面向网络安全事件的PDNS扩展和优化技术研究
|
摘要
随着计算机网络的不断发展,人类科技发展也朝着全球信息化的方向不断迈进。与此同时,网络中的各种安全事件的频繁发生也严重威胁了互联网的安全。在众多网络技术研究和应对网络安全事件的手段中,网络模拟方法以其独特的优越性成为不可取代的重要手段之一。目前,国内外很多研究机构和商业组织开发出多款网络模拟器,其中PDNS为目前应用范围较广的并行网络模拟器。但由于原始PDNS往往无法直接提供对新的网络安全事件的模拟支持,所以,就需要对PDNS进行扩展和优化,需要研究者在PDNS上实现对新的安全事件模拟的支持,然后才能按照模拟需要,定义网络拓扑结构,设定网络特性参数,模拟网络安全事件行为,观察各种性能指标参数,进一步对网络安全事件进行分析。
由此可见,如何实现对原始PDNS面向网络安全事件的扩展和优化是极其重要的,是模拟、验证和分析的重要基础。所以,本文致力于PDNS的扩展和优化工作,为此,本文的主要研究内容包括:
第一,研究并分析了并行网络模拟器PDNS模拟机制。对PDNS分别从模拟原理、分裂对象模型、安全事件的添加和模拟方法四个方面进行了深入的研究和分析。通过研究和分析传统的PDNS网络安全事件添加和模拟的方法,发现利用PDNS对网络安全事件进行模拟时仍存在一些不足和可以改善的空间。
第二,针对PDNS对网络安全事件模拟上的不足,提出基于框架模型的PDNS扩展方法,为用户提供了一个面向网络安全事件扩展PDNS的框架性辅助方法。同时提出基于界面配置的模拟方法,将参数配置工作由Tcl代码编写转化为界面可视化配置操作,有效的降低Tcl模拟脚本编写的难度和规模。
第三,设计并实现了面向网络安全事件的PDNS扩展和优化系统,系统主要包括安全事件添加子系统和安全事件配置子系统两大部分,分别在安全事件添加和安全事件模拟两个方面对PDNS做了相应的扩展和优化工作,使得用户能够便捷地完成安全事件的添加和模拟。
第四,通过利用拒绝分布式攻击、网络蠕虫和僵尸网络这三种典型网络安全事件的添加和模拟,验证了面向网络安全事件的PDNS扩展和优化系统的有效性和实用性。
With the rapid development of network, the development of human technology is in the direction of global information. At the same time, the frequent occurrence of various network security events is threatening the network security. Among the researches on network technology and methods to response network security events, network simulation has become one of the irreplaceable and important means with its unique advantage. Up to present, many domestic and foreign research institutions and commercial organizations have developed a variety of network simulators. Among them, PDNS is a widely-used parallel network simulator recently. However, as original PDNS can’t provide direct simulation support on new network security events, we need to expand and optimize PDNS. When simulation support on new network security events is provided, we can define network topology according to simulation needs, set the network parameters, simulate behaviors of network security event, observe parameters of various performance indicators, and finally do further analysis on network security events.
Therefore it is quite important to expand and optimize original PDNS, and it is the basis of simulation, validation and analysis for network security events. This paper focuses on the extension and optimization of PDNS for network security events. The main content are shown as below.
In this paper, simulation mechanism of parallel network simulator PDNS has been researched and analyzed from the viewpoints of simulation principle, split object model, extension of PDNS and method of simulation. Based on research and analysis of the traditional method of simulating network security events with PDNS, it has been found that there are still some deficiencies on PDNS which are needed to optimize.
For the deficiencies of PDNS on simulating network security events, the new method of extension based on framework model was proposed which is a supportive method of simulation to make the operation of simulation much easier. And the method of simulation based on interface configuration was proposed on which users can choose and input parameters of network security events instead of writing a Tcl script.
The extension and optimization system of PDNS for network security, including network security events adding sub-system and configuring sub-system has been designed and implemented to make the simulation with PDNS much easier.
Finally, the extension and optimization system of PDNS for network security events has been tested with classic network security events such as DDoS attack, network worm and Botnet, and the results of tests show that system is effective.
由此可见,如何实现对原始PDNS面向网络安全事件的扩展和优化是极其重要的,是模拟、验证和分析的重要基础。所以,本文致力于PDNS的扩展和优化工作,为此,本文的主要研究内容包括:
第一,研究并分析了并行网络模拟器PDNS模拟机制。对PDNS分别从模拟原理、分裂对象模型、安全事件的添加和模拟方法四个方面进行了深入的研究和分析。通过研究和分析传统的PDNS网络安全事件添加和模拟的方法,发现利用PDNS对网络安全事件进行模拟时仍存在一些不足和可以改善的空间。
第二,针对PDNS对网络安全事件模拟上的不足,提出基于框架模型的PDNS扩展方法,为用户提供了一个面向网络安全事件扩展PDNS的框架性辅助方法。同时提出基于界面配置的模拟方法,将参数配置工作由Tcl代码编写转化为界面可视化配置操作,有效的降低Tcl模拟脚本编写的难度和规模。
第三,设计并实现了面向网络安全事件的PDNS扩展和优化系统,系统主要包括安全事件添加子系统和安全事件配置子系统两大部分,分别在安全事件添加和安全事件模拟两个方面对PDNS做了相应的扩展和优化工作,使得用户能够便捷地完成安全事件的添加和模拟。
第四,通过利用拒绝分布式攻击、网络蠕虫和僵尸网络这三种典型网络安全事件的添加和模拟,验证了面向网络安全事件的PDNS扩展和优化系统的有效性和实用性。
With the rapid development of network, the development of human technology is in the direction of global information. At the same time, the frequent occurrence of various network security events is threatening the network security. Among the researches on network technology and methods to response network security events, network simulation has become one of the irreplaceable and important means with its unique advantage. Up to present, many domestic and foreign research institutions and commercial organizations have developed a variety of network simulators. Among them, PDNS is a widely-used parallel network simulator recently. However, as original PDNS can’t provide direct simulation support on new network security events, we need to expand and optimize PDNS. When simulation support on new network security events is provided, we can define network topology according to simulation needs, set the network parameters, simulate behaviors of network security event, observe parameters of various performance indicators, and finally do further analysis on network security events.
Therefore it is quite important to expand and optimize original PDNS, and it is the basis of simulation, validation and analysis for network security events. This paper focuses on the extension and optimization of PDNS for network security events. The main content are shown as below.
In this paper, simulation mechanism of parallel network simulator PDNS has been researched and analyzed from the viewpoints of simulation principle, split object model, extension of PDNS and method of simulation. Based on research and analysis of the traditional method of simulating network security events with PDNS, it has been found that there are still some deficiencies on PDNS which are needed to optimize.
For the deficiencies of PDNS on simulating network security events, the new method of extension based on framework model was proposed which is a supportive method of simulation to make the operation of simulation much easier. And the method of simulation based on interface configuration was proposed on which users can choose and input parameters of network security events instead of writing a Tcl script.
The extension and optimization system of PDNS for network security, including network security events adding sub-system and configuring sub-system has been designed and implemented to make the simulation with PDNS much easier.
Finally, the extension and optimization system of PDNS for network security events has been tested with classic network security events such as DDoS attack, network worm and Botnet, and the results of tests show that system is effective.
引文
[1]雷擎,王行刚.计算机网络模拟方法与工具[J].通信学报. 2001,22(9):84-90.
[2] Streftaris G,Gibson G. Statistical inference for stochastic epidemic models[C]. In:Proc. of the 17th Int’l Workshop on Statistical Modeling. Chania,2002:609-616.
[3] Frauenthal JC. Mathematical Modeling in Epidemiclogy[M]. New York:Springer-Verlag,1980:21-35.
[4] Yang Wang,Chenxi Wang. Modeling the effects of timing parameters on virus propagation[C]. In:Staniford S,ed. Proc. of the ACM CCS Workshop on Rapid Malcode(WORM 2003). Washington,2003:61-66.
[5] Cliff ChangChun Zou,Weibo Gong,Don Towsley. Code Red worm propagation modeling and analysis[C]. In:Proc. of the 9th ACM Symp. On Computer and Communication Security. Washington,2002:138-147.
[6]文伟平,卿斯汉,蒋建春,等.网络蠕虫研究与进展[J].软件学报,2004,15(8):1208-1219.
[7] PR. Bajcsy , T. Benzel , PM. Bishop , et al. Cyber Defense Technology Networking and Evaluation[J]. Communications of the ACM. 2004,47(3):58-61.
[8] E.Weungartner,H. V. Lehn,K. Wehrle. A performance comparison of recent network simulators[C]. Dresden:ICC '09. IEEE International Conference. 2009:1-5.
[9] P. García,C. Pairot,R. Mondéjar. PlanetSim:A New Overlay Network Simulation Framework[M]. Spain:Springer,2005:27-36.
[10] D. M. Nicol,M. Liljenstam,J. Liu. Advanced concepts in large-scale network simulation[C]. WSC '05 Proceedings of the 37th conference on winter simulation. 2005:153-166.
[11] J. Siadat,R. J. Walker,C. Kiddle. Optimization aspects in network simulation[C]. New York:Proceedings of the 5th international conference on Aspect-oriented. 2006:122-133.
[12] The VINT Project[OL]. http://www.isi.edu/nsnam/vint/
[13] C. Zhu,O. W. W. Yang,J. Aweya,et al. A comparison of active queue management algorithms using the OPNET Modeler[J]. IEEE Communications Magazine,2002,40(6):158-167.
[14] J. F. Kurose,K.W. Ross. Computer Networking(A Top-Down Approach Featureing the Internet)[M]. Peking:China Machine Press,2006:30-33
[15] S. Keshav. REAL:A Network Simulator[M]. Computer Science Department Technical Report. UC Berkeley,1988:1-10.
[16] G. Riley. Large-scale Network Simulations with GTNetS[C]. In Proceedings of the 2003 Winter Simulation Conference,New Orleans,LA,2003:676-684.
[17] J. Liu. Improvements in Conservative Parallel Simulation of Large-scale Models[D]. Ph.D Thesis,Department of Computer Science,Dartmouth College. 2003:52-118.
[18] S. Yoon,Y. Kim. A Design of Network Simulation Environment Using SSFNet[C]. Proceedings of the 2009 First International Conference on Advances in System Simulation,Washington. DC,USA,2009:73-78.
[19] D. Nicol,J. Liu,M. Liljenstam,et al. Simulation of Large-scale Networks Using SSF[C]. Proceeding of the 2003 Winter Simulation Conference,New Orleans,LA,2003:650-657.
[20] K. Fall. The NS Manual[EB/OL]. http://www.isi.edu/nsnam/ns/doc/index.html,2010.
[21] G. Riley. Large-scale Network Simulations with GTNetS[C]. In Proceedings of the 2003 Winter Simulation Conference,New Orleans,LA,2003:676-684.
[22] A. Prashanth. Generating Tmix-Based TCP Application Workloads in NS-2 and GTNetS[D]. Clemson:Clemson University Degree Thesis. 2006:1-94.
[23] S. Lee,J. Leaney,T. O’Neil,et al. Performance Benchmark of a Parallel and Distributed Network Simulator. Proceedings of the 19th Workshop on Principles of Advanced and Distributed Simulation[C],Washington,2005:101-108.
[24] G. Riley,M. Ammar,R. Fujimoto. A Federated Approach to Distributed Network Simulation[J]. ACM Transactions on Modeling and Computer Simulation. 2004,14(2):116-148.
[25] R. Fujimoto. Parallel Discrete Event Simulation[J]. Communications of ACM. 1990,33(10):30-53.
[26] Background on DDoS[EB/OL]. http://www.ddos.com/index.php?content= products /background. html
[27] J Shoch,J HuPP. The“Worm”Programs -Early Experience with a Distributed Computation[J]. Communications of the ACM,1982,25(3):172-18.
[28] S. Staniford,V. Paxson,N. Veaver. How to Own the Internet in Your Spare Time[EB/OL]. http://www.usenix.org/event/sec02/full_papers/staniford/staniford. html
[29] E. Shi,B. Waters. Delegating Capabilities in Predicate Encryption Systems[C]. Reykjavik,Iceland:Lecture Notes in Computer Science. 2008:560-578.
[30]诸葛建伟,韩心慧,周永林,等.僵尸网络研究[J]. Journal of Software. 2008,19(3):702-715.
[31] M. A. Rajab,J. Zarfoss,F. Monrose,et al. A multifaceted approach to understanding the botnet phenomenon[C]. Proceedings of the 6th ACM SIGCOMM conference on Internet measurement. New York,2006:41-52.
[32]石硕,顾学迈,张文彬,等.移动Ad hoc网络的NS2仿真机制及代码分析[J].计算机工程与设计. 2008,29(18):4639-4643.
[33] T. Issariyakul , E. Hossain. Introduction to Network Simulator NS2[M]. Bangkok,Thailand:Springer Science + Business Media,2009:19-36.
[34]林思明,程学旗,马铭.网络安全研究中的建模环境分析与实现[J].系统仿真学报. 2006,18(5):1233-1238.
[35] G. F. Riley,M. H. Ammar,R. M. Fujimoto. A Federated Approach to Distributed Network Simulation[J]. ACM Transactions on Modeling and Computer Simulation. 2004,14(2):116-148.
[36] R. M. Fujimoto,T. Mclean,K. Perumalla,et al. Design of High Performance RTI Software[C]. In Proceedings of the 4th IEEE International Workshop on Distributed Simulation and Real-Time Applications,San Francisco,California, USA,2000. Washington,DC,USA. IEEE Computer Society:89-96.
[37]方路平,刘世华,陈盼,等. NS-2网络模拟基础与应用[M].北京:国防工业出版社,2008:184-188.
[38]赵鹏宇,刘丰,张宏莉等.大规模网络安全态势评估系统[J].计算机工程与应用. 2008,44(33):122-127.
[39] J. L. Hellerstein,S. Ma and C. S. Perng. Discovering actionable patterns in event data[J]. IBM Systems Journal. 2002,41:475-479.
[40]颜昕,李腊元. NS的仿真机制及协议扩展[J].武汉理工大学学报(交通科学与工程版). 2004,28(2):182-185.
[41] E. H. Spafford. The Internet worm program: An analysis[M]. Department ofComputer Science,Purdue University,West Lafayette:Technical Report CSD-TR-823. 1988:1-29.
[42] D. Moore,C. Shannon,J. Brown. CodeRed:A case study on the spread and victims of an Internet worm[C]. In:Proceedings of the 2nd ACM SIGCOMM Workshop on Internet Measurement. Pittsburgh. 2002:273-284.
[43] Zheng Hui.Internet worm research[D].College of Information Technologies Science,Nankai University,Tianjin,2003.
[44] C. Shannon,D. Moore. The spread of the witty worm[J]. IEEE Security& Privacy,2004,2(4):46-50.
[45]文伟平,卿斯汉,蒋建春,等.网络蠕虫研究与进展[J].软件学报. 2004,15(8):1208-1219.
[2] Streftaris G,Gibson G. Statistical inference for stochastic epidemic models[C]. In:Proc. of the 17th Int’l Workshop on Statistical Modeling. Chania,2002:609-616.
[3] Frauenthal JC. Mathematical Modeling in Epidemiclogy[M]. New York:Springer-Verlag,1980:21-35.
[4] Yang Wang,Chenxi Wang. Modeling the effects of timing parameters on virus propagation[C]. In:Staniford S,ed. Proc. of the ACM CCS Workshop on Rapid Malcode(WORM 2003). Washington,2003:61-66.
[5] Cliff ChangChun Zou,Weibo Gong,Don Towsley. Code Red worm propagation modeling and analysis[C]. In:Proc. of the 9th ACM Symp. On Computer and Communication Security. Washington,2002:138-147.
[6]文伟平,卿斯汉,蒋建春,等.网络蠕虫研究与进展[J].软件学报,2004,15(8):1208-1219.
[7] PR. Bajcsy , T. Benzel , PM. Bishop , et al. Cyber Defense Technology Networking and Evaluation[J]. Communications of the ACM. 2004,47(3):58-61.
[8] E.Weungartner,H. V. Lehn,K. Wehrle. A performance comparison of recent network simulators[C]. Dresden:ICC '09. IEEE International Conference. 2009:1-5.
[9] P. García,C. Pairot,R. Mondéjar. PlanetSim:A New Overlay Network Simulation Framework[M]. Spain:Springer,2005:27-36.
[10] D. M. Nicol,M. Liljenstam,J. Liu. Advanced concepts in large-scale network simulation[C]. WSC '05 Proceedings of the 37th conference on winter simulation. 2005:153-166.
[11] J. Siadat,R. J. Walker,C. Kiddle. Optimization aspects in network simulation[C]. New York:Proceedings of the 5th international conference on Aspect-oriented. 2006:122-133.
[12] The VINT Project[OL]. http://www.isi.edu/nsnam/vint/
[13] C. Zhu,O. W. W. Yang,J. Aweya,et al. A comparison of active queue management algorithms using the OPNET Modeler[J]. IEEE Communications Magazine,2002,40(6):158-167.
[14] J. F. Kurose,K.W. Ross. Computer Networking(A Top-Down Approach Featureing the Internet)[M]. Peking:China Machine Press,2006:30-33
[15] S. Keshav. REAL:A Network Simulator[M]. Computer Science Department Technical Report. UC Berkeley,1988:1-10.
[16] G. Riley. Large-scale Network Simulations with GTNetS[C]. In Proceedings of the 2003 Winter Simulation Conference,New Orleans,LA,2003:676-684.
[17] J. Liu. Improvements in Conservative Parallel Simulation of Large-scale Models[D]. Ph.D Thesis,Department of Computer Science,Dartmouth College. 2003:52-118.
[18] S. Yoon,Y. Kim. A Design of Network Simulation Environment Using SSFNet[C]. Proceedings of the 2009 First International Conference on Advances in System Simulation,Washington. DC,USA,2009:73-78.
[19] D. Nicol,J. Liu,M. Liljenstam,et al. Simulation of Large-scale Networks Using SSF[C]. Proceeding of the 2003 Winter Simulation Conference,New Orleans,LA,2003:650-657.
[20] K. Fall. The NS Manual[EB/OL]. http://www.isi.edu/nsnam/ns/doc/index.html,2010.
[21] G. Riley. Large-scale Network Simulations with GTNetS[C]. In Proceedings of the 2003 Winter Simulation Conference,New Orleans,LA,2003:676-684.
[22] A. Prashanth. Generating Tmix-Based TCP Application Workloads in NS-2 and GTNetS[D]. Clemson:Clemson University Degree Thesis. 2006:1-94.
[23] S. Lee,J. Leaney,T. O’Neil,et al. Performance Benchmark of a Parallel and Distributed Network Simulator. Proceedings of the 19th Workshop on Principles of Advanced and Distributed Simulation[C],Washington,2005:101-108.
[24] G. Riley,M. Ammar,R. Fujimoto. A Federated Approach to Distributed Network Simulation[J]. ACM Transactions on Modeling and Computer Simulation. 2004,14(2):116-148.
[25] R. Fujimoto. Parallel Discrete Event Simulation[J]. Communications of ACM. 1990,33(10):30-53.
[26] Background on DDoS[EB/OL]. http://www.ddos.com/index.php?content= products /background. html
[27] J Shoch,J HuPP. The“Worm”Programs -Early Experience with a Distributed Computation[J]. Communications of the ACM,1982,25(3):172-18.
[28] S. Staniford,V. Paxson,N. Veaver. How to Own the Internet in Your Spare Time[EB/OL]. http://www.usenix.org/event/sec02/full_papers/staniford/staniford. html
[29] E. Shi,B. Waters. Delegating Capabilities in Predicate Encryption Systems[C]. Reykjavik,Iceland:Lecture Notes in Computer Science. 2008:560-578.
[30]诸葛建伟,韩心慧,周永林,等.僵尸网络研究[J]. Journal of Software. 2008,19(3):702-715.
[31] M. A. Rajab,J. Zarfoss,F. Monrose,et al. A multifaceted approach to understanding the botnet phenomenon[C]. Proceedings of the 6th ACM SIGCOMM conference on Internet measurement. New York,2006:41-52.
[32]石硕,顾学迈,张文彬,等.移动Ad hoc网络的NS2仿真机制及代码分析[J].计算机工程与设计. 2008,29(18):4639-4643.
[33] T. Issariyakul , E. Hossain. Introduction to Network Simulator NS2[M]. Bangkok,Thailand:Springer Science + Business Media,2009:19-36.
[34]林思明,程学旗,马铭.网络安全研究中的建模环境分析与实现[J].系统仿真学报. 2006,18(5):1233-1238.
[35] G. F. Riley,M. H. Ammar,R. M. Fujimoto. A Federated Approach to Distributed Network Simulation[J]. ACM Transactions on Modeling and Computer Simulation. 2004,14(2):116-148.
[36] R. M. Fujimoto,T. Mclean,K. Perumalla,et al. Design of High Performance RTI Software[C]. In Proceedings of the 4th IEEE International Workshop on Distributed Simulation and Real-Time Applications,San Francisco,California, USA,2000. Washington,DC,USA. IEEE Computer Society:89-96.
[37]方路平,刘世华,陈盼,等. NS-2网络模拟基础与应用[M].北京:国防工业出版社,2008:184-188.
[38]赵鹏宇,刘丰,张宏莉等.大规模网络安全态势评估系统[J].计算机工程与应用. 2008,44(33):122-127.
[39] J. L. Hellerstein,S. Ma and C. S. Perng. Discovering actionable patterns in event data[J]. IBM Systems Journal. 2002,41:475-479.
[40]颜昕,李腊元. NS的仿真机制及协议扩展[J].武汉理工大学学报(交通科学与工程版). 2004,28(2):182-185.
[41] E. H. Spafford. The Internet worm program: An analysis[M]. Department ofComputer Science,Purdue University,West Lafayette:Technical Report CSD-TR-823. 1988:1-29.
[42] D. Moore,C. Shannon,J. Brown. CodeRed:A case study on the spread and victims of an Internet worm[C]. In:Proceedings of the 2nd ACM SIGCOMM Workshop on Internet Measurement. Pittsburgh. 2002:273-284.
[43] Zheng Hui.Internet worm research[D].College of Information Technologies Science,Nankai University,Tianjin,2003.
[44] C. Shannon,D. Moore. The spread of the witty worm[J]. IEEE Security& Privacy,2004,2(4):46-50.
[45]文伟平,卿斯汉,蒋建春,等.网络蠕虫研究与进展[J].软件学报. 2004,15(8):1208-1219.