CN117596087A - Service simulation method, device, computer equipment and storage medium - Google Patents
Service simulation method, device, computer equipment and storage medium Download PDFInfo
- Publication number
- CN117596087A CN117596087A CN202410081399.4A CN202410081399A CN117596087A CN 117596087 A CN117596087 A CN 117596087A CN 202410081399 A CN202410081399 A CN 202410081399A CN 117596087 A CN117596087 A CN 117596087A
- Authority
- CN
- China
- Prior art keywords
- service
- target
- target service
- model
- processing information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 61
- 238000004088 simulation Methods 0.000 title claims abstract description 48
- 238000012545 processing Methods 0.000 claims abstract description 64
- 238000012549 training Methods 0.000 claims abstract description 56
- 238000011156 evaluation Methods 0.000 claims abstract description 52
- 238000012360 testing method Methods 0.000 claims abstract description 29
- 230000006399 behavior Effects 0.000 claims abstract description 27
- 235000012907 honey Nutrition 0.000 claims abstract description 23
- 238000007781 pre-processing Methods 0.000 claims abstract description 15
- 230000015654 memory Effects 0.000 claims description 21
- 238000012544 monitoring process Methods 0.000 claims description 10
- 238000004590 computer program Methods 0.000 claims description 9
- 238000005516 engineering process Methods 0.000 claims description 9
- 230000004044 response Effects 0.000 claims description 9
- 238000003058 natural language processing Methods 0.000 claims description 8
- 230000009545 invasion Effects 0.000 claims description 7
- 238000013473 artificial intelligence Methods 0.000 claims description 3
- 230000010365 information processing Effects 0.000 abstract description 2
- 238000004891 communication Methods 0.000 description 2
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000001360 synchronised effect Effects 0.000 description 2
- 238000013528 artificial neural network Methods 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 230000008450 motivation Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000005457 optimization Methods 0.000 description 1
- 230000000306 recurrent effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1491—Countermeasures against malicious traffic using deception as countermeasure, e.g. honeypots, honeynets, decoys or entrapment
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/04—Architecture, e.g. interconnection topology
- G06N3/044—Recurrent networks, e.g. Hopfield networks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/08—Learning methods
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Computing Systems (AREA)
- General Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Biophysics (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Life Sciences & Earth Sciences (AREA)
- Artificial Intelligence (AREA)
- Biomedical Technology (AREA)
- Signal Processing (AREA)
- Computational Linguistics (AREA)
- Data Mining & Analysis (AREA)
- Evolutionary Computation (AREA)
- General Health & Medical Sciences (AREA)
- Molecular Biology (AREA)
- Mathematical Physics (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a service simulation method, a device, computer equipment and a storage medium, which relate to the technical field of information processing and comprise the following steps: acquiring processing information of a target server corresponding to a target service to be simulated; preprocessing the processing information and dividing the processing information to obtain a training sample and a test sample; training the pre-constructed artificial intelligent model by adopting a training sample to generate an initial service model corresponding to the target service; evaluating the initial service model by adopting a test sample, acquiring an evaluation result, and generating a target service model corresponding to the target service when the evaluation result is detected to meet a preset condition; and simulating the honey pot service serving as the target service by using the target service model, and deploying the honey pot service on a target server. The method can realize honeypot service which takes the target service model as the target service, and is deployed on the target server, so that analysis and processing of network malicious behaviors through the honeypot service can be realized.
Description
Technical Field
The present invention relates to the field of information processing technologies, and in particular, to a service simulation method, a service simulation device, a computer device, and a non-volatile computer readable storage medium.
Background
Network malicious behavior refers to the behavior that hardware, software and data in the system of the network system are destroyed, changed and revealed by attack of malicious codes, so that the network system cannot continuously, reliably and normally run, and network service is interrupted. At present, with the popularization of informatization, the new application of the network is greatly appeared, and the behavior of the network malicious code is also endless, and the most popular network malicious behavior at present is web page Trojan horse hanging, account number stealing, port scanning, vulnerability scanning, ARP (Address ResolutionProtocol ) spoofing, IP (Internet Protocol, internet protocol) hijacking, DDOS (Distributed Denial of Service ) attack, overflow attack, trojan horse attack and the like. However, in the prior art, a service simulation method, a device, a computer device and a non-volatile computer readable storage medium have not been disclosed yet, and a honeypot service using a target service model as a target service can be realized and deployed on a target server, so as to realize analysis and processing of network malicious behaviors through the honeypot service.
Accordingly, there is a need for improvement and development in the art.
Disclosure of Invention
In view of the foregoing deficiencies of the prior art, it is an object of the present invention to provide a service simulation method, apparatus, computer device and non-volatile computer readable storage medium, for implementing a honeypot service that simulates a target service model as a target service, and for deploying the honeypot service on a target server, so as to implement analysis and processing of network malicious behavior by the honeypot service.
In order to achieve the above purpose, the invention adopts the following technical scheme:
a service simulation method, comprising:
acquiring processing information of a target server corresponding to a target service to be simulated;
preprocessing the processing information, and dividing the processing information to obtain a training sample and a test sample;
training the pre-constructed artificial intelligent model by adopting the training sample to generate an initial service model corresponding to the target service;
evaluating the initial service model by adopting the test sample book, acquiring an evaluation result, and generating a target service model corresponding to the target service when the evaluation result is detected to meet a preset condition;
and simulating the target service model to serve as the honeypot service of the target service, and deploying the honeypot service on the target server.
In a further technical solution, the service simulation method, wherein the obtaining the processing information of the target server corresponding to the target service to be simulated includes:
installing a monitoring service on a target service to be simulated, and collecting processing information of a corresponding target server of the target service through the monitoring service;
wherein the processing information includes a command executed by the target server and a corresponding response.
In a further technical scheme, the service simulation method, wherein the preprocessing the processing information and dividing the processing information to obtain training samples and test samples, includes:
preprocessing the processing information, and taking each command and corresponding response executed by the target server as a data sample to generate sample data corresponding to the processing information;
and dividing the sample data according to a preset proportion to obtain a training sample and a test sample.
In a further technical solution, in the service simulation method, the training the pre-constructed artificial intelligence model by using the training sample to generate an initial service model corresponding to the target service includes:
pre-constructing to obtain a natural language processing model;
and training the natural language processing model by adopting the training sample to generate an initial service model corresponding to the target service.
In a further technical solution, in the service simulation method, the evaluating the initial service model by using the test sample, obtaining an evaluation result, and when detecting that the evaluation result meets a preset condition, generating a target service model corresponding to the target service includes:
evaluating the initial service model by adopting the sample to be tested to obtain an evaluation result of the initial service model;
acquiring the evaluation result and detecting whether the evaluation result meets a preset condition;
when the evaluation result is detected to meet the preset condition, generating a target service model corresponding to the target service;
and when the evaluation result is detected to not meet the preset condition, retraining the initial service model according to the training sample again until the evaluation result is detected to meet the preset condition, and generating a target service model corresponding to the target service.
In a further technical solution, the service simulation method, wherein the simulating the target service model as the honeypot service of the target service and disposing the honeypot service on the target server includes:
simulating the target service model as a honeypot service of the target service based on a honeypot technology;
deploying the honeypot service on the target server;
and carrying out honeypot processing on the invasion behaviors of the attacker through the honeypot service.
In a further technical solution, the service simulation method, wherein the performing, by the honeypot service, honeypot processing on intrusion behavior of an attacker includes:
trapping the invasion behavior of an attacker through the honey pot service;
acquiring attack information corresponding to the intrusion behavior acquired by the honey pot service;
tracing the source of the attacker to obtain evidence based on the attack information;
and acquiring a tracing evidence obtaining result and countering the attacker.
A service simulation apparatus, comprising:
the acquisition module is used for acquiring the processing information of the corresponding target server of the target service to be simulated;
the dividing module is used for preprocessing the processing information and dividing the processing information to obtain a training sample and a test sample;
the training module is used for training the pre-constructed artificial intelligent model by adopting the training sample so as to generate an initial service model corresponding to the target service;
the evaluation module is used for evaluating the initial service model by adopting the test sample, acquiring an evaluation result, and generating a target service model corresponding to the target service when the evaluation result is detected to meet a preset condition;
and the simulation module is used for simulating the target service model to serve as the honey pot service of the target service and deploying the honey pot service on the target server.
A computer device, wherein the computer device comprises at least one processor; the method comprises the steps of,
a memory communicatively coupled to the at least one processor; wherein,
the memory has stored thereon a computer program executable by the at least one processor, which when executed by the at least one processor, implements a service simulation method as described in any of the above.
A non-transitory computer readable storage medium storing a computer program which, when executed by at least one processor, implements a service simulation method as claimed in any one of the preceding claims.
In contrast to the prior art, the present invention provides a service simulation method, apparatus, computer device, and non-volatile computer readable storage medium, wherein the method comprises: acquiring processing information of a target server corresponding to a target service to be simulated; preprocessing the processing information, and dividing the processing information to obtain a training sample and a test sample; training the pre-constructed artificial intelligent model by adopting the training sample to generate an initial service model corresponding to the target service; evaluating the initial service model by adopting the test sample book, acquiring an evaluation result, and generating a target service model corresponding to the target service when the evaluation result is detected to meet a preset condition; and simulating the target service model to serve as the honeypot service of the target service, and deploying the honeypot service on the target server. Thus, the method can realize the honey pot service which takes the target service model as the target service, and the honey pot service is deployed on the target server, so that the analysis and the processing of the network malicious behaviors through the honey pot service can be realized.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments described in the present invention, and other drawings may be obtained according to the drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic flow chart of a service simulation method according to an embodiment of the present invention.
Fig. 2 is a schematic functional block diagram of a service simulation device according to an embodiment of the present invention.
Fig. 3 is a schematic hardware structure of a computer device according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and effects of the present invention clearer and more specific, the present invention will be described in further detail below with reference to the accompanying drawings and examples. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
In the description of the present invention, the terms "comprising," "including," "having," "containing," and the like are open-ended terms, meaning including, but not limited to. Reference to the terms "one embodiment," "a particular embodiment," "some embodiments," "for example," etc., means that a particular feature, structure, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the present application. In this specification, schematic representations of the above terms do not necessarily refer to the same embodiments or examples. Furthermore, the particular features, structures, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. The sequence of steps involved in the embodiments is used to schematically illustrate the practice of the present application, and is not limited thereto and may be appropriately adjusted as desired.
Various non-limiting embodiments of the present invention are described in detail below with reference to the attached drawing figures.
Referring to fig. 1, an embodiment of the present invention provides a service simulation method, where the method includes the steps of:
s100, acquiring processing information of a target server corresponding to a target service to be simulated;
s200, preprocessing the processing information, and dividing the processing information to obtain a training sample and a test sample;
s300, training a pre-constructed artificial intelligent model by adopting the training sample to generate an initial service model corresponding to the target service;
s400, evaluating the initial service model by adopting the test sample, acquiring an evaluation result, and generating a target service model corresponding to the target service when the evaluation result is detected to meet a preset condition;
s500, simulating the target service model to serve as the honey service of the target service, and disposing the honey service on the target server.
Further, in the service simulation method, the step S100 of obtaining processing information of a target server corresponding to a target service to be simulated includes:
installing a monitoring service on a target service to be simulated, and collecting processing information of a corresponding target server of the target service through the monitoring service;
wherein the processing information includes a command executed by the target server and a corresponding response.
In the embodiment, a monitoring service is installed on a target service (such as ssh service) to be simulated, and then processing information of a target server corresponding to the target service is collected through the monitoring service; wherein the processing information includes a command executed by the target server and a corresponding response.
Further, in the service simulation method, the step S200 of preprocessing the processing information and dividing the processing information into a training sample and a test sample includes:
preprocessing the processing information, and taking each command and corresponding response executed by the target server as a data sample to generate sample data corresponding to the processing information;
and dividing the sample data according to a preset proportion to obtain a training sample and a test sample.
In this embodiment, the processing information is preprocessed, that is, each command and corresponding response executed by the target server are used as a data sample, each command and corresponding response are respectively converted into machine-readable vector representations, and the machine-readable vector representations are paired to form an input-output pair, so as to generate sample data corresponding to the processing information; and then dividing the sample data according to a preset proportion to obtain a training sample and a test sample.
Further, in the service simulation method, the step S300 of training the pre-constructed artificial intelligent model by using the training sample to generate an initial service model corresponding to the target service includes:
pre-constructing to obtain a natural language processing model;
and training the natural language processing model by adopting the training sample to generate an initial service model corresponding to the target service.
In the embodiment, a natural language processing model, such as a Recurrent Neural Network (RNN) or a sequence-to-sequence (Seq 2 Seq) model, is built in advance; and then training the natural language processing model by adopting the training sample so as to generate an initial service model corresponding to the target service.
Further, in the service simulation method, the step S400 of evaluating the initial service model by using the test sample, obtaining an evaluation result, and when detecting that the evaluation result meets a preset condition, generating a target service model corresponding to the target service includes:
evaluating the initial service model by adopting the sample to be tested to obtain an evaluation result of the initial service model;
acquiring the evaluation result and detecting whether the evaluation result meets a preset condition;
when the evaluation result is detected to meet the preset condition, generating a target service model corresponding to the target service;
and when the evaluation result is detected to not meet the preset condition, retraining the initial service model according to the training sample again until the evaluation result is detected to meet the preset condition, and generating a target service model corresponding to the target service.
In a specific implementation, in this embodiment, the test sample is used to evaluate the initial service model, that is, some evaluation indexes are used to measure the performance, such as accuracy, recall, etc., of the initial service model, so as to obtain an evaluation result of the initial service model; then, acquiring the evaluation result, and detecting whether the evaluation result meets a preset condition; wherein,
when the evaluation result is detected to meet the preset condition, generating a target service model corresponding to the target service;
when the evaluation result is detected to not meet the preset condition, retraining the initial service model according to the training sample again until the evaluation result is detected to meet the preset condition, and generating a target service model corresponding to the target service;
in this embodiment, new sample data is also collected periodically and incremental training is performed on the target service model to adapt to changes in an actual scene, so that continuous learning optimization is performed on model data of the target service model, and iterative upgrading of the target service model is realized.
Further, in the service simulation method, the step S500 of simulating the target service model to be a honeypot service of the target service and deploying the honeypot service on the target server includes:
simulating the target service model as a honeypot service of the target service based on a honeypot technology;
deploying the honeypot service on the target server;
and carrying out honeypot processing on the invasion behaviors of the attacker through the honeypot service.
Further, the service simulation method, wherein the performing the honeypot processing on the intrusion behavior of the attacker through the honeypot service includes:
trapping the invasion behavior of an attacker through the honey pot service;
acquiring attack information corresponding to the intrusion behavior acquired by the honey pot service;
tracing the source of the attacker to obtain evidence based on the attack information;
and acquiring a tracing evidence obtaining result and countering the attacker.
In a specific implementation, in this embodiment, after a target service model corresponding to the target service is generated by training, then, based on a honeypot technology, the target service model is simulated to be a honeypot service of the target service, the honeypot service is deployed on the target server, and a monitoring port can be configured, so as to create a virtual ssh account to simulate a real ssh service; the honeypot technology is essentially a technology for cheating an attacker, and by arranging a host, network service or information serving as a bait, the attacker is induced to attack the honeypot technology, so that the attack behavior can be captured and analyzed, tools and methods used by the attacker are known, attack intention and motivation are presumed, the defender can clearly know security threats faced by the attacker, and the security protection capability of an actual system is enhanced through technology and management means;
the intrusion behavior of the attacker is then honeyed through the honeypot service, i.e.,
trapping the invasion behavior of the attacker through the honey pot service, such as setting through a firewall, and opening the monitoring ports to an external network so that the attacker can access the virtual services;
acquiring attack information corresponding to the intrusion behavior acquired by the honeypot service, for example, configuring a honeypot log service so that the honeypot log service can monitor all accesses and interactions to a virtual account and record the behavior and data of an attacker;
tracing the source of the attacker to obtain evidence, such as analyzing recorded attacker behaviors and data, and acquiring information about the attacker, such as attack techniques, IP addresses and the like, based on the attack information;
and acquiring a tracing evidence obtaining result, and countering the attacker, wherein countermeasures can be taken for the attacker according to the needs, such as preventing IP addresses or modifying honeypot configuration.
As can be seen from the above method embodiments, the service simulation method provided by the present invention includes: acquiring processing information of a target server corresponding to a target service to be simulated; preprocessing the processing information, and dividing the processing information to obtain a training sample and a test sample; training the pre-constructed artificial intelligent model by adopting the training sample to generate an initial service model corresponding to the target service; evaluating the initial service model by adopting the test sample book, acquiring an evaluation result, and generating a target service model corresponding to the target service when the evaluation result is detected to meet a preset condition; and simulating the target service model to serve as the honeypot service of the target service, and deploying the honeypot service on the target server. Thus, the method can realize the honey pot service which takes the target service model as the target service, and the honey pot service is deployed on the target server, so that the analysis and the processing of the network malicious behaviors through the honey pot service can be realized.
It should be understood that while the present application provides method operational steps as described in the examples or flowcharts, more or less operational steps may be included based on conventional or non-inventive labor, and are not necessarily sequentially performed in the order of the examples or flowcharts. The order of steps set forth in the embodiments or flowcharts is merely one manner of performing the steps in a plurality of sequences and is not intended to represent a unique sequence of steps. It should be noted that, there is not necessarily a certain sequence between the steps, and those skilled in the art will understand that, in different embodiments, the steps may be performed in different orders, that is, may be performed in parallel, may be performed interchangeably, or the like. Moreover, at least some of the steps in an embodiment or a flowchart may include a plurality of sub-steps or phases that are not necessarily performed at the same time, but may be performed at different times, nor does the order in which the sub-steps or phases are performed necessarily occur in sequence, but may be performed alternately, or synchronously with at least a portion of the sub-steps or phases of other steps or other steps.
Based on the foregoing embodiments, referring to fig. 2, another embodiment of the present invention further provides a service simulation apparatus, where the apparatus includes:
an obtaining module 11, configured to obtain processing information of a target server corresponding to a target service to be simulated;
the dividing module 12 is used for preprocessing the processing information and dividing the processing information into a training sample and a test sample;
the training module 13 is configured to train the artificial intelligence model built in advance by using the training sample, so as to generate an initial service model corresponding to the target service;
the evaluation module 14 is configured to evaluate the initial service model by using the test sample, obtain an evaluation result, and generate a target service model corresponding to the target service when the evaluation result is detected to meet a preset condition;
and the simulation module 15 is used for simulating the target service model into the honey service serving as the target service and deploying the honey service on the target server.
The specific implementation manner is the method embodiment described above, and will not be described herein.
Based on the above embodiments, referring to fig. 3, another embodiment of the present invention further provides a computer device, where the computer device 10 includes:
the memory 120 and the one or more processors 110 are illustrated in fig. 3 by way of example as one processor 110, and the processor 110 and the memory 120 may be coupled via a communication bus or otherwise, illustrated in fig. 3 by way of example as a communication bus.
The processor 110 is used to implement various control logic of the computer device 10, which may be a general purpose processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA), a single-chip microcomputer, ARM (Acorn RISC Machine) or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or any combination of these components. Also, the processor 110 may be any conventional processor, microprocessor, or state machine. The processor 110 may also be implemented as a combination of computing devices, e.g., a combination of a DSP and a microprocessor, a plurality of microprocessors, one or more microprocessors in conjunction with a DSP core, or any other such configuration.
The memory 120 is used as a non-volatile computer readable storage medium for storing a non-volatile software program, a non-volatile computer executable program, and a module, such as a computer program corresponding to the service simulation method in the embodiment of the present invention. The processor 110 executes various functional applications of the computer device 10 and data processing, i.e., implements the service simulation method in the above-described method embodiments, by running non-volatile software programs, instructions, and units stored in the memory 120.
The memory 120 may include a storage program area that may store an operating device, an application program required for at least one function, and a storage data area; the storage data area may store data created from the use of the computer device 10, etc. In addition, memory 120 may include high-speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid-state storage device. In some embodiments, memory 120 may optionally include memory located remotely from processor 110, which may be connected to computer device 10 via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
One or more units are stored in memory 120 that, when executed by one or more processors 110, may implement the service simulation method in any of the method embodiments described above, e.g., may implement method steps S100 through S500 in fig. 1 described above.
It will be appreciated by those skilled in the art that the hardware architecture shown in fig. 3 is merely a schematic illustration of a portion of the architecture associated with the present inventive arrangements and is not limiting as to the computer device to which the present inventive arrangements are applicable, and that a particular computer device may include more components than those shown, or may combine some components, or have a different arrangement of components.
Based on the above embodiments, the present invention further provides a non-volatile computer readable storage medium, wherein the non-volatile computer readable storage medium stores a computer program, which when executed by at least one processor, can implement a service simulation method as in any of the above method embodiments, for example, can implement the method steps S100 to S500 in fig. 1 described above.
By way of example, nonvolatile storage media can include Read Only Memory (ROM), programmable ROM (PROM), electrically Programmable ROM (EPROM), electrically erasable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM), which acts as external cache memory. By way of illustration and not limitation, RAM may be available in many forms such as Synchronous RAM (SRAM), dynamic RAM, (DRAM), synchronous DRAM (SDRAM), double data rate SDRAM (DDR SDRAM), enhanced SDRAM (ESDRAM), synch Link DRAM (SLDRAM), and Direct Rambus RAM (DRRAM). The disclosed memory components or memories of the operating environments described herein are intended to comprise one or more of these and/or any other suitable types of memory.
Another embodiment of the present invention also provides a computer program product comprising a computer program stored on a non-transitory computer readable storage medium, the computer program comprising program instructions which, when executed by a processor, enable a service simulation method as in any one of the method embodiments described above, for example enable the method steps S100 to S500 in fig. 1 described above.
The embodiments described above are merely illustrative, wherein elements illustrated as separate elements may or may not be physically separate, and elements shown as elements may or may not be physical elements, may be located in one place, or may be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
From the above description of embodiments, it will be apparent to those skilled in the art that the embodiments may be implemented by means of software plus a general purpose hardware platform, or may be implemented by hardware. Based on such understanding, the foregoing technical solution may be embodied essentially or in a part contributing to the related art in the form of a software product, which may exist in a computer-readable storage medium such as ROM/RAM, a magnetic disk, an optical disk, etc., including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method of the respective embodiments or some parts of the embodiments.
Conditional language such as "capable," "possible," or "may," among others, is generally intended to convey that a particular embodiment can include (but other embodiments do not include) particular features, elements, and/or operations unless specifically stated otherwise or otherwise understood within the context of as used. Thus, such conditional language is also generally intended to imply that features, elements and/or operations are in any way required for one or more embodiments or that one or more embodiments must include logic for deciding, with or without input or prompting, whether these features, elements and/or operations are included or are to be performed in any particular embodiment.
What has been described herein, in the specification and drawings, includes examples that can provide a service simulation method, apparatus, computer device, and non-volatile computer-readable storage medium. It is, of course, not possible to describe every conceivable combination of components and/or methodologies for purposes of describing the various features of the present disclosure, but it may be appreciated that many further combinations and permutations of the disclosed features are possible. It is therefore evident that various modifications may be made thereto without departing from the scope or spirit of the disclosure, but all such modifications are intended to be within the scope of the appended claims. Further, or in the alternative, other embodiments of the disclosure may be apparent from consideration of the specification and drawings, and practice of the disclosure as presented herein. It is intended that the examples set forth in this specification and figures be considered illustrative in all respects as illustrative and not limiting. Although specific terms are employed herein, they are used in a generic and descriptive sense only and not for purposes of limitation.
Claims (10)
1. A service simulation method, comprising:
acquiring processing information of a target server corresponding to a target service to be simulated;
preprocessing the processing information, and dividing the processing information to obtain a training sample and a test sample;
training the pre-constructed artificial intelligent model by adopting the training sample to generate an initial service model corresponding to the target service;
evaluating the initial service model by adopting the test sample book, acquiring an evaluation result, and generating a target service model corresponding to the target service when the evaluation result is detected to meet a preset condition;
and simulating the target service model to serve as the honeypot service of the target service, and deploying the honeypot service on the target server.
2. The service simulation method according to claim 1, wherein the obtaining the processing information of the corresponding target server of the target service to be simulated includes:
installing a monitoring service on a target service to be simulated, and collecting processing information of a corresponding target server of the target service through the monitoring service;
wherein the processing information includes a command executed by the target server and a corresponding response.
3. The service simulation method according to claim 2, wherein the preprocessing the processing information and dividing the processing information into training samples and test samples comprises:
preprocessing the processing information, and taking each command and corresponding response executed by the target server as a data sample to generate sample data corresponding to the processing information;
and dividing the sample data according to a preset proportion to obtain a training sample and a test sample.
4. The service simulation method according to claim 3, wherein training the pre-constructed artificial intelligence model using the training samples to generate an initial service model corresponding to the target service comprises:
pre-constructing to obtain a natural language processing model;
and training the natural language processing model by adopting the training sample to generate an initial service model corresponding to the target service.
5. The service simulation method according to claim 4, wherein the evaluating the initial service model using the test specimen to obtain an evaluation result, and when detecting that the evaluation result satisfies a preset condition, generating a target service model corresponding to the target service includes:
evaluating the initial service model by adopting the sample to be tested to obtain an evaluation result of the initial service model;
acquiring the evaluation result and detecting whether the evaluation result meets a preset condition;
when the evaluation result is detected to meet the preset condition, generating a target service model corresponding to the target service;
and when the evaluation result is detected to not meet the preset condition, retraining the initial service model according to the training sample again until the evaluation result is detected to meet the preset condition, and generating a target service model corresponding to the target service.
6. The service simulation method according to claim 5, wherein the simulating the target service model as the honeypot service of the target service and deploying on the target server includes:
simulating the target service model as a honeypot service of the target service based on a honeypot technology;
deploying the honeypot service on the target server;
and carrying out honeypot processing on the invasion behaviors of the attacker through the honeypot service.
7. The service simulation method according to claim 6, wherein the honeypot processing of the intrusion behavior of the attacker by the honeypot service includes:
trapping the invasion behavior of an attacker through the honey pot service;
acquiring attack information corresponding to the intrusion behavior acquired by the honey pot service;
tracing the source of the attacker to obtain evidence based on the attack information;
and acquiring a tracing evidence obtaining result and countering the attacker.
8. A service simulation apparatus, comprising:
the acquisition module is used for acquiring the processing information of the corresponding target server of the target service to be simulated;
the dividing module is used for preprocessing the processing information and dividing the processing information to obtain a training sample and a test sample;
the training module is used for training the pre-constructed artificial intelligent model by adopting the training sample so as to generate an initial service model corresponding to the target service;
the evaluation module is used for evaluating the initial service model by adopting the test sample, acquiring an evaluation result, and generating a target service model corresponding to the target service when the evaluation result is detected to meet a preset condition;
and the simulation module is used for simulating the target service model to serve as the honey pot service of the target service and deploying the honey pot service on the target server.
9. A computer device, the computer device comprising at least one processor; the method comprises the steps of,
a memory communicatively coupled to the at least one processor; wherein,
the memory has stored thereon a computer program executable by the at least one processor, which, when executed by the at least one processor, implements the service simulation method according to any of claims 1-7.
10. A non-transitory computer readable storage medium storing a computer program which, when executed by at least one processor, implements the service simulation method of any of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410081399.4A CN117596087A (en) | 2024-01-19 | 2024-01-19 | Service simulation method, device, computer equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410081399.4A CN117596087A (en) | 2024-01-19 | 2024-01-19 | Service simulation method, device, computer equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117596087A true CN117596087A (en) | 2024-02-23 |
Family
ID=89922417
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202410081399.4A Pending CN117596087A (en) | 2024-01-19 | 2024-01-19 | Service simulation method, device, computer equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117596087A (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111368291A (en) * | 2020-02-28 | 2020-07-03 | 山东爱城市网信息技术有限公司 | Method and system for realizing honeypot-like defense |
| CN111565199A (en) * | 2020-07-14 | 2020-08-21 | 腾讯科技(深圳)有限公司 | Network attack information processing method and device, electronic equipment and storage medium |
| US20210042210A1 (en) * | 2019-08-06 | 2021-02-11 | Paypal, Inc. | System and Method Implementing a Mock Server |
| US20210157712A1 (en) * | 2019-11-21 | 2021-05-27 | Mastercard International Incorporated | Generating a virtualized stub service using deep learning for testing a software module |
| US20220198337A1 (en) * | 2020-12-23 | 2022-06-23 | Rakuten Group, Inc. | Information processing system, information processing method and information processing device |
| CN114928484A (en) * | 2022-05-16 | 2022-08-19 | 上海斗象信息科技有限公司 | Honeypot generation method and device, electronic equipment and storage medium |
-
2024
- 2024-01-19 CN CN202410081399.4A patent/CN117596087A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20210042210A1 (en) * | 2019-08-06 | 2021-02-11 | Paypal, Inc. | System and Method Implementing a Mock Server |
| US20210157712A1 (en) * | 2019-11-21 | 2021-05-27 | Mastercard International Incorporated | Generating a virtualized stub service using deep learning for testing a software module |
| CN111368291A (en) * | 2020-02-28 | 2020-07-03 | 山东爱城市网信息技术有限公司 | Method and system for realizing honeypot-like defense |
| CN111565199A (en) * | 2020-07-14 | 2020-08-21 | 腾讯科技(深圳)有限公司 | Network attack information processing method and device, electronic equipment and storage medium |
| US20220198337A1 (en) * | 2020-12-23 | 2022-06-23 | Rakuten Group, Inc. | Information processing system, information processing method and information processing device |
| CN114928484A (en) * | 2022-05-16 | 2022-08-19 | 上海斗象信息科技有限公司 | Honeypot generation method and device, electronic equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11451577B2 (en) | System and method for improving training program efficiency | |
| ES2761603T3 (en) | Procedure and computer system to determine a threat score | |
| CN107483458A (en) | The recognition methods of network attack and device, computer-readable recording medium | |
| CN107070929A (en) | A kind of industry control network honey pot system | |
| CN109194684B (en) | Method and device for simulating denial of service attack and computing equipment | |
| CN110336811A (en) | A kind of Cyberthreat analysis method, device and electronic equipment based on honey pot system | |
| CN103595732B (en) | A kind of method and device of network attack evidence obtaining | |
| CN101820419A (en) | Method for automatically positioning webpage Trojan mount point in Trojan linked webpage | |
| CN113949520B (en) | Method, apparatus, computer device and readable storage medium for fraud trapping | |
| CN110912874B (en) | Method and system for effectively identifying machine access behaviors | |
| US20230185902A1 (en) | Undetectable sandbox for malware | |
| CN112152962A (en) | Threat detection method and system | |
| US10367832B2 (en) | Reactive virtual security appliances | |
| Abe et al. | Developing deception network system with traceback honeypot in ICS network | |
| Karthikeyan et al. | Honeypots for network security | |
| CN114944939B (en) | Network attack situation prediction model construction method, device, equipment and storage medium | |
| CN115134166A (en) | Attack tracing method based on honey holes | |
| CN114531258B (en) | Network attack behavior processing method and device, storage medium and electronic equipment | |
| CN114363053A (en) | Attack identification method and device and related equipment | |
| CN117596087A (en) | Service simulation method, device, computer equipment and storage medium | |
| CN113079157A (en) | Method and device for acquiring network attacker position and electronic equipment | |
| CN114710325B (en) | Method, device, equipment and storage medium for constructing network intrusion detection model | |
| CN107341396B (en) | Intrusion detection method and device and server | |
| Binu et al. | Attack and Anomaly Prediction in IoT Networks using Machine Learning Approaches | |
| CN112995168A (en) | Web server safety protection method, system and computer storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |