HK40107003A - A method, an apparatus, a device and a storage medium for generating environment snapshots of a networked range - Google Patents
A method, an apparatus, a device and a storage medium for generating environment snapshots of a networked range Download PDFInfo
- Publication number
- HK40107003A HK40107003A HK42024094558.4A HK42024094558A HK40107003A HK 40107003 A HK40107003 A HK 40107003A HK 42024094558 A HK42024094558 A HK 42024094558A HK 40107003 A HK40107003 A HK 40107003A
- Authority
- HK
- Hong Kong
- Prior art keywords
- environment
- snapshot
- data
- network
- range
- Prior art date
Links
Description
技术领域Technical Field
本发明涉及网络靶场技术领域,具体涉及一种网络靶场环境快照的生成方法、装置设备和存储介质。This invention relates to the field of network range technology, and specifically to a method, apparatus, and storage medium for generating snapshots of network range environments.
背景技术Background Technology
网络靶场是一种综合利用虚拟化技术,对真实网络空间中的网络架构、系统设备、业务进行模拟和复现的平台,可用于网络安全测试、科学研究等。在当前新技术日新月异、层出不穷的情况下,网络安全问题出现涌现性,尤其是在新技术初期不稳定情况下,其带来的网络安全问题不可预期性强。网络靶场可用于新技术的网络安全测试验证,获取其不可预期情况下的状态,用于后续的深入分析十分重要。A cyber range is a platform that comprehensively utilizes virtualization technology to simulate and reproduce network architecture, system equipment, and services in real cyberspace. It can be used for network security testing, scientific research, and other purposes. With the rapid emergence of new technologies, network security issues are becoming increasingly prevalent, especially in the early stages when new technologies are unstable and their resulting network security problems are highly unpredictable. A cyber range is crucial for testing and verifying the network security capabilities of new technologies, capturing their unpredictable states for subsequent in-depth analysis.
网络靶场构建的网络安全测试环境具有复杂性,叠加新技术的复杂性,让问题的解决变得复杂。当前技术方案通用的办法是对某些虚拟机进行快照,但是如何有效利用,并如何满足条件的进行快照,并未有解决。The network security testing environment built in network ranges is complex, and the complexity of new technologies further complicates problem-solving. Current technical solutions commonly involve taking snapshots of certain virtual machines, but how to effectively utilize these snapshots and how to take them under specific conditions remain unresolved.
发明内容Summary of the Invention
鉴于上述问题,本发明实施例一种网络靶场环境快照的生成方法及装置,解决现有的技术问题。In view of the above problems, the present invention provides a method and apparatus for generating snapshots of network target environments, which solves the existing technical problems.
本发明提供以下技术方案:This invention provides the following technical solutions:
第一方面,本发明提供一种网络靶场环境快照的生成方法,所述方法包括:In a first aspect, the present invention provides a method for generating snapshots of a network target environment, the method comprising:
配置网络靶场的环境快照触发规则;Configure environment snapshot triggering rules for the network test range;
执行环境快照的触发规则,生成网络靶场的环境快照;Execute the environment snapshot trigger rules to generate an environment snapshot of the network test range;
根据生成的环境快照还原历史时刻的网络靶场并重新执行环境快照的触发规则,生成网络靶场的环境快照。Based on the generated environment snapshot, the network target range at a historical moment is reconstructed and the triggering rules for the environment snapshot are re-executed to generate an environment snapshot of the network target range.
一实施例中,所述配置网络靶场的环境快照触发规则包括:In one embodiment, the environment snapshot triggering rule for configuring the network range includes:
配置环境快照的触发方式;Configure how to trigger environment snapshots;
选定适用的数据来源;Select an appropriate data source;
选择对应数据来源的数据字段和关联规则;Select the data fields and association rules corresponding to the data source;
匹配数据采集方式;Matching data collection methods;
制定规则触发后环境快照涉及的范围。Define the scope of the environment snapshot triggered by the rules.
一实施例中,所述环境快照的触发方式包括:In one embodiment, the triggering method for the environment snapshot includes:
时间触发方式和事件触发方式。Time-triggered methods and event-triggered methods.
一实施例中,所述数据来源包括:In one embodiment, the data source includes:
来自网络靶场测试环境的数据和来自网络靶场自身的数据;Data from the network range testing environment and data from the network range itself;
所述网络靶场测试环境的数据包括:测试环境配置数据、测试任务描述数据、申请调配所需的资源数据和测试环境中构成主体数据;The data in the network range testing environment includes: testing environment configuration data, testing task description data, resource data required for allocation, and main data constituting the testing environment.
所述网络靶场自身的数据包括:测试环境的管理数据、资源监控数据、资源调度数据和数据采集分析过程产生的数据。The network test range's own data includes: test environment management data, resource monitoring data, resource scheduling data, and data generated during the data collection and analysis process.
一实施例中,所述匹配数据采集方式包括:In one embodiment, the matching data acquisition method includes:
对于来自网络靶场测试环境的数据采用采用部署agent客户端采集后外发或syslog外发或snmp协议外发的方式进行采集;Data from the network range testing environment is collected by deploying an agent client and then sending it out, or by sending it out via syslog or SNMP protocol.
对于来自网络靶场自身的数据采用触发器或脚本或文件监控方式进行采集。Data from the network target range itself is collected using triggers, scripts, or file monitoring methods.
一实施例中,所述生成的网络靶场的环境快照包括内部环境快照和外部环境快照:In one embodiment, the generated network range environment snapshot includes an internal environment snapshot and an external environment snapshot:
所述内部环境快照的生成方式如下:对虚拟机采用进行增量存储;对虚拟程序运行的容器采用全量存储,并保存当前的容器配置脚本;对专用或通用的环境生成单元,采用全量快照的方式或根据生成单元的配置脚本,并记录运行时间及配置,生成内部环境快照;The internal environment snapshot is generated as follows: incremental storage is used for virtual machines; full storage is used for containers running virtual programs, and the current container configuration script is saved; for dedicated or general environment generation units, a full snapshot is used or the internal environment snapshot is generated based on the configuration script of the generation unit, and the running time and configuration are recorded.
所述外部环境快照的生成方式如下:对网络靶场测试环境的数据库、配置文件和采集的数据,采用备份归档的方式形成新的数据副本,生成外部环境快照。The external environment snapshot is generated as follows: the database, configuration files and collected data of the network target range test environment are backed up and archived to form a new data copy, and an external environment snapshot is generated.
一实施例中,所述根据生成的环境快照还原历史时刻的网络靶场并重新执行环境快照的触发规则,生成网络靶场的环境快照包括:In one embodiment, the step of restoring the network target range at a historical moment based on the generated environment snapshot and re-executing the triggering rules of the environment snapshot, generating an environment snapshot of the network target range, includes:
选定所需恢复的环境快照;Select the environment snapshot you want to restore;
根据环境配置分配资源,调用环境快照的配置文件和虚拟机镜像文件;构建所需的网络靶场,并加载网络靶场环境产生的数据文件;Allocate resources according to the environment configuration, call the configuration file of the environment snapshot and the virtual machine image file; build the required network range and load the data files generated by the network range environment;
基于还原后的网络靶场继续生成环境快照。Based on the restored network range, continue to generate environment snapshots.
第二方面,本发明提供一种网络靶场环境快照的生成装置,所述装置包括:Secondly, the present invention provides an apparatus for generating snapshots of a network target environment, the apparatus comprising:
配置模块:用于配置网络靶场的环境快照触发规则;Configuration module: Used to configure the environment snapshot triggering rules for the network range;
生成模块:用于执行环境快照的触发规则,生成网络靶场的环境快照;Generation module: Used to execute the triggering rules for environment snapshots and generate environment snapshots for the network test range;
恢复模块:用于根据生成的环境快照还原历史时刻的网络靶场并重新执行环境快照的触发规则,生成网络靶场的环境快照。Recovery module: Used to restore the network target range at a historical moment based on the generated environment snapshot and re-execute the triggering rules of the environment snapshot to generate an environment snapshot of the network target range.
一实施例中,配置模块中所述的配置网络靶场的环境快照触发规则包括:In one embodiment, the environment snapshot triggering rules for configuring the network target range in the configuration module include:
配置环境快照的触发方式;Configure how to trigger environment snapshots;
选定适用的数据来源;Select an appropriate data source;
选择对应数据来源的数据字段和关联规则;Select the data fields and association rules corresponding to the data source;
匹配数据采集方式;Matching data collection methods;
制定规则触发后环境快照涉及的范围。Define the scope of the environment snapshot triggered by the rules.
一实施例中,所述环境快照的触发方式包括:In one embodiment, the triggering method for the environment snapshot includes:
时间触发方式和事件触发方式。Time-triggered methods and event-triggered methods.
一实施例中,所述数据来源包括:In one embodiment, the data source includes:
来自网络靶场测试环境的数据和来自网络靶场自身的数据;Data from the network range testing environment and data from the network range itself;
所述网络靶场测试环境的数据包括:测试环境配置数据、测试任务描述数据、申请调配所需的资源数据和测试环境中构成主体数据;The data in the network range testing environment includes: testing environment configuration data, testing task description data, resource data required for allocation, and main data constituting the testing environment.
所述网络靶场自身的数据包括:测试环境的管理数据、资源监控数据、资源调度数据和数据采集分析过程产生的数据。The network test range's own data includes: test environment management data, resource monitoring data, resource scheduling data, and data generated during the data collection and analysis process.
一实施例中,所述匹配数据采集方式包括:In one embodiment, the matching data acquisition method includes:
对于来自网络靶场测试环境的数据采用采用部署agent客户端采集后外发或syslog外发或snmp协议外发的方式进行采集;Data from the network range testing environment is collected by deploying an agent client and then sending it out, or by sending it out via syslog or SNMP protocol.
对于来自网络靶场自身的数据采用触发器或脚本或文件监控方式进行采集。Data from the network target range itself is collected using triggers, scripts, or file monitoring methods.
一实施例中,生成模块中的所述生成的网络靶场的环境快照包括内部环境快照和外部环境快照:In one embodiment, the generated network target environment snapshot in the generation module includes an internal environment snapshot and an external environment snapshot:
所述内部环境快照的生成方式如下:对虚拟机采用进行增量存储;对虚拟程序运行的容器采用全量存储,并保存当前的容器配置脚本;对专用或通用的环境生成单元,采用全量快照的方式或根据生成单元的配置脚本,并记录运行时间及配置,生成内部环境快照;The internal environment snapshot is generated as follows: incremental storage is used for virtual machines; full storage is used for containers running virtual programs, and the current container configuration script is saved; for dedicated or general environment generation units, a full snapshot is used or the internal environment snapshot is generated based on the configuration script of the generation unit, and the running time and configuration are recorded.
所述外部环境快照的生成方式如下:对网络靶场测试环境的数据库、配置文件和采集的数据,采用备份归档的方式形成新的数据副本,生成外部环境快照。The external environment snapshot is generated as follows: the database, configuration files and collected data of the network target range test environment are backed up and archived to form a new data copy, and an external environment snapshot is generated.
一实施例中,恢复模块中所述的根据生成的环境快照还原历史时刻的网络靶场并重新执行环境快照的触发规则,生成网络靶场的环境快照包括:In one embodiment, the restoration module's method of restoring the network target range at a historical moment based on the generated environment snapshot and re-executing the environment snapshot triggering rules, generating the network target range environment snapshot, includes:
选定所需恢复的环境快照;Select the environment snapshot you want to restore;
根据环境配置分配资源,调用环境快照的配置文件和虚拟机镜像文件;构建所需的网络靶场,并加载网络靶场环境产生的数据文件;Allocate resources according to the environment configuration, call the configuration file of the environment snapshot and the virtual machine image file; build the required network range and load the data files generated by the network range environment;
基于还原后的网络靶场继续生成环境快照。Based on the restored network range, continue to generate environment snapshots.
第三方面,本发明提供一种电子设备,包括:Thirdly, the present invention provides an electronic device, comprising:
处理器、存储器、与网关通信的接口;Processor, memory, and interfaces for communication with the gateway;
存储器用于存储程序和数据,所述处理器调用存储器存储的程序,以执行第一方面任一项提供的一种网络靶场环境快照的生成方法。The memory is used to store programs and data, and the processor calls the programs stored in the memory to execute a method for generating a snapshot of a network range environment provided in any of the first aspects.
第四方面,本发明提供一种计算机可读存储介质,所述计算机可读存储介质包括程序,所述程序在被处理器执行时用于执行第一方面任一项提供的一种网络靶场环境快照的生成方法。Fourthly, the present invention provides a computer-readable storage medium comprising a program, which, when executed by a processor, is used to perform a method for generating a snapshot of a network range environment provided in any of the first aspects.
从上述描述可知,本发明实施例通过配置网络靶场的环境快照触发规则;之后执行环境快照的触发规则,生成网络靶场的环境快照;在使用过程中根据生成的环境快照还原历史时刻的网络靶场并重新执行环境快照的触发规则,继续生成网络靶场的环境快照。从环境快照的触发规则和环境快照生成两个方面入手,实现了网络靶场的环境快照有效获取,并可根据获取的环境快照还原至网络靶场历史时刻的状态,可保障网络靶场复杂业务应用下的测试工作开展。As described above, this embodiment of the invention generates an environmental snapshot of the network testbed by configuring environmental snapshot triggering rules, executing these rules, and then restoring the network testbed to its historical state based on the generated snapshots. During use, the network testbed is then re-executed based on the generated snapshots to generate more environmental snapshots. By addressing both the environmental snapshot triggering rules and snapshot generation, the invention effectively acquires environmental snapshots of the network testbed and allows for restoration to its historical state, ensuring the smooth operation of testing under complex business applications within the network testbed.
附图说明Attached Figure Description
图1所示为本发明一实施例提供的网络靶场环境快照的生成方法流程示意图;Figure 1 shows a schematic flowchart of a method for generating a snapshot of a network target environment according to an embodiment of the present invention;
图2所示为本发明一实施例提供的网络靶场环境快照的生成装置的结构示意图;Figure 2 shows a schematic diagram of the structure of a network target environment snapshot generation device provided in an embodiment of the present invention;
图3所示为本发明一实施例中的电子设备的结构示意图。Figure 3 shows a schematic diagram of the structure of an electronic device according to an embodiment of the present invention.
具体实施方式Detailed Implementation
为使本发明的目的、技术方案及优点更加清楚、明白,以下结合附图及具体实施方式对本发明作进一步说明。显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。To make the objectives, technical solutions, and advantages of this invention clearer and more understandable, the invention will be further described below in conjunction with the accompanying drawings and specific embodiments. Obviously, the described embodiments are merely some embodiments of this invention, and not all embodiments. Based on the embodiments of this invention, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of this invention.
基于现有技术的缺点,本发明实施例提供了一种网络靶场环境快照的生成方法的具体实施方式,如图1所示,该方法具体包括:To address the shortcomings of existing technologies, this invention provides a specific implementation method for generating snapshots of network test environment, as shown in Figure 1. The method specifically includes:
S110:配置网络靶场的环境快照触发规则。S110: Configure environment snapshot triggering rules for the network test range.
此步骤的目的是为了设置关于网络靶场的环境快照触发规则,主要解决环境快照如何触发,何时触发,触发后如何进行环境快照采集以及采集的范围。The purpose of this step is to set up the environment snapshot triggering rules for the network target range, mainly to solve how and when the environment snapshot is triggered, how to collect the environment snapshot after it is triggered, and the scope of the collection.
首先配置环境快照的触发方式,确定环境快照是如何触发。First, configure the environment snapshot triggering method to determine how the environment snapshot is triggered.
具体地,在此步骤中提出了两种触发方式:Specifically, two triggering methods are proposed in this step:
第一种为时间触发方式,例如在某一特需时刻手动触发;或者进行定时触发,到达设定时刻进行触发;或者设定一个截止时间进行触发等。The first type is time-triggered, such as manually triggering at a specific time; or triggering at a set time; or triggering at a set deadline, etc.
第二种为事件触发方式,通过设置一定的条件约束,当其满足要求时自动触发。The second method is event-triggered, which involves setting certain conditions and constraints, and automatically triggering the event when the requirements are met.
然后,选定适用的数据来源。Then, select the appropriate data source.
具体地,数据来源包括来自网络靶场测试环境的数据和来自网络靶场自身的数据;网络靶场自身是构建网络靶场测试环境时涉及的通用的组件或者系统。Specifically, the data sources include data from the network range testing environment and data from the network range itself; the network range itself refers to the common components or systems involved in building the network range testing environment.
更为具体地,网络靶场测试环境的数据包括:测试环境配置数据、测试任务描述数据、申请调配所需的资源数据和测试环境中构成主体数据;More specifically, the data in the network range testing environment includes: testing environment configuration data, testing task description data, resource allocation data required for request, and main data constituting the testing environment;
网络靶场自身的数据包括:测试环境的管理数据、资源监控数据、资源调度数据和数据采集分析过程产生的数据。The network range's own data includes: test environment management data, resource monitoring data, resource scheduling data, and data generated during the data collection and analysis process.
其中,网络靶场自身的数据应用于多个网络靶场测试环境中,具有全局特性。Among them, the data from the network range itself is applied in multiple network range testing environments, and has global characteristics.
然后,选择对应数据来源的数据字段和关联规则。Then, select the data fields and association rules corresponding to the data source.
具体地,数据字段源于数据定义,一般在数据对接和存储前均有明确的要求和说明,后续的数据采集处理过程中均不会有变更,因此数据字段、定义、内容格式均有明确或者概要说明,某个环境或测试任务的数据字段均可引用过来,内容的读取也可通过接口或存储位置进行检索和查询,通过关联规则引擎,实现数据源、字段、数据内容或时间段、累计次数等多种条件下的规则匹配。Specifically, data fields originate from data definitions, which generally have clear requirements and instructions before data integration and storage. These requirements and instructions will not be changed during subsequent data collection and processing. Therefore, data fields, definitions, and content formats have clear or concise descriptions. Data fields for a specific environment or test task can be referenced, and content can be retrieved and queried through interfaces or storage locations. Through the association rule engine, rule matching can be achieved under various conditions such as data source, field, data content, time period, and cumulative number of times.
之后,匹配数据采集方式;Next, match the data collection method;
具体地,对于来自网络靶场测试环境的数据采用采用部署agent客户端采集后外发或syslog外发或snmp协议外发的方式进行采集;Specifically, data from the network range testing environment is collected by deploying an agent client for collection and then sending it out, or by sending it out via syslog or SNMP protocol.
对于来自网络靶场自身的数据采用触发器或脚本或文件监控方式进行采集,采用这种方式数据存储都是格式化形式,如数据库文件、xml格式文件和json文件等,其字段定义较为清晰,可以实现细粒度的跟踪分析。Data from the network target range itself is collected using triggers, scripts, or file monitoring. Data stored in this way is in a formatted form, such as database files, XML files, and JSON files. The field definitions are relatively clear, enabling fine-grained tracking and analysis.
最后,制定规则触发后环境快照涉及的范围。Finally, define the scope of the environment snapshot triggered by the rule.
具体地,如对当前任务或者测试环境进行全局的环境快照:其包括任务、任务场景说明、资源配置说明、网络靶场核心单元(承载业务的虚拟机、客户操作的虚拟机、网络构建所需的虚拟单元、专用/通用的环境生成单元、虚拟程序运行容器等)等进行全局的环境快照。Specifically, this could involve taking a global environment snapshot of the current task or test environment, including the task, task scenario description, resource configuration description, core units of the network test range (virtual machines carrying services, virtual machines for client operations, virtual units required for network construction, dedicated/general environment generation units, virtual program execution containers, etc.).
S120:执行环境快照的触发规则,生成网络靶场的环境快照。S120: Execute the environment snapshot triggering rules to generate an environment snapshot of the network range.
在此步骤目的是当触发时间或者事件方式的环境快照后,如何获取有效的环境快照,分别对对应的环境进行环境快照处理。The purpose of this step is to determine how to obtain a valid environment snapshot after a time-based or event-based environment snapshot is triggered, and to perform environment snapshot processing on the corresponding environment.
具体地,生成的网络靶场的环境快照包括内部环境快照和外部环境快照。Specifically, the generated network target environment snapshots include internal environment snapshots and external environment snapshots.
其中,内部环境快照针对的是某个特定任务环境的组成部分,例如承载业务的虚拟机、客户操作的虚拟机、网络构建所需的虚拟单元、专用或者通用的环境生成单元、虚拟程序运行容器等。外部环境快照针对的是外部条件,即当前网络靶场测试环境所处的状态。Internal environment snapshots target components of a specific task environment, such as virtual machines hosting business operations, virtual machines for client operations, virtual units required for network construction, dedicated or general-purpose environment generation units, and virtual program runtime containers. External environment snapshots target external conditions, i.e., the current state of the network test environment.
更为具体地,内部环境快照的生成方式如下:对虚拟机采用进行增量存储;对虚拟程序运行的容器采用全量存储,并保存当前的容器配置脚本;对专用或通用的环境生成单元,采用全量快照的方式或根据生成单元的配置脚本,并记录运行时间及配置,生成内部环境快照。More specifically, the internal environment snapshot is generated as follows: incremental storage is used for virtual machines; full storage is used for containers running virtual programs, and the current container configuration script is saved; for dedicated or general environment generation units, a full snapshot is used or the internal environment snapshot is generated based on the configuration script of the generation unit, and the running time and configuration are recorded.
增量存储可支持只保存相比原始镜像的增量内容(也就是运行后形成数据可存储在文件或内存中的),具有体积小,快照效果快的特性。全量存储全部备份当前内容,需要将所有内容都拷贝一份,具有体积大,快照时间长的特性。Incremental storage only saves the incremental content compared to the original image (i.e., the data generated after execution can be stored in files or memory), featuring small size and fast snapshot results. Full storage backs up all current content, requiring a complete copy of all content, resulting in large size and long snapshot times.
例如:网络靶场采用基于KVM虚拟化技术,其中的虚拟机可用于部署业务应用,其操作系统为windows、linux、或者其他系统。以某个镜像状态进行启动,启动后供业务或终端使用,过程中产生数据,保存在系统中;如镜像文件系统为qcow2格式,可实现增量备份,只保存变动的数据(存储在操作系统中的增量数据);同时也可以进行全量的备份,对当前的内存数据、文件数据(落到磁盘上的数据),实现当前状态的全部保存。本发明通过部署agent客户端的方式,将虚拟机的程序执行、用户访问、文件访问等内容进行采集,可形成虚拟机快照的细致的描述,配合网络靶场平台,实现何时、何种条件下的虚拟机快照的获取(即步骤S110),可有效的检索和应用。For example, a network testbed uses KVM virtualization technology, where virtual machines can be used to deploy business applications. Their operating systems are Windows, Linux, or other systems. The machine is started in a specific image state and then used by the business or terminals. Data generated during the process is stored in the system. If the image file system is qcow2 format, incremental backups can be performed, saving only changed data (incremental data stored in the operating system). Simultaneously, full backups can also be performed, saving all current memory data and file data (data written to disk) in its current state. This invention collects information such as program execution, user access, and file access of the virtual machine by deploying an agent client, forming a detailed description of the virtual machine snapshot. Combined with the network testbed platform, it enables the acquisition of virtual machine snapshots under specific conditions and when (i.e., step S110), allowing for effective retrieval and application.
外部环境快照的生成方式如下:对网络靶场测试环境的数据库、配置文件和采集的数据,采用备份归档的方式形成新的数据副本,生成外部环境快照。The external environment snapshot is generated as follows: the database, configuration files and collected data of the network range test environment are backed up and archived to form a new data copy, and an external environment snapshot is generated.
实际操作中,对于mysql等而言,没有数据库快照的概念,可通过数据库表克隆/镜像的方式,实现对当前时间的数据存储内容的备份,适用于InnoDB存储引擎中的所有数据和元数据。而sql server数据库可实现类似虚拟机增量快照的功能,只对新增的数据进行存储备份,原有的数据库表内容不做变更。In practice, MySQL and similar databases do not have the concept of database snapshots. Instead, they use database table cloning/mirroring to back up data stored at the current time. This applies to all data and metadata in the InnoDB storage engine. SQL Server, on the other hand, can implement a function similar to virtual machine incremental snapshots, backing up only newly added data while leaving existing database table content unchanged.
S130:根据生成的环境快照还原历史时刻的网络靶场并重新执行环境快照的触发规则,生成网络靶场的环境快照。S130: Restore the network target range at a historical moment based on the generated environment snapshot and re-execute the environment snapshot triggering rules to generate an environment snapshot of the network target range.
此步骤的目的是网络靶场测试环境出现问题时,可以根据环境快照进行物理靶场测试环境的还原,提高网络靶场的可靠性。这得益于步骤S110和S120生成的环境快照,可以形成统一的关于环境快照的不同资源、不同时间段的描述,可对某一内容的贯穿时间线的变迁分析,也可适用于和当前变迁最近的环境快照的检索分析,或者直接选用符合事件定义产生的环境快照。The purpose of this step is to restore the physical test environment of the network range when problems occur, thereby improving the reliability of the network range. This is thanks to the environment snapshots generated in steps S110 and S120, which can form a unified description of different resources and time periods of the environment snapshot. It allows for the analysis of the changes of a certain content across the timeline, and can also be applied to the retrieval and analysis of the environment snapshot most recent to the current change, or directly select the environment snapshot generated according to the event definition.
具体地,在进行网络靶场的环境快照恢复时:Specifically, when restoring an environment snapshot of a network test range:
首先,选定所需恢复的环境快照。First, select the environment snapshot you want to restore.
然后,根据环境配置分配资源,调用环境快照的配置文件和虚拟机镜像文件;构建所需的网络靶场,并加载网络靶场环境产生的数据文件。Then, resources are allocated according to the environment configuration, and the configuration file and virtual machine image file of the environment snapshot are called; the required network range is built, and the data files generated by the network range environment are loaded.
最后,基于还原后的网络靶场继续生成环境快照。Finally, an environment snapshot is generated based on the restored network range.
这样当网络靶场出现问题时可以通过上述步骤进行还原/恢复,进而适应复杂测试工作。In this way, when problems occur in the network test range, the above steps can be used to restore/recover the system, thus adapting to complex testing tasks.
通过上述描述可知,本发明实施例从环境快照的触发规则和环境快照生成两个方面入手,实现了网络靶场的环境快照有效获取,并可根据获取的环境快照还原至网络靶场历史时刻的状态,可保障网络靶场复杂业务应用下的测试工作开展。As described above, the embodiments of the present invention address both the triggering rules and the generation of environment snapshots, thereby enabling the effective acquisition of environment snapshots in the network test range. Furthermore, the acquired environment snapshots can be used to restore the network test range to its historical state, ensuring the smooth operation of testing under complex business applications in the network test range.
基于同一发明构思,本申请实施例还提供了一种网络靶场环境快照的生成装置,可以用于实现上述实施例所描述的一种网络靶场环境快照的生成方法,如下面的实施例所述。由于一种网络靶场环境快照的生成装置解决问题的原理与一种网络靶场环境快照的生成方法相似,因此一种网络靶场环境快照的生成装置的实施可以参见方法实施,重复之处不再赘述。以下所使用的,术语“单元”或者“模块”可以实现预定功能的软件和/或硬件的组合。尽管以下实施例所描述的系统较佳地以软件来实现,但是硬件,或者软件和硬件的组合的实现也是可能并被构想的。Based on the same inventive concept, this application also provides an apparatus for generating network range environment snapshots, which can be used to implement the method for generating network range environment snapshots described in the above embodiments, as described in the following embodiments. Since the principle of the apparatus for generating network range environment snapshots is similar to that of the method for generating network range environment snapshots, the implementation of the apparatus for generating network range environment snapshots can refer to the method implementation, and repeated details will not be elaborated further. As used below, the terms "unit" or "module" can refer to a combination of software and/or hardware that implements a predetermined function. Although the system described in the following embodiments is preferably implemented in software, hardware implementation, or a combination of software and hardware, is also possible and contemplated.
如图2所示,本发明提供了一种网络靶场环境快照的生成装置,在图2中,该装置包括:As shown in Figure 2, the present invention provides a device for generating snapshots of network target environments. In Figure 2, the device includes:
配置模块210:用于配置网络靶场的环境快照触发规则;Configuration module 210: Used to configure the environment snapshot triggering rules for the network test range;
生成模块220:用于执行环境快照的触发规则,生成网络靶场的环境快照;Generation module 220: Used to execute the triggering rules for environment snapshots and generate environment snapshots of the network test range;
恢复模块230:用于根据生成的环境快照还原历史时刻的网络靶场并重新执行环境快照的触发规则,生成网络靶场的环境快照。Recovery module 230: Used to restore the network target range at a historical moment based on the generated environment snapshot and re-execute the triggering rules of the environment snapshot to generate an environment snapshot of the network target range.
在本发明一实施例中,配置模块210中的配置网络靶场的环境快照触发规则包括:In one embodiment of the present invention, the environment snapshot triggering rules for configuring the network target range in the configuration module 210 include:
配置环境快照的触发方式;Configure how to trigger environment snapshots;
选定适用的数据来源;Select an appropriate data source;
选择对应数据来源的数据字段和关联规则;Select the data fields and association rules corresponding to the data source;
匹配数据采集方式;Matching data collection methods;
制定规则触发后环境快照涉及的范围。Define the scope of the environment snapshot triggered by the rules.
在本发明一实施例中,环境快照的触发方式包括:In one embodiment of the present invention, the triggering method for environment snapshots includes:
时间触发方式和事件触发方式。Time-triggered methods and event-triggered methods.
在本发明一实施例中,数据来源包括:In one embodiment of the present invention, the data sources include:
来自网络靶场测试环境的数据和来自网络靶场自身的数据;Data from the network range testing environment and data from the network range itself;
网络靶场测试环境的数据包括:测试环境配置数据、测试任务描述数据、申请调配所需的资源数据和测试环境中构成主体数据;The data for the network range testing environment includes: testing environment configuration data, testing task description data, resource data required for allocation, and main data constituting the testing environment.
网络靶场自身的数据:测试环境的管理数据、资源监控数据、资源调度数据和数据采集分析过程产生的数据。The network range's own data includes: management data of the testing environment, resource monitoring data, resource scheduling data, and data generated during the data collection and analysis process.
在本发明一实施例中,匹配数据采集方式包括:In one embodiment of the present invention, the matching data acquisition method includes:
对于来自网络靶场测试环境的数据采用采用部署agent客户端采集后外发或syslog外发或snmp协议外发的方式进行采集;Data from the network range testing environment is collected by deploying an agent client and then sending it out, or by sending it out via syslog or SNMP protocol.
对于来自网络靶场自身的数据采用触发器或脚本或文件监控方式进行采集。Data from the network target range itself is collected using triggers, scripts, or file monitoring methods.
在本发明一实施例中,生成模块220中的生成的网络靶场的环境快照包括内部环境快照和外部环境快照:In one embodiment of the present invention, the generated network target environment snapshot in the generation module 220 includes an internal environment snapshot and an external environment snapshot:
内部环境快照的生成方式如下:对虚拟机采用进行增量存储;对虚拟程序运行的容器采用全量存储,并保存当前的容器配置脚本;对专用或通用的环境生成单元,采用全量快照的方式或根据生成单元的配置脚本,并记录运行时间及配置,生成内部环境快照;The internal environment snapshot is generated as follows: incremental storage is used for virtual machines; full storage is used for containers running virtual programs, and the current container configuration script is saved; for dedicated or general environment generation units, a full snapshot is used or the internal environment snapshot is generated based on the configuration script of the generation unit, and the running time and configuration are recorded.
外部环境快照的生成方式如下:对网络靶场测试环境的数据库、配置文件和采集的数据,采用备份归档的方式形成新的数据副本,生成外部环境快照。The external environment snapshot is generated as follows: the database, configuration files and collected data of the network range test environment are backed up and archived to form a new data copy, and an external environment snapshot is generated.
在本发明一实施例中,恢复模块230中的根据生成的环境快照还原历史时刻的网络靶场并重新执行环境快照的触发规则,生成网络靶场的环境快照包括:In one embodiment of the present invention, the restoration module 230 restores the network target range at a historical moment based on the generated environment snapshot and re-executes the triggering rules of the environment snapshot. Generating the environment snapshot of the network target range includes:
选定所需恢复的环境快照;Select the environment snapshot you want to restore;
根据环境配置分配资源,调用环境快照的配置文件和虚拟机镜像文件;构建所需的网络靶场,并加载网络靶场环境产生的数据文件;Allocate resources according to the environment configuration, call the configuration file of the environment snapshot and the virtual machine image file; build the required network range and load the data files generated by the network range environment;
基于还原后的网络靶场继续生成环境快照。Based on the restored network range, continue to generate environment snapshots.
本申请的实施例还提供能够实现上述实施例中的方法中全部步骤的一种电子设备的具体实施方式,参见图3,电子设备300具体包括如下内容:The embodiments of this application also provide a specific implementation of an electronic device capable of implementing all the steps in the methods described above. Referring to FIG3, the electronic device 300 specifically includes the following:
处理器310、存储器320、通信单元330和总线340;Processor 310, memory 320, communication unit 330 and bus 340;
其中,处理器310、存储器320、通信单元330通过总线340完成相互间的通信;通信单元330用于实现服务器端设备以及终端设备等相关设备之间的信息传输。The processor 310, memory 320, and communication unit 330 communicate with each other via bus 340; the communication unit 330 is used to realize information transmission between server-side devices and terminal devices and other related devices.
处理器310用于调用存储器320中的计算机程序,处理器执行计算机程序时实现上述实施例中的网络靶场环境快照的生成方法中的全部步骤。The processor 310 is used to call the computer program in the memory 320. When the processor executes the computer program, it implements all the steps in the method for generating a snapshot of the network target environment in the above embodiments.
本领域普通技术人员应理解:存储器可以是,但不限于,随机存取存储器(RandomAccess Memory,简称:RAM),只读存储器(Read Only Memory,简称:ROM),可编程只读存储器(Programmable Read-OnlyMemory,简称:PROM),可擦除只读存储器(ErasableProgrammable Read-Only Memory,简称:EPROM),电可擦除只读存储器(ElectricErasable Programmable Read-Only Memory,简称:EEPROM)等。其中,存储器用于存储程序,处理器在接收到执行指令后,执行程序。进一步地,上述存储器内的软件程序以及模块还可包括操作系统,其可包括各种用于管理系统任务(例如内存管理、存储设备控制、电源管理等)的软件组件和/或驱动,并可与各种硬件或软件组件相互通信,从而提供其他软件组件的运行环境。Those skilled in the art will understand that memory can be, but is not limited to, Random Access Memory (RAM), Read-Only Memory (ROM), Programmable Read-Only Memory (PROM), Erasable Programmable Read-Only Memory (EPROM), and Electrically Erasable Programmable Read-Only Memory (EEPROM). The memory stores programs, which are then executed by the processor upon receiving execution instructions. Furthermore, the software programs and modules within the memory may include an operating system, which may include various software components and/or drivers for managing system tasks (e.g., memory management, storage device control, power management), and can communicate with various hardware or software components to provide an operating environment for other software components.
处理器可以是一种集成电路芯片,具有信号的处理能力。上述的处理器可以是通用处理器,包括中央处理器(Central Processing Unit,简称:CPU)、网络处理器(NetworkProcessor,简称:NP)等。可以实现或者执行本申请实施例中的公开的各方法、步骤及逻辑框图。通用处理器可以是微处理器或者该处理器也可以是任何常规的处理器等。A processor can be an integrated circuit chip with signal processing capabilities. The aforementioned processor can be a general-purpose processor, including a Central Processing Unit (CPU), a Network Processor (NP), etc. It can implement or execute the methods, steps, and logic block diagrams disclosed in the embodiments of this application. The general-purpose processor can be a microprocessor or any conventional processor.
本申请还提供一种计算机可读存储介质,所述计算机可读存储介质包括程序,所述程序在被处理器执行时用于执行前述任一方法实施例提供的网络靶场环境快照的生成方法。This application also provides a computer-readable storage medium including a program, which, when executed by a processor, is used to perform the method for generating network range environment snapshots provided in any of the foregoing method embodiments.
本领域普通技术人员应理解:实现上述各方法实施例的全部或部分步骤可以通过程序指令相关的硬件来完成。前述的程序可以存储于一计算机可读取存储介质中。该程序在执行时,执行包括上述各方法实施例的步骤;而前述的存储介质包括:ROM、RAM、磁碟或者光盘等各种可以存储程序代码的介质,具体的介质类型本申请不做限制。Those skilled in the art will understand that all or part of the steps in the above-described method embodiments can be implemented by hardware related to program instructions. The aforementioned program can be stored in a computer-readable storage medium. When executed, the program performs the steps of the above-described method embodiments; and the aforementioned storage medium includes various media capable of storing program code, such as ROM, RAM, magnetic disks, or optical disks, and this application does not limit the specific type of media.
以上所述,仅为本发明较佳的具体实施方式,但本发明的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本发明揭露的技术范围内,可轻易想到的变化或替换,都应涵盖在本发明的保护范围之内。因此,本发明的保护范围应该以权利要求书的保护范围为准。The above description is merely a preferred embodiment of the present invention, but the scope of protection of the present invention is not limited thereto. Any variations or substitutions that can be easily conceived by those skilled in the art within the scope of the technology disclosed in the present invention should be included within the scope of protection of the present invention. Therefore, the scope of protection of the present invention should be determined by the scope of the claims.
Claims (9)
Publications (2)
| Publication Number | Publication Date |
|---|---|
| HK40107003A true HK40107003A (en) | 2024-10-04 |
| HK40107003B HK40107003B (en) | 2025-01-10 |
Family
ID=
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP4570312B2 (en) | Method and apparatus for providing volume snapshot dependency in a computer system | |
| CN109597677B (en) | Method and apparatus for processing information | |
| US9038031B2 (en) | Partial recording of a computer program execution for replay | |
| US9665386B2 (en) | Method for leveraging hypervisor functionality for maintaining application consistent snapshots in a virtualization environment | |
| WO2017049828A1 (en) | Method, device and system for data processing based on linux | |
| CN110413432B (en) | Information processing method, electronic equipment and storage medium | |
| CN113656149B (en) | Application processing method and device and related equipment | |
| US8539434B2 (en) | Method for the management, logging or replay of the execution of an application process | |
| CN113672350B (en) | Application processing method and device and related equipment | |
| US11210206B1 (en) | Spoofing stateful dependencies during software testing | |
| US9727394B2 (en) | Establishing causality order of computer trace records | |
| CN113609075B (en) | Method, system, storage medium and equipment for creating snapshot | |
| EP1839153B1 (en) | Non- intrusive method for replaying internal events in an application process, and system implementing this method | |
| US9805038B2 (en) | Efficient conflict resolution among stateless processes | |
| US11567857B1 (en) | Bypassing generation of non-repeatable parameters during software testing | |
| US20250370709A1 (en) | Merging and visualizing observability data sets | |
| CN103853632A (en) | Snapshot method, service node, master control node and system | |
| US11360880B1 (en) | Consistent replay of stateful requests during software testing | |
| CN117170916B (en) | Fault analysis method, device, equipment and storage medium | |
| HK40107003A (en) | A method, an apparatus, a device and a storage medium for generating environment snapshots of a networked range | |
| HK40107003B (en) | A method, an apparatus, a device and a storage medium for generating environment snapshots of a networked range | |
| CN117459401B (en) | Method, device, equipment and storage medium for generating network target range environment snapshot | |
| CN116578446B (en) | Virtual machine backup method, device, system, electronic equipment and storage medium | |
| US12423194B2 (en) | Disaster recovery for private-network data backup and recovery systems | |
| JP2007265137A (en) | Multi-task processing method and multi-task processing apparatus |