CN112367337A - Network security attack and defense method, device and medium - Google Patents
Network security attack and defense method, device and medium Download PDFInfo
- Publication number
- CN112367337A CN112367337A CN202011352827.0A CN202011352827A CN112367337A CN 112367337 A CN112367337 A CN 112367337A CN 202011352827 A CN202011352827 A CN 202011352827A CN 112367337 A CN112367337 A CN 112367337A
- Authority
- CN
- China
- Prior art keywords
- operation data
- simulation environment
- defense
- attack
- network security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000007123 defense Effects 0.000 title claims abstract description 95
- 238000000034 method Methods 0.000 title claims abstract description 77
- 238000004088 simulation Methods 0.000 claims abstract description 119
- 238000004590 computer program Methods 0.000 claims description 14
- 238000012216 screening Methods 0.000 claims description 13
- 230000000007 visual effect Effects 0.000 claims description 6
- 238000005516 engineering process Methods 0.000 abstract description 10
- 230000000694 effects Effects 0.000 abstract description 6
- 230000009471 action Effects 0.000 description 9
- 238000012545 processing Methods 0.000 description 7
- 230000008569 process Effects 0.000 description 6
- 238000004519 manufacturing process Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 230000008859 change Effects 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000007726 management method Methods 0.000 description 2
- 238000005065 mining Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000011160 research Methods 0.000 description 2
- 238000012549 training Methods 0.000 description 2
- 238000013473 artificial intelligence Methods 0.000 description 1
- 238000012550 audit Methods 0.000 description 1
- 238000009933 burial Methods 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 230000005055 memory storage Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 238000009877 rendering Methods 0.000 description 1
- 230000001052 transient effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The application discloses a network security attack and defense method, a device and a medium, wherein the method comprises the steps of constructing a simulation environment, acquiring first operation data used for attack under the condition of attacking the simulation environment, updating the simulation environment according to the first operation data, acquiring second operation data used for defense under the condition of defending the updated simulation environment, and updating the simulation environment according to the second operation data. Because the simulation environment is continuously updated according to the first operation data used for attack and the second operation data used for defense, the simulation environment can be continuously improved after corresponding defense methods are formed aiming at different attack methods, and the reliability of the network attack and defense technology is improved. In addition, the network security attack and defense device and the medium provided by the application correspond to the network security attack and defense method, and the effect is the same as that of the network security attack and defense method.
Description
Technical Field
The present application relates to the field of network security technologies, and in particular, to a network security attack and defense method, apparatus, and medium.
Background
With the development of networks, network security is gradually valued by people, learning and research on network defense and attack technologies are increasingly urgent, and in the process of cultivating network defense and attack talents, practical operation of network security defense and attack needs to be carried out through a constructed simulated environment.
At present, a network security attack and defense method is mainly based on a known vulnerability and a preset simulated environment constructed by attacks, and a user analyzes and defends the attacks in the simulated environment. Because the preset attack types are very limited in the simulation environment and new attacks appearing in the real environment cannot be converted, the user can only analyze and defend the existing attacks in the simulation environment but cannot analyze and defend other attacks, so that defense methods aiming at different attack means are reduced, and the reliability of the network attack and defense technology is reduced.
Therefore, how to improve the reliability of the network defense and attack technology is a problem to be solved urgently by those skilled in the art.
Disclosure of Invention
The application aims to provide a network security attack and defense method, device and medium.
In order to solve the above technical problem, the present application provides a network security attack and defense method, including:
constructing a simulation environment;
collecting first operation data used for attacking under the condition of attacking the simulation environment;
updating the simulation environment according to the first operation data;
collecting second operation data used for defense under the condition of defending the updated simulation environment;
and updating the simulation environment according to the second operation data.
Preferably, the updating the simulation environment according to the first operation data includes:
screening out first effective operation data according to the data packet in the first operation data and specific operation;
and updating the simulation environment according to the first effective operation data.
Preferably, the updating the simulation environment according to the second operation data includes:
screening out second effective operation data according to the data packet in the second operation data and the specific operation;
and updating the simulation environment according to the second effective operation data.
Preferably, before the screening out the first valid operation data according to the data packet and the specific operation in the first operation data and the screening out the second valid operation data according to the data packet and the specific operation in the second operation data, the method further includes: removing duplicate data in the first operation data or the second operation data.
Preferably, the constructing a simulation environment includes: and constructing the simulation environment according to the user-defined requirement.
Preferably, the method further comprises the following steps: saving the first operation data and the second operation data.
Preferably, the method further comprises the following steps: and displaying the working state of each device and the relationship between the devices in the simulation environment in a visual interface.
In order to solve the above technical problem, the present application further provides a network security attack and defense device, including:
the first building module is used for building a simulation environment;
the first acquisition module is used for acquiring first operation data used for attacking under the condition of attacking the simulation environment;
the first updating module is used for updating the simulation environment according to the first operation data;
the second acquisition module is used for acquiring second operation data used by defense under the condition of defending the updated simulation environment;
and the second updating module is used for updating the simulation environment according to the second operation data.
In order to solve the above technical problem, the present application further provides a network security attack and defense device, including:
a memory for storing a computer program;
and the processor is used for realizing the steps of the network security attack and defense method when the computer program is executed.
In order to solve the above technical problem, the present application further provides a computer-readable storage medium, where a computer program is stored, and when the computer program is executed by a processor, the steps of the network security defense and attack method are implemented.
The network security attack and defense method provided by the application constructs a simulation environment, updates the simulation environment according to first operation data after collecting the first operation data used for attacking under the condition of attacking the simulation environment, collects second operation data used for defending under the condition of defending the updated simulation environment, and updates the simulation environment according to the second operation data. Because the simulation environment is continuously updated according to the first operation data used for attack and the second operation data used for defense, the simulation environment can be continuously improved after corresponding defense methods are formed aiming at different attack methods, and the reliability of the network attack and defense technology is improved.
In addition, the network security attack and defense device and the medium provided by the application correspond to the network security attack and defense method, and the effect is the same as that of the network security attack and defense method.
Drawings
In order to more clearly illustrate the embodiments of the present application, the drawings needed for the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings can be obtained by those skilled in the art without inventive effort.
Fig. 1 is a flowchart of a network security attack and defense method according to an embodiment of the present application;
FIG. 2 is a flow chart illustrating updating a simulation environment according to first operation data according to an embodiment of the present application;
FIG. 3 is a flowchart illustrating updating a simulation environment according to second operation data according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of a network security attack and defense apparatus according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of another network security attack and defense apparatus according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all the embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments in the present application without any creative effort belong to the protection scope of the present application.
The core of the application is to provide a network security attack and defense method, device and medium.
In order that those skilled in the art will better understand the disclosure, the following detailed description will be given with reference to the accompanying drawings.
Fig. 1 is a flowchart of a network security attack and defense method according to an embodiment of the present application. As shown in fig. 1, the method includes:
s10: and constructing a simulation environment.
In the embodiment of the application, after analyzing a real production environment network, including network topology, network configuration and software and hardware configuration, a network topology structure converted by the production environment network is established, services and services operated by the real production environment are analyzed, a logic model is established, and after configuring the network topology structure and each device of the logic model, a simulation environment including the network topology structure, a virtual machine snapshot state, a physical machine execution script and background flow is established. Under the condition that a user does not access equipment such as a network application firewall, diary audit and the like or external equipment such as an attack tool and an attack detection tool, a data node, a storage node and a computing node are respectively configured for a network topology structure and a logic model through a Kernel-based Virtual Machine (KVM), and under the condition that the user accesses the external equipment, the external equipment and each equipment in the network topology structure and the logic model are uniformly managed. Unified management includes unified creation and reclamation of resources, management and storage of snapshots, initialization of network configuration of devices, initialization of operating systems of devices, initialization of services of devices, and initialization of other settings of devices and status monitoring of devices. In addition, the user or the manager can also manually configure the respective devices.
In order to improve the user experience, as a preferred embodiment, after the simulation environment is constructed, the simulation environment is stored as a mirror image, so that the user does not need to configure the simulation environment again when the user creates the simulation environment again.
In addition, as a preferred embodiment, a simulation environment can be constructed according to a user-defined requirement, wherein the user-defined requirement includes relevant data of an external device used by a user, and also includes relevant data of manual configuration of each device performed by the user, so that a corresponding simulation environment can be constructed according to the requirement of the user, and the use feeling of the user is improved.
S11: first operation data used by the attack is collected under the condition of the attack simulation environment.
The first operation data comprises a network data packet, a system operation log, a server log in the environment and a network equipment log; the system operation log, the server log in the environment and the network device log record key information such as attack operation execution time, specific attack operation action, attack operation execution user, specific request and the like, and the network data packet comprises key information such as source IP, destination IP and the like. In addition, the first operation data includes configuration data of each device change, that is, the configuration of each device that changes is obtained by comparing the initial simulated environment with the baseline configuration of the simulated environment after the user performs the attack operation.
S12: the simulation environment is updated according to the first operational data.
It should be noted that the updated simulation environment includes operation records and key action burial points. The key action buried point is used for judging the attack effect of training personnel by screening key services, key logs, key steady states and key actions under the training of a fixed simulation environment.
S13: second operational data used by the defense is collected in the event of defense against the updated simulated environment.
The second operation data comprises a network data packet, a system operation log, a server log in the environment and a network equipment log; the system operation log, the server log in the environment and the network device log record key information such as defense operation execution time, specific defense operation actions, defense operation execution users and specific requests, and the network data packet comprises key information such as a source IP and a destination IP. In addition, the first operation data includes configuration data of each device change, that is, the configuration of each device that changes is obtained by comparing the initial simulated environment with the baseline configuration of the simulated environment after the user performs the defense operation.
S14: updating the simulation environment according to the second operation data.
It should be further noted that the updated simulation environment includes the operation records and the key action buried points for judging the defense effect of the trainee.
It will be appreciated that the simulation environment is in the process of being continually updated, i.e. in a particular implementation, after updating the simulation environment according to the second operational data, the operational data used for the attack is again collected in case of an attack on the updated simulation environment, and so on.
In order to further improve the use feeling of the user, as a preferred embodiment, the operation state and the relationship between the devices in the simulation environment are displayed in the visual interface. It can be understood that the working state and the inter-device relationship of each device can be displayed in real time on the visual interface, and can also be displayed periodically on the visual interface.
The network security attack and defense method provided by the embodiment of the application constructs the simulation environment, updates the simulation environment according to the first operation data after collecting the first operation data used for attack under the condition of attacking the simulation environment, collects the second operation data used for defense under the condition of defending the updated simulation environment, and updates the simulation environment according to the second operation data. Because the simulation environment is continuously updated according to the first operation data used for attack and the second operation data used for defense, the simulation environment can be continuously improved after corresponding defense methods are formed aiming at different attack methods, and the reliability of the network attack and defense technology is improved. In addition, because the simulation environment is constructed according to the production environment, compared with the prior art, the network security attack and defense method provided by the embodiment can be used for mining unknown vulnerabilities in the production environment in the process of continuously updating the simulation environment, and the research and mining speed of new vulnerabilities are improved.
Fig. 2 is a flowchart illustrating updating a simulation environment according to first operation data according to an embodiment of the present application. As shown in fig. 2, on the basis of the above embodiment, S12 includes:
s20: and screening out first valid operation data according to the data packet in the first operation data and the specific operation.
S21: the simulation environment is updated according to the first valid operation data.
It should be noted that the first valid operation data is specifically operation data that achieves an attack effect.
According to the network security attack and defense method provided by the embodiment of the application, the first effective operation data are screened out according to the data packet in the first operation data and the specific operation, so that the workload of updating the simulation environment can be reduced, the speed of updating the simulation environment according to the attack operation is improved, and the use feeling of a user is increased.
Fig. 3 is a flowchart illustrating updating a simulation environment according to second operation data according to an embodiment of the present application. As shown in fig. 3, on the basis of the above embodiment, S14 includes:
s30: and screening out second valid operation data according to the data packet in the second operation data and the specific operation.
S31: updating the simulation environment according to the second valid operation data.
It should be noted that the second valid operation data is specifically operation data achieving a defense effect.
According to the network security attack and defense method provided by the embodiment of the application, the second effective operation data are screened out according to the data packet and the specific operation in the second operation data, so that the workload of updating the simulation environment can be reduced, the speed of updating the simulation environment according to the defense operation is improved, and the use feeling of a user is increased.
On the basis of the above embodiment, before S20 and S30, the method further includes: and removing repeated data in the first operation data or the second operation data.
In the embodiment of the application, the Hash calculation is carried out on the collected first operation data and the second operation data, and the Hash value is compared to judge the repeated data in the first operation data and the second operation data and eliminate the repeated data.
According to the network security attack and defense method provided by the embodiment of the application, the repeated data in the first operation data or the second operation data is removed before the effective data is screened, so that the occupancy rate of a storage space is reduced, the workload of updating the simulation environment is further reduced, the speed of updating the simulation environment is further increased, and the use feeling of a user is further increased.
On the basis of the above embodiment, the method further includes: the first operation data and the second operation data are saved.
In an implementation, the first operation data and the second operation data are stored in a storage area of the system by a file storage manner.
It can be understood that after the first operation data and the second operation data are stored, a complete attack chain and defense operation can be formed according to the first operation data and the second operation data, and corresponding simulated environment copy and recurrence are performed for the attack chain and the defense operation, so that a user can check the attack operation and the defense operation of the user, and can continuously learn in the simulated environment corresponding to the attack operation and the defense operation, and the use feeling of the user is further improved.
In the above embodiments, the network security attack and defense method is described in detail, and the application also provides embodiments corresponding to the network security attack and defense device. It should be noted that the present application describes the embodiments of the apparatus portion from two perspectives, one from the perspective of the function module and the other from the perspective of the hardware.
Fig. 4 is a schematic structural diagram of a network security attack and defense device according to an embodiment of the present application. As shown in fig. 4, the apparatus includes, based on the angle of the function module:
a first building block 10 for building a simulation environment.
The first acquisition module 11 is configured to acquire first operation data used for an attack in a case of an attack simulation environment.
A first updating module 12 for updating the simulation environment in accordance with the first operational data.
And the second acquisition module 13 is configured to acquire second operation data used by the defense in the case of defending the updated simulation environment.
A second updating module 14 for updating the simulation environment according to the second operational data.
Since the embodiments of the apparatus portion and the method portion correspond to each other, please refer to the description of the embodiments of the method portion for the embodiments of the apparatus portion, which is not repeated here.
As a preferred embodiment, the first building block 10 further comprises:
and the second construction module is used for constructing the simulation environment according to the user-defined requirement.
The first update module 12 includes:
and the first screening module is used for screening out first effective operation data according to the data packet in the first operation data and the specific operation.
And the third updating module is used for updating the simulation environment according to the first effective operation data.
The second update module 14 includes:
and the second screening module is used for screening out second effective operation data according to the data packet in the second operation data and the specific operation.
And the fourth updating module is used for updating the simulation environment according to the second effective operation data.
Further comprising:
and the removing module is used for removing the repeated data in the first operation data or the second operation data.
Further comprising:
and the storage module is used for storing the first operation data and the second operation data.
And the display module is used for displaying the working state and the relationship between the devices in the simulation environment in the visual interface.
The network security attack and defense device provided by the application constructs a simulation environment, updates the simulation environment according to first operation data after collecting the first operation data used for attack under the condition of attacking the simulation environment, collects second operation data used for defense under the condition of defending the updated simulation environment, and updates the simulation environment according to the second operation data. Because the simulation environment is continuously updated according to the first operation data used for attack and the second operation data used for defense, the simulation environment can be continuously improved after corresponding defense methods are formed aiming at different attack methods, and the reliability of the network attack and defense technology is improved.
Fig. 5 is a schematic structural diagram of another network security attack and defense apparatus according to an embodiment of the present application. As shown in fig. 5, the apparatus includes, from the perspective of the hardware configuration:
a memory 20 for storing a computer program;
the processor 21 is configured to implement the steps of the network security defense and attack method in the above embodiments when executing the computer program.
The processor 21 may include one or more processing cores, such as a 4-core processor, an 8-core processor, and the like. The processor 21 may be implemented in at least one hardware form of Digital Signal Processing (DSP), Field-Programmable Gate Array (FPGA), and Programmable Logic Array (PLA). The processor 21 may also include a main processor and a coprocessor, where the main processor is a processor for Processing data in an awake state, and is also called a Central Processing Unit (CPU); a coprocessor is a low power processor for processing data in a standby state. In some embodiments, the processor 21 may be integrated with a Graphics Processing Unit (GPU) which is responsible for rendering and drawing the content required to be displayed on the display screen. In some embodiments, the processor 21 may further include an Artificial Intelligence (AI) processor for processing computational operations related to machine learning.
The memory 20 may include one or more computer-readable storage media, which may be non-transitory. Memory 20 may also include high speed random access memory, as well as non-volatile memory, such as one or more magnetic disk storage devices, flash memory storage devices. In this embodiment, the memory 20 is at least used for storing the following computer program 201, wherein after being loaded and executed by the processor 21, the computer program can implement the relevant steps of the network security defense and attack method disclosed in any of the foregoing embodiments. In addition, the resources stored in the memory 20 may also include an operating system 202, data 203, and the like, and the storage manner may be a transient storage manner or a permanent storage manner. Operating system 202 may include, among others, Windows, Unix, Linux, and the like. Data 203 may include, but is not limited to, data involved in network security defense and attack methodologies, and the like.
In some embodiments, the network security device may further include a display 22, an input/output interface 23, a communication interface 24, a power supply 25, and a communication bus 26.
Those skilled in the art will appreciate that the configuration shown in fig. 5 does not constitute a limitation of a network security attack and defense arrangement and may include more or fewer components than those shown.
The network security attack and defense device provided by the embodiment of the application comprises a memory and a processor, wherein when the processor executes a program stored in the memory, the following method can be realized: the method comprises the steps of constructing a simulation environment, collecting first operation data used for attacking under the condition of attacking the simulation environment, updating the simulation environment according to the first operation data, collecting second operation data used for defending under the condition of defending the updated simulation environment, and updating the simulation environment according to the second operation data. Because the simulation environment is continuously updated according to the first operation data used for attack and the second operation data used for defense, the simulation environment can be continuously improved after corresponding defense methods are formed aiming at different attack methods, and the reliability of the network attack and defense technology is improved.
Finally, the application also provides a corresponding embodiment of the computer readable storage medium. The computer-readable storage medium has stored thereon a computer program which, when being executed by a processor, carries out the steps as set forth in the above-mentioned method embodiments.
It is to be understood that if the method in the above embodiments is implemented in the form of software functional units and sold or used as a stand-alone product, it can be stored in a computer readable storage medium. Based on such understanding, the technical solutions of the embodiments of the present application may be embodied in the form of a software product, which is stored in a storage medium and executes all or part of the steps of the methods described in the embodiments of the present application, or all or part of the technical solutions. And the aforementioned storage medium includes: a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The computer readable storage medium provided by the embodiment of the application, the medium is stored with a computer program, and when the computer program is executed by a processor, the following method can be realized: the method comprises the steps of constructing a simulation environment, collecting first operation data used for attacking under the condition of attacking the simulation environment, updating the simulation environment according to the first operation data, collecting second operation data used for defending under the condition of defending the updated simulation environment, and updating the simulation environment according to the second operation data. Because the simulation environment is continuously updated according to the first operation data used for attack and the second operation data used for defense, the simulation environment can be continuously improved after corresponding defense methods are formed aiming at different attack methods, and the reliability of the network attack and defense technology is improved.
The foregoing provides a detailed description of a network security attack and defense method, apparatus, and medium provided by the present application. The embodiments are described in a progressive manner in the specification, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description. It should be noted that, for those skilled in the art, it is possible to make several improvements and modifications to the present application without departing from the principle of the present application, and such improvements and modifications also fall within the scope of the claims of the present application.
It is further noted that, in the present specification, relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
Claims (10)
1. A network security attack and defense method is characterized by comprising the following steps:
constructing a simulation environment;
collecting first operation data used for attacking under the condition of attacking the simulation environment;
updating the simulation environment according to the first operation data;
collecting second operation data used for defense under the condition of defending the updated simulation environment;
and updating the simulation environment according to the second operation data.
2. The network security defense and attack method according to claim 1, wherein the updating the simulation environment according to the first operation data comprises:
screening out first effective operation data according to the data packet in the first operation data and specific operation;
and updating the simulation environment according to the first effective operation data.
3. The network security defense and attack method according to claim 1, wherein the updating the simulation environment according to the second operation data comprises:
screening out second effective operation data according to the data packet in the second operation data and the specific operation;
and updating the simulation environment according to the second effective operation data.
4. The network security defense and attack method according to claim 2 or 3, characterized in that before the first valid operation data is screened out according to the data packet and the specific operation in the first operation data and the second valid operation data is screened out according to the data packet and the specific operation in the second operation data, the method further comprises: removing duplicate data in the first operation data or the second operation data.
5. The network security attack and defense method according to claim 1, wherein the building of the simulation environment comprises: and constructing the simulation environment according to the user-defined requirement.
6. The network security attack and defense method according to claim 1, further comprising: saving the first operation data and the second operation data.
7. The network security attack and defense method according to claim 1, further comprising: and displaying the working state of each device and the relationship between the devices in the simulation environment in a visual interface.
8. A network security attack and defense device, comprising:
the first building module is used for building a simulation environment;
the first acquisition module is used for acquiring first operation data used for attacking under the condition of attacking the simulation environment;
the first updating module is used for updating the simulation environment according to the first operation data;
the second acquisition module is used for acquiring second operation data used by defense under the condition of defending the updated simulation environment;
and the second updating module is used for updating the simulation environment according to the second operation data.
9. A network security attack and defense device, comprising:
a memory for storing a computer program;
a processor for implementing the steps of the network security defense and attack method according to any one of claims 1 to 7 when executing the computer program.
10. A computer-readable storage medium, having stored thereon a computer program which, when being executed by a processor, carries out the steps of the network security defense and attack method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011352827.0A CN112367337A (en) | 2020-11-26 | 2020-11-26 | Network security attack and defense method, device and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011352827.0A CN112367337A (en) | 2020-11-26 | 2020-11-26 | Network security attack and defense method, device and medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112367337A true CN112367337A (en) | 2021-02-12 |
Family
ID=74535368
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011352827.0A Pending CN112367337A (en) | 2020-11-26 | 2020-11-26 | Network security attack and defense method, device and medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112367337A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114143099A (en) * | 2021-12-03 | 2022-03-04 | 中国电信集团***集成有限责任公司 | Network security policy self-checking attack and defense test method and device |
| CN114301640A (en) * | 2021-12-15 | 2022-04-08 | ***数智科技有限公司 | Method and system for attack and defense drilling based on SRv6 network protocol |
| CN114640704A (en) * | 2022-05-18 | 2022-06-17 | 山东云天安全技术有限公司 | Communication data acquisition method, system, computer equipment and readable storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080222731A1 (en) * | 2000-01-14 | 2008-09-11 | Secure Computing Corporation | Network security modeling system and method |
| US20180018463A1 (en) * | 2016-07-14 | 2018-01-18 | IronNet Cybersecurity, Inc. | Simulation and virtual reality based cyber behavioral systems |
| CN109194684A (en) * | 2018-10-12 | 2019-01-11 | 腾讯科技(深圳)有限公司 | A kind of method, apparatus and calculating equipment of simulation Denial of Service attack |
| CN109361534A (en) * | 2018-09-20 | 2019-02-19 | 中国航天***科学与工程研究院 | A kind of network security emulation system |
| WO2020060503A1 (en) * | 2018-09-20 | 2020-03-26 | Ucar Ozan | An email threat simulator for identifying security vulnerabilities in email protection mechanisms |
-
2020
- 2020-11-26 CN CN202011352827.0A patent/CN112367337A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080222731A1 (en) * | 2000-01-14 | 2008-09-11 | Secure Computing Corporation | Network security modeling system and method |
| US20180018463A1 (en) * | 2016-07-14 | 2018-01-18 | IronNet Cybersecurity, Inc. | Simulation and virtual reality based cyber behavioral systems |
| CN108140057A (en) * | 2016-07-14 | 2018-06-08 | 铁网网络安全股份有限公司 | Network behavior system based on simulation and virtual reality |
| CN109361534A (en) * | 2018-09-20 | 2019-02-19 | 中国航天***科学与工程研究院 | A kind of network security emulation system |
| WO2020060503A1 (en) * | 2018-09-20 | 2020-03-26 | Ucar Ozan | An email threat simulator for identifying security vulnerabilities in email protection mechanisms |
| CN109194684A (en) * | 2018-10-12 | 2019-01-11 | 腾讯科技(深圳)有限公司 | A kind of method, apparatus and calculating equipment of simulation Denial of Service attack |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114143099A (en) * | 2021-12-03 | 2022-03-04 | 中国电信集团***集成有限责任公司 | Network security policy self-checking attack and defense test method and device |
| CN114143099B (en) * | 2021-12-03 | 2022-11-22 | ***数智科技有限公司 | Network security policy self-checking attack and defense test method and device and storage medium |
| CN114301640A (en) * | 2021-12-15 | 2022-04-08 | ***数智科技有限公司 | Method and system for attack and defense drilling based on SRv6 network protocol |
| CN114301640B (en) * | 2021-12-15 | 2023-09-01 | ***数智科技有限公司 | Attack and defense exercise method and system based on SRv6 network protocol |
| CN114640704A (en) * | 2022-05-18 | 2022-06-17 | 山东云天安全技术有限公司 | Communication data acquisition method, system, computer equipment and readable storage medium |
| CN114640704B (en) * | 2022-05-18 | 2022-08-19 | 山东云天安全技术有限公司 | Communication data acquisition method, system, computer equipment and readable storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20210092150A1 (en) | Advanced cybersecurity threat mitigation using behavioral and deep analytics | |
| CN112367337A (en) | Network security attack and defense method, device and medium | |
| US10237296B2 (en) | Automated penetration testing device, method and system | |
| US9594881B2 (en) | System and method for passive threat detection using virtual memory inspection | |
| US7933981B1 (en) | Method and apparatus for graphical representation of elements in a network | |
| US10951646B2 (en) | Biology based techniques for handling information security and privacy | |
| WO2018027226A1 (en) | Detection mitigation and remediation of cyberattacks employing an advanced cyber-decision platform | |
| US11637866B2 (en) | System and method for the secure evaluation of cyber detection products | |
| CN111756706A (en) | Abnormal flow detection method and device and storage medium | |
| US11074652B2 (en) | System and method for model-based prediction using a distributed computational graph workflow | |
| Kotenko et al. | Fast network attack modeling and security evaluation based on attack graphs | |
| EP3655878A1 (en) | Advanced cybersecurity threat mitigation using behavioral and deep analytics | |
| US10609058B2 (en) | Sequencing virtual machines | |
| CN111245800B (en) | Network security test method and device, storage medium and electronic device | |
| KR101787267B1 (en) | Apparatus and method of modeling and simulation for cyber effect analysis using network models | |
| WO2020167539A1 (en) | System and method for complex it process annotation, tracing, analysis, and simulation | |
| CN105025067A (en) | Information security technology research platform | |
| CN116074075A (en) | Security event association behavior analysis method, system and equipment based on association rule | |
| CN116015860A (en) | Network asset simulation method, device, equipment and medium based on honeypot technology | |
| CN111316268A (en) | Advanced cyber-security threat mitigation for interbank financial transactions | |
| WO2022047415A1 (en) | System and method for secure evaluation of cyber detection products | |
| WO2021055964A1 (en) | System and method for crowd-sourced refinement of natural phenomenon for risk management and contract validation | |
| CN112637873A (en) | Robustness testing method and device based on wireless communication network of unmanned system | |
| CN110719260B (en) | Intelligent network security analysis method and device and computer readable storage medium | |
| US20240214429A1 (en) | Complex it process annotation, tracing, analysis, and simulation |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210212 |
|
| RJ01 | Rejection of invention patent application after publication |