CN117319094B - SDN network attack and defense target range platform system - Google Patents

SDN network attack and defense target range platform system Download PDF

Info

Publication number
CN117319094B
CN117319094B CN202311619252.8A CN202311619252A CN117319094B CN 117319094 B CN117319094 B CN 117319094B CN 202311619252 A CN202311619252 A CN 202311619252A CN 117319094 B CN117319094 B CN 117319094B
Authority
CN
China
Prior art keywords
module
topology
data
log
sdn network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202311619252.8A
Other languages
Chinese (zh)
Other versions
CN117319094A (en
Inventor
潘泉
李扬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xi'an Chenhang Zhuoyue Technology Co ltd
Original Assignee
Xi'an Chenhang Zhuoyue Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xi'an Chenhang Zhuoyue Technology Co ltd filed Critical Xi'an Chenhang Zhuoyue Technology Co ltd
Priority to CN202311619252.8A priority Critical patent/CN117319094B/en
Publication of CN117319094A publication Critical patent/CN117319094A/en
Application granted granted Critical
Publication of CN117319094B publication Critical patent/CN117319094B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/145Network analysis or design involving simulating, designing, planning or modelling of a network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/76Routing in software-defined topologies, e.g. routing between virtual machines
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Abstract

The application discloses SDN network attack and defense target range platform system, the platform system adopts the django frame to accomplish software B/S framework based on SDN network, the platform system includes: the system comprises a topology module, a remote monitoring module, a safety penetration test module, a log module and a server, wherein the server adopts nginx and uwigi for proxy and is respectively in communication connection with the topology module, the log module and the remote monitoring module; the storage and sharing of data between the modules is realized by MySQL. The topology module, the remote monitoring module and the log module provided by the application complete three functions of network starting, scene control and network flow log monitoring of the simulation service scene of the target range platform, realize the requirements of three aspects of automatic deployment, attack and defense exercise interaction and scene state display of the simulation service scene, and finally jointly construct the whole simulation service system.

Description

SDN network attack and defense target range platform system
Technical Field
The application relates to an SDN network attack and defense target range platform system, and belongs to the field of network information security.
Background
The network target range is a test platform which can simulate and simulate the actual network space attack and defense combat environment through a virtualization technology and can support combat capability research and weapon equipment verification, and for the network target range, multiple aspects of entities, platforms, communication, data, management and the like need to be comprehensively considered, so that the network target range is a reproduction of the actual complex network environment. In practice, network targets are not isolated devices or systems in many cases, but have a network structure with a certain scale, so that in order to simulate various different attack and defense modes, the defects of an independent target aircraft need to be overcome, a target range is built as close as possible to a real network environment, and the target range is built in a highly unified and same comprehensive system. This requires on the one hand unified scheduling and management of the various available resources and on the other hand constant changes of topology to simulate and create different attack and defense strategies.
Current development of network targets is typically based on cloud computing platforms. The network target range system architecture realizes the scheduling management of computing resources, storage resources and network resources through the cloud computing platform, but cannot rapidly and flexibly define and change the network topology structure and rapidly and flexibly realize the expansion of the network target range scale.
Disclosure of Invention
In view of this, the application provides an SDN network attack and defense range platform system for solving the problem that the current network range cannot be flexibly called, and the specific scheme is as follows:
an SDN network attack and defense target range platform system, wherein the platform system is based on an SDN network and adopts a django framework to complete a software B/S architecture, and the platform system comprises:
the topology module is used for respectively controlling the SDN network, the data input of the SDN network and the structure display of the SDN network, and the input and processing, the data processing and storage, the topology automatic drawing and the control of a target range of the file;
the remote monitoring module is respectively connected with the operation terminal and a host computer participated in the attack and defense scene, combines the guacam assembly, controls the host computer participated in the attack and defense scene in a browser access mode through a remote control protocol, and is used for remote monitoring, data extraction and processing, host role allocation and remote control of attack and defense personnel of the attack and defense scene;
the safety penetration test module is used for monitoring the safety of the transmission data;
the log module is in communication connection with the safety penetration test module, and in the starting process of the shooting range, the flow feedback of the SDN network in communication is obtained through the logs sent by the safety penetration test module, so that basic flow logs are collected, the logs are classified and stored, meanwhile, the logs are analyzed and pushed, and received data are transmitted to the inside and the front end of the shooting range platform system in real time, so that the real-time display of the logs, the filtering and searching of the logs, the log alarming and the combined query of the historical logs are realized;
the server is respectively in communication connection with the topology module, the log module and the remote monitoring module, and adopts nginx and uwigi for proxy;
and the data storage and sharing among the topology module, the remote monitoring module and the log module are realized through MySQL.
Preferably, the topology module is configured to include: uploading a topology file, storing topology file data, constructing a front-end tree structure json, optimizing tree structure json data, generating topology functions, interacting topology and remotely starting the topology.
Preferably, the topology module performs real-time control on the SDN network by setting up an API at the SDN end through a flash;
the topology module controls SDN network data input through a file transmission component;
the topology module controls the SDN network structure presentation through optimizing the original data and automatically generating the structured image.
Preferably, the topology module comprises a topolist_view module, a topo_view module and a sdn_API module;
the topolist_view module comprises uploading, deleting and list displaying of original data;
the topo_view module is mainly used for automatically displaying the original data in an imaging way, and comprises a method for optimizing the original data and automatically generating a structured image;
the sdn_API module controls file transmission, instruction transmission and instruction verification of the SDN network by utilizing original data and control means, and comprises a platform sdn_API and a host sdn_API.
Preferably, the topology module adopts a mode of a hierarchical architecture;
each layer of architecture is independently developed, and a data communication mode and interface call among the layers of architecture are performed in a unified mode;
the topology module construction steps comprise:
firstly, uploading a topology file;
then, starting corresponding topology through a starting file of the SDN network target range;
then, extracting topology file data, storing the topology file data into a database after analysis, and initially establishing a database required by topology;
and finally, automatically analyzing and generating a topological graph displayed at the front end according to the uploaded topological file, transferring to a remote terminal, and carrying out VNC monitoring on each terminal through the topology.
Preferably, the remote monitoring module is connected to a remote desktop UI through node interaction;
the remote monitoring module completes the calling of the topology information through node interaction so as to realize the remote starting/stopping of the topology module on the actual SDN target range.
Preferably, the remote monitoring module is configured to:
the method realizes safe penetration test and drilling service, can be remotely monitored and controlled by an operation terminal, has a display function and matches data information of different service test scenes.
Preferably, the remote monitoring module is used for constructing a vulnerability database and developing a basic functional module of a business security test scene, and comprises an application server for constructing guacoamol and a VNC remote control tool.
Preferably, the log module comprises a log sub-module and a history log sub-module;
the log submodule monitors, classifies and stores the data forwarded by the communication module, and the log submodule transmits the received data to the inside and the front end of the platform in real time;
and the history log submodule stores the data stored in the database by the log submodule and sends the data to the front end at one time.
Preferably, the transmission of the log submodule to the data in the platform is realized through communication between redis processes;
the transmission of the front-end data by the log submodule is realized through websocket;
the storage of the history log sub-module is realized through MySQL.
The beneficial effects that this application can produce include:
the topology module, the remote monitoring module and the log module provided by the application complete the functions of starting a simulation service scene network in a target range platform, controlling the simulation service scene and monitoring the network flow log of the simulation service scene, realize the requirements of three aspects of automatic deployment, attack and defense exercise interaction and scene state display of the simulation service scene, and finally jointly construct the whole simulation service system;
the safety penetration test module is used for monitoring the safety of transmission data;
in the application, SDN technology is introduced to optimize a network topology structure, so that the speed and efficiency of forwarding data information by routing are improved, and the security defense performance of a system network is further improved by combining the topology module and the security penetration test module while testing service scenes is completed;
in the application, the topology module adopts a layered architecture design, so that the coupling between layers is reduced, independent development of each layer is supported, code reuse is facilitated, and development speed is increased.
The remote monitoring module is called through node interaction, so that flexibility of resource calling is achieved.
Drawings
FIG. 1 is a schematic diagram of a framework of the present application;
FIG. 2 is a software architecture diagram in the present application;
FIG. 3 is a flow chart of topology module construction in the present application;
FIG. 4 is a schematic diagram of a remote monitoring module according to the present application;
FIG. 5 is a schematic diagram of a log module in the present application;
FIG. 6 is a diagram of the automatic creation of a topology graphical intent for a software home page;
FIG. 7 is a schematic illustration of a single click host effect.
Detailed Description
The present application is described in detail below with reference to examples, but the present application is not limited to these examples.
Example 1:
according to the SDN network attack and defense target range platform system shown in the attached figures 1-5, the system platform is based on an SDN network and adopts a django framework to complete a software B/S framework;
then, an application server of guacoamol and a VNC remote control tool are built, a software and hardware environment supporting the whole platform to run smoothly is provided, and data storage and sharing among a topology module, a remote monitoring module, a safety penetration test module and a log module are realized through MySQL; and (5) proxy is carried out on the server by using the nginx and uwigi.
The SDN network attack and defense target range platform system specifically comprises:
the topology module is introduced into the SDN network, controls the SDN network, the data input of the SDN network and the structure display of the SDN network respectively, and is used for realizing the input and processing of files, the data processing and storage, the automatic topology drawing and the control of a target range;
the remote monitoring module is respectively connected with the operation terminal and the host computer participated in the attack and defense scene, combines the guapamole assembly, controls the host computer participated in the attack and defense scene in a browser access mode through a remote control protocol, and is used for remote monitoring, data extraction and processing of the attack and defense scene, allocation of host roles and remote control of attack and defense personnel;
the safety penetration test module is used for monitoring the safety of the transmission data;
the log module is in communication connection with the safety penetration test module, and in the starting process of the shooting range, the log module acquires flow feedback of the SDN network during communication through the log sent by the safety penetration test module, collects basic flow logs, performs classified storage on the logs, performs analysis and pushing of the logs, and transmits received data to the inside and the front end of the shooting range platform system in real time, so that real-time display of the logs, filtering and searching of the logs, log alarming and combined query of historical logs are realized;
the server is respectively in communication connection with the topology module, the log module and the remote monitoring module, and adopts nginx and uwigi for proxy;
and the data storage and sharing among the topology module, the remote monitoring module and the log module are realized through MySQL.
And finally, completing the construction of each module.
Building a topology module:
1. the topology module is configured to have the following functions:
(1) A file uploading function, agreeing with a redundant field filling mode, providing validity and safety of a verification file, uploading the file for a qualified file, providing file information after the uploading success to a list, and enabling the uploaded file to have a topology structure image checking function, a topology remote starting function and an attack and defense role allocation page jumping function;
(2) A function of extracting file information in the database, the file information including information of nodes, such as node id, node name, portal information, etc., and equipment connection information;
(3) Constructing a tree structure json available at the front end, and constructing the tree structure json by utilizing node interaction information through a multi-tree depth traversal iteration method;
(4) Optimizing the function of a tree json data structure, and finding out the center node of F by using a method for finding the longest path by using a two-time multi-way tree;
(5) Generating a topology function, automatically generating a topology structure by utilizing a qune frame bubble layout mode after json data is transmitted to the front end, and changing an application legend according to json corresponding fields;
(6) And the topology interaction function is used for clicking to display node information, clicking to open the VNC interface, and flicking out a new webpage window with a proper size to monitor the desktop information of the host.
(7) And the topology remote starting function manages and tests the topology file through the remote connection with the SDN controller, and if the topology is normally started, the topology nodes are lightened, otherwise, the error reasons are displayed.
2. The construction process of the topology module is as follows:
firstly, uploading a topology file;
then, starting the corresponding topology through a starting file (json file) of the SDN network target range;
extracting topology file data, analyzing the topology file data, storing the topology file data into a database, and initially establishing a database required by topology;
and finally, automatically analyzing and generating a topological graph according to the uploaded file, displaying the topological graph at the front end, transferring the topological graph to a remote terminal, and carrying out VNC monitoring on each terminal through the topology.
And (3) constructing a remote monitoring module:
the remote monitoring module enters a remote desktop UI through node interaction, accesses a remote desktop service, and in the remote desktop, performs testing in a series of network shooting ranges and monitoring and control of drilling tasks, and achieves the functions of identity verification, database creation, viewing and the like according to different service testing scenes.
The remote monitoring module is respectively connected with the operating ends of the attack party, the defending party and the judge party, and is used for realizing that the three party can remotely control and monitor the host displayed in the platform system, and after the service scene topology is started, the judge party can allocate the operable host for the attack and defending party according to the requirements. The attack and defense parties can operate the response host according to the platform remote control module, and meanwhile, the referee can monitor the operations of the attack and defense parties by clicking the terminals in the topology.
In the method, a host computer of a remote monitoring module is connected with an operation end through a VNC (virtual network computer) so as to perform exercise under the condition that more hosts are operated by both attack and defense parties;
the remote monitoring module is in communication connection with the topology module, so that the function that a host of the remote monitoring module can automatically extract the topology script file is realized;
an application server of guacoamol and a VNC remote control tool are built in the remote monitoring module, and are used for providing a software and hardware environment for supporting the smooth operation of the whole platform; the method comprises the following steps: the allocation and deployment of the multi-VNC connection are completed through the guacoamol remote desktop service, so that the problem that an attack and defense person can operate a host computer variably is solved;
and completing the dispatching among the multiple VNCs through the guacd authority and role allocation, and completing the remote control and monitoring of the HTML5 without the dependence of the VNC program through a front-end VNC channel.
Remote monitoring and control functions are provided by a guacamole server. Split into two parts from the functional site:
on one hand, the platform performs image display on the adopted topology in the topology display module, and in the image, the host data can be transmitted to the guapamole server through double clicking on the nodes, so that the remote monitoring function is completed.
On the other hand, the remote monitoring module analyzes a host list (host_list) through the monitor and controller submodule, interactively edits the host attribution, transmits the attribution to adn_view (wherein adn_view is a function and is used for processing attribution data of the host) to perform information processing, completes authority allocation, utilizes the A & D submodule (namely, creates a remotely connected functional module through the authority list) to utilize the processed authority information, and completes remote monitoring and control functions through the guacoamol_server.
In one embodiment of the present application, the SDN network service node is a cloud virtual machine.
And a log module:
the log module adopts pycharm (profession) to remotely connect with a software operation server, and directly uses the ip and the network port of the host computer to complete the operation of each service;
the log module is connected with the remote monitoring module based on a guacam program, in the application, a server guacam-server provides a remote desktop service gateway for the whole program, network security policy attack and defense testers can use clients to connect the guacam-server to complete a remote control function, judge personnel can also use communication with the server guacam-server to complete the remote monitoring function, and the log module is connected with a control host through a VNC protocol.
The log sub-module receives data forwarded by the safety penetration test module (namely a Tian Rong communication network safety resource pool) through a 514 port, monitors and stores the data in a database in a classified mode, transmits the data into the platform through communication among redis processes, and transmits the data to the front end in real time through websocket.
The history log sub-module sends the data in the database to the front end at one time.
The front-end log functions include sequencing, starting and stopping, emptying, searching and alarming.
Therefore, the log signals sent by the Tianzhan network safety resource pool are received, analyzed and displayed in real time in the starting process of the target range. According to the use requirement of the shooting range, in the running process of the shooting range, the safety penetration test module (in one embodiment of the application, the safety penetration test module is a Tencer) detects the network communication condition and is displayed uniformly by the platform. The communication condition is remotely transmitted to the platform in the form of a log, the platform receives the log in real time and displays the received log through the front end, so that the aim of monitoring network flow information is fulfilled.
Display function of log module:
based on rsyslog management system log, log information in a secure resource pool of the heaven and earth communication equipment is obtained, wherein the log information comprises login records and operation records of users, the log is automatically analyzed, a newly added log can be displayed, and abnormal information possibly existing in the log can be filtered through keywords.
For the logs newly flowing into the database, monitoring and alarming are needed, suspected invasion is found mainly in a blacklist mode, and alarming is sent to referees or security operation and maintenance personnel.
For the history log, a weekly report mode can be selected, and a report program is written aiming at the login times, the password error transmission times, the authorization failure times and the like of the user.
For the Tianzheng security detection log and the Web application log, a filtering mechanism of short-term storage and real-time analysis is adopted, the original log is reserved for about 7 days, the log can be analyzed and filtered every five minutes, and the result of five-minute analysis and filtration can be reserved for a long time. A blacklist alarm mechanism is used in the analysis process, and an alarm is sent when the possibility of SQL injection of log information is found.
In the process of starting a shooting range, receiving a log signal sent by a Tianzhan network security resource pool, processing in real time, classifying and storing the log, analyzing and pushing the log, and sending a log alarm if necessary.
A specific application of the present application is shown in fig. 6 and 7.
First, topology module builds the show:
and running the main program to generate a front-end interactive interface.
Selecting json files to be uploaded;
submitting a json file, uploading the json file to the background, wherein the topological graph list displays the uploaded json file, and the content comprises: (1) file serial number, (2) json file name, (3) json file uploading time, (4) checking (automatically analyzing and generating a topological graph according to the uploaded json file after clicking and displaying the topological graph on a front page), (5) checking remote control operation, and (6) sending the json file to a remote terminal.
Clicking a view icon, extracting json file information by a system through reasonable data analysis, wherein the information mainly comprises information of nodes, such as node id, node name, network port information and the like, which are connected with equipment, and storing the information into a database; then realizing the tree json available at the front end, and constructing a tree structure json by utilizing the interaction information among nodes and through a multi-tree depth traversal iteration method; then optimizing a tree json data structure, and finding out a central node by using a method for finding the longest path by using a two-time multi-way tree; and finally, generating a topology function, automatically generating a topology structure by utilizing a qune frame bubble layout mode after json data is transmitted to the front end, and automatically establishing a topology graphic diagram according to application legends of json corresponding fields, wherein the diagram is shown in fig. 6.
Then, topology interactive presentation:
the user accomplishes the process of calling the remote supervision module through interaction with the nodes and is:
1) The click interaction is only for the host units on the topology. A user clicking the left button on the "host" icon on the topology map with a mouse may generate IP address information for the host. Such as: clicking on "host 1" creates an IP label "188.188.6.45/24" for host 1 on top of the host 1 icon, as shown in fig. 7, which is a schematic representation of the effect of clicking on the host, and the user views the host's information for selection control.
2) Double click interaction
The double-click interaction is also only for the host icon. The user uses the left button of the mouse to double click the 'host' icon, so that a remote control window is generated, and remote control operation on the target host can be realized.
(1) The method comprises the following steps Double-clicking the icon of the host 1 to realize remote control on the host 1 (the host 1 is a virtual machine carrying a windows10 system);
(2) the method comprises the following steps The host 1 and the host 2 are respectively double-clicked, and remote control on the host 1 and the host 2 is simultaneously realized (the host 1 is a virtual machine carrying a windows10 system, and the host 2 is a physical host carrying the windows10 system).
Finally, remote monitoring and control operation shows:
the remote monitoring module builds a Guacamole application server and a VNC remote control tool, and provides a software and hardware environment for supporting the whole platform to run smoothly. Clicking the "eye" icon under the view remote control, and entering the remote control interface.
Entering an attack and defense role in a remote control interface to select a login page;
(1) the method comprises the following steps Clicking the 'previous level' button will jump back to the previous user interface.
(2) The method comprises the following steps The selection displays a specific number of device information, and the selection number can be 10, 25, 50, 100.
(3) The method comprises the following steps The device information corresponding to the topological graph list can be displayed in the interface, and the information content comprises: hostname, IP, personnel selection (attacker, defender).
(4) The method comprises the following steps The user may click on the box to the left of "attacker" to select the device as "attacker" and click on the box to the left of "defender" to select the device as "defender". After the user distributes the attacker and defender, the user can click on the submit button to submit information. The "confirm" or "cancel" button may be clicked on the pop-up "confirm" window to make a choice as to whether to confirm submission of the selected setting information (where the attacker selected is host 1, host 2, host 3; defender is host 4, terminal 1, terminal 2).
(5) The method comprises the following steps After confirmation of submission, the monitor button can be clicked, the page can jump to the Guacamole remote control login interface, and the user can select to log in the judge, attacker and defender account numbers for operation control.
(6) The method comprises the following steps The login "reference: judge "account: for all attacker and defender devices, the referee can remotely monitor all devices here. (host 1, host 2, host 3, host 4, terminal 1, terminal 2) may be set with reference account.
(7) The method comprises the following steps Login "attacker: attacker "account: all aggressor devices (host 1, host 3) where an aggressor can remotely manipulate the aggressor devices. The setting of attcker accounts may also be performed.
(8) The method comprises the following steps Login "defender: defender "account: all defender devices (host 4, terminal 1, terminal 2) where the defenders can remotely operate the defender devices. A defender account setting may also be performed.
The foregoing description is only a few examples of the present application and is not intended to limit the present application in any way, and although the present application is disclosed in the preferred examples, it is not intended to limit the present application, and any person skilled in the art may make some changes or modifications to the disclosed technology without departing from the scope of the technical solution of the present application, and the technical solution is equivalent to the equivalent embodiments.

Claims (8)

  1. An SDN network attack and defense range platform system, wherein the platform system is based on an SDN network and adopts a django framework to complete a software B/S architecture, the platform system comprising:
    the topology module is used for respectively controlling the SDN network, the data input of the SDN network and the structure display of the SDN network, and the input and processing, the data processing and storage, the topology automatic drawing and the control of a target range of the file;
    the remote monitoring module is respectively connected with the operation terminal and a host computer participated in the attack and defense scene, combines the guacam assembly, controls the host computer participated in the attack and defense scene in a browser access mode through a remote control protocol, and is used for remote monitoring, data extraction and processing, host role allocation and remote control of attack and defense personnel of the attack and defense scene;
    the safety penetration test module is used for monitoring the safety of the transmission data;
    the log module is in communication connection with the safety penetration test module, and in the starting process of the shooting range, the flow feedback of the SDN network in communication is obtained through the logs sent by the safety penetration test module, so that basic flow logs are collected, the logs are classified and stored, meanwhile, the logs are analyzed and pushed, and received data are transmitted to the inside and the front end of the shooting range platform system in real time, so that the real-time display of the logs, the filtering and searching of the logs, the log alarming and the combined query of the historical logs are realized;
    the server is respectively in communication connection with the topology module, the log module, the safety penetration test module and the remote monitoring module, and adopts nginx and uwigi for proxy;
    the data storage and sharing among the topology module, the remote monitoring module and the log module are realized through MySQL;
    the topology module is configured to be provided with: uploading a topology file, storing topology file data, constructing a front-end tree structure json, optimizing tree structure json data, generating a topology function, and remotely starting the topology;
    the topology module adopts a mode of a layered architecture, so that the coupling between layers is reduced;
    the data communication mode and interface call among the layers of architecture are carried out in a unified mode, each layer of independent development is supported, code reuse is facilitated, and development speed is increased;
    the remote monitoring module is connected to a remote desktop UI through node interaction;
    the remote monitoring module completes the calling of the topology information through node interaction so as to realize the remote starting/stopping of the topology module on the actual SDN target range.
  2. 2. The SDN network attack and defense range platform system of claim 1, wherein the topology module performs real-time control on an SDN network by setting up an API at an SDN end through a flash;
    the topology module controls SDN network data input through a file transmission component;
    the topology module controls the SDN network structure presentation through optimizing the original data and automatically generating the structured image.
  3. 3. The SDN network attack and defense range platform system of claim 1, wherein the topology module includes a topolist_view module, a topo_view module and a sdn_api module;
    the topolist_view module comprises uploading, deleting and list displaying of original data;
    the topo_view module is mainly used for automatically displaying the original data in an imaging way, and the topo_view module is mainly used for automatically displaying the original data in an imaging way
    the topo_view module comprises an optimization of the original data and a method for automatically generating a structured image;
    the sdn_API module controls file transmission, instruction transmission and instruction verification of the SDN network by utilizing original data and control means, and comprises a platform sdn_API and a host sdn_API.
  4. 4. The SDN network attack and defense range platform system of claim 1, wherein;
    the topology module construction steps comprise:
    firstly, uploading a topology file;
    then, starting corresponding topology through a starting file of the SDN network target range;
    then, extracting topology file data, storing the topology file data into a database after analysis, and initially establishing a database required by topology;
    and finally, automatically analyzing and generating a topological graph displayed at the front end according to the uploaded topological file, transferring to a remote terminal, and carrying out VNC monitoring on each terminal through the topology.
  5. 5. The SDN network attack and defense range platform system of claim 1, wherein the remote monitoring module is configured to:
    realizing safe penetration test and drilling service, being capable of being remotely monitored and controlled by an operation terminal, and having the following functions
    And displaying the function and matching the data information of different service test scenes.
  6. 6. The SDN network attack and defense range platform system of claim 1, wherein the remote monitoring module is configured to perform a construction of a vulnerability library and a development of a basic functional module of a service security test scenario, and the remote monitoring module includes an application server and a VNC remote control tool for building a guaamaole.
  7. 7. The SDN network attack and defense range platform system of claim 1, wherein the logging module includes a logging sub-module and a history logging sub-module;
    the log submodule monitors, classifies and classifies the data forwarded by the communication module
    The log submodule transmits the received data to the inside of the platform and the front end in real time;
    and the history log submodule stores the data stored in the database by the log submodule and sends the data to the front end at one time.
  8. 8. The SDN network attack and defense range platform system of claim 7, wherein the transmission of data by the log submodule to the interior of the platform is implemented by communication between redis processes;
    the transmission of the front-end data by the log submodule is realized through websocket;
    the storage of the history log sub-module is realized through MySQL.
CN202311619252.8A 2023-11-30 2023-11-30 SDN network attack and defense target range platform system Active CN117319094B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311619252.8A CN117319094B (en) 2023-11-30 2023-11-30 SDN network attack and defense target range platform system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311619252.8A CN117319094B (en) 2023-11-30 2023-11-30 SDN network attack and defense target range platform system

Publications (2)

Publication Number Publication Date
CN117319094A CN117319094A (en) 2023-12-29
CN117319094B true CN117319094B (en) 2024-03-15

Family

ID=89285244

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311619252.8A Active CN117319094B (en) 2023-11-30 2023-11-30 SDN network attack and defense target range platform system

Country Status (1)

Country Link
CN (1) CN117319094B (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105024990A (en) * 2015-03-30 2015-11-04 清华大学 Deployment method and device for network security attack and defense exercise environment
CN110166285A (en) * 2019-04-28 2019-08-23 北京航空航天大学 A kind of network security experiment porch building method based on Docker
CN111464567A (en) * 2020-06-16 2020-07-28 鹏城实验室 Configuration method and device of attack and defense shooting range system and storage medium
CN111526061A (en) * 2020-07-06 2020-08-11 南京赛宁信息技术有限公司 Monitoring flow scheduling system and method for network target range actual combat drilling scene
CN111711557A (en) * 2020-08-18 2020-09-25 北京赛宁网安科技有限公司 Remote access system and method for network target range users
CN112448857A (en) * 2021-02-01 2021-03-05 博智安全科技股份有限公司 Construction method, device and equipment of target range and storage medium
CN117134928A (en) * 2022-05-20 2023-11-28 中车株洲电力机车研究所有限公司 Attack and defense shooting range system for train network control system and implementation method thereof

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11063815B2 (en) * 2017-12-15 2021-07-13 International Business Machines Corporation Building and fixing a dynamic application topology in a cloud based environment leveraging log file data

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105024990A (en) * 2015-03-30 2015-11-04 清华大学 Deployment method and device for network security attack and defense exercise environment
CN110166285A (en) * 2019-04-28 2019-08-23 北京航空航天大学 A kind of network security experiment porch building method based on Docker
CN111464567A (en) * 2020-06-16 2020-07-28 鹏城实验室 Configuration method and device of attack and defense shooting range system and storage medium
CN111526061A (en) * 2020-07-06 2020-08-11 南京赛宁信息技术有限公司 Monitoring flow scheduling system and method for network target range actual combat drilling scene
CN111711557A (en) * 2020-08-18 2020-09-25 北京赛宁网安科技有限公司 Remote access system and method for network target range users
CN112448857A (en) * 2021-02-01 2021-03-05 博智安全科技股份有限公司 Construction method, device and equipment of target range and storage medium
CN117134928A (en) * 2022-05-20 2023-11-28 中车株洲电力机车研究所有限公司 Attack and defense shooting range system for train network control system and implementation method thereof

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
信息安全攻防平台在电信运营商中的建设研究;刘伟;徐雷;李大辉;陶冶;郝志宇;;信息通信技术(第06期);全文 *
网络空间安全实训平台的设计与实现;宣乐飞;;科技视界(第08期);全文 *
网络空间靶场技术研究;方滨兴;贾焰;李爱平;张伟哲;;信息安全学报(第03期);全文 *

Also Published As

Publication number Publication date
CN117319094A (en) 2023-12-29

Similar Documents

Publication Publication Date Title
CN113067728B (en) Network security attack and defense test platform
CN112153010B (en) Network security shooting range system and operation method thereof
US10083624B2 (en) Real-time monitoring of network-based training exercises
US10803766B1 (en) Modular training of network-based training exercises
CN106022007B (en) The cloud platform system and method learning big data and calculating is organized towards biology
CN111327463A (en) Industrial Internet safety practical training platform based on virtualization
CN111555913A (en) Simulation method, system, electronic device and storage medium for simulating real network environment based on virtualization
CN103259681A (en) Method for automatic routing inspection of communication network host
CN102790706A (en) Safety analyzing method and device of mass events
CN110943969A (en) Network attack scene reproduction method, system, equipment and storage medium
CN106569054A (en) Multi-satellite asynchronous intelligent test system
CN113037545A (en) Network simulation method, device, equipment and storage medium
CN112994958A (en) Network management system, method and device and electronic equipment
Ashtiani et al. A distributed simulation framework for modeling cyber attacks and the evaluation of security measures
CN117319094B (en) SDN network attack and defense target range platform system
CN113496638B (en) Network security training system and method
CN114338172A (en) Mobile network target range system and network flow attack simulation method
CN114465741A (en) Anomaly detection method and device, computer equipment and storage medium
CN110928526B (en) Processing device for Internet of things
KR102169980B1 (en) Method for disaster situation propagation and system thereof
KR102579705B1 (en) Apparatus for Visualizing Security Topology of Cloud and Integrated System for Managing Operation and Security of Cloud Workload Using the Same
CN102546300B (en) Test system and operating region equipment
CN112367296B (en) Service control method and device
CN103457771A (en) Method and device for HA virtual machine cluster management
CN107766227A (en) A kind of method and apparatus for remote testing

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant