[ieee 2009 international conference on computer modeling and simulation (iccms) - macau, china...
TRANSCRIPT
Network Attack-Defense Simulation Training System Based on HLA
Gang Chen Communications Academy
Wuhan, China e-mail: [email protected]
Shang Xiang, GuanQun Ji, YiLong Jia East China Normal University
Shanghai, China e-mail: [email protected]
Abstract—Soldiers possessing of network attack-defense ability are the key factor for future information war. Aiming at the problem of lacking daily training and drilling environment, a method of building Network Attack-Defense Simulation Training System (NADSTS) based on HLA is put forward. With the method, attack and defense training are designed as different federation member. The system is divided to presentation, application and adapter layer clearly. Key technologies involves network attack-defense, network simulation and simulation driving are also presented. Software is developed based on plug-in framework. Its simulation examples show greatest traits on building similar large-scale simulation system.
Keywords-network attack-defense; simulation system; HLA; network simulation;
I. INTRODUCTION With the rapid development of information technology,
the main war type named computer network war of future information war has been come into being. Target of information warfare is mainly capturing mastery of the information. As primary communication means of information transfer, protecting my own network to be expedite and destroying the enemy network are significant for result of the war. It is an armchair strategist to keep initiative anytime and anywhere without a bridle-wise team sophisticated in computer network attack-defense skills.
Researches of information security and information secrecy are always attached much more importance. But the central point of the research emphasizes particularly on theory and soldiers can’t get corresponding network attack-defense simulation training system to be used for training. So it is great important of developing NADSTS to build a ‘network shooting range’ for attack-defense training. And soldiers can be versed in theories and skills of computer network attack-defense by training during short term. The system has greatest applied future and military economy profitability. The building of NADSTS is just about aiming at the military requirement above.
II. SYSTEM DESIGN
A. Architecture NADSTS is a typical man-in-loop distributed interactive
simulation training system. HLA has become the factual standard of distributed interactive simulation. The application layer is separated from the bottom supporting
environment by RTI, and the realization details are hidden so that the each section can be developed separately. As a result, the high level interactive operation, reuse and extension of simulation system are available. The system structure based on HLA is shown in Fig. 1.
Federation Member Runtime Infrastructure (HLA/RTI)
Network EenvironmentSimulation Member
Collection & Analysis
Training Record & Replay
Red Training Member(Network Attack)
Blue Training Member(Network Defend)
Monitor- Control Member
Database
Figure 1. Structure of NADSTS
B. Framework NADSTS is divided into presentation layer, application
layer and adapter layer clearly, as it is shown in Fig. 2. Presentation layer can transform the operation into the system-recognized command, and can also transform the interactive data between the member and the others into the information which the user can easily accept. Application Layer process and evaluate the I/O of training with related rules. Adapter Layer can add simulation training member into the whole NADSTS federation by providing adaptive interface of HLA/RTI for different member.
Simulation
Data
Training Data
Situation Scenario Data
Net Topology Parameter Data
Training
Response
Training
Configuration
Net E
quipment
Simulation
Net T
opology D
isplayPresentation Layer
Training
Evaluation
Netw
ork Sim
ulation
AD
Operation
Simulation
Simulation
DrivingApplication Layer
Adapter Layer
HL
A/R
TI
Interface
TC
P/IP Interface
DB
/XM
L
Interface
Interaction Interface
System Configuration
Parameter
ADO
ADO
Figure 2. Framework of NADSTS
International Conference on Computer Modeling and Simulation
978-0-7695-3562-3/09 $25.00 © 2009 IEEE
DOI 10.1109/ICCMS.2009.52
303
III. KEY TECHNOLOGY
A. Network Attack-Defense NADSTS has characteristic of complicated architecture,
too many software tools involved, higher requirement of training fidelity and complicated harmonizing of relationship. Above-mentioned are the greatest difficulty of system realization and the key approach of solving them is confirming the training subject in reason. According to architecture and base process of network attack-defense, it can be described with different sub-technology which is shown in Fig. 3.
Netw
ork Attack-D
efense Technology
Attack T
echnology
SQL Injection
Backdoor
Defense T
echnology
Intrusion Detection
Honeypot
Net Security Policy
Other Defense
Technology
Net Topology DetectionOS Fingerprint Recognising
Port Scanning
Leak Scanning
ARP DeceivingDatagram Wiretap
Redireciton Hack
OS ExploitDatabase Exploit
Application Exploit
OS PasswordApplication Password
Document Password
Secret Key
Soft FirewallHardware Firewall
Virtual Private Network
Network Proxy
Data EncryptionIdentification
Authentication
Network Fishing
Network DeceivingNetwork Pretending
Keyboard Record
Remote ControlNetwork Ferry
Integrative Function
Firewall
Encryption
Scanning
Exploit
SnifferPassword
Trojan Horse
Social Engineering
Figure 3. Architecture of network attack-defense
A whole network attack-defense flow includes information collection of target system, bug analyzing, attacking/defense, result studying and deploying solving project. So typical training subject and software tools are arranged in every necessary step, such as net topology detection for scanning with tools named ‘Trace Router’, ARP deceiving for sniffer with tools named ‘Sniffer Pro’, OS exploit for exploit attach with tools named ‘Winnt Auto Attack’, etc. Trained soldiers can grasp comprehensive and integrative network attack-defense theories and skills by training with NADSTS.
B. Network Simulation
Red Training Subnet Blue Training Subnet
Virtual Simulation Network Environment
FirewallSwitch
Terminal Server
Gray Net Yellow Net Green Net Black Net
Router
Figure 4. Topology of virtual simulation network
Simulation of virtual computer network is crucial support for attack-defense training and integrative drilling with
NADSTS. The whole virtual simulation network environment is composed of gray net, yellow net, green net and black net. The topology of virtual simulation network is shown in Fig. 4.
(1) Gray net is an attack-net. Soldiers trained in this net owned the control right of all terminal. And each computer can simulate running many different operation systems synchronously by utilizing virtual machine technology. So the soldier can be trained to start attacking in various operation systems, gains the skill of network attack on different system platform and thinks about the corresponding defense measures.
(2) Yellow net is a target-net to be attacked. It includes two components. One is network group composed of workstations and servers installed by all kinds of operation system, the other is network environment equipped with router, switch and firewall. As the attacking target of the gray net, its function is convenient for training the skill of deploying and setting up security project, evaluating the equipment’s ability and bugs correctly. The control right of this net is not granted to the soldiers in gray net. So they must scan the yellow net at first in order to collect the bug information.
(3) Green net is a net connecting with military education and training net. It provides real attack-defense drilling platform for training soldiers. The real experiences can be got with actual combat and carrying out grand manoeuvres.
(4) Black net is a study-net. It can be used for studying theory and tactics of computer network war. And the commander can be trained to ready for commanding the future net-war effectively.
C. Simulation Driving
Start
Training Data Loading
Simulation Thread Creating
System Initializing
Virtual Network Creating
Tool Configuration
Simulation Beginiing
Exiting Simulation?
Attack-Defense Simulation
Training Recording
Training Data Collecting
Network Configuration File
Simulation End
Attack Scenario File
Defense Scenario File
Yes
No
Video Record File
Database Record
Figure 5. Driving framework of simulation
304
Simulation driving mainly accomplishes the whole training scene simulation process, providing fluent simulation effect for user. It can directly loading default configuration parameter file created by trainer in advance. It can also export the whole training scene to database records or serialize files. The training process is recording and the corresponding training data is collected during the training period. They are used for evaluating the training effect and correcting the mistakes. The driving goes smoothly by receiving simulation data. The driving framework of simulation is as shown in Figure 5. It is made up of five important steps:
First is initialization, including loading default configuration parameter for different training terminal in various training net. The parameter involves type of terminal and server, version of operation system, installed applications, opened ports, etc. Trainer can change them before training according to the different training subject.
Second is creating of virtual simulation network environment. The training scene includes net topology, deployment of workstations and servers, red member, blue member and training director, etc. It will be built after the initialization is finished.
Third is running of simulation. Training soldiers belong to different training federation members perform attack-defense operations all together in the scene according to the designed military scenario. They exchange information each other and the simulation is driving onwards till the training is stopped by the training director.
Fourth are recording and replaying of training process. Comment and appraising is indispensability for the training. It is not only the evaluation to the personal attack-defense skill, but also the judge to a team of cooperative ability. So trainees will learn from these and become more skillful next time.
Fifth is data collecting. The data is the basic of creating attack-defense means. It is also materials for the training evaluation.
IV. REALIZATION
A. Soft Framework
There are various kinds of attack-defense software tools in NADSTS, and new tools are developed continuously. In view of this fact, plug-in framework based on soft technology of COM is adopted, so that new tools can also be trained by the simulation training system. Soft framework of NADSTS is shown in Fig. 6.
Criterion &
Standard Soft Framework Function LibraryHLA/RTI Service Simulation Driving
Program InterfaceTraining Assistant
Operation System Database Service Network Service
Computer Hardware
Network Attack-Defense Simulation Training System
Application Building
n
Training T
ool Plug-in 1
Training T
ool Plug-in 2
Training T
ool Plug-in 3
Training T
ool Plug-in 4
Figure 6. Soft framework
B. Simulation Example Prototype of system is development based on the plug-ins
framework above. The simulation examples of net scanning and remote control are shown in Fig. 7, Fig. 8.
Figure 7. Training of network scanning with X-Scan
305
Figure 8. Training of remote control with Remote-Anything
V. CONCLUSION AND FUTURE WORK NADSTS has been realized based on HLA since
December 2007. The system is developed mainly with Visual C++, Oracle, pRTI and other attack-defense tools.
(1) NADSTS is realistic, controllable, repeatability and economical, which can act as a training tool. Trainer can learn about attack-defense skills with it.
(2) The user of the system can act as a commander of the net-war who conducts the soldiers to perform tactical attack-defense actions.
(3)The trainer can build a virtual simulation networks with several kinds of subnet. The networks can answer the changes of users’ operation.
The system is running smoothly in real-time. The simulation examples prove that the development method is feasible and valid. As a future possibility, we are working on building broader, including more attack-defense tools,
optimizing the simulation algorithm, and updating the system to DIS to support the training off-site.
NADSTS has traits of short development cycle and realistic operating effect. And the whole system is realized purely based on software. So it can offer training support for building the troops’ battle effectiveness for future net-war.
ACKNOWLEDGEMENTS Part of this research has been funded by “Net Security &
Attack-Defense Simulation Focus Laboratory of PLA” project numbered 211K-TXZH-005 and “Tactical Internet Simulation Training System” great national defense type developing project numbered ZCTXB20060625. We thank them for providing better experimentation environment and condition.
REFERENCES [1] ZHENG Yuanyuan, WANG Tao, and HOU Zhiqi, “A Preliminary
Study to the Training Effect Evaluation on the Network Attack/Defense,” Science Technology and Engineering, vol. 6, No. 9, pp. 1336-1339, Feb. 2006
[2] PEI Fei, ZHENG Qiu-sheng, GUO Ji-feng, et al. “Design of Attack and Defense Training Platform,” Journal of ZhongYuan Institute of Technology, vol. 15, No. 1, pp. 5-8, Apr. 2004.
[3] Yang Si, Li Xiaomin, and Xie Hui, “UAV Servicing and Training System Based on VR and HLA,” In Proceeding of ICEMI’2007, pp.2341-2345, Oct. 2007.
[4] DI Yan-qiang, ZHU Yuan-chang, Meng Xian-guo, et al. “Grid Based Multi-user & Multi-task Simulation Training System,” Journal of System Simulation, vol. 20, No. 3, pp.643-647, Nov. 2008.
[5] XIE Yun, “The Application of the Network Security Management Technique in the Network Times,” SCI/TECH Information Development & Economy, vol. 15, No. 7, pp.234-235, Jun. 2005.
[6] LI Bo, CHEN Nian-nian, XIE Chang-yong, et al. “Design and Construction of a Network Security Laboratory,” Research and Exploration in Laboratory, vol. 24, No. 11 pp.62-65, May. 2005.
[7] XU Rui, WANG Zhen-yu, and KANG Xin-zhen, “Application of Trusted Computing Technology in Anti-fishing,” Computer Engineering, vol. 34, No. 8 pp.195-197, Jul.2008.
306