High-performance Network Emulation Technology For Low-rate Distributed Denial Of Service

Nowadays,the open and flexible cyberspace has greatly improved people's life quality and work efficiency,and has become an indispensable part of people's life.However,cyberspace security threats and cybersecurity incidents are increasing at the same time,which has brought huge negative impacts on human society.Among them,the Low-rate Distributed Denial of Service attack(LDDoS),which has high disruption and low technical complexity,is one of the largest unresolved persistent threats facing the Internet.A lot of scholars have paid attention to the research on new attack methods and defensive protection measures of this kind of security problem.Since LDDoS technology is harmful,wide-ranging,high-risk and uncontrollable,it is necessary to evaluate the effectiveness of the new LDDoS attack or defense technology before its application.Evaluating the technology in the real Internet environment might cause unpredictable damage,so it is necessary to study other evaluation methods for LDDoS.At present,evaluation methods based on digital simulation have the disadvantage of low fidelity,while the methods based on physical test beds have the disadvantage of poor scalability.With the development of cloud computing and virtualization technology,network emulation,represented by virtualization technology,has become the mainstream of network security effectiveness evaluation.To this end,this paper focuses on the high performance emulation method of LDDoS based on virtualization technology: on the one hand,the large-scale LDDoS emulation system based on lightweight virtualization is studied,which can ensure the scalability of the emulation and the fidelity of LDDoS emulation traffic;on the other hand,the LDDoS emulation technology based on high-fidelity virtual router is studied,which can further improve the fidelity of LDDoS emulation by improving the fidelity of virtual router emulation.Specifically,the main research elements of this paper include the following three aspects:1)A large-scale LDDoS emulation technology based on lightweight virtualization is proposed.Aiming at such attack behavior of LDDoS on complex large-scale network,in order to improve the emulation fidelity of LDDoS attack or defense technology while ensuring the scale,this paper has proposed a LDDoS emulation technology based on lightweight virtualization.The technology focuses on a emulation architecture that integrates network topology construction,attack scenario configuration and data collection and analysis,and introduces its implementation method based on lightweight virtualization technology.Experiments show that the proposed method has the advantages of high fidelity,strong scalability and large emulation scale,and the constructed lightweight virtual simulation network can realistically communicate with physical routers.In addition,based on such method,a LDDoS emulation scenario with 400 routing nodes can be constructed on a single physical server,which can provide the foundation for the research of large-scale LDDoS attack and defense strategy.2)An LDDoS emulation technology based on high-fidelity virtual router is proposed.The emulation of LDDoS technology puts high requirements on the fidelity of the virtual router.At present,some virtual router emulation technologies,such as routing software and Traffic Control(TC),can emulate the basic functions of routers.But they have a disadvantage that the emulation of congestion control is not realistic.In order to solve this problem,this paper has proposed a novel virtual router emulation method,which is based on virtualization technology and improves the emulation fidelity by using the tail-drop queue management algorithm,firstin-first-out queue management rules,and delay-waiting bandwidth control methods.Based on this,this paper has designed and implemented a traffic control module in the kernel space of KVM and the user space of Docker,thereby constructing a highly realistic virtual router based on KVM and Docker separately.Experimental verification shows that the average error of our virtual router in bandwidth control is 4.53%,and the error in packet loss rate is 0.02.The emulation results of the BGP-DDoS and BGP-LDDoS attack behaviors are basically consistent with the results of the physical equipment experiments.Therefore,our virtual router has high fidelity in LDDoS emulation scenarios.3)Based on the research in 1)and 2),a LDDoS emulation system based on virtualization is constructed.Relying on the OpenStack cloud platform,this system can perfectly integrate lightweight virtualization technology and full virtualization technology.This paper has designed and implemented a network recurrence,experiment management,and collection and evaluation subsystem on the OpenStack cloud platform to achieve an LDo S-oriented network emulation.Based on this system,we constructed a large-scale and complex AS inter-domain network topology including 3,000 virtual routers,180 virtual hosts,and 5179 routing links.A LDDoS attack behavior simulation preves that our system can use limited physical resources to achieve large-scale and high-fidelity LDDoS emulation,which provides good availability.