Research On Key Techniques Of Large-scale Network Security Event Emulation Platform

While the internet contributes to improves the social development and the convenience of people's life,the security issues have become so severe that various network security events have seriously threatened the security and usability of the Internet.Due to the repeated occurrence of network security events,the researchers urgently needs to construct a similar experimental environments rapidly where they could carry out targeted analysis and research works,and early finds effective ways and measures for handling with the events as soon as possible,so as to shorten the time delay between the research process and the event development and reduce the impact and the harm caused by the events.Because of the dynamic characteristics of evolution and the potential hazards,it's impossible to restore the behaviors and actions of security event in real internet or intranet.Therefore,for researchers,an experimental environment with the diverse types of network and the high reproducibility need to be constructed to reproduce the behaviors and activities of network security events and offer a experimental researching scenario.Focusing on the problems of research work in large-scale network security event emulation platform such as the inefficiency of routing policy in simulating work,the weak applicability of the method of emulation network topology partition,the unpractical method of the basic resource allocation,lack of the formal method and so on,we studies the key techniques of large-scale network security event experimental scenario construction and develops a large-scale network security event emulation platform.The experimental scenario constructed by the system is used for the real case of research work,and the availability of the scenario is verified.The main work and contributions in this dissertation include:First,the network environment of large-scale network security event has many characteristics such as large-scale topology,wide-distributed nodes and so on.In a experimental scenario of large-scale network security event emulation platform,the existing routing strategies of simulation network have the problems of high resource consumption and low query efficiency so as to influence the scale of topology and the efficiency of the experiment.Hence,we propose a hierarchical routing strategy by improving the layering mechanism of IP addresses in simulation network which can greatly enlarge the IP address space and improve the transferring efficiency of package,and then modify the calculating method of routing information to reduce the resource consumption of memory.Thus,the scale of network topology of the experimental scenario is expanded greatly and the execution efficiency of the experiment running-time is improved dramatically.Secondly,there are some problems about weak applicability in the existing method of large-scale emulation network topology partition,that is affected the feasibility of the method.In the paper,a community detection based emulation network topology partition method is proposed.Because of having the characteristics of a complex network in the computer network,in the method,we use an approach named "tree" community detecting preprocessing firstly to reduce the size of emulation network topology greatly.And then,the Louvain,a community discovery algorithm,based on the weight of vertex similarity is used to complete the preliminary partition of the emulation network topology.Finally,In order to reach the goal of a minimum of the number of partitions and the number of remote links between subnets,the preliminary subnets would be repartitioned or merged.Finally the subnets are assigned to virtual machines,and the Hence,the emulation network topology partition is finished and the results get the goal which improves the efficiency of virtual resource utilization.Thirdly,in the existing methods of experimental resource allocation and scheduling for network security event emulation system,some methods are too brief that do not fully consider the utilization efficiency of resource,some methods are too complex that is difficult to obtain the attribute parameters in practical operation,the result is the methods have a poor practicality.Therefore,we present a method for the resource allocation of the network security event emulation platform based on the discrete particle swarm optimization algorithm.In the method,the workloads of host are characterized by the occupancy rate of the CPU and the memory that are the most critical attributes affected the workload of the host in practice.When the physical resources are allocated,workload changes in host brought by the new consolidating virtual machine must be estimated.Under the condition of efficient resource utilization,the method can quickly work out the scheme of resource allocation,maximizes the service ability of physical equipment and reachs a balance between the utilization efficiency and the availability of the resources.Finally,based on the above research work,a network security event emulation platform is designed and implemented for large-scale network security event emulation.In addition,we research a detection method of IRC botnet channel,and then construct an experimental scenario with virtual-reality network for the research work of IRC botnet channel detection to evaluate the effectiveness of the method.The research case has performed in the experimental scenario and the experimental results show that the scenario provides a good experimental environment for research work.Furthermore,it indicates the availability and practicability of the emulation platform.