面向天地一体化信息网络的恶意用户行为仿真技术
|
摘要
网络仿真是验证天地一体化信息网络安全技术有效性与可靠性的重要手段.面向天地一体化信息网络中各种恶意用户行为,研究了基于云平台的高逼真、高并发恶意用户行为仿真技术,重点探讨了基于真实流量回放的宽带、窄带恶意用户行为仿真技术,基于真实时序驱动的双向流量回放技术及分布式多节点协同运控的高并发流量生成技术.构建了具有6颗骨干卫星、66颗低轨卫星的天地一体化网络仿真场景,对论文所提出的恶意用户行为仿真技术进行了实验验证表明:该仿真技术可实现多样化的恶意用户行为仿真,且仿真并发量达10000条/秒,可有效满足天地一体化信息网络安全评测的需求;此外,本文所提的双向恶意流量回放技术与传统方法相比,具有时序高逼真的优势.
Network emulation is an important method to verify the effectiveness and reliability of the space-ground integrated information network security technology. Facing various malicious user behaviors in the space-ground integrated information network,this paper studies the high fidelity and high concurrency malicious user behavior emulation technology based on cloud platform,and focuses on the broadband malicious user behavior and narrow-band malicious user behavior emulation technology based on real traffic replay,including two-way traffic replay technology driven by real time series and high concurrent traffic generation technology implemented by distributed multi-node cooperative operation and control. The emulation system of the space-ground integrated network with six space-based backbone satellites and 66 low-orbit satellite constellations is constructed. The experimental verification of the malicious user behavior emulation technology proposed in the paper shows that the emulation technology can realize the diversification of malicious user behaviors emulation,and the emulation concurrency amount is up to 10000 strips per second,which can effectively meet the requirements of the security evaluation of the space-ground integrated information netw ork. In addition,the proposed two-way malicious traffic replay technology in this paper has the advantage of high fidelity in time series compared with traditional methods.
Network emulation is an important method to verify the effectiveness and reliability of the space-ground integrated information network security technology. Facing various malicious user behaviors in the space-ground integrated information network,this paper studies the high fidelity and high concurrency malicious user behavior emulation technology based on cloud platform,and focuses on the broadband malicious user behavior and narrow-band malicious user behavior emulation technology based on real traffic replay,including two-way traffic replay technology driven by real time series and high concurrent traffic generation technology implemented by distributed multi-node cooperative operation and control. The emulation system of the space-ground integrated network with six space-based backbone satellites and 66 low-orbit satellite constellations is constructed. The experimental verification of the malicious user behavior emulation technology proposed in the paper shows that the emulation technology can realize the diversification of malicious user behaviors emulation,and the emulation concurrency amount is up to 10000 strips per second,which can effectively meet the requirements of the security evaluation of the space-ground integrated information netw ork. In addition,the proposed two-way malicious traffic replay technology in this paper has the advantage of high fidelity in time series compared with traditional methods.
引文
[1]Zhang Nai-tong,Zhao Kang-lian,Liu Gong-liang.Thought on constructing the integrated space-terrestrial information netw ork[J].Journal of China Academy of Elecronics and Information Technology,2015,10(3):223-230.
[2]Li Feng-hua,Yin Li-hua,Wu Wei,et al.Research status and development trends of security assurance for space-ground integration information netw ork[J].Journal on Communications(J Communs),2016,37(11):156-168.
[3]Jin Yu,Wang Fan,Zhao Hong-wu,et al.Survey onttrust mechanisms in the environment of cloud computing[J].Journal of Chinese M ini-M icro Computer Systems,2016,37(1):1-11.
[4]Liu Yuan,Zhang Hao,Ye Hai-yang,et al.Research on satellite link emulation for space-ground integration information netw ork[J].Journal on Communications(J Communs),2018,39(4):56-67.
[5]Yi Z,Du X,Liao Y,et al.A quality-of-service-aware dynamic evolution model for space-ground integrated netw ork[J].International Journal of Distributed Sensor Netw orks,2017,13(8):1-14.
[6]Zhang Guang-jie,Ye Hai-yang,Wang Xiao-feng.Emulation of satellite terminal user behavior based on multi-scale virtualization[J/OL].Computer Engineering,doi:http://doi.org/10.19678/j.issn.1000-3428.0051757.
[7]Linawati,Mehrpour H.Self-similar traffic generator:comparison betw een RM D and SRA methods[C]//High Speed Netw orks and M ultimedia Communications,International Conference on.IEEEXplore,2002:37-41.
[8]Kumar V N,Nath K.Traffic generator with enhanced burst modeling feature[P]:US8433784.2013.
[9]Hong S S,Wong F,Wu S F,et al.TCPtransform:property-oriented TCP traffic transformation[C]//Detection of Intrusions and Malware,and Vulnerability Assessment,Second International Conference,DIM-VA 2005,Vienna,Austria,Proceedings,DBLP,2005:222-240.
[10]Zhao Ying,Han Chun-hao.Application and research of Markov model in netw ork traffic classification[J].Computer Engineering and Applications Comput Eng Appl,2018,44(5):291-295.
[11]Yan Wei-bo,Cai Zhong-yu,Guan Xiao-hong,et al.A new method for interactive TCP traffic replay based on balance-checking betw een transmitted and received packets[J].Chinese Journal of Computers,2009,32(4):835-846.
[12]Lin Xiu.Design of general architecture for online drainage and pressure measurement based on TCPCopy[J].Telecommunications Technology(Tele Commun Technol),2014,1(11):30-33.
[13]Yun Xiao-chun,Hao Zhi-yu,Li Lun,et al.Traffic playback method and system for virtual netw ork[P].Beijing:CN103326900A,2013-09-25.
[14]Hussain A,Pradkin Y,Heidemann J.Replay of malicious traffic in netw ork testbeds[C]//IEEE International Conference on Technologies for Homeland Security,2013:322-327.
[15]Ouyang Feng,Liu Qiang,Zhang Fan.The application of cyber effects model based on OPNET[J].Journal of Netw ork New M edia,2016,5(4):52-58.
[16]Lin Si-ming,Cheng Xue-qi,Ma Ming.Analysis and implementation of modeling environment for netw ork security research[J].Journal of System Simulation,2006,18(5):1233-1238.
[17]Niu Wei-na,Zhang Xiao-song,Yang Guo-wu,et al.Modeling and analysis of botnet w ith heterogeneous infection rate[J].Computer Science,2018,45(7):135-138,153.
[18]Li Kun-lun,Dong Ning,Guan Li-wei,et al.Dos attack detection algorithm of the improved kohonen netw ork[J].Journal of Chinese Computer Systems,2017,38(3):450-454.
[19]Wu Hao.Design and implementation of traffic replay system[D].Harbin:Harbin Institute of Technology,2017.
[1]张乃通,赵康僆,刘功亮.对建设我国“天地一体化信息网络”的思考[J].中国电子科学研究院学报,2015,10(3):223-230.
[2]李凤华,殷丽华,吴巍,等.天地一体化信息网络安全保障技术研究进展及发展趋势[J].通信学报,2016,37(11):156-168.
[3]金瑜,王凡,赵红武,等.云计算环境下信任机制综述[J].小型微型计算机系统,2016,37(1):1-11.
[4]刘渊,张浩,叶海洋,等.面向天地一体化信息网络的卫星链路仿真研究[J].通信学报,2018,39(4):56-67.
[6]张光杰,叶海洋,王晓锋.基于多尺度虚拟化的卫星终端用户行为仿真[J/OL].计算机工程,doi:http://doi. org/10. 19678/j.issn. 1000-3428. 0051757.
[10]赵英,韩春昊.马尔科夫模型在网络流量分类中的应用与研究[J].计算机工程,2018,44(5):291-295.
[11]褚伟波,蔡忠闽,管晓宏,等.基于收发平衡判定的TCP流量回放方法[J].计算机学报,2009,32(4):835-846.
[12]林秀.基于TCPCopy的在线引流压测通用架构设计[J].电信技术,2014,1(11):30-33.
[13]云晓春,郝志宇,李伦,等.一种面向虚拟网络的流量回放方法及系统[P].北京:CN103326900A,2013-09-25.
[15]欧阳峰,刘强,张帆. OPNET Cyber Effects网络攻击模型应用[J].网络新媒体技术,2016,5(4):52-58.
[16]林思明,程学旗,马铭.网络安全研究中的建模环境分析与实现[J].系统仿真学报,2006,18(5):1233-1238.
[17]牛伟纳,张小松,杨国武,等.具有异构感染率的僵尸网络建模与分析[J].计算机科学,2018,45(7):135-138,153.
[18]李昆仑,董宁,关立伟,等.一种改进Kohonen网络的DoS攻击检测算法[J].小型微型计算机系统,2017,38(3):450-454.
[19]吴昊.网络流量回放系统的设计与实现[D].哈尔滨:哈尔滨工业大学,2017.
[2]Li Feng-hua,Yin Li-hua,Wu Wei,et al.Research status and development trends of security assurance for space-ground integration information netw ork[J].Journal on Communications(J Communs),2016,37(11):156-168.
[3]Jin Yu,Wang Fan,Zhao Hong-wu,et al.Survey onttrust mechanisms in the environment of cloud computing[J].Journal of Chinese M ini-M icro Computer Systems,2016,37(1):1-11.
[4]Liu Yuan,Zhang Hao,Ye Hai-yang,et al.Research on satellite link emulation for space-ground integration information netw ork[J].Journal on Communications(J Communs),2018,39(4):56-67.
[5]Yi Z,Du X,Liao Y,et al.A quality-of-service-aware dynamic evolution model for space-ground integrated netw ork[J].International Journal of Distributed Sensor Netw orks,2017,13(8):1-14.
[6]Zhang Guang-jie,Ye Hai-yang,Wang Xiao-feng.Emulation of satellite terminal user behavior based on multi-scale virtualization[J/OL].Computer Engineering,doi:http://doi.org/10.19678/j.issn.1000-3428.0051757.
[7]Linawati,Mehrpour H.Self-similar traffic generator:comparison betw een RM D and SRA methods[C]//High Speed Netw orks and M ultimedia Communications,International Conference on.IEEEXplore,2002:37-41.
[8]Kumar V N,Nath K.Traffic generator with enhanced burst modeling feature[P]:US8433784.2013.
[9]Hong S S,Wong F,Wu S F,et al.TCPtransform:property-oriented TCP traffic transformation[C]//Detection of Intrusions and Malware,and Vulnerability Assessment,Second International Conference,DIM-VA 2005,Vienna,Austria,Proceedings,DBLP,2005:222-240.
[10]Zhao Ying,Han Chun-hao.Application and research of Markov model in netw ork traffic classification[J].Computer Engineering and Applications Comput Eng Appl,2018,44(5):291-295.
[11]Yan Wei-bo,Cai Zhong-yu,Guan Xiao-hong,et al.A new method for interactive TCP traffic replay based on balance-checking betw een transmitted and received packets[J].Chinese Journal of Computers,2009,32(4):835-846.
[12]Lin Xiu.Design of general architecture for online drainage and pressure measurement based on TCPCopy[J].Telecommunications Technology(Tele Commun Technol),2014,1(11):30-33.
[13]Yun Xiao-chun,Hao Zhi-yu,Li Lun,et al.Traffic playback method and system for virtual netw ork[P].Beijing:CN103326900A,2013-09-25.
[14]Hussain A,Pradkin Y,Heidemann J.Replay of malicious traffic in netw ork testbeds[C]//IEEE International Conference on Technologies for Homeland Security,2013:322-327.
[15]Ouyang Feng,Liu Qiang,Zhang Fan.The application of cyber effects model based on OPNET[J].Journal of Netw ork New M edia,2016,5(4):52-58.
[16]Lin Si-ming,Cheng Xue-qi,Ma Ming.Analysis and implementation of modeling environment for netw ork security research[J].Journal of System Simulation,2006,18(5):1233-1238.
[17]Niu Wei-na,Zhang Xiao-song,Yang Guo-wu,et al.Modeling and analysis of botnet w ith heterogeneous infection rate[J].Computer Science,2018,45(7):135-138,153.
[18]Li Kun-lun,Dong Ning,Guan Li-wei,et al.Dos attack detection algorithm of the improved kohonen netw ork[J].Journal of Chinese Computer Systems,2017,38(3):450-454.
[19]Wu Hao.Design and implementation of traffic replay system[D].Harbin:Harbin Institute of Technology,2017.
[1]张乃通,赵康僆,刘功亮.对建设我国“天地一体化信息网络”的思考[J].中国电子科学研究院学报,2015,10(3):223-230.
[2]李凤华,殷丽华,吴巍,等.天地一体化信息网络安全保障技术研究进展及发展趋势[J].通信学报,2016,37(11):156-168.
[3]金瑜,王凡,赵红武,等.云计算环境下信任机制综述[J].小型微型计算机系统,2016,37(1):1-11.
[4]刘渊,张浩,叶海洋,等.面向天地一体化信息网络的卫星链路仿真研究[J].通信学报,2018,39(4):56-67.
[6]张光杰,叶海洋,王晓锋.基于多尺度虚拟化的卫星终端用户行为仿真[J/OL].计算机工程,doi:http://doi. org/10. 19678/j.issn. 1000-3428. 0051757.
[10]赵英,韩春昊.马尔科夫模型在网络流量分类中的应用与研究[J].计算机工程,2018,44(5):291-295.
[11]褚伟波,蔡忠闽,管晓宏,等.基于收发平衡判定的TCP流量回放方法[J].计算机学报,2009,32(4):835-846.
[12]林秀.基于TCPCopy的在线引流压测通用架构设计[J].电信技术,2014,1(11):30-33.
[13]云晓春,郝志宇,李伦,等.一种面向虚拟网络的流量回放方法及系统[P].北京:CN103326900A,2013-09-25.
[15]欧阳峰,刘强,张帆. OPNET Cyber Effects网络攻击模型应用[J].网络新媒体技术,2016,5(4):52-58.
[16]林思明,程学旗,马铭.网络安全研究中的建模环境分析与实现[J].系统仿真学报,2006,18(5):1233-1238.
[17]牛伟纳,张小松,杨国武,等.具有异构感染率的僵尸网络建模与分析[J].计算机科学,2018,45(7):135-138,153.
[18]李昆仑,董宁,关立伟,等.一种改进Kohonen网络的DoS攻击检测算法[J].小型微型计算机系统,2017,38(3):450-454.
[19]吴昊.网络流量回放系统的设计与实现[D].哈尔滨:哈尔滨工业大学,2017.