Research And Implementation Of Automatic Construction Technology For Test Environment Of Complex And Secure Network Information System

With the digital development of society,the network information resources involved in people's life and work are becoming more and more important and sensitive.The network information systems carrying these resources are facing increasingly severe security threats.At the same time,a large number of security risks in the cyberspace are prompting operators to add security equipment to the system,but it is difficult to judge whether the security equipment improves the security defense capability.This dilemma drives the theory and method of network information system security defense capability evaluation development of.However,the test environment that plays an important role in the assessment of security defense capabilities lacks appropriate construction techniques.The existing technologies still have problems such as complicated physical resource network configuration,poor simulation accuracy of virtual resources,and low efficiency in the construction of complex topologies,which cannot meet the increasingly complex network information system security defense capability testing requirements.In order to solve the above-mentioned problems,with the purpose of automatically constructing a test environment with high simulation accuracy,this thesis comprehensively uses virtual and hardware equipment resources as the basic building blocks of the test environment,and studies the technologies related to the automatic construction for test environment of complex network information system with security defense ability,such as virtualization,interconnecting virtual resources and physical resources,and softwaredefined networking,and then designs the virtual and physical resource interconnection scheme,test environment construction schemes were implemented,and finally the test environment was automatically deployed to form the ability to automatically build a highfidelity test environment to meet the requirements of complex network security system security defense capability testing.The main work descriptions are as follows:(1)This thesis designs a virtual and physical resource interconnection scheme First,a resource organization scheme is proposed to organize virtual and physical resources as the basic module of the test environment construction.Second,the virtual and hardware equipment resources interconnection scheme for the physical resource access virtual resource test environment is mainly designed,which solves the problem that some hardware security devices have poor virtualization effects or cannot be virtualized.At the same time,this scheme adds network programmability to hardware security devices,which improves the network configuration efficiency of hardware security devices when building a test environment.The virtual and physical resource interconnection scheme makes use of the advantages of high efficiency and convenience of virtual resources,and at the same time makes use of the features of hardware security equipment with professional features and high reproducibility to achieve the purpose of ensuring that the test environment being constructed has high realism.(2)This thesis designs the test environment construction scheme.First,the network and nodes in the network information system are defined respectively in the scenario of testing security defense capabilities,and the network and nodes are meticulously characterized.Second,this thesis uses virtualization technology and SDN technology to realize the mapping of network and node,and solves the problem of low reproduction accuracy of virtual resource construction test environment.Finally,by using the programmability of network and node mapping schemes in network and node configuration,the network and nodes can be automatically mapped to solve the problem of low construction efficiency caused by complicated configuration of complex test environments.(3)This thesis designs and implements a test environment automated deployment system.First,use XML to describe the network topology,specifically design the network and node description schemes,and use the network topology file described in XML as the system input.Second,design the multi-layers of the automated deployment system.At the same time,the virtual and physical resource interconnection scheme,the network and node mapping scheme are streamlined to form an automated test system deployment system.Finally,this thesis uses the automated deployment system to build an example network information system topology test environment to verify its functions.