Research On Agent-based Simulation Of DDoS Collaborative Defense

Collaborative defense method is currently more popular in defending Distributed Denial ofService(DDoS) attacks. Whether it is effective or can emerge the desired overall defense effectstill needs further verification. Both theoretical analysis and filed testing method have somecertain limitation. Therefore, more and more people use the simulation method to researchnetwork security. At present, the simulation of DDoS Collaborative defense has some researchfoundation, but it lacks of systematic research framework. In addition, there are problems in themodel development and effectiveness analysis.DDoS Collaborative defense is a complex process with interaction between the collaborativedefense equipment. Therefore, Agent-based modeling and simulation method is used to researchDDoS Collaborative defense.First of all, on the basis of analysis on the connotation of Agent-based DDoS Collaborativedefense simulation and three kinds of typical modeling and simulation framework, someproblems that we should pay attention to in establishing the simulation framework were specified.Agent-based simulation framework on DDoS Collaborative defense was established finally.Secondly, aimed at modeling the emergent behaviors of DDoS collaborative defense,Agent-based DDoS collaborative defense system model were established. According to thebehavioral characteristics of the defense Agent, three Agent structure model of intrusiondetection, firewalls and intrusion tracking based on the general Agent structure were established.For the problems of low fidelity of modeling and non-standard of formal description in the pastbehavior modeling methods, a theoretical model of the behavior of defense Agent including theirown behavior and interaction which regards behavioral constraints as the core was established,and a quintuple Agent’s behavior formal description method was proposed. Then behavior formalmodel, behavior processes of three types of defense Agent were set up, as well as their behavioralgorithm. In defense Agent collaborative relationship model, the paper give a description of thecollaborative relationship from the abstract and concrete angles, besides the characteristics of thecollaborative relationship evolution were discussesed. Focusing on the describtion of selection ofobject interact and DDoS collaborative defense process, a social network based optimizationalgorithm of interaction relationship of DDoS collaborative defense was put forword. Finally,communication model between the defense Agent was described.Thirdly, for the conversion from system model to simulation model, one modeling method ofof simulation of DDoS Collaborative defense based on OMNeT++was put forward.And thesimulation model of intrusion detection Agent-detector, simulation model of firewall Agent-filterand simulation model of intrusion tracing Agent-investigator were establishedAt last, aimed at the analysis of emergence of collaborative defense, self-organization critical based andemergence performance based methods were stated to judge the system emergence And amulti-angle effectiveness analysis model of DDoS collaborative defense was proposed. Twoexperiments were implemented, that are the validation of mechanism and performanceevaluation of DDoS Collaborative defense and the validation of the interaction relationshipoptimization algorithm of DDoS collaborative defense Agent.Through the simulation results, theeffectiveness of DDoS collaborative defense mechanism was verified, as well as the correctnessand effectiveness of method for modeling emergent behavior and models established in thispaper. At the same time, some rules of collaborative defense were reflected and revealed.