A simulation environment for cybersecurity attack analysis based on network traffic logs

Daneshgadeh S., Oney M. U., Kemmerich T., BAYKAL N.



The continued and rapid progress of network technology has revolutionized all modern critical infrastructures and business models. Technologies today are firmly relying on network and communication facilities which in turn make them dependent on network security. Network-security investments do not always guarantee the security of organizations. However, the evaluation of security solutions requires designing, testing and developing sophisticated security tools which are often very expensive. Simulation and virtualization techniques empower researchers to adapt all experimental scenarios of network security in a more cost and time-effective manner before deciding about the final security solution. This study presents a detailed guideline to model and develop a simultaneous virtualized and simulated environment for computer networks to practice different network attack scenarios. The preliminary object of this study is to create a test bed for network anomaly detection research. The required dataset for anomaly or attack detection studies can be prepared based on the proposed environment in this study. We used open source GNS3 emulation tool, Docker containers, pfSense firewall, NTOPNG network traffic-monitoring tool, BoNeSi DDoS botnet simulator, Ostinato network workload generation tool and MYSQL database to collect simulated network traffic data. This simulation environment can also be utilized in a variety of cybersecurity studies such as vulnerability analysis, attack detection, penetration testing and monitoring by minor changes.