Unlock instant, AI-driven research and patent intelligence for your innovation.

A method and system for generating pkg decoy files

A file generation and file technology, applied in the field of red-blue confrontation exercises, to achieve the effect of simple production and consistency

Active Publication Date: 2022-07-08
杭州默安科技有限公司
View PDF9 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] Currently, in the global desktop operating system market share data, Windows accounts for 77.26%, and Mac OS accounts for 17.69%. Therefore, the current decoy files are all based on Windows, but 80% of most network security practitioners use Mac OS Operating system, however, there is currently no decoy file about the Mac OS operating system, which is used to capture attacker information in the Mac OS system and accurately locate individuals

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method and system for generating pkg decoy files
  • A method and system for generating pkg decoy files

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0040] like figure 1 As shown, a method for generating a PKG decoy file includes the following steps: decompressing an installation package configuration file to obtain a to-be-simulated file, a program compressed original file and an original script file. When making a decoy file, the decoy file needs to have both The high similarity of the real installation package configuration files is used to confuse the attacker, and it is necessary to make the decoy file capture the attacker when it is attacked by the attacker, so as to inform the staff through the captured information that there is an attacker intrusion and make a Intrusion alert prompt.

[0041] Among them, to improve the high similarity between the decoy file and the configuration file of the installation package, it is necessary to build a file template framework of the decoy file, which specifically includes the following steps: obtaining several configuration files of the installation package, and decompressing ea...

Embodiment 2

[0057] A PKG decoy file generation system, comprising: a first acquisition module for decompressing an installation package configuration file to obtain a to-be-simulated file, a program compressed original file and a script original file, and for decompressing the program compressed original file , to obtain the decompressed file and create a decoy file, the decoy file needs to have a high similarity with the real installation package configuration file to confuse the attacker, and the decoy file needs to be attacked by the attacker. Capture, so as to inform the staff that there is an attacker intrusion through the capture information, and make an intrusion alarm prompt.

[0058] Among them, to improve the high similarity between the decoy file and the configuration file of the installation package, it is necessary to construct the file template framework of the decoy file. Therefore, the building module constructs the file template framework of the decoy file, and the file te...

Embodiment 3

[0069] A computer-readable storage medium, where a computer program is stored in the computer-readable storage medium, and when the computer program is executed by a processor, the method for generating a PKG decoy file described in Embodiment 1 is implemented.

[0070] More specific examples of computer readable storage media may include, but are not limited to, electrical connections with one or more wire segments, portable computer disks, hard disks, random access memory (RAM), read only memory (ROM), erasable Programmable read only memory (EPROM or flash memory), optical fiber, portable compact disk read only memory (CD-ROM), optical storage devices, magnetic storage devices, or any suitable combination of the above.

[0071] In this application, a computer-readable storage medium can be any tangible medium that contains or stores a program that can be used by or in conjunction with an instruction execution system, apparatus, or device. In this application, however, a comp...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a method and system for generating a PKG decoy file in the technical field of network security red-blue confrontation exercise, comprising the following steps: obtaining a file to be simulated, a program compression original file and a script original file from an installation package configuration file; obtaining program compression Decompress the original file, and insert the binary capture file, compress the decompressed file and the binary capture file to obtain the program compression modified file; generate the trapping script, insert the trapping script into the original script file, and obtain the script modification file; build the decoy file file Template framework, wherein the file template framework includes a basic template framework and a core template framework; copy the files to be simulated into the basic template framework, and at the same time copy the program compression modification files and script modification files into the core template framework to obtain a decoy file with simulation The advantage of high performance breaks through the bottleneck of inability to obtain attacker information in the existing Mac OS system.

Description

technical field [0001] The invention relates to the technical field of red-blue confrontation exercises of network security, in particular to a method and system for generating a PKG decoy file. Background technique [0002] The concept of red-blue confrontation originated from the American exercises in the 1960s. The exercise refers to the large-scale actual military exercises conducted by the army. The exercises are usually divided into the red army and the blue army. The blue army usually refers to the simulated confrontation exercise in the army. The troops that play the role of the imaginary enemy and the Red Army, that is, our frontal troops, conduct targeted training. This method is also called RedTeaming, and the concept of network security red-blue confrontation is derived from this. [0003] Mac OS is a Unix-based graphical operating system developed by Apple manufacturers, and the Mac OS system and the widows system are not interoperable, because the bottom layer ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F16/16G06F21/55
CPCG06F16/16G06F21/55
Inventor 王嘉雄周辉陈磊
Owner 杭州默安科技有限公司