Research on the Impact Analysis of Network Security Incidents Based on Simulation
|School||Harbin Institute of Technology|
|Course||Computer Science and Technology|
|Keywords||Impact assessment Network simulation Worm simulation|
With the rapid development of network communication, Internet has become more and more popular. At the same time, network security incidents, such as worms、DDOS attacks, have now broken out more frequently and brought great impact on the network’s performance. Security issues have become increasingly prominent. Network security assessment has been an urgent and challenging task.The traditional methods of network security assessment are based on vulnerability detection through scanning. It can be called vulnerability assessment. This article focuses on the impact analysis of large-scale security incidents on the performance of network. It aims to give quantitative evaluation of the security incident and help the network to recover quickly from the attack.This paper introduces a method based on indicators for impact assessment of network security incidents from the point of availability. Several assessment indicators have been chosen to measure the network performance. We aim to give a quantitative assessment result of the changes of network performance before and after the outbreak of the incident. Reference to the entropy in the information theory, methods of computing damage-degree using entropy difference is proposed. The whole assessment frame is a bottom-up structure. The entire network is at the top level, and specific index is at the bottom level. Damage-degree of each index on the bottom is calculated first, and then gradually from low to high level, damage-degree of the upper level can be calculated.Several experiments have been done to confirm the validity of impact assessment method. Because we can’t simply do the experiment associated with large-scale security incidents in the laboratory environment, we build a worm simulation platform. In order to make the simulator more reliable and more effective, several improvements have been made on it. The evaluation result has been given through comparing the network performance parameters before and after the outbreak of worm. The prototype of an impact assessment system for network security incidents based on simulation has been given at the end of this article.