Design And Implementation Of Red And Blue Attack And Defense Drilling Platform Based On Chaos Engineering

With the development of Internet technology,the financial field has begun to become Internet-based^[1].Finance is an industry closely related to capital exchanges.Therefore,in the process of financial Internetization,it faces many capital security issues.At the same time,with the rapid increase in the number of users,the number of systems is increasing,and the complexity is getting higher and higher,and the calling relationship between systems is becoming more and more complicated.The failure of a link may cause a series of avalanche problems^[2].Therefore,the stability construction of the system needs to be dealt with urgently.Based on the above-mentioned status quo,building a drill system based on chaos engineering theory has gradually become a mainstream solution^[3].The core theory of chaos engineering is dedicated to identifying as many risks as possible before the abnormal behavior of the system is triggered.Then,strengthen and prevent it in a targeted manner,so as to avoid the serious consequences caused by the failure.The red and blue offensive and defensive drill system developed based on this theory simulates various failure scenarios to attack the business system by simulating traffic and other methods^[4],early detection of potential risks in the system and solving them,and ultimately improving the stability of the system,To ensure the safety of user funds.During the project development process,the author participated in the demand analysis,outline design,detailed design and implementation,and testing of the red and blue offensive and defensive exercise system.In the needs analysis stage,through investigation and research to understand the user's demands for the system,three problems were sorted out:the unstandardized drill process,the high risk of online drill,and the imperfect follow-up operation mechanism.Based on this,the overall goal of the project was established,and the platform was divided into program modules,task modules,fault modules,and risk management according to user needs,and system use case diagrams of related modules were drawn.The plan module is used to standardize the exercise process,the task module is used to reduce the risk of the exercise,and the risk module is used to improve the operation mechanism.In the outline design,the author designed the overall architecture of the platform,and drew the platform architecture diagram,functional module diagram,and database ER diagram.In the detailed design stage,the author designed and developed the various modules of the platform based on the Java language,using the microservice architecture,using Thrift as the communication framework,My SQL as the underlying storage,Redis as the cache database,and Kafka as the publish-subscribe messaging system.Regarding the program module,through the integration of resources such as the fault-dependent platform,monitoring and alarm platform,and stress testing platform,the standardized exercise program has solved the problem of irregular exercise procedures and reduced the cost of repeated design exercise programs in the business.For task modules,the platform uses the Gravity process engine to design a set of standardized exercise procedures.Users only need to configure key information to start the exercise.The process engine is responsible for standardizing various steps and configuration indicators for different types of exercises,and is responsible for real-time monitoring of exercise tasks.Real-time monitoring of the stability of the exercise process system,ensuring the safety of online exercises,and achieving the goal of controllable risks in the exercise process^[5].For the risk module,a set of drill rules and risk indicators are defined,and the goal of automatically discovering risks is achieved by collecting relevant data indicators and event change history of various business systems.At present,the system has completed the design and development,testing,and online work of the program,task,failure,and risk modules.The system provides three types of drills:failure,personnel,and restart.After the platform went online,it brought great convenience to the business side.The platform standardized the entire exercise process,guaranteed the safety of the online exercise in real time,and made the risk controllable during the exercise.At the same time,the perfect drill operation capability after the drill helps the business solve various problems in the fault drill process,improves drill safety,and reduces drill costs.At present,normalized drills have been realized,and daily drills are carried out regularly through timed tasks.