Dynamical Attack Simulation for Security Information and Event Management

The chapter considers a simulation-based approach to analysis of network resilience to botnet attacks in security information and event management (SIEM) systems, which can be applied to distributed geographic information systems (GISs). On the other hand, SIEM systems can use GIS technology for network awareness, taking into account the geographical location of hosts and network segments. To be able to protect the network against botnet attacks, it is necessary to investigate the processes occurring on all stages of the botnet lifecycle (propagation, control, and attack). The suggested approach can detect the critical nodes in the network, as well as determine and evaluate the protection mechanisms against botnet attacks. We propose the architecture of the dynamic attack simulation component (DASC) and describe its interaction with other SIEM components. The component prototype is presented and results of the implemented experiments are discussed.

[1]  Amin Vahdat,et al.  Realistic and responsive network traffic generation , 2006, SIGCOMM 2006.

[2]  Arnold Suvatne Improved Worm Simulator and Simulations , 2010 .

[3]  Jyotsna Krishnaswamy,et al.  The Undersigned Project Committee Approves the Project Titled WORMULATOR : A SIMULATOR FOR RAPIDLY SPREADING MALWARE by , 2018 .

[4]  Bernhard Plattner,et al.  Experiences with worm propagation simulations , 2003, WORM '03.

[5]  Walter Willinger,et al.  A first-principles approach to understanding the internet's router-level topology , 2004, SIGCOMM 2004.

[6]  Jun Li,et al.  SAVE: source address validity enforcement protocol , 2002, Proceedings.Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies.

[7]  Yong Tang,et al.  Slowing down Internet worms , 2004, 24th International Conference on Distributed Computing Systems, 2004. Proceedings..

[8]  Brian W. Unger,et al.  Applying parallel discrete event simulation to network emulation , 2000, Proceedings Fourteenth Workshop on Parallel and Distributed Simulation.

[9]  Igor V. Kotenko,et al.  Attack Modelling and Security Evaluation for Security Information and Event Management , 2012, SECRYPT.

[10]  Thomas Gamer,et al.  Large-scale evaluation of distributed attack detection , 2009, SIMUTools 2009.

[11]  Kotagiri Ramamohanarao,et al.  Proactively Detecting Distributed Denial of Service Attacks Using Source IP Address Monitoring , 2004, NETWORKING.

[12]  Philippe Owezarski,et al.  A trace based method for realistic simulation , 2004, 2004 IEEE International Conference on Communications (IEEE Cat. No.04CH37577).

[13]  Klaus Wehrle,et al.  Modeling and Tools for Network Simulation , 2010, Modeling and Tools for Network Simulation.

[14]  Wenke Lee,et al.  Simulating Internet worms , 2004, The IEEE Computer Society's 12th Annual International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunications Systems, 2004. (MASCOTS 2004). Proceedings..

[15]  Aziz Mohaisen,et al.  Losing control of the internet: using the data plane to attack the control plane , 2010, CCS '10.