Abstract
The chapter considers a simulation-based approach to analysis of network resilience to botnet attacks in security information and event management (SIEM) systems, which can be applied to distributed geographic information systems (GISs). On the other hand, SIEM systems can use GIS technology for network awareness, taking into account the geographical location of hosts and network segments. To be able to protect the network against botnet attacks, it is necessary to investigate the processes occurring on all stages of the botnet lifecycle (propagation, control, and attack). The suggested approach can detect the critical nodes in the network, as well as determine and evaluate the protection mechanisms against botnet attacks. We propose the architecture of the dynamic attack simulation component (DASC) and describe its interaction with other SIEM components. The component prototype is presented and results of the implemented experiments are discussed.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
The INET Framework is an open-source communication network simulation package for the OMNeT++ simulation environment. http://inet.omnetpp.org/
- 2.
ReaSE Realistic Simulation Environments for OMNeT++. https://i72projekte.tm.uka.de/trac/ReaSE
References
Chen S, Tang Y (2004) Slowing down internet worms. Proceedings of the 24th international conference on distributed computing systems (2004)
Gamer T, Mayer C (2009) Large-scale evaluation of distributed attack detection. Workshop on OMNeT++. Rome, Italy, pp 1–8
Kotenko I, Chechulin A, Novikova E (2012) Attack modeling and security evaluation for security information and event management. SECRYPT 2012:391–394
Krishnaswamy J (2009) Wormulator: simulator for rapidly spreading Malware. Master’s Projects, San Jose
Li J, Mirkovic J, Wang M et al. (2002) Save: source address validity enforcement protocol. Proceedings IEEE INFOCOM, NY, pp 1557–1566
Li L, Alderson D, Willinger W et al. (2004) A first-principles approach to understanding the internet’s router-level topology. ACM SIGCOMM computer communication review, pp 3–14
Owezarski P, Larrieu N (2004) A trace based method for realistic simulation. Communications, IEEE International Conferences Toulouse, France, pp 2236–2239
Peng T, Leckie C, Ramamohanarao K (2004) Proactively detecting distributed denial of service attacks using source IP address monitoring. Lect Notes Comput Sci 3042:771–782
Riley G, Sharif M, Lee W (2004) Simulating internet worms. Proceedings 12th international workshop on modeling, analysis, and simulation of computer and telecommunication systems (MASCOTS). Atlanta, pp 268–274
Schuchard M, Mohaisen A, Kune D et al. (2010) Losing control of the internet: using the data plane to attack the control plane. Proceedings 17th ACM conference on computer and communications security, CCS ‘10. ACM, USA, pp 726–728
Simmonds R, Bradford R, Unger B (2000) Applying parallel discrete event simulation to network emulation. PADS ‘00. Proceedings of the fourteenth workshop on parallel and distributed simulation. Washington, pp 15–22
Suvatne A (2010) Improved worm simulator and simulations. Master’s Projects, San Jose
Varga A (2010) OMNeT++. Modeling and tools for network simulation. Wehrle K, Günes M, Gross J (eds) Springer, Berlin (2010)
Vishwanath KV, Vahdat A (2006) Realistic and responsive network traffic generation. Proceedings of the conference on applications, technologies, architectures, and protocols for computer communications
Wagner A, Dubendorfer T, Plattner B et al. (2003) Experiences with worm propagation simulations. Proceedings of the ACM workshop on rapid Malcode. NY, pp 34–41
Acknowledgments
This research is being supported by a grant from the Russian Foundation of Basic Research, Program of fundamental research of the Department for Nanotechnologies and Informational Technologies of the Russian Academy of Sciences (contract #2.2), State contract #11.519.11.4008, and partly funded by the EU as part of the SecFutur and MASSIF projects.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Kotenko, I., Shorov, A., Chechulin, A., Novikova, E. (2014). Dynamical Attack Simulation for Security Information and Event Management. In: Popovich, V., Claramunt, C., Schrenk, M., Korolenko, K. (eds) Information Fusion and Geographic Information Systems (IF AND GIS 2013). Lecture Notes in Geoinformation and Cartography. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-31833-7_14
Download citation
DOI: https://doi.org/10.1007/978-3-642-31833-7_14
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-31832-0
Online ISBN: 978-3-642-31833-7
eBook Packages: Earth and Environmental ScienceEarth and Environmental Science (R0)