Eureka AIR delivers breakthrough ideas for toughest innovation challenges, trusted by R&D personnel around the world.

PKG bait file generation method and system

A file generation and file technology, applied in the field of red-blue confrontation exercises, to achieve the effect of achieving consistency and simple production

Active Publication Date: 2022-04-29
杭州默安科技有限公司
View PDF9 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] Currently, in the global desktop operating system market share data, Windows accounts for 77.26%, and Mac OS accounts for 17.69%. Therefore, the current decoy files are all based on Windows, but 80% of most network security practitioners use Mac OS Operating system, however, there is currently no decoy file about the Mac OS operating system, which is used to capture attacker information in the Mac OS system and accurately locate individuals

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • PKG bait file generation method and system
  • PKG bait file generation method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0040] Such as figure 1 As shown, a method for generating a PKG decoy file includes the following steps: decompressing the configuration file of the installation package to obtain the file to be emulated, the original compressed program file and the original script file. When making the decoy file, it is necessary to make the decoy file have both the The high similarity of the real installation package configuration file is used to confuse the attacker, and it is necessary to make the decoy file capture the attacker when it is attacked by the attacker, so as to inform the staff through the captured information that there is an attacker intrusion, and make a Intrusion alert prompt.

[0041] Among them, to improve the high similarity between the decoy file and the installation package configuration file, it is necessary to construct the file template framework of the decoy file. Specifically, it includes the following steps: obtain several installation package configuration file...

Embodiment 2

[0057] A PKG decoy file generation system, including: a first acquisition module, used to decompress the configuration file of the installation package to obtain the file to be simulated, the original file of the program compression and the original file of the script, and also used to decompress the original file of the program compression , to get the decompressed file, when making the decoy file, it is necessary to make the decoy file not only have a high similarity with the real installation package configuration file to confuse the attacker, but also need to make the decoy file be attacked by the attacker. Capture, so as to inform the staff through the capture information that there is an attacker intrusion, and make an intrusion alarm prompt.

[0058] Among them, to improve the high similarity between the decoy file and the configuration file of the installation package, it is necessary to construct the file template framework of the decoy file. Therefore, the constructio...

Embodiment 3

[0069] A computer-readable storage medium stores a computer program, and when the computer program is executed by a processor, the method for generating a PKG decoy file described in Embodiment 1 is realized.

[0070] More specific examples of computer-readable storage media may include, but are not limited to, electrical connections with one or more wire segments, portable computer diskettes, hard disks, random access memory (RAM), read-only memory (ROM), erasable Programmable read-only memory (EPROM or flash memory), optical fiber, portable compact disk read-only memory (CD-ROM), optical storage device, magnetic storage device, or any suitable combination of the above.

[0071] In the present application, a computer-readable storage medium may be any tangible medium that contains or stores a program that can be used by or in conjunction with an instruction execution system, apparatus, or device. In this application, however, a computer-readable signal medium may include a da...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a PKG bait file generation method and system in the technical field of red and blue adversarial exercise of network security. The method comprises the following steps: acquiring a to-be-simulated file, a program compression original file and a script original file from an installation package configuration file; obtaining a decompressed file of the program compressed original file, inserting the binary capture file, and compressing the decompressed file and the binary capture file to obtain a program compressed modified file; generating a trapping script, and inserting the trapping script into the script original file to obtain a script modification file; constructing a file template frame of the bait file, wherein the file template frame comprises a basic template frame and a core template frame; according to the method, the to-be-simulated file is copied into the basic template framework, meanwhile, the program compression modification file and the script modification file are copied into the core template framework, the bait file is obtained, the method has the advantage of being high in simulation performance, and the bottleneck that attacker information cannot be obtained in an existing Mac OS system is broken through.

Description

technical field [0001] The invention relates to the technical field of red-blue confrontation exercises for network security, in particular to a method and system for generating a PKG decoy file. Background technique [0002] The concept of red-blue confrontation originated from the American exercise in the 1960s. The exercise refers to the large-scale actual military exercise conducted by the army. The exercise is usually divided into the red army and the blue army. The blue army usually refers to the simulated confrontation exercise in the army. Troops that specialize in acting as imaginary enemies conduct targeted training with the Red Army, which represents our frontal forces. This method is also called RedTeaming, and the concept of cybersecurity red-blue confrontation comes from this. [0003] Mac OS is a unix-based graphical operating system developed by Apple, and the Mac OS system and the widows system are not interoperable, because the bottom layer of windows is th...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F16/16G06F21/55
CPCG06F16/16G06F21/55
Inventor 王嘉雄周辉陈磊
Owner 杭州默安科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com