| With the rapid development of Internet applications and related businesses,network equipment has been widely popularized,and the proportion of Internet users using personal computers to surf the Internet in my country has increased year by year,causing many organizations and individuals to face security threats from various malicious applications.Malicious application testing refers to analyzing the network traffic characteristics of malicious applications by running them.Carrying out automated testing of malicious applications will help provide important support for research on such applications,thereby more effectively maintaining network security and national security.There are various types of malicious applications running on the PC side,and the operating platforms are complex,requiring a lot of manpower and real networks to test and analyze in a timely manner.In order to solve the above problems,this paper designs and implements an automated testing system for malicious applications on the PC side,and runs malicious applications in a large-scale,automated,and parallel manner to improve testing efficiency.According to different operating platforms,malicious applications are roughly divided into the following categories:client applications of Windows,Linux and MacOS systems,and extension applications of Chrome,Firefox,Edge,and Opera browsers.This paper builds and manages virtual machine clusters of three operating systems.Browsers are installed in the virtual machines to provide an operating environment for malicious applications.The system runs malicious applications through automated scripts.This thesis develops web services,which are responsible for managing virtual machine clusters,applications,and scripts,and monitoring the entire process of automatic task delivery,scheduling,deployment,and operation.This paper optimizes the application element inspection process and control interface design in the process of automatic script writing,which greatly reduces the time required for staff to write scripts.During the automatic operation of the application,the system captures the background traffic and then analyzes it.The content of the analysis is to obtain the destination IP address in the data packet and judge the credibility of the SNI(Server Name Indication)domain name.The system is designed based on the B/S architecture with front-end and back-end separation,and adopts a multi-level MVC software architecture model.The front end is developed with Vue.js,the server is developed with Flask and MongoDB,Qemu/KVM is used to provide technical support for virtualization and libvirt manages the virtual machine.According to different operating platforms of malicious applications,the system encapsulates different automation technologies and provides a unified control interface.The system uses Ansible to deploy automated tasks,and uses Scapy to capture and analyze background traffic in the virtual machine.The main work of this paper includes virtual machine cluster management,malicious application and automated task management,scripting process optimization,traffic analysis,etc.Through this system,users can scale,parallelize,and automate malicious applications in virtual machine clusters,and Perform traffic analysis.The system will greatly facilitate the automated testing of applications and provide strong support to technicians.The system has good scalability,which is convenient for technicians to expand the number of virtual machines,add new malicious applications and automated scripts for more tests. |
PDF Full Text Request