基于SSFNet的大规模蠕虫传播仿真演示系统的研究与实现
|
摘要
随着Internet的发展,网络蠕虫对计算机系统安全和网络安全的威胁日益增加,它会扫描和攻击网络上存在系统漏洞的节点主机,通过国际互联网从一个自治域传播到另一个自治域,发生频率高,潜伏性强,覆盖面广,造成的损失也大。在这样的背景下,蠕虫传播模型的研究成为近几年兴起的一个研究方向,大量的数学模型随之涌现,比较著名的有SEM, SIR, Two-Factor等。
目前人们研究和仿真蠕虫传播,大部分停留在对数学公式的研究和Matlab仿真上。为了模拟真实Internet自治域(AS)环境下蠕虫的传播,并为多种蠕虫传播模型提供通用的仿真和演示框架,我们设计了一套以Internet真实自治域模型为背景的仿真演示系统,以支持多种蠕虫传播模型的仿真和演示。该系统由蠕虫传播模型仿真子系统,演示子系统和作为支撑作用的IP地理信息子系统三大部分组成。本文分六部分阐述了该仿真演示系统的设计与实现。第一章对研究背景,意义,创新点等进行了概述;第二章介绍了SSFNet网络仿真工具,RouteViews对等体项目以及Whois数据库的概念,原理和运用方法;第三章展示了该仿真演示系统的设计思想和概要设计;第四章展示了仿真演示系统的详细设计,涵盖系统各功能模块的设计与实现;第五章编写了SIR蠕虫传播模型代码,并嵌入到该系统中运行,给出了测试结果和分析;第六章总结了当前的工作情况并对未来做出了展望。
With the development of Internet, the threat of network worms to computer security and network security is increasing. Network worms can scan and attack hosts with defects and spread from one autonomous system to another. They happen frequently, usually hide for a long time within large area and can cause huge loss. Under this background, the research on worm propagation models become hot these years and lots of mathmatical models appear such as SEM, SIR, Two-Factor, etc.
The current research on model and simulation of worm propagation are mostly focused on mathematical research and matlab simulation. To simulate worm propagation under real Internet autonomous systems environment and to provide universal worm propagation model simulation and demonstration frameworks, we design a system based on real Internet autonomous systems to support various worm propagation models. The system is composed of simulation sub-system, demonstration sub-system and IP geography information sub-system. This paper demonstrates the system in six parts. The first chapter describes the research background, innovation, etc. The second chapter describes the concepts, principles and usage of SSFNet network simulation tool, RouteViews project and WHOIS databases. The third chapter describes the design philosophy and preliminary design of the system. The fourth chapter describes the detailed design including the design and implementation of system modules. The fifth chapter introduces the code of SIR worm propagation model, embeds it into the simulation and demonstration system and gives test result and analysis. The sixth chapter summarizes the work done at present and gives an outlook into the future.
目前人们研究和仿真蠕虫传播,大部分停留在对数学公式的研究和Matlab仿真上。为了模拟真实Internet自治域(AS)环境下蠕虫的传播,并为多种蠕虫传播模型提供通用的仿真和演示框架,我们设计了一套以Internet真实自治域模型为背景的仿真演示系统,以支持多种蠕虫传播模型的仿真和演示。该系统由蠕虫传播模型仿真子系统,演示子系统和作为支撑作用的IP地理信息子系统三大部分组成。本文分六部分阐述了该仿真演示系统的设计与实现。第一章对研究背景,意义,创新点等进行了概述;第二章介绍了SSFNet网络仿真工具,RouteViews对等体项目以及Whois数据库的概念,原理和运用方法;第三章展示了该仿真演示系统的设计思想和概要设计;第四章展示了仿真演示系统的详细设计,涵盖系统各功能模块的设计与实现;第五章编写了SIR蠕虫传播模型代码,并嵌入到该系统中运行,给出了测试结果和分析;第六章总结了当前的工作情况并对未来做出了展望。
With the development of Internet, the threat of network worms to computer security and network security is increasing. Network worms can scan and attack hosts with defects and spread from one autonomous system to another. They happen frequently, usually hide for a long time within large area and can cause huge loss. Under this background, the research on worm propagation models become hot these years and lots of mathmatical models appear such as SEM, SIR, Two-Factor, etc.
The current research on model and simulation of worm propagation are mostly focused on mathematical research and matlab simulation. To simulate worm propagation under real Internet autonomous systems environment and to provide universal worm propagation model simulation and demonstration frameworks, we design a system based on real Internet autonomous systems to support various worm propagation models. The system is composed of simulation sub-system, demonstration sub-system and IP geography information sub-system. This paper demonstrates the system in six parts. The first chapter describes the research background, innovation, etc. The second chapter describes the concepts, principles and usage of SSFNet network simulation tool, RouteViews project and WHOIS databases. The third chapter describes the design philosophy and preliminary design of the system. The fourth chapter describes the detailed design including the design and implementation of system modules. The fifth chapter introduces the code of SIR worm propagation model, embeds it into the simulation and demonstration system and gives test result and analysis. The sixth chapter summarizes the work done at present and gives an outlook into the future.
引文
[1]SSF.App.Worm. http://www.crhc.uiuc.edu/-mili/research/ssf/worm/. Otc.2006.
[2]Meyer D. Route Views Project. http://www.routeviews.org/.2009.
[3]X. Meng, Z. Xu, B. Zhang, G Huston, S. Lu and L. Zhang. IPv4 address allocation and the BGP routing table evolution. ACM SIGCOMM CCR, Jan 2005.
[4]Scalable Simulation Framework. http://www.ssfnet.org/homePage.html. Oct 2006.
[5]David M Nicol, Jason Liu, Michael Liljenstam, et al. Simulation of large-scale networks using SSF. In:Preceedings of the 35th Conference on Winter Simulation Conference. New Orleans, LA,2003,650-657.
[6]Africa Internet Network Information Center Website. whois.afrinic.net.2009
[7]Asia-Pacific Network Information Center Website. whois.apnic.net.2009
[8]American Registry for Internet Numbers Website. whois.arin.net.2009
[9]Latin American and Caribbean Internet Addresses Registry Website. whois.lacnic.net.2009
[10]Reseau IP Europeans Website. whois.ripe.net.2009
[11]MySQL Documentation Website. http://dev.mysql.com/doc/.2009.
[12]Jasmin Blanchette, Mark Summerfield. C++GUI Programming with Qt 4, Second Edition. Prentice Hall, Feb 04,2008.
[13]Gao L. On Inferring Autonomous System Relationships on the Internet. In Proc. IEEE Global Internet Symposium, Nov.2000.
[14]B. Zhang, R. A. Liu, D. Massey, L. Zhang. Collecting the internet AS-level topology. ACM SIGCOMM CCR, Jan 2005.
[15]Thomas H. Cormen, Charles E. Leiserson, Ronald L. Rivest, Ronald Rivest. Introduction to Algorithms. McGraw-Hill Companies, Mar 01,1990
[16]L. Daigle. WHOIS Protocol Specification. RFC3912. Sep,2004.
[17]Boost.Regex. http://www.boost.org/doc/libs/1_41_0/libs/regex/doc/html/.2007.
[18]Domain Modeling Language. http://www.ssfnet.org/SSFdocs/dmlReference.html. 1999.
[19]Flatplanet Map Catalogue.http://flatplanet.sourceforge.net/maps/natural.html. 2003
[20]GNUPlot Documentation.http://www.gnuplot.info/documentation.html.2009
[21]Tight VNC Software.http://www.tightvnc.com/.2009
[22]Kermack, W. O. and McKendrick, A. G "A Contribution to the Mathematical Theory of Epidemics." Proc. Roy. Soc. Lond. A115,700-721,1927.
[23]The Spread of the Code-Red Worm. http://www.caida.org/research/security/code-red/coderedv2_analysis.xml.2001.
[24]CAIDA Code-Red Analysis. http://www.caida.org/research/security/code-red/#crii Nov 2008.
[2]Meyer D. Route Views Project. http://www.routeviews.org/.2009.
[3]X. Meng, Z. Xu, B. Zhang, G Huston, S. Lu and L. Zhang. IPv4 address allocation and the BGP routing table evolution. ACM SIGCOMM CCR, Jan 2005.
[4]Scalable Simulation Framework. http://www.ssfnet.org/homePage.html. Oct 2006.
[5]David M Nicol, Jason Liu, Michael Liljenstam, et al. Simulation of large-scale networks using SSF. In:Preceedings of the 35th Conference on Winter Simulation Conference. New Orleans, LA,2003,650-657.
[6]Africa Internet Network Information Center Website. whois.afrinic.net.2009
[7]Asia-Pacific Network Information Center Website. whois.apnic.net.2009
[8]American Registry for Internet Numbers Website. whois.arin.net.2009
[9]Latin American and Caribbean Internet Addresses Registry Website. whois.lacnic.net.2009
[10]Reseau IP Europeans Website. whois.ripe.net.2009
[11]MySQL Documentation Website. http://dev.mysql.com/doc/.2009.
[12]Jasmin Blanchette, Mark Summerfield. C++GUI Programming with Qt 4, Second Edition. Prentice Hall, Feb 04,2008.
[13]Gao L. On Inferring Autonomous System Relationships on the Internet. In Proc. IEEE Global Internet Symposium, Nov.2000.
[14]B. Zhang, R. A. Liu, D. Massey, L. Zhang. Collecting the internet AS-level topology. ACM SIGCOMM CCR, Jan 2005.
[15]Thomas H. Cormen, Charles E. Leiserson, Ronald L. Rivest, Ronald Rivest. Introduction to Algorithms. McGraw-Hill Companies, Mar 01,1990
[16]L. Daigle. WHOIS Protocol Specification. RFC3912. Sep,2004.
[17]Boost.Regex. http://www.boost.org/doc/libs/1_41_0/libs/regex/doc/html/.2007.
[18]Domain Modeling Language. http://www.ssfnet.org/SSFdocs/dmlReference.html. 1999.
[19]Flatplanet Map Catalogue.http://flatplanet.sourceforge.net/maps/natural.html. 2003
[20]GNUPlot Documentation.http://www.gnuplot.info/documentation.html.2009
[21]Tight VNC Software.http://www.tightvnc.com/.2009
[22]Kermack, W. O. and McKendrick, A. G "A Contribution to the Mathematical Theory of Epidemics." Proc. Roy. Soc. Lond. A115,700-721,1927.
[23]The Spread of the Code-Red Worm. http://www.caida.org/research/security/code-red/coderedv2_analysis.xml.2001.
[24]CAIDA Code-Red Analysis. http://www.caida.org/research/security/code-red/#crii Nov 2008.