An Interactive Traffic Replay Method in a Scaled-Down Environment

Network traffic replay plays an essential role in network security tests. However, performing traffic replay in a network is still a challenge due to the different scales of the live network and the replay network. In this study, we investigate three problems of the interactive traffic replay under a scaled-down replay environment and then propose a multi-node traffic replay method. In this method, a self-elected IP mapping algorithm is designed to construct the IP mapping between the target network and the live network, which reproduce the interaction between the nodes of the live network. We prove that the traffic aggregation problem is an NP-complete problem and design a divide and conquer algorithm to approximate an optimal solution. On this basis, a traffic replay algorithm based on minimum-delay forwarding mechanism is proposed to perform low-delay interactive traffic replay. The experimental results show that the method mentioned above enables us to better aggregate elephant flows and achieve high similarity in replay timing series and bandwidth, which can be employed to reproduce a real network scenario in network device tests and network security experiments.

[1]  Mariam Kiran,et al.  Understanding flows in high-speed scientific networks: A Netflow data study , 2019, Future Gener. Comput. Syst..

[2]  Nei Kato,et al.  State-of-the-Art Deep Learning: Evolving Machine Intelligence Toward Tomorrow’s Intelligent Network Traffic Control Systems , 2017, IEEE Communications Surveys & Tutorials.

[3]  Yuan-Cheng Lai,et al.  Low-storage capture and loss recovery selective replay of real flows , 2012, IEEE Communications Magazine.

[4]  Thomas Bonald,et al.  Statistical bandwidth sharing: a study of congestion at flow level , 2001, SIGCOMM.

[5]  Hari Balakrishnan,et al.  Mahimahi: Accurate Record-and-Replay for HTTP , 2015, USENIX Annual Technical Conference.

[6]  Timo Hämäläinen,et al.  Analysis of Approaches to Internet Traffic Generation for Cyber Security Research and Exercise , 2015, NEW2AN.

[7]  Kate Ching-Ju Lin,et al.  Real traffic replay over WLAN with environment emulation , 2012, 2012 IEEE Wireless Communications and Networking Conference (WCNC).

[8]  David B. Skalak,et al.  Prototype and Feature Selection by Sampling and Random Mutation Hill Climbing Algorithms , 1994, ICML.

[9]  Marc Spraragen,et al.  Testing Cyber Security with Simulated Humans , 2011, IAAI.

[10]  Chun-Ying Huang,et al.  Stateful traffic replay for web application proxies , 2015, Secur. Commun. Networks.

[11]  Minlan Yu,et al.  DETER: Deterministic TCP Replay for Performance Diagnosis , 2019, NSDI.

[12]  Cuong Pham,et al.  CyRIS: a cyber range instantiation system for facilitating security training , 2016, SoICT.

[13]  Kim-Kwang Raymond Choo,et al.  A multi-objective software defined network traffic measurement , 2017 .

[14]  Hari Balakrishnan,et al.  Mahimahi: a lightweight toolkit for reproducible web measurement , 2015, SIGCOMM.

[15]  H. Winter,et al.  System security assessment using a cyber range , 2012 .

[16]  Lun Li,et al.  Traffic Replay in Virtual Network Based on IP-Mapping , 2015, ICA3PP.

[17]  Yuan-Cheng Lai,et al.  On-the-Fly Capture and Replay Mechanisms for Multi-Port Network Devices in Operational Networks , 2014, IEEE Transactions on Network and Service Management.

[18]  John Heidemann,et al.  Replay of malicious traffic in network testbeds , 2013, 2013 IEEE International Conference on Technologies for Homeland Security (HST).

[19]  Richard E. Korf,et al.  A Hybrid Recursive Multi-Way Number Partitioning Algorithm , 2011, IJCAI.

[20]  X. Guan,et al.  Balance Based Performance Enhancement for Interactive TCP Traffic Replay , 2010, 2010 IEEE International Conference on Communications.

[21]  Long Chen,et al.  Elephant Flow Detection and Load-Balanced Routing with Efficient Sampling and Classification , 2021, IEEE Transactions on Cloud Computing.

[22]  Zhongmin Cai,et al.  Model-based real-time volume control for interactive network traffic replay , 2012, 2012 IEEE Network Operations and Management Symposium.

[23]  Xiaoxia Yin,et al.  A Real-Time Correlation of Host-Level Events in Cyber Range Service for Smart Campus , 2018, IEEE Access.

[24]  Leandros A. Maglaras,et al.  Can a Network Attack Be Simulated in an Emulated Environment for Network Security Training? , 2017, J. Sens. Actuator Networks.

[25]  Richard E. Korf,et al.  Objective Functions for Multi-Way Number Partitioning , 2010, SOCS.

[26]  Dipak Ghosal,et al.  A Survey of End-System Optimizations for High-Speed Networks , 2018, ACM Comput. Surv..

[27]  C. D. Gelatt,et al.  Optimization by Simulated Annealing , 1983, Science.

[28]  Colin J. Fidge,et al.  A network forensics tool for precise data packet capture and replay in cyber-physical systems , 2016, ACSW.

[29]  Richard E. Korf,et al.  Cached Iterative Weakening for Optimal Multi-Way Number Partitioning , 2014, AAAI.

[30]  Jerry M. Couretas,et al.  Cyber modeling & simulation for cyber-range events , 2015, SummerSim.