Validity Reseach Of Network Defense Based On Hardware-in-the-loop Simulation

Before network defense equipment or measure deploying in network system, their safety functions need to be tested sufficiently for evaluating its validity of defense, accordingly that can offer scientific basis for decision-making of network defense. But putting up these testing in real is difficult and dangerous, and pure software simulation testing has problems such as hard to establish model and lack of attack & defense models. Hardware in the loop simulation (HILS) is a new method. So in this paper, this method will be utilized to research the testing of network defense, and its validity will be evaluated based on the test.Firstly, the research scheme of the validity of network defense based on hardware in the loop simulation is map out through analysis its correlative factors of network defense which form from network defense testing and validity evaluating.Secondly, surround with establishing the testing environment of network defense based on HILS for solving how to test and what to test. a network defense testing model based on HILS is proposed; combine with the exceptive demand of OPNET to attack, a new method of attack taxonomy based on the effect of attacking object is given, and the index system of network defense testing is established based on this.Thirdly, the relation of validity of network defense and its correlative factors is confirmed, based on this the process of evaluating of validity network defense is given, which contains evaluating risk based on effect factors and evaluating defense validity based on risk. The method of evaluating process is given.Finally, a defense testing of Cisco PIX firewall based on HILS is designed. based on analyzing and formalization-describing their principium of Synflood and Smurf attacks, a testing that firewall defense these attacks based on HILS is putting up, and the validity of corresponding defense is evaluated. The results of testing and evaluation indicate that our research scheme is feasible and our methods are accurate and effective.