Network security competition has become an important way to discover, train and select network security talents, improve the level of network security teachers, and promote the exchange of network security talents. At the same time, as an important means of industry communication and information security awareness dissemination, the significance of competition in guiding the establishment of a healthy industry culture and enhancing the social awareness of the industry should not be underestimated.

At present, domestic network security events can be roughly divided into comprehensive and thematic categories. The comprehensive category mainly includes all kinds of CTF events (capture the flag), including AWD (attack with defense), real network attack and defense and other events. Thematic events, such as forensics, cracking and other events, carry out thematic competitions in subdivision fields. From the perspective of competition form, it can be divided into online, offline and online offline combination. At present, most of the competitions are mainly online CTF, while the finals are often offline.

In view of the reference value of accurately understanding the level of various events for talent introduction, industry exchange and other work, NIS Research Institute combed, considered and analyzed the relatively influential domestic security events, and obtained the 2018 domestic network security event ranking for the industry and public reference.

Top 10 technical level

Among the domestic competitions, geekpwn great competition, xctf, wctf, strong tennis cup and tctf are among the highest technical level competitions in China. Geekpwn has attracted the world's top hackers and network security teams to participate in the great competition, ranking first in terms of technical level. Xctf has attracted a number of top 10 network security teams to participate in the competition, promoting the continuous improvement of the technical level of the competition. Wctf world hacking masters has attracted the world's top hackers to participate in the competition, and the level of the competition is at the forefront of all domestic competitions. The strong net cup has attracted many strong teams, such as sixstars, 0ops, AAA, EEE, nu1l, p4ssw0rd, who are active in the international arena all the year round, to participate actively, and their technical level is also in the first echelon of domestic competitions.

Top 10 event popularity

Xctf is the first network security League brand launched in China. It holds many sub events every year, and has become the most influential network security attack and defense event in Asia. Under the overall coordination and guidance of the central network information office, the strong network cup network security challenge attracted the active participation of relevant personnel from colleges and universities, enterprises and other relevant personnel, with unprecedented publicity.

Top 10 awards

There is no doubt that geekpwn is the best competition in China, with a pool of 5 million yuan and a single event of 800000 yuan. Since its inception, wctf has been famous for creating the CTF event with the highest prize. According to Zheng Wenbin, team leader of 360 Vulcan, wctf continued to lead the global CTF in 2017 with a $100000 bonus. In addition, hackpwn provides a bonus of up to 50000 US dollars, and strong tennis cup, tctf, xpwn and other events also provide high bonus incentives.

Top 10 event scale

Xctf is the largest network security competition in China. Because of the league form and the sub station competition held in Shanghai, Hangzhou, Chengdu and other places, the scale of the competition is undoubtedly the largest in the domestic competition at present. The strong network cup invites all key information infrastructure units, universities and enterprises to participate widely, and the scale of the competition is far larger than other similar competitions. After years of continuous development, ISCC (information security and confrontation technology competition) has become one of the largest competitions in China.

Top 30 comprehensive ranking of cyber security events

Xctf is currently the No. 1 domestic cyber security event in terms of competition organization, technical level, award strength, competition scale, brand influence, etc. Secondly, under the guidance of the Network Security Coordination Bureau of the central network information office, the "strong network Cup" hosted by the University of information engineering has also received extensive attention due to its large scale, high technical level and good event organization, ranking the second in China in terms of comprehensive ranking. In addition, the wctf world hacking masters, sponsored by 360, a domestic security manufacturer and hosted by 360 Vulcan, a world-renowned security team, has become one of the top cyber security events in China by attracting the world's top talents with its high bonus and successful operation. Under the guidance of the Ministry of industry and information technology, many ISG information security skills competitions have been held under the guidance of the Ministry of industry and information technology. With its influence and extensive cooperation over many years, many domestic high-level players have been attracted to participate in the competitions and become one of the top network security competitions in China. The tctf (Tencent capture the flag), initiated by Tencent security and sponsored by Tencent security joint laboratory and co organized by the 0ops security team and Beijing University of Posts and telecommunications, is the only international professional event in mainland China that has the qualification of Defcon (the world's top hacker competition) foreign card competition. The champion of the event is directly promoted to Defcon, so it has become a high-level event with great influence in China.

In addition to the above events, the x-nuca sponsored by the Institute of information technology of the Chinese Academy of Sciences, the ISCC sponsored by the Chinese society of ordnance industry, the equal protection assessment verification and attack and defense competition organized by the Ministry of public security, and the network security skills competition sponsored by governments and enterprises in Guiyang big data security competition, "Huxiang Cup", the national electronic data forensics competition, etc. have attracted widespread attention.

Conclusions and suggestions

Generally speaking, the domestic network security events are in a booming state, and the level of events continues to rise, but the relevant experience needs to be further accumulated. To be sure, the role of network security events in training and selecting network security talents, disseminating information security awareness and enhancing industry exchanges has been confirmed by industry practice. With the increasingly severe situation of network security, the growing talent gap and people's full understanding of the value of network security events, it is expected that the market demand for network security events will still increase significantly, and how to regulate network security events to make it legal, standardized and orderly development is also pushed to the front stage. In this context, on June 5 this year, the office of the central network security and Information Technology Commission and the Ministry of Public Security jointly issued the notice on regulating and promoting network security competition activities, which put forward a number of requirements for network security competition activities, and put forward a ban on the government departments' competition activities, so as to promote the development of network security competition norms.

For the future development of network security events, NIS Research Institute has four suggestions:

1. In order to prevent the disordered development of the network security competition, such as over commercialization, single competition system, and profit-seeking of players, we should strengthen the competition supervision by establishing the national, provincial and municipal network security competition reporting and management system, so that it can be carried out under the rules of legal compliance, fairness and transparency.

2. In terms of events, we should go to Wuhu to save the essence, resolutely ban the events with poor organization and low technical content, and at the same time, we should praise and encourage the high-level events, establish positive models, effectively guide the healthy development of network security competitions, so as to meet the needs of national network security construction.

3. We should emphasize the significance of talent cultivation and selection in network security competition, attract and select talents through various measures before, during and after the competition, so as to retain talents for our use.

4. At present, the selection direction of the competition is mainly the application-oriented talents. The exploration of key basic technical talents is insufficient. How to explore the core talents with key basic technology needs the active attempt and continuous innovation of the insiders.

Explain

The results of this ranking are based on public information, and calculated by different weights according to organization, scale, brand, reward, history, technology and other indicators. Ranking is the comprehensive level of an event under the above indicators. The ranking results are only for the reference of relevant industry personnel in the event evaluation, and do not constitute direct decision-making suggestions.

The events involved in this report are mainly the events held in 2017 disclosed by the public media, and the unpublished network security events and the first events held in 2018 are not included in the evaluation scope.

The event evaluation indicators involved in this report mainly include the following (sub indicators are omitted):

index

weight

technology

high

organization

in

scale

low

brand

in

reward

low

History

low