Research on Network Attack-Defense Training Based on Virtual Machine



Similar documents
packet retransmitting based on dynamic route table technology, as shown in fig. 2 and 3.

Network Attack Platform

WhatsUpGold. v3.0. WhatsConnected User Guide

Building Secure Network Infrastructure For LANs

A Network Simulation Experiment of WAN Based on OPNET

Lecture 02b Cloud Computing II

Res. J. Appl. Sci. Eng. Technol., 5(7): , 2013

Enterprise Network Virus Protection Research Yanjie Zhou 1, Li Ma 2 Min Wen3

WEB SECURITY. Oriana Kondakciu Software Engineering 4C03 Project

Linux Network Security

Recommended IP Telephony Architecture

Network Security: 30 Questions Every Manager Should Ask. Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting

Network Security. Tampere Seminar 23rd October Overview Switch Security Firewalls Conclusion

Network System Design Lesson Objectives

Computer Network Engineering

HE WAR AGAINST BEING AN INTERMEDIARY FOR ANOTHER ATTACK

On Cloud Computing Technology in the Construction of Digital Campus

Basic & Advanced Administration for Citrix NetScaler 9.2

Open-Source Software Toolkit for Network Simulation and Modeling

CompTIA Network+ (Exam N10-005)

IPv4 and IPv6: Connecting NAT-PT to Network Address Pool

Securing Cisco Network Devices (SND)

Exploration on Security System Structure of Smart Campus Based on Cloud Computing. Wei Zhou

NETASQ & PCI DSS. Is NETASQ compatible with PCI DSS? NG Firewall version 9

On the Deficiencies of Active Network Discovery Systems

Chapter 5. Figure 5-1: Border Firewall. Firewalls. Figure 5-1: Border Firewall. Figure 5-1: Border Firewall. Figure 5-1: Border Firewall

Goals. Understanding security testing

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 5 Firewall Planning and Design

A Systems Engineering Approach to Developing Cyber Security Professionals

Network Defense Tools

Tk20 Network Infrastructure

Virtualised MikroTik

Research on the Essential Network Equipment Risk Assessment Methodology based on Vulnerability Scanning Technology Xiaoqin Song 1

Procedia - Social and Behavioral Sciences 141 ( 2014 ) WCLTA Applying Virtualization Technology in Security Education

Information Technology Career Cluster Introduction to Cybersecurity Course Number:

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Building A Secure Microsoft Exchange Continuity Appliance

CMPT 471 Networking II

Log Audit Ensuring Behavior Compliance Secoway elog System

REAL-TIME WEB APPLICATION PROTECTION. AWF SERIES DATASHEET WEB APPLICATION FIREWALL

Automated deployment of virtualization-based research models of distributed computer systems

CS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013

Firewalls. Chapter 3

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

Detailed Description about course module wise:

Ovation Security Center Data Sheet

MONITORING OF TRAFFIC OVER THE VICTIM UNDER TCP SYN FLOOD IN A LAN

CONCEPTUAL MODEL OF MULTI-AGENT BUSINESS COLLABORATION BASED ON CLOUD WORKFLOW

When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking.

A Web Site Protection Oriented Remote Backup and Recovery Method

CDS and Clearing Limited Thapathali, Kathmandu 7 th Level (Technical) Syllabus

ViPNet ThinClient 3.3. Quick Start

Network Incident Report

13 Ways Through A Firewall

Best Practices for Securing IP Telephony

UVic Department of Electrical and Computer Engineering

Course Venue :- Lab 302, IT Dept., Govt. Polytechnic Mumbai, Bandra (E)

Cisco Discovery 3: Introducing Routing and Switching in the Enterprise hours teaching time

Network Management Deployment Guide

13 Ways Through A Firewall What you don t know will hurt you

Internet infrastructure. Prof. dr. ir. André Mariën

A Study of Network Security Systems

A Scheme for Implementing Load Balancing of Web Server

Building a Penetration Testing Virtual Computer Laboratory

Deploy Remote Desktop Gateway on the AWS Cloud

Advancement in Virtualization Based Intrusion Detection System in Cloud Environment

CUSTOMIZED ASSESSMENT BLUEPRINT COMPUTER SYSTEMS NETWORKING PA. Test Code: 8148 Version: 01

VPN Configuration Guide. Dell SonicWALL

JK0-022 CompTIA Academic/E2C Security+ Certification Exam CompTIA

Keyword: Cloud computing, service model, deployment model, network layer security.

Firewalls. Ola Flygt Växjö University, Sweden Firewall Design Principles

Special Edition for Loadbalancer.org GmbH

The Cyber Security Modeling Language and Cyber Security research at department for Industrial Information and Control Systems

Comtrend 1 Port Router Installation Guide CT-5072T

Certified Ethical Hacker Exam Version Comparison. Version Comparison

vcloud Director User's Guide

Security Frameworks. An Enterprise Approach to Security. Robert Belka Frazier, CISSP

Basic Network Configuration

Threat Modeling. Frank Piessens ) KATHOLIEKE UNIVERSITEIT LEUVEN

8 Steps for Network Security Protection

Cisco AnyConnect Secure Mobility Solution Guide

a) Encryption is enabled on the access point. b) The conference room network is on a separate virtual local area network (VLAN)

8 Steps For Network Security Protection

School of Information Science (IS 2935 Introduction to Computer Security, 2003)

ForeScout CounterACT. Device Host and Detection Methods. Technology Brief

EC-Council Certified Security Analyst / License Penetration Tester (ECSA/LPT) v4.0 Bootcamp

A Biologically Inspired Approach to Network Vulnerability Identification

Ovation Security Center Data Sheet

Secure networks are crucial for IT systems and their

Network Security Topologies. Chapter 11

CS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module

Virtualization Guide. McAfee Vulnerability Manager Virtualization

ClearOS Network, Gateway, Server Quick Start Guide

Network and Host-based Vulnerability Assessment

Network Security and Firewall Technology

Transcription:

Research on Network Attack-Defense Training Based on Virtual Machine 1 Zhang Hui, 2 Sun Yanwei *1, School of Computer Science and Technology, HuBei University of Education, zhanghuiwuhan@sina.com 2, College of Computer Science and Technology, ChongQing University of Posts and Telecommunications, sunyanweiwh@163.com Abstract For modern information warfare, a bridle-wise team sophisticated in computer network attackdefense skills can be the key to the win or lose. Aiming at present military requirement for network attack-defense training and difficulties involved, a realistic and economical method for building network environment with virtual machine was put forward, which can construct a relative complicated network experiment environment with limited hardware condition. The related key technologies such as three kinds of network accessing pattern in VMware, the architecture of network attack-defense and the virtual network topology are also detailed. Finally, a simulation example was presented to prove the feasibility of the method. It can provide beneficial reference for building a network shooting range for attack-defense training, and soldiers can be versed in theories and skills of computer network attack-defense by training during short term. Keywords: Network Attack-Defense, Virtual Machine, Vmware, Network Address Translation, Virtual Simulation Network 1. Introduction Computer network war will be the leading pattern of operations on future information battlefield. It is an armchair strategist to keep initiative anytime and anywhere without a bridle-wise team sophisticated in computer network attack-defense skills. Researches of network information security and information secrecy are always attached much more importance. But the central point of the research emphasizes particularly on theory and soldiers can t get corresponding network attack-defense simulation training system to be used for training. So it is great important of developing network attack-defense simulation training system to build a network shooting range for attack-defense training, and soldiers can be versed in theories and skills of computer network attack-defense by training during short term. But in light of current reality of current network attack-defense areas, the biggest challenge is how to build a realistic simulation network environment and experimentation platform serving for training and researching in the limited condition of hardware and software. As the combination of hardware and software, virtual machine can create a running platform for Operation System and other software by using functions of existing Operation System and special hardware. The advent of virtual machine technology and its powerful virtual function, which make it possible to perform the experiment that is hampered by limited equipment before time. Accordingly, developing a network attack-defense training system based on virtual machine is brought forward. In this system, Red-Blue antagonizing mechanism is introduced to network security and Attack-Defense technologies are implemented. The large-scale network antagonizing drill can be put in practice by planning the scenario of both sides in the system. By observing the whole network attack and defense process, the trainer can get great skills and more experience. At the same time, the researcher can test research results of network Attack-Defense technologies. The system will provide scientific training means for network Attack-Defense drill of future information warfare, and it will also provide advantaged training support for improving network operational capability of digital troops. 2. Related works Works on network Attack-Defense training simulation based on virtual machine are seldom found in related research fields and approaches. But building test platform and performing Journal of Convergence Information Technology(JCIT) Volume 7, Number 21, Nov 2012 doi : 10.4156/jcit.vol7.issue21.29 228

network security experiment by using virtual machine have been gained great advancement in recent years and can provide beneficial reference. New progresses have been achieved in network Attack-Defense technology. The typical attacks against IP communications network security, such as different kinds of denial-of-service and attacks against RIP/OSPF/ISIS routing protocols are analyzed by Cheng Yanli [1]. Various network attacks and the security protection technologies including disclosure, counterfeiting, tampering, malicious attacks, vulnerabilities, denial of service, data stream encryption, access control, data stream filtering, intrusion detection and security scanning are detailed by Wei Junhua [2]. A kind of simulation platform model of network attack-defense was put forward by Wu Xianhong [3]. Within the platform model, every component is analyzed and its function is pointed out. In terms of the component of virtual network environment, the design of virtual network topology, the saving and parsing of virtual network topology and the creation of virtual network environment, the simulation environment of network attack-defense is designed and implemented in detail. A network confrontation training simulation system has been designed by Gan Gang [4], and its related subsystems including interactive confrontation training simulation system, support software system, evaluation system, and information database are discussed. Due to performance increase of computer hardware, research on virtual machine and its application has attracted more attention. According to the principle and the purpose of the network technology experiment platform, a plan using virtual machines was offered by Gong Tao [5]. The content and flow of building the network technology experiment platform were introduced. Basing on the virtual machine software named VMware Workstation, the plan and design solution scheme for virtual machine is chiefly discussed by Wang Taicheng [6], which can implement and finish complex network experiments including DHCP relay agent and VPN remote access. The benefits of using virtual machine and the prospects of application for the National Meteorological Information Center of China are discussed by Zhang Haitao [7]. He also established a high available test environment with two Suse Linux servers sharing storage, and it can replace the actual expensive hardware environment. An approach of applying VMware virtual machine technology to support windows soft route labs under stand-alone computer environment was presented by Ren Yingxue [8]. Through his approach, there is no need to construct real intranet or networked lab and the interconnected communication of different IP address fields could be achieved by using virtual network composed of virtual machines and router constructed by Windows 2000 routing & remote access service. Based on the research actualities mentioned above, it is easy to know that the existing research results mainly focused on single network attack-defense technology and application of virtual machine. But how to build an experiment platform applying to skill training for different network attack-defense technologies by virtual machine can t be found yet. So research on network attack-defense training simulation system based on virtual machine will gain important practical significance for improving training effect. 3. Virtual machine The virtual machine technology can simulate an absolute physical environment with virtual machine software, which can be CPU, hard disk, CD-ROM, USB interface, network adapter and sound adapter etc. The Operation System can be installed in the virtual physical environment and runs well. The computer with virtual machine software running is called host computer and the memory of host computer must be large enough when virtual machine is running. The large numbers of memory will be occupied and host computer speed will be slow down in running time. The virtual machine can be used in most different virtual network environment and its advantages are summed up as follow. 1) Several virtual machines can be with just one host computer and each virtual machine is a independence computer. Different kinds of operation systems will be simulated in the same host computer such as Windows, Linux and FreeBSD etc. Every machine can run independently or subsequently, they can communicate with other virtual machine and host computer including dialog, files sharing and etc. 229

2) All hardware simulated by virtual machine are standard hardware. But all hardware simulated by host computer are on the same and can be copied between different physical hosts without considering the difference among these hardware. So virtual operation system will be reverted and resumed quickly when different kinds of problems appeared. 3) The virtual hard disk used by virtual machine is one or multi files, so it made the virtual machine can be renewed fleetly. Virtual machine can save and revert system state with the function mentioned above. All configuration parameters of virtual machine can be backed up by function named with snapshot. Both virtual machine and host computer have characteristic of isolation and operations in virtual machine will have no influences with the hard disk partition and its data of physical host. Now VMware has been the most commonly used virtual machine software and it can provide three kinds of network accessing pattern for user, which has been named as bridged pattern, Network Address Translation (NAT) pattern and host pattern. The principle diagram of these patterns can be shown as Fig. 1 to Fig 3. It can help connecting the virtual machine to network according the actual network environment after the virtual machine was created. As it is shown in three figures, the dashed framework is built by VMware software. Bridged Pattern. In this pattern, virtual machine and physical host are all connected to one same virtual Ethernet switch named VMnet0. The switch is equal to concatenating to the physical network switch of upper layer. At this time, the virtual machine and the other computer in actual local area network are all at the same local network. It is shown in Figure 1. Figure 1. The principle diagram of bridge pattern Network Address Translation (NAT) Pattern. In this pattern, virtual machine is connected to virtual switch VMnet8 and VMware simulated DHCP server and NAT device all together. It can provide both DHCP service and NAT service, which help itself to acquire network configuration parameters automatically and connect to outside physical network. Two VMware network adapters (VMnet1 and VMnet8) will be created in physical host when the virtual machine software (VMware) is installed. It is shown in Figure 2. 230

Figure 2. The principle diagram of NAT pattern Host Pattern. In this pattern, virtual machine is connected to virtual Ethernet switch VMnet1 and DHCP Server is provided by VMware. The virtual network adapter in physical host is connected to VMnet1 of virtual switch, and physical host can communicate with the other virtual machine connected to this virtual switch by this virtual network adapter. If it is disabled, physical host may not communicate with other virtual machines, but it has no effect on the communication among these virtual machines. It is shown in Figure 3. 4. Network attack-defense training Figure 3. The principle diagram of host pattern The network attack-defense simulation training has characteristic of complicated architecture, too many software tools involved, higher requirement of training fidelity and complicated harmonizing of relationship. Above-mentioned are the greatest difficulty of system realization and the key approach of solving them is confirming the training subject in reason. According to architecture and base process of network attack-defense, it can be described with different sub-technology which is shown in Figure 4. 231

Network Attack-Defense Technology Network Attack Network Defense Scanning Net Topology Detection OS Fingerprint Recognizing Port Scanning Leak Scanning Sniffer ARP Deceiving Wiretap Recognizing Redirection Hack Password OS Password Application Password Document Password Secret Key Exploit OS Exploit Database Exploit Application Exploit Social Engineering Network Fishing Network Deceiving Network Pretending Trojan Horse Keyboard Record Remote Control Network Ferry Integrative Function Security Policy Encryption Data Encryption Identification Authentication Honey Pot Firewall Soft Firewall Hardware Firewall Virtual Private Network Network Proxy Server Intrusion Detection SQL Injection Backdoor Figure 4. The architecture of network attack-defense A whole network attack-defense flow includes information collection of target system, bug analyzing, attacking/defense, result studying and deploying solving project. So typical training subject and software tools are arranged in every necessary step, such as net topology detection for scanning with tools named Trace Router, ARP deceiving for sniffer with tools named Sniffer Pro, OS exploit for exploit attach with tools named Winnt Auto Attack, etc. Trained soldiers can grasp comprehensive and integrative network attack-defense theories and skills by training with the software tools mentioned above. Simulation of virtual computer network is crucial sup-port for attack-defense training and integrative drilling. The whole virtual simulation network environment is composed of gray net, yellow net, green net and black net. The topology of virtual simulation network is shown in Figure 5. 232

Red Training Subnet Blue Training Subnet Gray Network Yellow Network Green Network Black Network Virtual Simulation Network Environment Figure 5. The topology of virtual simulation network (1) Gray net is an attack-net. Soldiers trained in this net owned the control right of all terminal. And each computer can simulate running many different operation systems synchronously by utilizing virtual machine technology. So the soldier can be trained to start attacking in various operation systems, gains the skill of network attack on different system platform and thinks about the corresponding defense measures. (2) Yellow net is a target-net to be attacked. It includes two components. One is network group composed of workstations and servers installed by all kinds of operation system, the other is network environment equipped with router, switch and firewall. As the attacking target of the gray net, its function is convenient for training the skill of deploying and setting up security project, evaluating the equipment s ability and bugs correctly. The control right of this net is not granted to the soldiers in gray net. So they must scan the yellow net at first in order to collect the bug information. (3) Green net is a net connecting with military education and training net. It provides real attackdefense drilling platform for training soldiers. The real experiences can be got with actual combat and carrying out grand drilling. (4) Black net is a study-net. It can be used for studying theory and tactics of computer network war. And the commander can be trained to ready for commanding the future net-war effectively. For the gray net, the yellow net and black net, they can be simulated by the virtual machine technology and its network simulation configuration can be shown as Figure 6. Figure 6. The network simulation configuration diagram 233

5. Conclusion and future works Prototype of system is development mainly with Visual C++, Oracle, prti and other attack-defense tools based on the plug-ins soft framework [9]. The simulation example of remote control is shown in Figure 7. Figure 7. The software interface of remote control training with Remote-Anything This system is realistic, controllable, repeatability and economical, which can act as a training tool. Trainer can learn about attack-defense skills with it. The user of the system can act as a commander of the net-war who conducts the soldiers to perform tactical attack-defense actions. The trainer can build a virtual simulation networks with several kinds of subnet. The networks can answer the changes of users operation. The system is running smoothly in real-time. The simulation examples prove that the development method is feasible and valid. As a future possibility, we are working on building broader, including more attack-defense tools, optimizing the simulation algorithm, and updating the system to DIS to support the training off-site [10]. 6. Acknowledgement Part of this work has been funded by the Research Project of Hubei Provincial Department of Education under Grant No. B20113003, the Research Project of Hubei Provincial Department of Education under Grant No. B20113003 and the School of Computer Science and Technology Hubei University of Education under Grant No. 2008A007. We thank them for providing better experimentation environment and condition. 7. References [1] CHENG Yan-li, ZHANG You-chun, Attack and Protection of IP Communication Network Security, Information Security and Communication Secrecy, Vol.4, pp. 39-41. Apr. 2010. [2] Wei Junhua, Analysis of the Offense-defense Method and Technology of the Computer Network Security, Technology Square, Vol. 1, pp. 86-87. Jan. 2010. 234

[3] Wu xianhong, Design and Implementation of Simulation Environment of Network Attacking and Defense, Master thesis of Xidian University, Xian. Jan. 2005. [4] GAN Gang, CHEN Yun, LI Fei, Design and Implementation of Network Confrontation Training Simulation System, Journal of University of Electronic Science and Techonolgy of China, Vol. 36, No. 3, pp. 604-607. Jun. 2007. [5] GONG Tao, WAN Gang, Building Network Technology Experiment Platform Based on the Virtual Machine Technology, Computer Knowledge and Technology, Vol. 5, No. 6, pp. 1346-1347. Feb. 2009. [6] WANG Tai-cheng, CAI Yong, Using Virtual Machine Technology to Perform Complex Network Experiment, Computer Technology and Development, Vol. 19, No. 4, pp. 246-249. Apr. 2009. [7] Zhang Haitao, Zhang Junfeng, Using VMware to Simulate HA Environment and Application Prospects, Meteorological Science and Technology, Vol. 34, Nol Suppl, pp. 40-43, Sep. 2006. [8] LIU Wen-tao, Research of Network Security System Based on SOA, Journal of Gansu Lianhe university(natural Sciences), Vol. 24, No. 2, pp.74-77, Mar. 2010. [9] Zhang Yu, Computer Network Attack Detection Based on Quantum Pso And Relevance Vector Machine, Advances in Information Sciences and Service Sciences (AISS), Vol. 4, No. 5, pp.268-273, Mar. 2012. [10] Shangqin Zhong, Guosheng Xu, Yu Yang, Wenbin Yao, Yixian Yang, Algorithm of Generating Host-based Attack Graph for Overall Network, Advances in Information Sciences and Service Sciences (AISS), Vol. 3, No. 8, pp.104-110, Sep. 2011. 235

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information