Research on Quantitative and Semi-Quantitative Training Simulation of Network Countermeasure Jianjun Shen1,a, Nan Qu1,b, Kai Li1,c

Similar documents
Traffic Flow Prediction Based on the location of Big Data. Xijun Zhang, Zhanting Yuan

Analysis on computer network viruses and preventive measures

TCM Health-keeping Proverb English Translation Management Platform based on SQL Server Database

The investigation of social networks based on multi-component random graphs

Automatic analysis technology for aviation equipment software requirements ZHOUHan-Qing, LI Hai-Feng,HUANG Yan-Bing

International Conference on Advances in Mechanical Engineering and Industrial Informatics (AMEII 2015)

AGENT-BASED ROUTING ALGORITHMS ON A LAN

Method for security monitoring and special filtering traffic mode in info communication systems

Computer Life (CPL) ISSN: Research on the Construction of Network and Information Security. Architecture in Campus

Study on the Quantitative Vulnerability Model of Information System based on Mathematical Modeling Techniques. Yunzhi Li

Study on Computer Network Technology of Digital Library

Effectiveness Evaluation of Air and Missile Defense System Based on Parametric Diagrams

IMPROVED ARTIFICIAL FISH SWARM ALGORITHM AND ITS APPLICATION IN OPTIMAL DESIGN OF TRUSS STRUCTURE

BP Neural Network Evaluation Model Combined with Grey-Fuzzy Based on Included Angle Cosine

A Method of Face Detection Based On Improved YCBCR Skin Color Model Fan Jihui1, a, Wang Hongxing2, b

Analysis of the Social Community Based on the Network Growing Model in Open Source Software Community

Application of Log-polar Coordinate Transform in Image Processing

Parallel Implementation of a Random Search Procedure: An Experimental Study

Research on adaptive network theft Trojan detection model Ting Wu

Research on Computer Network Virtual Laboratory based on ASP.NET. JIA Xuebin 1, a

An Adaptive Histogram Equalization Algorithm on the Image Gray Level Mapping *

Design and Realization of Agricultural Information Intelligent Processing and Application Platform

Design of an Optical Packet Switch for Real-Time. applications.

A Generic Algorithm for Heterogeneous Schema Matching

Study on Jabber Be Applied to Video Diagnosis for Plant Diseases and Insect Pests

Indoor Location Algorithm Based on Kalman Filter

The research of key technologies in the fifth-generation mobile communication system Su Lina1, a, Chen Wen2,b, Chen Ping3,c, Lu Yanqian4,d

A Study on various Histogram Equalization Techniques to Preserve the Brightness for Gray Scale and Color Images

International Conference on Advances in Mechanical Engineering and Industrial Informatics (AMEII 2015)

Insensitive Traffic Splitting in Data Networks

Research on Stability of Power Carrier Technology in Streetlight Monitoring System

The Comparative Study of Machine Learning Algorithms in Text Data Classification*

2nd International Conference on Electrical, Computer Engineering and Electronics (ICECEE 2015)

IN this letter we focus on OpenFlow-based network state

1 Introduction to Parallel Computing

A routing algorithm based on SDN for on-board Switching Networks

Visual Working Efficiency Analysis Method of Cockpit Based On ANN

Cooperative Edge Caching in User-Centric Clustered Mobile Networks

Research on Community Structure in Bus Transport Networks

Immunization for complex network based on the effective degree of vertex

Simulation and Realization of Wireless Emergency Communication System of Digital Mine

Research on Design and Application of Computer Database Quality Evaluation Model

Management Information Systems (MMBA 6110-SP) Research Paper: Internet Security. Michael S. Pallos April 3, 2002

PARTICLES SWARM OPTIMIZATION FOR THE CRYPTANALYSIS OF TRANSPOSITION CIPHER

A A A. Fig.1 image patch. Then the edge gradient magnitude is . (1)

An Improved KNN Classification Algorithm based on Sampling

A Novel Mechanism in MPLS Network under Adversarial Uncertainty

Study on data encryption technology in network information security. Jianliang Meng, Tao Wu a

The Complex Network Phenomena. and Their Origin

Observations on Client-Server and Mobile Agent Paradigms for Resource Allocation

Autonomous System Network Topology Discovery Algorithm Based On OSPF Protocol

Warship Power System Survivability Evaluation Based on Complex Network Theory Huiying He1,a, Hongjiang Li1, Shaochang Chen1 and Hao Xiong1,2,b

Approaches for Resilience Against Cascading Failures in Cloud Datacenters

The Solutions to Some Key Problems of Solar Energy Output in the Belt and Road Yong-ping GAO 1,*, Li-li LIAO 2 and Yue-shun HE 3

An Immunity-based Ant Colony Optimization Topology Control Algorithm for 3D Wireless Sensor Networks

An Evolving Network Model With Local-World Structure

Home Computer and Internet User Security

The principle of a fulltext searching instrument and its application research Wen Ju Gao 1, a, Yue Ou Ren 2, b and Qiu Yan Li 3,c

The missing links in the BGP-based AS connectivity maps

A Novel Intrusion Detection Method for WSN Sijia Wang a, Qi Li and Yanhui Guo

A Dynamic TDMA Protocol Utilizing Channel Sense

Research on the Application of Digital Images Based on the Computer Graphics. Jing Li 1, Bin Hu 2

NETWORK THREATS DEMAN

Speaker Diarization System Based on GMM and BIC

Virtual Training Samples and CRC based Test Sample Reconstruction and Face Recognition Experiments Wei HUANG and Li-ming MIAO

Parameter Optimization for Mobility Robustness Handover in LTE

Controllability of Complex Power Networks

The Centralized management method to increase the security of ARP. Qinggui Hu

Research on Cloud Resource Scheduling Algorithm based on Ant-cycle Model

A Scheme of Dynamic Bandwidth Allocation for Switching FC-AE-1553 Network

Face Recognition Based on LDA and Improved Pairwise-Constrained Multiple Metric Learning Method

The ESB dynamic routing strategy in the low bandwidth network environment

Information modeling and reengineering for product development process

Construction and Application of Cloud Data Center in University

Research on Model-based IMA Resources Allocation Xiao Zhang1, a, Lisong Wang2, b

2018 By: RemoveVirus.net. Remove A Virus From Your PC In 5 Simple Steps

COMPRESSING THE MULTIROBOT TEAM FORMATION STATE BASED ON SOM NETWORK

Utilizing Restricted Direction Strategy and Binary Heap Technology to Optimize Dijkstra Algorithm in WebGIS

Scheduling Unsplittable Flows Using Parallel Switches

Performance Modeling and Analysis for Resource Scheduling in Data Grids 1

Introduction to Information Technology Turban, Rainer and Potter John Wiley & Sons, Inc. Copyright Chapter 12 1

DSP-Based Parallel Processing Model of Image Rotation

result, it is very important to design a simulation system for dynamic laser scanning

An Solution of Network Service Oriented Operator Network Intrusion Prevention

INTERCONNECTION networks are used in a variety of applications,

Energy efficient optimization method for green data center based on cloud computing

Discussion on Writing of Recursive Algorithm

DEVELOPMENT OF PREVENTIVE MAINTENANCE SYSTEM ARISING IN ADVANCED EDDY CURRENT TESTING USING NETWORK TOMOGRAPHY

A NEW CLASSIFICATION METHOD FOR HIGH SPATIAL RESOLUTION REMOTE SENSING IMAGE BASED ON MAPPING MECHANISM

On the Growth of Internet Application Flows: A Complex Network Perspective

Research and Application of Mobile Geographic Information Service Technology Based on JSP Chengtong GUO1, a, Yan YAO1,b

Fuzzy Double-Threshold Track Association Algorithm Using Adaptive Threshold in Distributed Multisensor-Multitarget Tracking Systems

Symantec Client Security. Integrated protection for network and remote clients.

Chapter 10: Security and Ethical Challenges of E-Business

Network Topology for the Application Research of Electrical Control System Fault Propagation

Structural Analysis of Paper Citation and Co-Authorship Networks using Network Analysis Techniques

ARP SPOOFING Attack in Real Time Environment

GRID SCHEDULING USING ENHANCED PSO ALGORITHM

SRM ARTS AND SCIENCE COLLEGE SRM NAGAR, KATTANKULATHUR

Hotel Recommendation Based on Hybrid Model

Transcription:

2nd International Conference on Advances in Mechanical Engineering and Industrial Informatics (AMEII 2016) Research on Quantitative and Semi-Quantitative Training Simulation of Networ Countermeasure Jianjun Shen1,a, Nan Qu1,b, Kai Li1,c 1 Department of Informationization Construction, Academy of National Defense Information, Wuhan, 430010, China a email:shjj06@sina.com, bemail:619477568@qq.com, cemail:307482359@qq.com Keywords: Networ Countermeasure; Quantitative; Semi-quantitative; OPNET; Simulation Abstract. Networ countermeasure is an important ind of combat operations in information condition, so how to implement networ countermeasure simulation in simulative training applications is a crucial problem to be resolved. Therefore, the paper first proposed the architecture of networ countermeasure simulation, and described its realization issue in simulative training. Secondly, the paper explained the degree-based virus spreading methods, and put forward a quantitative simulation method for virus spreading on scale-free networ. Thirdly, based on the ideas of parameter setting, the paper presented a semi-quantitative simulation method for some networ attac and networ defense actions. As the methods presented in this paper have certain fidelity while meeting the practical application requirements of simulative training, they can solve some problems that are hardly implemented. Thus it can be seen that the research results has good application prospect. Introduction In information age, with the arising of new operation patterns such as information warfare, networ-centric warfare, distributive networ warfare and etc., the networ is playing more and more important role [1]. Especially, using virus or other means to attac opponent's networs has been a common practice for both warring sides. So simulation training, as a modern technological means to sharpen the actual operational capacity, should include simulation of networ countermeasure so as to practically improve the training effects. As an excellent networ simulation platform, OPNET has been used in most networ simulation applications. OPNET uses object oriented 3 layers, namely networ layer, node layer, and process layer for modeling and provides a large number of device models, so communication networ can be modeled in an intuitive and convenient way [2]. OPNET also provided HLA interface, so that the simulation program developed based on OPNET can carry out distributive information interaction with other external applications in accordance with HLA standard. As for simulative training applications, the training simulation of networ countermeasure is different from general performance simulation. For networ countermeasure performance simulation, emphasis is laid on the fidelity of the simulation results while there are no special requirements for time to be taen by simulation execution, and a longer simulation running time is permissible. But for training simulation of networ countermeasure, its running process must be real time while the simulation results are not necessary to be very precise. Its ey is to show the relevant characteristics of networ countermeasure, so that trainees can be aware of any networ change brought by networ countermeasure and then tae appropriate measures for further action. Furthermore, in simulative training applications, demands of directors should also be taen into account when to simulate networ countermeasure. As important users of simulative training, directors can control implementation of networ countermeasure by setting parameters directly. As training simulation of networ countermeasure is a difficult problem, this paper proposed a combination of quantitative and semi-quantitative methods. Quantitative method mainly applied mathematical formula to describe networ countermeasure, while semi-quantitative method adopted setting parameters method in order to meet wor needs of directors or address the difficulties that 2016. The authors - Published by Atlantis Press 1172

cannot be completely described with mathematical formulas. The Architecture According to functional needs, a simulative training system used networ countermeasure can be composed of a directing room, a networ attac operating room and a networ defense operating room, and the trainees should be divided according to tass and carry out the simulative training in the corresponding room. In the directing room, networ attac operating room, and networ defense operating room, all seats are interconnected through Local Area Networ (LAN), realizing communication between seats based on the LAN. The directing room, networ attac operating room, and networ defense operating room as well as database server, HLA/RTI server, and OPNET networ simulator are interconnected through a switch, forming a complete simulative training system for distributed interactive training online. The architecture of the system is as shown in Figure 1. Directing Room Networ Attac Operating Room Networ Defense Operating Room Directing Seat Operating Seat Operating Seat Switch Database Server HLA Server OPNET Networ Simulator Fig.1. The architecture of the simulative training system In Figure 1, the networ attac operating room is used for carrying out simulative training on networ attacs, the networ defense operating room is used for carrying out simulative training on networ defenses, OPNET networ simulator is used for simulating the running process of networ, including simulation of networ attac and networ defense actions, and HLA server is used for realizing the distributed interaction of training information with international standard [3]. The Information interactions between seats in simulative training process are as shown in Figure 2. Networ Attac Operating Room Attac Actions Simulation Feedbac OPNET Networ Simulator Defense Actions Simulation Feedbac Networ Defense Operating Room Simulation Feedbac Intervention Command Writs Writs Directing Room Scenarios and Writs Scenarios and Writs Fig.2. The information interactions between seats 1173

As the core component of the simulative training system, OPNET networ simulator needs to simulate networ attac and defense actions. Quantitative and semi-quantitative simulation methods are provided below. Quantitative Simulation Method The use of virus in networ countermeasure has become a typical practice in information conditions, so how to simulate virus spreading in OPNET networ simulation is a ey problem. In recent years, researches [4][5][6] have shown that the degree distribution of many networs is obviously different from Poisson distribution. For many networs such as WWW, Internet on autonomous layer, and paper citation networ, their degree distribution can be better described in power law. Networs with power law degree distribution are also nown as scale-free networs, whose degree distribution is highly non-uniform: that is, most nodes have smaller degrees while a smaller number of nodes have larger degrees. Now consider the virus spreading on scale-free networs. Tae nodes in the networ follow the SIS model of susceptible(s) infected(i) susceptible(s), let the probability of getting infected from the susceptible state be ν and that of getting recovered to the susceptible state from the infected state be δ, effective spreading rate is defined as: ν λ = (1) δ Define the relative density ρ () t as the probability to be infected for a node with a degree of, the average field equation is as follows: ρ () t = ρ() t + λ[ 1 ρ() t ] Θ( ρ() t ) (2) t Where, Θ ( ρ ( t )) represents the probability for any given edge to connect with an infected node. Denote the steady-state value of ρ () t as ρ, for this purpose, let the right side of the equation (2) be zero, we can get: λθ( λ) ρ = 1 + λ Θ (3) ( λ) For unrelated scale-free networs, as the probability for any given edge to point to the node with the degree of s can be expressed as sp() s, we can get: 1 Θ ( λ) = P( ) ρ (4) Combining equations (3) and (4), we can get ρ and Θ ( λ). With a view to the typical example of scale-free networs BA scale-free networ, the degree distribution and average degree are respectively: 2 3 P ( ) = 2m (5) = P( ) d = 2m (6) m Where, m represents that a newly introduced node is connected to m existing nodes in BA scale-free networ construction algorithm. Thus, according to equation (4), we can get: 1 d 1 Θ ( λ) = Θ ( λ) = Θ ( λ)ln(1 + ) (7) m 1 + λθ( λ) Θ( λ) Then: e Θ ( λ ) = (1 e ) (8) Substituting equation (8) into equation (3), we can thus get ρ. Therefore, the spread process of virus can be simulated according to the following steps in simulative training: 1174

(1) Initially setup several nodes infected by virus. (2) Calculate the degree of all nodes, tae the largest degree as, then calculate the steady-state infection density ρ of all nodes from = 1 to. For BA networ, Θ ( λ) is shown as follows: e Θ ( λ) = ( 1 e ) (9) λm (3) Calculate the current actual infection density of all nodes from = 1 to, that is, for nodes with degree, the ratio of the number of those infected to the total number, denote it as ρ t. ( ) (4) For each ρ ( t), calculate the selection probability: ρ() t ρ ps ( ) = min(, 1.0) (10) ρ That is, if the difference between the current actual infection density ρ ( t) and the steady-state infection density ρ is greater, there will be a larger selection probability ρ s ( ), indicating that the node with degree is under a greater probability to be selected for infection and recover in the next step. If ρ s ( ) is smaller, it indicates that the node with degree tends to be in a steady-state, and in order to avoid damaging to the steady-state conditions, the selection probability ρs ( ) should be smaller. (5) Perform steps (6) ~ (8) from = 1 to. (6) Generate a new random number p, if p ps ( ) then proceed to the next step, otherwise go to step (8). (7) For the current node with degree, if it is infected then go to step (8), otherwise find out the number of infected nodes among those nodes connected with the said one, and tae the number as s. Generate s random numbers p, if all these s random numbers p are larger than ν, go to step(8), otherwise change the node with degree to an infected one. (8) Let = + 1, if >, it indicates that all nodes have been infected, then go to the next step, otherwise go to step (6). (9) Perform steps (10) ~ (12) from = 1 to. (10) Generate a new random number p, if p ps ( ), proceed to the next step, otherwise go to step (12). (11) For the current node with degree, if it is non-infected, go to step (12), otherwise generate a random number p, if p is larger than δ, go to step (12), otherwise change the node with degree to an non-infected one. (12) Let = + 1, if >, it indicates that all nodes have been recovered, then go to the next step, otherwise go to step (10). (13) Go to step (3) to repeat the operation until the simulation ended. Semi-quantitative Simulation Method In order to meet the directors needs of setting networ countermeasure actions directly in simulative training and address some difficulties that some networ countermeasure actions can t be described with mathematical formulas, this paper adopted the semi-quantitative simulation method with setting parameters for simulation of networ countermeasure. Semi-quantitative simulation methods for some typical networ countermeasure actions are provided in this paper as below. For simulation of other networ countermeasure actions, similar approaches can be taen. 1175

Worm attac Table 1. Semi-quantitative simulation methods for networ attacs Actions Parameters Description Trojan horse attac IP spoofing Denial of service attac IP address of the attaced device Attac time Minimum waiting time delay Maximum waiting time delay IP address of the host infected with Trojans Attac time Pacet transmission frequency Pacet length IP address of the attacing host IP address of the attaced host IP address of the spoofed host Attac time IP address of the attacing host IP address of the attaced host Attac time In OPNET, add a random number between the minimum waiting time delay and the imum waiting time delay to the pacets of the attaced device, to extend the queuing time of the pacets, so as to reflect the effect of slowing down pacet transmission as a result of slower networ speed after attacs on the device. In OPNET, the host infected with Trojan sends random pacets (length is determined by the pacet length value) in accordance with the pacet transmission frequency, to simulate that the Trojan horse program secretly opens the port and sends data to the Trojan server after attacs of Trojans on the host. In OPNET, when the attaced host sends pacets, if the destination IP address of the pacets is the same as the IP address of the spoofed host, pacets are sent to and received by the attacing host, so as to simulate the effect of IP spoofing attacs. In OPNET, find the corresponding networ device according to the IP address of the attaced host and change its parameters of the model, so that it can only receive the attacer's data, while discarding all normal service requests from other hosts, to reflect the characteristics of a denial of service attac. Table 2. Semi-quantitative simulation methods for networ defenses Actions Parameters Description Protection Level 1 (firewall + updating patch and antivirus software) Protection Level 2 (firewall + updating patch and antivirus software + IPS) Protection Level 3 (firewall + updating patch and antivirus software + IPS + safety audit) IP address of the protected host Protection time Success rate of protection In OPNET, any action(such as sending a pacet) taen by the protected host first generates a random number p, if p is smaller than the value of the success rate of protection, operations are carried on in the ordinary course, not affected by networ attacs, so as to reflect the improvement effects brought about by taing protection measures. Ibid. However, because the success rate of protection at Protection Level 2 is higher than that at Protection Level 1, for each action taen by the protected host, its corrective probability is greater than that under Protection Level 1. Ibid. However, because the success rate of protection at Protection Level 3 is higher than those at Protection Level 1 and Level 2, for each action taen by the protected host, its corrective probability is greater than those under Protection Level 1 and Level 2. According to the parameters and rules given by the semi-quantitative simulation methods listed above, networ attac and defense actions can be simulated. For example, for worm attacs, suppose the queuing time of pacets is t i in normal conditions, when the device is subjected to a worm attac, the queuing time of pacets is: t i = ti + tr (11) Where, tr is a random time between the minimum waiting time delay and the imum waiting time delay. When the protected host taes networ defense actions, any actions (such as sending a pacet) taen by it first generates a random number p, and then maes the following judgment: ti, if ( p < pa) t i = (12) ti + tr, else Where, p a is the success rate of protection, t i is the queuing time of pacets after taing defense actions. Conclusion and Future Wor To meet the simulative training application needs, the paper proposed a networ countermeasure training simulation architecture, proposed a quantitative simulation method for virus spreading on scale-free networs, and presented a semi-quantitative simulation method for some networ attac 1176

and networ defense actions. Due to employment of detailed mathematical description, the quantitative simulation method has certain simulation fidelity; Applying with parameter setting, the semi-quantitative simulation method meets the practical application requirements of the simulative training, and addresses some difficulties that cannot be described with mathematical formulas. The follow-up researches will involve quantitative and semi-quantitative simulation methods on more networ types and more networ countermeasure actions. References [1] Jianjun Shen. Research on Operation Simulative Training in Information Age [C]. Applied Mechanics and Materials Vols. 411-414, 2013 2860-2864. [2] Jianjun Shen, Kai Li, Yuqing Xu. Research on Real-Networ-in-the-Loop Simulation Based on OPNET[C]. 2015 International Symposium on Computers & Information, 2015 655-661. [3] Yan Zhou, Jianwei Dai. The Simulation Program Design of HLA. Publishing House of Electronics Industry, Beijing, 2002. (in chinese) [4] Barabási A L, Bonabeau E. Scale-free networs. Scientific American, May 2003 50-59. [5] Newman M E J. The structure and function of complex networs. SIAM Review, 2003(45) 167-256. [6] Albert R, Barabási A L. Statistical mechanics of complex networs. Reviews of Modern Physics, 2002(74) 47-97. 1177

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback