Design And Implementation Of Network Attack And Defense Environment Construction System Based On Virtualization

As the network threat becomes increasingly serious, the network security becomes the focus of people’s attention. It is an effective and convenient method to simulate large-scale network security incident by building a network attacking-defense environment, but the use of traditional test bed exists the problems of high cost and low efficiency, the use of network simulator has the disadvantage of insufficient authenticity, and the use of background traffic generator has the problem of deploying limited number and location. Therefore, it is an important subject faced by network security researchers how to build a real and effective virtual network environment.To solve this problem, this thesis provides a network attacking-defense environment build system based on the virtualization. Build the virtual network topology with network virtualization and virtual network mapping model. Generate virtual node by KVM virtualization. Use lightweight virtualization to generate background traffic node. Complete the add of background traffic in the virtual network topology through background traffic model and dynamic deployment algorithm background traffic node. Accomplish the simulation of network security incident in the virtual network topology through the typical attacking model.Firstly, this paper accomplishes the formal description of network environment,which realizes the automatic allocation among IP address, MAC address, and virtual switch. This paper provides a routing computing strategy based on the terminal router transmission and a generating and operating scheme of the virtual node. Use virtual switch and VXLAN tunnel mode to realize the underlying communication of virtual network.Secondly, this paper designs and realizes virtual network mapping model. Use Newman fast condensation algorithm to complete the pre-processing division of virtual topology. Use a tree winners policy to guarantee the mapping in the case of using the least physical servers, and finally use constant iterative discrete particle swarm optimization(DPSO) algorithm to calculate the optimal mapping scheme.Then, this paper offers the generating scheme of lightweight background whichincludes the making process of node, background traffic model and network application protocol. This paper also provides dynamic node deployment algorithm which adopts a three-phase algorithm that is the target traffic mapping based on resource, the add application of background traffic based on the shortest route, and the node mapping based on the least communication cost.Finally, this paper will verify the feasibility of network attacking-defense environment constructing system by the case of DDo S attack, Botnet based on the HTTP protocol and the security event of Core Player.In a word, this paper accomplishes the constructing system of network attacking-defense environment which is based on virtualization. The system testing indicates that it can complete quickly the construction of virtual network environment where network background traffic and attacking traffic is generated dynamically.Virtual host node generates speedily, real degree is high, background traffic node resource consumption is small, fast start, the generated background traffic meet network self-similarity, and according to the demand of network attack and defense environment dynamic flexible deployment. Due to the good connectivity of network attacking-defense environment, it can apply to the simulation of typical security incident.