Design And Implementation Of Network Emulator Platform For Network Security Attack And Defense

In the construction of the cybersecurity talent system,experimental teaching and practical exercises play a crucial role.However,there are several issues with traditional physical network experimentation environments,including manpower investment,time costs,limited flexibility,and potential environmental damage.Fortunately,with the continuous development of virtualization technology,these problems have been effectively addressed.Network simulators using virtualization network technology make it possible to build experimental environments that closely resemble real networks.By establishing network attack and defense environments in network simulators,it not only avoids difficulties in managing and scaling physical networks but also provides a wealth of real and valid data for experimental analysis.Nowadays,the application of network simulators is widespread in various cybersecurity education fields,providing a convenient way to cultivate cybersecurity talents.Against this background,this thesis designs and implements a network simulator platform specifically oriented towards network attack and defense.The main contributions are as follows:(1)Addressing the problem of inefficient virtual machine resource allocation caused by setting maximum resource thresholds in existing network simulators,this thesis proposes a Dynamic Allocation Algorithm for Virtual Machine Resources Based on Availability(DVMRA).The algorithm periodically assesses the availability and capacity of virtual machines,evaluates their availability based on the periodic variations of availability and capacity,and adjusts the allocation strategy accordingly.The availability index considers the impact of historical performance on the current service capacity of virtual machines,while the capacity index predicts the future resource status using a Markov chain model.By combining these two evaluation indices,the availability of virtual machines can be determined,allowing for better analysis of resource requirements and achieving optimal virtual machine resource adjustments.Experimental analysis demonstrates that compared to several classical resource scheduling algorithms,the DVMRA algorithm can effectively enhance the overall service capacity of virtual machines while maintaining similar system resource usage.(2)This thesis investigates the construction method of virtual networks based on SoftwareDefined Networking(SDN)and proposes a hybrid networking approach combining OpenvSwitch virtual switches with Mininet.A key node mining algorithm for SDN virtual networks is also introduced,which combines node betweenness centrality and the number of overlapping communities to quickly identify critical nodes that may carry more network traffic in SDN virtual networks.These critical nodes are then simulated using OpenvSwitch virtual switches,enabling users to monitor and process more network traffic on real OpenvSwitch switches.This approach effectively addresses the limitations of the authenticity and operability of SDN network simulations solely based on Mininet software,while leveraging the resource-saving advantages of hybrid networking.It allows for the construction of larger-scale SDN virtual experimental networks with limited resources,making it more suitable for building SDN experimental networks in resource-constrained network simulators.(3)Building upon the aforementioned research,this thesis designs and implements a network simulator platform that supports flexible monitoring and adjustment of virtual node resources,as well as the construction of both traditional and SDN virtual networks.The platform also provides functionalities such as user management,image uploading and management,virtual experiment management,virtual node management,virtual network management,resource management,and vulnerability environment simulation.Through this platform,users can conveniently and rapidly simulate various types of network devices,create customized network topologies,and achieve personalized virtual network experimental environments.Furthermore,the platform offers extensive support for attack and defense scenarios,providing a diverse range of quickly simulated training grounds,which facilitate the research and understanding of vulnerabilities for cybersecurity professionals.Experimental results demonstrate that the platform’s functionalities effectively support network and attack-defense experiments,while exhibiting good stability and usability.