Network Attack-Defense Simulation Training System Based on HLA

Gang Chen Communications Academy

Wuhan, China e-mail: cg0916_cn@sina.com

Shang Xiang, GuanQun Ji, YiLong Jia East China Normal University

Shanghai, China e-mail: bingoxiang@sina.com

Abstract—Soldiers possessing of network attack-defense ability are the key factor for future information war. Aiming at the problem of lacking daily training and drilling environment, a method of building Network Attack-Defense Simulation Training System (NADSTS) based on HLA is put forward. With the method, attack and defense training are designed as different federation member. The system is divided to presentation, application and adapter layer clearly. Key technologies involves network attack-defense, network simulation and simulation driving are also presented. Software is developed based on plug-in framework. Its simulation examples show greatest traits on building similar large-scale simulation system.

Keywords-network attack-defense; simulation system; HLA; network simulation;

I. INTRODUCTION With the rapid development of information technology,

the main war type named computer network war of future information war has been come into being. Target of information warfare is mainly capturing mastery of the information. As primary communication means of information transfer, protecting my own network to be expedite and destroying the enemy network are significant for result of the war. It is an armchair strategist to keep initiative anytime and anywhere without a bridle-wise team sophisticated in computer network attack-defense skills.

Researches of information security and information secrecy are always attached much more importance. But the central point of the research emphasizes particularly on theory and soldiers can’t get corresponding network attack-defense simulation training system to be used for training. So it is great important of developing NADSTS to build a ‘network shooting range’ for attack-defense training. And soldiers can be versed in theories and skills of computer network attack-defense by training during short term. The system has greatest applied future and military economy profitability. The building of NADSTS is just about aiming at the military requirement above.

II. SYSTEM DESIGN

A. Architecture NADSTS is a typical man-in-loop distributed interactive

simulation training system. HLA has become the factual standard of distributed interactive simulation. The application layer is separated from the bottom supporting

environment by RTI, and the realization details are hidden so that the each section can be developed separately. As a result, the high level interactive operation, reuse and extension of simulation system are available. The system structure based on HLA is shown in Fig. 1.

Federation Member Runtime Infrastructure (HLA/RTI)

Network EenvironmentSimulation Member

Collection & Analysis

Training Record & Replay

Red Training Member（Network Attack）

Blue Training Member（Network Defend）

Monitor- Control Member

Database

Figure 1. Structure of NADSTS

B. Framework NADSTS is divided into presentation layer, application

layer and adapter layer clearly, as it is shown in Fig. 2. Presentation layer can transform the operation into the system-recognized command, and can also transform the interactive data between the member and the others into the information which the user can easily accept. Application Layer process and evaluate the I/O of training with related rules. Adapter Layer can add simulation training member into the whole NADSTS federation by providing adaptive interface of HLA/RTI for different member.

Simulation

Data

Training Data

Situation Scenario Data

Net Topology Parameter Data

Training

Response

Training

Configuration

Net E

quipment

Simulation

Net T

opology D

isplayPresentation Layer

Training

Evaluation

Netw

ork Sim

ulation

AD

Operation

Simulation

Simulation

DrivingApplication Layer

Adapter Layer

HL

A/R

TI

Interface

TC

P/IP Interface

DB

/XM

L

Interface

Interaction Interface

System Configuration

Parameter

ADO

ADO

Figure 2. Framework of NADSTS

International Conference on Computer Modeling and Simulation

978-0-7695-3562-3/09 $25.00 © 2009 IEEE

DOI 10.1109/ICCMS.2009.52

303

III. KEY TECHNOLOGY

A. Network Attack-Defense NADSTS has characteristic of complicated architecture,

too many software tools involved, higher requirement of training fidelity and complicated harmonizing of relationship. Above-mentioned are the greatest difficulty of system realization and the key approach of solving them is confirming the training subject in reason. According to architecture and base process of network attack-defense, it can be described with different sub-technology which is shown in Fig. 3.

Netw

ork Attack-D

efense Technology

Attack T

echnology

SQL Injection

Backdoor

Defense T

echnology

Intrusion Detection

Honeypot

Net Security Policy

Other Defense

Technology

Net Topology DetectionOS Fingerprint Recognising

Port Scanning

Leak Scanning

ARP DeceivingDatagram Wiretap

Redireciton Hack

OS ExploitDatabase Exploit

Application Exploit

OS PasswordApplication Password

Document Password

Secret Key

Soft FirewallHardware Firewall

Virtual Private Network

Network Proxy

Data EncryptionIdentification

Authentication

Network Fishing

Network DeceivingNetwork Pretending

Keyboard Record

Remote ControlNetwork Ferry

Integrative Function

Firewall

Encryption

Scanning

Exploit

SnifferPassword

Trojan Horse

Social Engineering

Figure 3. Architecture of network attack-defense

A whole network attack-defense flow includes information collection of target system, bug analyzing, attacking/defense, result studying and deploying solving project. So typical training subject and software tools are arranged in every necessary step, such as net topology detection for scanning with tools named ‘Trace Router’, ARP deceiving for sniffer with tools named ‘Sniffer Pro’, OS exploit for exploit attach with tools named ‘Winnt Auto Attack’, etc. Trained soldiers can grasp comprehensive and integrative network attack-defense theories and skills by training with NADSTS.

B. Network Simulation

Red Training Subnet Blue Training Subnet

Virtual Simulation Network Environment

FirewallSwitch

Terminal Server

Gray Net Yellow Net Green Net Black Net

Router

Figure 4. Topology of virtual simulation network

Simulation of virtual computer network is crucial support for attack-defense training and integrative drilling with

NADSTS. The whole virtual simulation network environment is composed of gray net, yellow net, green net and black net. The topology of virtual simulation network is shown in Fig. 4.

(1) Gray net is an attack-net. Soldiers trained in this net owned the control right of all terminal. And each computer can simulate running many different operation systems synchronously by utilizing virtual machine technology. So the soldier can be trained to start attacking in various operation systems, gains the skill of network attack on different system platform and thinks about the corresponding defense measures.

(2) Yellow net is a target-net to be attacked. It includes two components. One is network group composed of workstations and servers installed by all kinds of operation system, the other is network environment equipped with router, switch and firewall. As the attacking target of the gray net, its function is convenient for training the skill of deploying and setting up security project, evaluating the equipment’s ability and bugs correctly. The control right of this net is not granted to the soldiers in gray net. So they must scan the yellow net at first in order to collect the bug information.

(3) Green net is a net connecting with military education and training net. It provides real attack-defense drilling platform for training soldiers. The real experiences can be got with actual combat and carrying out grand manoeuvres.

(4) Black net is a study-net. It can be used for studying theory and tactics of computer network war. And the commander can be trained to ready for commanding the future net-war effectively.

C. Simulation Driving

Start

Training Data Loading

Simulation Thread Creating

System Initializing

Virtual Network Creating

Tool Configuration

Simulation Beginiing

Exiting Simulation?

Attack-Defense Simulation

Training Recording

Training Data Collecting

Network Configuration File

Simulation End

Attack Scenario File

Defense Scenario File

Yes

No

Video Record File

Database Record

Figure 5. Driving framework of simulation

304

Simulation driving mainly accomplishes the whole training scene simulation process, providing fluent simulation effect for user. It can directly loading default configuration parameter file created by trainer in advance. It can also export the whole training scene to database records or serialize files. The training process is recording and the corresponding training data is collected during the training period. They are used for evaluating the training effect and correcting the mistakes. The driving goes smoothly by receiving simulation data. The driving framework of simulation is as shown in Figure 5. It is made up of five important steps:

First is initialization, including loading default configuration parameter for different training terminal in various training net. The parameter involves type of terminal and server, version of operation system, installed applications, opened ports, etc. Trainer can change them before training according to the different training subject.

Second is creating of virtual simulation network environment. The training scene includes net topology, deployment of workstations and servers, red member, blue member and training director, etc. It will be built after the initialization is finished.

Third is running of simulation. Training soldiers belong to different training federation members perform attack-defense operations all together in the scene according to the designed military scenario. They exchange information each other and the simulation is driving onwards till the training is stopped by the training director.

Fourth are recording and replaying of training process. Comment and appraising is indispensability for the training. It is not only the evaluation to the personal attack-defense skill, but also the judge to a team of cooperative ability. So trainees will learn from these and become more skillful next time.

Fifth is data collecting. The data is the basic of creating attack-defense means. It is also materials for the training evaluation.

IV. REALIZATION

A. Soft Framework

There are various kinds of attack-defense software tools in NADSTS, and new tools are developed continuously. In view of this fact, plug-in framework based on soft technology of COM is adopted, so that new tools can also be trained by the simulation training system. Soft framework of NADSTS is shown in Fig. 6.

Criterion &

Standard Soft Framework Function LibraryHLA/RTI Service Simulation Driving

Program InterfaceTraining Assistant

Operation System Database Service Network Service

Computer Hardware

Network Attack-Defense Simulation Training System

Application Building

n

Training T

ool Plug-in 1

Training T

ool Plug-in 2

Training T

ool Plug-in 3

Training T

ool Plug-in 4

Figure 6. Soft framework

B. Simulation Example Prototype of system is development based on the plug-ins

framework above. The simulation examples of net scanning and remote control are shown in Fig. 7, Fig. 8.

Figure 7. Training of network scanning with X-Scan

305

Figure 8. Training of remote control with Remote-Anything

V. CONCLUSION AND FUTURE WORK NADSTS has been realized based on HLA since

December 2007. The system is developed mainly with Visual C++, Oracle, pRTI and other attack-defense tools.

(1) NADSTS is realistic, controllable, repeatability and economical, which can act as a training tool. Trainer can learn about attack-defense skills with it.

(2) The user of the system can act as a commander of the net-war who conducts the soldiers to perform tactical attack-defense actions.

(3)The trainer can build a virtual simulation networks with several kinds of subnet. The networks can answer the changes of users’ operation.

The system is running smoothly in real-time. The simulation examples prove that the development method is feasible and valid. As a future possibility, we are working on building broader, including more attack-defense tools,

optimizing the simulation algorithm, and updating the system to DIS to support the training off-site.

NADSTS has traits of short development cycle and realistic operating effect. And the whole system is realized purely based on software. So it can offer training support for building the troops’ battle effectiveness for future net-war.

ACKNOWLEDGEMENTS Part of this research has been funded by “Net Security &

Attack-Defense Simulation Focus Laboratory of PLA” project numbered 211K-TXZH-005 and “Tactical Internet Simulation Training System” great national defense type developing project numbered ZCTXB20060625. We thank them for providing better experimentation environment and condition.

REFERENCES [1] ZHENG Yuanyuan, WANG Tao, and HOU Zhiqi, “A Preliminary

Study to the Training Effect Evaluation on the Network Attack/Defense,” Science Technology and Engineering, vol. 6, No. 9, pp. 1336-1339, Feb. 2006

[2] PEI Fei, ZHENG Qiu-sheng, GUO Ji-feng, et al. “Design of Attack and Defense Training Platform,” Journal of ZhongYuan Institute of Technology, vol. 15, No. 1, pp. 5-8, Apr. 2004.

[3] Yang Si, Li Xiaomin, and Xie Hui, “UAV Servicing and Training System Based on VR and HLA,” In Proceeding of ICEMI’2007, pp.2341-2345, Oct. 2007.

[4] DI Yan-qiang, ZHU Yuan-chang, Meng Xian-guo, et al. “Grid Based Multi-user & Multi-task Simulation Training System,” Journal of System Simulation, vol. 20, No. 3, pp.643-647, Nov. 2008.

[5] XIE Yun, “The Application of the Network Security Management Technique in the Network Times,” SCI/TECH Information Development & Economy, vol. 15, No. 7, pp.234-235, Jun. 2005.

[6] LI Bo, CHEN Nian-nian, XIE Chang-yong, et al. “Design and Construction of a Network Security Laboratory,” Research and Exploration in Laboratory, vol. 24, No. 11 pp.62-65, May. 2005.

[7] XU Rui, WANG Zhen-yu, and KANG Xin-zhen, “Application of Trusted Computing Technology in Anti-fishing,” Computer Engineering, vol. 34, No. 8 pp.195-197, Jul.2008.

306