A simulation environment for cybersecurity attack analysis based on network traffic logs

A simulation environment for cybersecurity attack analysis based on network traffic logs

For access to this article, please select a purchase option:

Buy chapter PDF
(plus tax if applicable)
Buy Knowledge Pack
10 chapters for $120.00
(plus taxes if applicable)

IET members benefit from discounts to all IET publications and free access to E&T Magazine. If you are an IET member, log in to your account and the discounts will automatically be applied.

Learn more about IET membership 

Recommend Title Publication to library

You must fill out fields marked with: *

Librarian details
Your details
Why are you recommending this title?
Select reason:
Modeling and Simulation of Complex Communication Networks — Recommend this title to your library

Thank you

Your recommendation has been sent to your librarian.

The continued and rapid progress of network technology has revolutionized all modern critical infrastructures and business models. Technologies today are firmly relying on network and communication facilities which in turn make them dependent on network security. Network-security investments do not always guarantee the security of organizations. However, the evaluation of security solutions requires designing, testing and developing sophisticated security tools which are often very expensive. Simulation and virtualization techniques empower researchers to adapt all experimental scenarios of network security in a more cost and time-effective manner before deciding about the final security solution. This study presents a detailed guideline to model and develop a simultaneous virtualized and simulated environment for computer networks to practice different network attack scenarios. The preliminary object of this study is to create a test bed for network anomaly detection research. The required dataset for anomaly or attack detection studies can be prepared based on the proposed environment in this study. We used open source GNS3 emulation tool, Docker containers, pfSense firewall, NTOPNG network traffic-monitoring tool, BoNeSi DDoS botnet simulator, Ostinato network workload generation tool and MYSQL database to collect simulated network traffic data. This simulation environment can also be utilized in a variety of cybersecurity studies such as vulnerability analysis, attack detection, penetration testing and monitoring by minor changes.

Chapter Contents:

  • 3.1 Introduction
  • 3.1.1 Network simulation
  • 3.1.2 Network emulation
  • 3.1.3 The application of network simulation and emulation in network security
  • 3.1.4 Virtualization
  • 3.1.5 Virtualization using hypervisor
  • 3.1.6 Virtualization using container
  • 3.1.7 Virtual machines and simulation
  • 3.2 Literature review
  • 3.2.1 Network anomalies and detection methods
  • 3.2.2 Network workload generators
  • 3.2.3 Network simulation for security studies
  • 3.3 Methodology
  • 3.4 Defining a simulated and virtualized test bed for network anomaly detection researches
  • 3.4.1 GNS3
  • 3.4.2 Ubuntu
  • 3.4.3 Network interfaces
  • 3.5 Simulated environment for network anomaly detection researches
  • 3.5.1 Victim machine
  • 3.5.2 Attacker machine
  • 3.5.3 pfSense firewall
  • Firewall configuration
  • 3.5.4 NAT and VMware host-only networks
  • 3.5.5 Traffic generator machine
  • 3.5.6 NTOPNG tool
  • NTOPNG configuration
  • NTOPNG configuration to dump logs to Mysql machine
  • 3.5.7 Repository machine
  • Repository machine configuration
  • Give a remote root access to Data_ Repository machine
  • 3.6 Discussion and results
  • 3.7 Summary
  • References

Inspec keywords: virtualisation; computer network security; telecommunication traffic; invasive software

Other keywords: computer networks; pfSense firewall; network attack scenarios; network anomaly detection research; network security; Ostinato network workload generation tool; simulated network traffic data; open source GNS3 emulation tool; Docker containers; cybersecurity attack analysis; network technology; BoNeSi DDoS botnet simulator; NTOPNG network traffic-monitoring tool; network traffic logs; cybersecurity studies; communication facilities; virtualization techniques; security solutions; network-security investments; business models; attack detection; simultaneous virtualized environment

Subjects: Data security; Computer networks and techniques; Computer communications

Preview this chapter:
Zoom in

A simulation environment for cybersecurity attack analysis based on network traffic logs, Page 1 of 2

| /docserver/preview/fulltext/books/pc/pbpc018e/PBPC018E_ch3-1.gif /docserver/preview/fulltext/books/pc/pbpc018e/PBPC018E_ch3-2.gif

Related content

This is a required field
Please enter a valid email address