Research On Network Attack And Defense Emulation Environment Based On Virtualization Technology

The security of cyberspace is not only a hot topic in academia and industry but also raises concerns at the national strategic level.However,the dynamic-changing cyber attack makes it difficult for traditional network defense to handle it well.The development of network virtualization technologies provides a promising way to solve the cyberspace security issues.This paper aims to use the network virtualization technology to build a universal platform,which can express and analyze the new network attacks that are difficult to handle in the traditional network.Besides,the defense policy can be deployed in the physical network efficiently.The paper studies the critical issues on the model,design,availability and scalability of the platform,and achieves the following results:(1)A theoretical model of attack and defense emulation environment based on net?work virtualization technology is proposed.The model includes abstract and formal definitions of key elements and attack patterns for the physical network.Based on this,the general framework of the emulation environment is designed.The paper abstracts the virtual environment construction problem into the upgraded node selection problem proves the computational complexity of its NPC and designs the corresponding heuris?tic algorithm.Relevant evaluation experiments show that the upgraded node selection strategy greatly enhances the controllability of the network and the ability to manipulate traffic.(2)A general consistency update model GUM is designed.Ensure the consistency of network behavior during network policy deployment and update,which is the premise of the availability of the platform.GUM abstracts and formalizes the consistency re?quirements,and schedules the execution order of network update operations through state-resource dependency graph and operational relationship graph.Besides,GUM en?ables to handle the conflicts during the update.Simulations have shown that GUM has significantly improved update speed and resource consumption compared to other schemes like the two-phase update scheme.(3)An efficient flow rule management scheme IRMS is designed.IRMS classifies flow rules into path-based rules and node-based rules.For the former,the proactive management strategy is adopted.All feasible paths are calculated in advance,and the corresponding path-based rules are installed before the flow arrives.For node-based rules,a reactive-based management strategy is adopted,and the rule space is divided into disjoint rule chunks.The interaction between the data plane and the control plane caused by rule management is restricted to the edge of the network to improve the performance of the network.The comprehensive experiments show that under different topological conditions and rule scales,IRMS has significant advantages over the current rule management schemes in terms of rule storage,caching and update time(4)Based on the above research results,a simulation environment under the link-flood-attack scenario is designed and implemented.The link-flooding attack is a new type of data plane attack.It does not directly attack the target server.Instead,it uses the legitimate,low-rate traffic to congest a set of carefully selected edges,thereby cutting off communication of the target area.The platform designs fast congestion location mechanism,attack detection algorithm and a defense mechanism based on global traffic engineering through the cooperation of the virtual network and the physical network Experiments show that the environment can effectively mitigate the impact of link-flood-attacks on the communication quality of the target area.