摘要
网络靶场是进行网络安全研究和攻防对抗演练的重要基础设施,生成攻击流量是网络靶场复杂行为模拟的主要组成内容。现有的攻击流量生成方法存在攻击类型有限、生成速率低下、流量内容单一等问题,难以满足网络靶场的应用需求。针对上述问题,本文提出了一种基于行为特征的网络靶场大规模攻击流量生成方法,根据攻击的动作序列和关键载荷等行为特征构建攻击模型,通过动态填充数据包模板的方式高速生成内容可变的大规模攻击流量。在此基础上,本文实现了攻击流量生成系统FATG。实验结果表明,与现有工具相比,FATG在攻击类型、可扩展性、流量内容灵活性以及生成速率等方面均存在优势,能够有效地模拟漏洞利用、拒绝服务等攻击行为支撑对网络靶场各类靶标设备的安全测试。
Cyber range serves as an important infrastructure for conducting network security research as well as offensive and defensive adversarial exercises.Generating attack traffic is the main component of simulating complex behaviors in Cyber ranges.Existing attack traffic generation methods suffer from limitations in terms of attack types,generation rates,and traffic content,making it challenging to meet the requirements of Cyber ranges.To address these problems,this article proposes a method of generating large-scale attack traffic in Cyber ranges based on behavioral features.It constructs attack models with action sequences and key payloads,and efficiently generates large-scale traffic with variable content through the process of dynamically filling packets’templates.On this basis,a fast and flexible attack traffic generator(FATG)is implemented.The experimental results show that FATG has advantages in attack types,scalability,flexibility of traffic content and generation rate compared to existing other attack tools.It can effectively simulate various types of attacks,such as vulnerability exploitation and denial of service,to support security testing of diverse target devices in Cyber ranges.
作者
王梦雨
朱树永
张玉军
WANG Mengyu;ZHU Shuyong;ZHANG Yujun(Institute of Computing Technology,Chinese Academy of Sciences,Beijing 100190;University of Chinese Academy of Sciences,Beijing 100049)
出处
《高技术通讯》
CAS
北大核心
2024年第11期1153-1163,共11页
Chinese High Technology Letters
基金
国家自然科学基金(62372429,U2333201)
国家重点研发计划(2018YFB1800403)资助项目。
关键词
网络靶场
攻击模拟
行为特征
流量生成
Cyber range
attack simulation
behavioral feature
traffic generation
