Alexander Ulanov

Simulation of internet DDoS attacks and defense

The paper considers the software simulation tool DDoSSim which has been developed for comprehensive investigation of Internet DDoS attacks and defense mechanisms. This tool can be characterized by three main peculiarities: agent-oriented approach to simulation, packet-based imitation of network security processes, and open library of different DDoS attacks and defense mechanisms. DDoSSim allows deeply investigating various attacks and defense methods and generating valuable recommendations on choosing the best defense. In the paper the agent-oriented approach suggested is considered. The taxonomy of input and output parameters for simulation is outlined. The main DDoSSim components are specified. One of the experiments on protection against DDoS attacks demonstrates some DDoSSim possibilities. We consider different phases of defense operations – learning, decision making and protection, including adaptation to the actions of malefactors.

The Software Environment for Multi-agent Simulation of Defense Mechanisms against DDoS Attacks

The research connected with developing new protection mechanisms for reliable and secure electronic commerce is now a very important direction of scientific investigation. The paper describes the software environment for multi-agent simulation of defense mechanisms against DDoS attacks. The main components of the software environment are outlined. One of the numerous experiments on protection against DDoS attacks is described. The environment developed is based on OMNeT++ INET framework

Packet Level Simulation of Cooperative Distributed Defense against Internet Attacks

Nowadays we see an increasing number of global network attacks. These attacks are realized due to joint efforts of many distributed malicious software components (bots). It is very hard to investigate the effectiveness and efficiency of defense mechanisms against such attacks in practice. However these mechanisms might be simulated with the necessary fidelity. The paper outlines a framework and software tool intended for simulation of the Internet attacks and defense mechanisms against them. They are based on packet-level simulation and agent-oriented approach and intended to evaluate and compare different cooperative distributed defense mechanisms. The paper describes the simulation framework and software tool developed and their usage to analyze cooperative defense mechanisms against DDoS (distributed denial of service) attacks. We investigate as mechanisms based on partial cooperation of distributed defense components, including DefCOM (defensive cooperative overlay mesh) and COSSACK (coordinated suppression of simultaneous attacks) as well as the approach based on full cooperation.

Software Environment for Simulation and Evaluation of a Security Operation Center

It is somewhat problematic to evaluate the performance of security systems in the Internet due to complexity of these systems and the Internet itself. Therefore, modeling and simulation are becoming more and more important in optimizing the behavior of security systems, including security components intended for protecting various distributed geographic information systems (GIS). This paper presents an approach and software simulation environment for comprehensive investigation of the Security Operation Center (SOCBox) system which is in essence an intrusion detection “metasystem”. SOCBox collects data from a wide range of sources (intrusion detection systems (IDS), firewalls, routers, workstations, etc.) and therefore has a global view on the network. The simulation environment has been developed formerly for Distributed Denial of Service (DDoS) attacks and defense simulation. This tool is characterized by agentoriented approach, the packet-based imitation of network security processes and the open library of different attacks and defense mechanisms. We consider the SOCBox structure, the simulation environment architecture, the SOCBox models in the simulation environment and peculiarities of SOCBox simulation.