A simulation environment for cybersecurity attack analysis based on network traffic logs

2019-01-01
Daneshgadeh, Salva
Oney, Mehmet Ugur
Kemmerich, Thomas
Baykal, Nazife
The continued and rapid progress of network technology has revolutionized all modern critical infrastructures and business models. Technologies today are firmly relying on network and communication facilities which in turn make them dependent on network security. Network-security investments do not always guarantee the security of organizations. However, the evaluation of security solutions requires designing, testing and developing sophisticated security tools which are often very expensive. Simulation and virtualization techniques empower researchers to adapt all experimental scenarios of network security in a more cost and time-effective manner before deciding about the final security solution. This study presents a detailed guideline to model and develop a simultaneous virtualized and simulated environment for computer networks to practice different network attack scenarios. The preliminary object of this study is to create a test bed for network anomaly detection research. The required dataset for anomaly or attack detection studies can be prepared based on the proposed environment in this study. We used open source GNS3 emulation tool, Docker containers, pfSense firewall, NTOPNG network traffic-monitoring tool, BoNeSi DDoS botnet simulator, Ostinato network workload generation tool and MYSQL database to collect simulated network traffic data. This simulation environment can also be utilized in a variety of cybersecurity studies such as vulnerability analysis, attack detection, penetration testing and monitoring by minor changes.
MODELING AND SIMULATION OF COMPLEX COMMUNICATION NETWORKS

Suggestions

A Scheduling method for sporadic traffics in industrial IoT
Özceylan, Baver; Baykal, Buyurman; Department of Electrical and Electronics Engineering (2017)
Internet of Things technology continues to develop as a commercial value and it has become one of the core elements of Industry 4.0 paradigm. Together with that, IEEE 802.15.4e standard provides Time-Slotted Channel Hopping (TSCH) operation mode especially for industrial applications that have strict QoS requirements. In spite of the fact that the standard defines frame structure in MAC layer, there has been no standardization in scheduling for TSCH frame yet. It brings serious challenge for engineering des...
A web service based trust and reputation system for transitory collaboration formation in supply chains
Taşyurt, İbrahim; Doğaç, Asuman; Department of Computer Engineering (2009)
Today, advancements in the information technologies increased the significance of electronic business in the world. Besides the numerous advantages provided by these advancements, competition has also increased for the enterprises. In this competitive environment, companies have to access information faster and response to the changes quickly. In a supply chain, it is a highly possible that one of the partners may defect in providing its services. When these exceptional cases occur, the pending parties have...
A Flexible semantic service composition framework for pervasive computing environments
Özpınar, Mustafa; Eren, Pekin Erhan; Department of Information Systems (2014)
With the advances in technology, high-speed connections, powerful and low cost devices have become available. İt is estimated that there will be tens of billions of devices connected to the İnternet by 2020. However, for the effective use of such an outstanding number of devices, they should be able to communicate with each other in different scenarios. A commonly agreed structure should be adopted to overcome the communication problem of heterogeneous devices. Web of Things (WoT) is a vision about quickly ...
A secure model for efficient live migration of containers
Mavus, Zeynep; Angın, Pelin (2019-09-01)
Cloud services have become increasingly widespread in the past decade due to their ability to reduce the complexity and the cost of managing computers and networks. Cloud applications are run in virtualized environments such as virtual machines and containers to be able to allocate resources in an inexpensive manner. Both of these approaches require effective resource utilization, for which an important enabling technology is live migration, which involves moving a service from one host to another with the ...
A Distributed Monitoring and Reconfiguration Approach for Adaptive Network Computing
Bhargava, Bharat; Angın, Pelin; Ranchal, Rohit; Lingayat, Sunil (2015-01-01)
The past decade has witnessed immense developments in the field of network computing thanks to the rise of the cloud computing paradigm, which enables shared access to a wealth of computing and storage resources without needing to own them. While cloud computing facilitates on-demand deployment, mobility and collaboration of services, mechanisms for enforcing security and performance constraints when accessing cloud services are still at an immature state. The highly dynamic nature of networks and clouds ma...
Citation Formats
S. Daneshgadeh, M. U. Oney, T. Kemmerich, and N. Baykal, “A simulation environment for cybersecurity attack analysis based on network traffic logs,” MODELING AND SIMULATION OF COMPLEX COMMUNICATION NETWORKS, pp. 55–79, 2019, Accessed: 00, 2020. [Online]. Available: https://hdl.handle.net/11511/56117.