| In recent years,several major military powers have realized the importance of the Cyber Range.They are developing and constructing various applications on the cyber range,aiming at the dominant right of cyberspace.To bridge the gap with the major powers such as America and British,it is necessary to research and construct our own realistic cyber range.One of the core issue to be resolved is how to generate the network traffic in the range.Considering the inevitability of the abnormal traffic in real network,we must also generate the abnormal traffic in construct the cyber range.Previous research shows that there are two main approaches in producing the abnormal traffic,launching network attacks with the source code or modeling the abnormal traffic.Considering the hysteresis,difficulties and harmfulness of the former one,we choose the modeling method to simulate the abnormal network traffic.Having analyzed the abnormal traffic features,we design an abnormal network traffic generating mechanism basing on the temporal and spatial model and then develop the demonstration system.Experiment results show that the generated traffic satisfied the characteristics of the abnormal ones.The main contents and contributions of this paper are as follows:1.The designing of the abnormal network traffic frame.We first list some common network attack and analyze the characteristics,and then extract three features from spatial and temporal viewpoints,packet headers,payloads and the packet sending interval.Hence,we design a frame of the abnormal network traffic generating mechanism and explain each module in the frame.2.The implementation of the abnormal network traffic generating mechanism based on the spatial and temporal model.The mechanism consists three modules.We choose Snort Rules as the feature base of abnormal traffic in translating module.Then we design the interpreter of Snort Rules using ANTLR.The interpreter reads a rule and extract the token value of each rule field and store them into the rule structure.The packet constructing module read the structure and construct the packet using the Libnet library.In the traffic generating module,poisson model,cycle model and Multifractal wavelet model are used to simulate different temporal characteristics of the abnormal traffic.The packet sending process was controlled by the calculated time interval.3.The development of the abnormal network traffic generating demonstration system.We develop an abnormal network traffic generating demonstration system basing on the frame.The system includes three parts,the snort rule parse part,the packet constructing part and the traffic generating part,corresponding to the three modules in the frame.The system demonstrates how the abnormal traffic is generate.Experiment results show that the generated traffic satisfied the characteristics of the abnormal ones. |
PDF Full Text Request