Research On Key Technologies Of Network Behavior Simulation For Cyber Range

With the rapid development of network and computer technology,cyberspace security is becoming increasingly serious.The government of the United States,Japan,the United Kingdom and the European Union,as well as influential organizations,are successively conducting the construction of cyber range for network offensive and defensive drills and validation of new network technologies.Constructing network scenarios to support activities in the cyber range by simulating real network behavior is an indispensable function for the cyberspace range.The complex interaction of users and devices in a network brings many challenges to network behavior simulation in terms of simulation scale and simulation fidelity.Based on the summary of relevant research,this thesis proposes an H-C-S network behavior model based on the interactive roles in network behavior and provides in-depth research on the simulation algorithms for traffic behavior and user application behavior in business and attack scenarios.The research is of considerable significance to the real network scenario simulation in cyberspace ranges.This thesis will start with the following aspects:Firstly,considering the problem of traffic replay of network traffic in a resourcelimited environment in a cyber range,a multi-node interactive network traffic replay method is studied to achieve network background traffic simulation with the goal of real network traffic replay on a specified number of hosts.First,to keep the interaction between the nodes in the original network,the IP mapping algorithm between the IPs in the original network and the target network.Next,a multi-Way Number Partitioning-based traffic aggregation algorithm is proposed to achieve a balanced traffic distribution in the target network.Then,to reduce the packet delay during the replay,a low-latency traffic replay algorithm is studied to achieve interactive replay with multiple nodes in the target network.Finally,a similarity calculation method is investigated to evaluate the similarity of background traffic simulations.Secondly,in terms of collective user behavior simulation,we study the algorithm for building social networks and simulating virtual social relationships based on existing social network research results.Furthermore,the message propagation mechanism based on the epidemic disease model is studied to drive the individual network simulations of which makes the simulated result of collective user network behavior follow the laws of the dynamics of human behavior.To address the problem that the network behavior of a collective user cannot be directly accessed and analyzed,we study methods to compute a collective user behavior based on network traffic contents,and analyze the title tags of users' HTML files to compute web behavior topics for the collective user.Thirdly,to address the problem that the current individual user behavior simulation method is insufficient and cannot simulate the user application behavior process,a three-level user behavior simulation method is proposed: macro,meso and micro.In the macro-behavior simulation,a user application behavior sequence generation algorithm is studied.And in the meso-behavior simulation,a user application behavior simulation is studied.For micro-behavior simulation,a user mouse behavior simulation algorithm based on the matching-fitting model is proposed,in which the accuracy of the mouse dynamics-based identity authentication is used to assess the similarity of the mouse behavior simulation.This three-level user behavior simulation approach implements user behavior simulation from macro to meso to micro.Finally,we study the architecture of a network behavior simulation system oriented towards cyber ranges built based on virtualization technology and implement the system in Open Stack.Taking an example of an offensive and defensive exercise in the cyber range,a hypothetical network scenario is simulated using the system.Namely,the network background traffic simulation is implemented by deploying multi-node interactive network traffic replay and software packet generators;The network foreground traffic simulation is realized through the simulation of collective user behavior and multiple network protocols;the network target simulation is realized through the fine-grained individual user operation behavior simulation and the recording-splicing-replay based on user behavior.The network behavior simulation system designed in this thesis achieves the research objectives through testing in real applications.