a trained attack scheme optimization model is adopted to learn and train objective results, automatic intelligent evaluation results and attack strategies selected in advance, intelligent reasoning and verification are carried out, and optimization suggestions for the attack process are given.
Here, the attack scheme optimization model mainly learns the network attack scheme, the planning parameters and the attack damage parameters in the process of multiple network attack drilling, and the corresponding field expert carries out manual evaluation on the network attack scheme, the planning parameters and the attack damage parameters in the process of the attack drilling, and finally gives an optimization scheme, thereby realizing the function of automatically giving optimization suggestions for the network attack scheme.
It should be noted that, the structure of the attack scheme optimization model may be selected according to actual needs, so that the specific limitation is not drunk, and the function of automatically giving the optimization suggestion for the network attack scheme can be achieved.
S105, updating the network attack scheme according to the optimization suggestion, and performing attack exercise according to the optimized network attack scheme until the attack effect evaluation index reaches a preset index level.
In specific implementation, the overall attack scheme is adjusted according to the attack process optimization suggestion feedback, and the attack exercise is automatically performed again until the attack effect evaluation index automatically and intelligently evaluated reaches the expected set level.
Here, the preset index level may be set according to actual needs, and is not particularly limited herein.
According to the network attack drilling method provided by the embodiment of the disclosure, the planning parameters corresponding to the network attack scheme are determined by acquiring the preset network attack scheme; loading the planning parameters to an attack party array in a preset attack environment, and attacking the defending party array through a preset network map; counting attack damage parameters corresponding to the defending square array, and determining attack effect evaluation indexes corresponding to the network attack scheme according to the attack damage parameters; inputting the network attack scheme, the planning parameters and the attack damage parameters into a pre-trained attack scheme optimization model, and determining an optimization suggestion corresponding to the network attack scheme; updating the network attack scheme according to the optimization suggestion, and performing attack exercise according to the optimized network attack scheme until the attack effect evaluation index reaches a preset index level. The attack exercise of the large network system can be realized, so that the weak links of the large network can be found out, and the security defensive power of the large network is improved.
It will be appreciated by those skilled in the art that in the above-described method of the specific embodiments, the written order of steps is not meant to imply a strict order of execution but rather should be construed according to the function and possibly inherent logic of the steps.
Based on the same inventive concept, the embodiment of the disclosure further provides a network attack drilling device corresponding to the network attack drilling method, and since the principle of solving the problem by the device in the embodiment of the disclosure is similar to that of the network attack drilling method in the embodiment of the disclosure, the implementation of the device can refer to the implementation of the method, and the repetition is omitted.
Referring to fig. 4, fig. 4 is a schematic diagram of a network attack drilling apparatus according to an embodiment of the disclosure. As shown in fig. 4, the network attack exercise device 400 provided by the embodiment of the present disclosure includes:
the acquiring module 410 is configured to acquire a preset network attack scenario, and determine a planning parameter corresponding to the network attack scenario.
The attack module 420 is configured to load the planning parameter to an attack party array in a preset attack environment, and attack the attack party array via a preset network map.
And the attack effect evaluation module 430 is configured to count attack damage parameters corresponding to the defending square array, and determine attack effect evaluation indexes corresponding to the network attack scheme according to the attack damage parameters.
The attack scenario optimization module 440 is configured to input the network attack scenario, the planning parameter and the attack destruction parameter to a pre-trained attack scenario optimization model, and determine an optimization suggestion corresponding to the network attack scenario.
And an attack plan updating module 450, configured to update the network attack plan according to the optimization suggestion, and perform attack exercise according to the optimized network attack plan until the attack effect evaluation index reaches a preset index level.
The process flow of each module in the apparatus and the interaction flow between the modules may be described with reference to the related descriptions in the above method embodiments, which are not described in detail herein.
According to the network attack drilling device provided by the embodiment of the disclosure, the planning parameters corresponding to the network attack scheme are determined by acquiring the preset network attack scheme; loading the planning parameters to an attack party array in a preset attack environment, and attacking the defending party array through a preset network map; counting attack damage parameters corresponding to the defending square array, and determining attack effect evaluation indexes corresponding to the network attack scheme according to the attack damage parameters; inputting the network attack scheme, the planning parameters and the attack damage parameters into a pre-trained attack scheme optimization model, and determining an optimization suggestion corresponding to the network attack scheme; updating the network attack scheme according to the optimization suggestion, and performing attack exercise according to the optimized network attack scheme until the attack effect evaluation index reaches a preset index level. The attack exercise of the large network system can be realized, so that the weak links of the large network can be found out, and the security defensive power of the large network is improved.
Corresponding to the network attack drilling method in fig. 1, the embodiment of the present disclosure further provides an electronic device 500, as shown in fig. 5, which is a schematic structural diagram of the electronic device 500 provided in the embodiment of the present disclosure, including:
a processor 51, a memory 52, and a bus 53; memory 52 is used to store execution instructions, including memory 521 and external storage 522; the memory 521 is also referred to as an internal memory, and is used for temporarily storing operation data in the processor 51 and data exchanged with the external memory 522 such as a hard disk, and the processor 51 exchanges data with the external memory 522 through the memory 521, and when the electronic device 500 is operated, the processor 51 and the memory 52 communicate with each other through the bus 53, so that the processor 51 executes the steps of the network attack exercise method in fig. 1.
The disclosed embodiments also provide a computer readable storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of the network attack exercise method described in the method embodiments above. Wherein the storage medium may be a volatile or nonvolatile computer readable storage medium.
The embodiment of the disclosure further provides a computer program product, which includes computer instructions that, when executed by a processor, may perform the steps of the network attack exercise method described in the above method embodiment, and specifically, reference the above method embodiment will not be described herein.
Wherein the above-mentioned computer program product may be realized in particular by means of hardware, software or a combination thereof. In an alternative embodiment, the computer program product is embodied as a computer storage medium, and in another alternative embodiment, the computer program product is embodied as a software product, such as a software development kit (Software Development Kit, SDK), or the like.
It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the above-described system and apparatus may refer to corresponding procedures in the foregoing method embodiments, which are not described herein again. In the several embodiments provided in the present disclosure, it should be understood that the disclosed systems, devices, and methods may be implemented in other manners. The above-described apparatus embodiments are merely illustrative, for example, the division of the units is merely a logical function division, and there may be other manners of division in actual implementation, and for example, multiple units or components may be combined or integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be through some communication interface, device or unit indirect coupling or communication connection, which may be in electrical, mechanical or other form.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in each embodiment of the present disclosure may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a non-volatile computer readable storage medium executable by a processor. Based on such understanding, the technical solution of the present disclosure may be embodied in essence or a part contributing to the prior art or a part of the technical solution, or in the form of a software product stored in a storage medium, including several instructions to cause a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the method described in the embodiments of the present disclosure. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
Finally, it should be noted that: the foregoing examples are merely specific embodiments of the present disclosure, and are not intended to limit the scope of the disclosure, but the present disclosure is not limited thereto, and those skilled in the art will appreciate that while the foregoing examples are described in detail, it is not limited to the disclosure: any person skilled in the art, within the technical scope of the disclosure of the present disclosure, may modify or easily conceive changes to the technical solutions described in the foregoing embodiments, or make equivalent substitutions for some of the technical features thereof; such modifications, changes or substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the disclosure, and are intended to be included within the scope of the present disclosure. Therefore, the protection scope of the present disclosure shall be subject to the protection scope of the claims.

Claims (7)

1. A network attack exercise method, comprising:
acquiring a preset network attack scheme, and determining planning parameters corresponding to the network attack scheme;
loading the planning parameters to an attack party array in a preset attack environment, and attacking the defending party array through a preset network map;
counting attack damage parameters corresponding to the defending square array, and determining attack effect evaluation indexes corresponding to the network attack scheme according to the attack damage parameters;
inputting the network attack scheme, the planning parameters and the attack damage parameters into a pre-trained attack scheme optimization model, and determining an optimization suggestion corresponding to the network attack scheme;
updating the network attack scheme according to the optimization suggestion, and performing attack exercise according to the optimized network attack scheme until the attack effect evaluation index reaches a preset index level;
the attack disruption parameters include: sinking quantity, sinking proportion, attacked depth, overall destruction proportion and overall disabling time;
the determining, according to the attack damage parameter, an attack effect evaluation index corresponding to the network attack scheme specifically includes:
respectively determining preset weight coefficients corresponding to the sinking quantity, the sinking proportion, the attacked depth, the overall destruction proportion and the overall disabling time;
determining the attack effect evaluation index according to the sinking quantity, the sinking proportion, the attacked depth, the overall destruction proportion, the overall disabling time and the corresponding preset weight coefficient;
determining the attack effect evaluation index based on the following formula:
wherein,representing the attack effect evaluation index, and f (S) represents a linear function relation; n represents the sink number; k represents the sink fraction; d represents the depth of attack; g represents the overall destruction proportion; h represents the overall disabling time, corresponding to W 1 Representing the preset weight coefficient corresponding to the sinking quantity; w (W) 2 Representing the preset weight coefficient corresponding to the sinking proportion; w (W) 3 Representing the preset weight coefficient corresponding to the attacked depth; w (W) 4 Representing the preset weight coefficient corresponding to the integral destruction proportion; w (W) 5 Representing the preset weight coefficient corresponding to the integral disabling time.
2. The method according to claim 1, characterized in that:
the planning parameters include: attack virus category matching, attack strategy and attack path.
3. The method according to claim 2, wherein after the acquiring the preset network attack scenario and determining the planning parameters corresponding to the network attack scenario, the method further comprises:
accessing a preset virus library with the attack virus type proportion, and extracting target viruses from the virus library;
accessing a preset strategy library with the attack strategy, and extracting a target attack strategy from the strategy library;
and accessing a preset path library with the attack path, and extracting a target attack path from the path library.
4. A method according to claim 3, wherein the loading the planning parameter into an attacker array in a preset attack environment attacks the defender array via a preset network map, specifically comprising:
selecting the preset attack environment from a preset attack environment library according to the network attack scheme;
loading the target virus, the target attack strategy and the target attack path as network attack examples to the attack party array;
and according to the network attack example, under the preset attack environment, initiating network attack to the defending party array through the preset network map.
5. A cyber attack exercise device, comprising:
the acquisition module is used for acquiring a preset network attack scheme and determining planning parameters corresponding to the network attack scheme;
the attack module is used for loading the planning parameters to an attack square array in a preset attack environment and attacking the defending square array through a preset network map;
the attack effect evaluation module is used for counting attack damage parameters corresponding to the defending square array and determining attack effect evaluation indexes corresponding to the network attack scheme according to the attack damage parameters;
the attack scheme optimization module is used for inputting the network attack scheme, the planning parameters and the attack damage parameters into a pre-trained attack scheme optimization model and determining an optimization proposal corresponding to the network attack scheme;
the attack scheme updating module is used for updating the network attack scheme according to the optimization suggestion, and carrying out attack exercise according to the optimized network attack scheme until the attack effect evaluation index reaches a preset index level;
the attack disruption parameters include: sinking quantity, sinking proportion, attacked depth, overall destruction proportion and overall disabling time;
the device is also for:
the determining, according to the attack damage parameter, an attack effect evaluation index corresponding to the network attack scheme specifically includes:
respectively determining preset weight coefficients corresponding to the sinking quantity, the sinking proportion, the attacked depth, the overall destruction proportion and the overall disabling time;
determining the attack effect evaluation index according to the sinking quantity, the sinking proportion, the attacked depth, the overall destruction proportion, the overall disabling time and the corresponding preset weight coefficient;
determining the attack effect evaluation index based on the following formula:
wherein,representing the attack effect evaluation index, and f (S) represents a linear function relation; n represents the sink number; k represents the sink fraction; d represents the depth of attack; g represents the overall destruction proportion; h represents the overall disabling time, corresponding to W 1 Representing the preset weight coefficient corresponding to the sinking quantity; w (W) 2 Representing the preset weight coefficient corresponding to the sinking proportion; w (W) 3 Representing the preset weight coefficient corresponding to the attacked depth; w (W) 4 Representing the preset weight coefficient corresponding to the integral destruction proportion; w (W) 5 Representing the preset weight coefficient corresponding to the integral disabling time.
6. An electronic device, comprising: a processor, a memory and a bus, the memory storing machine-readable instructions executable by the processor, the processor and the memory in communication over the bus when the electronic device is running, the machine-readable instructions when executed by the processor performing the steps of the network attack exercise method according to any of claims 1 to 4.
7. A computer readable storage medium, characterized in that the computer readable storage medium has stored thereon a computer program which, when executed by a processor, performs the steps of the network attack exercise method according to any of claims 1 to 4.
CN202311133644.3A 2023-09-05 2023-09-05 Network attack drilling method and device, electronic equipment and storage medium Active CN116866193B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311133644.3A CN116866193B (en) 2023-09-05 2023-09-05 Network attack drilling method and device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311133644.3A CN116866193B (en) 2023-09-05 2023-09-05 Network attack drilling method and device, electronic equipment and storage medium

Publications (2)

Publication Number Publication Date
CN116866193A CN116866193A (en) 2023-10-10
CN116866193B true CN116866193B (en) 2023-11-21

Family

ID=88225387

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311133644.3A Active CN116866193B (en) 2023-09-05 2023-09-05 Network attack drilling method and device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN116866193B (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106066964A (en) * 2016-05-30 2016-11-02 中国电子科技集团公司电子科学研究院 A kind of evaluation methodology of network attack scheme based on multistage evaluation index
CN113360898A (en) * 2021-06-03 2021-09-07 中国电子信息产业集团有限公司第六研究所 Index weight determination method, network attack evaluation method and electronic equipment
CN114157480A (en) * 2021-12-01 2022-03-08 北京华云安信息技术有限公司 Method, device, equipment and storage medium for determining network attack scheme
CN115694970A (en) * 2022-10-28 2023-02-03 南方电网科学研究院有限责任公司 Network security attack and defense drilling system, method and readable storage medium
CN116318983A (en) * 2023-03-10 2023-06-23 北京奇艺世纪科技有限公司 Network attack simulation method, system, electronic equipment and readable storage medium
KR20230097337A (en) * 2021-12-24 2023-07-03 한국원자력연구원 Device of evaluating nuclear facility cyberattack response training and method of thereof
CN116527332A (en) * 2023-04-13 2023-08-01 广州科技职业技术大学 Network attack drilling method, device, equipment and storage medium

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106066964A (en) * 2016-05-30 2016-11-02 中国电子科技集团公司电子科学研究院 A kind of evaluation methodology of network attack scheme based on multistage evaluation index
CN113360898A (en) * 2021-06-03 2021-09-07 中国电子信息产业集团有限公司第六研究所 Index weight determination method, network attack evaluation method and electronic equipment
CN114157480A (en) * 2021-12-01 2022-03-08 北京华云安信息技术有限公司 Method, device, equipment and storage medium for determining network attack scheme
KR20230097337A (en) * 2021-12-24 2023-07-03 한국원자력연구원 Device of evaluating nuclear facility cyberattack response training and method of thereof
CN115694970A (en) * 2022-10-28 2023-02-03 南方电网科学研究院有限责任公司 Network security attack and defense drilling system, method and readable storage medium
CN116318983A (en) * 2023-03-10 2023-06-23 北京奇艺世纪科技有限公司 Network attack simulation method, system, electronic equipment and readable storage medium
CN116527332A (en) * 2023-04-13 2023-08-01 广州科技职业技术大学 Network attack drilling method, device, equipment and storage medium

Also Published As

Publication number Publication date
CN116866193A (en) 2023-10-10

Similar Documents

Publication Publication Date Title
CN108933793B (en) Attack graph generation method and device based on knowledge graph
US11411976B2 (en) Resource-efficient generation of analytical attack graphs
Finnemore et al. Constructing norms for global cybersecurity
Wei et al. Competing memes propagation on networks: A network science perspective
Nguyen et al. Deception in finitely repeated security games
Edge A framework for analyzing and mitigating the vulnerabilities of complex systems via attack and protection trees
Brown et al. GRAVITAS: Graphical reticulated attack vectors for Internet-of-Things aggregate security
Bidgoly et al. Modelling and quantitative verification of reputation systems against malicious attackers
Palani et al. Invisible and forgotten: Zero-day blooms in the IoT
CN112039914A (en) Network attack chain efficiency modeling method
CN117540106B (en) Social activity recommendation method and device for protecting multi-mode data privacy
Jin et al. Evolutionary game decision-making method for network attack and defense based on regret minimization algorithm
Zhang et al. An Advanced Persistent Distributed Denial‐of‐Service Attacked Dynamical Model on Networks
CN116866193B (en) Network attack drilling method and device, electronic equipment and storage medium
Ahsan Increasing the predictive potential of machine learning models for enhancing cybersecurity
CN106411923B (en) Network risk assessment method based on ontology modeling
Matania et al. Continuous terrain remodelling: gaining the upper hand in cyber defence
Luo et al. A fictitious play‐based response strategy for multistage intrusion defense systems
WO2022252039A1 (en) Method and apparatus for adversarial attacking in deep reinforcement learning
Husted et al. Emergent properties & security: The complexity ofsecurity as a science
Moskal et al. Simulating attack behaviors in enterprise networks
Zhang et al. A new model for capturing the spread of computer viruses on complex-networks
CN115473677A (en) Penetration attack defense method and device based on reinforcement learning and electronic equipment
Huang et al. One-class directed heterogeneous graph neural network for intrusion detection
Shoker Digital sovereignty strategies for every nation

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant