VNTGM:面向大规模网络安全实验的虚拟网络拓扑生成方法

VNTGM:Virtual Network Topology Generation Method for Large-Scale Network Security Experiment

依据实验需求搭建虚拟网络拓扑环境是进行大规模网络安全实验时面临的首要问题。目前采用的基于图形绘制、基于配置脚本和基于通用拓扑生成工具的虚拟网络拓扑生成方式难以同时满足实验环境逼真度和灵活性的要求。针对大规模虚拟网络拓扑生成存在的要素不全、配置繁琐等问题,提出一种虚拟网络拓扑生成方法VNTGM,利用已有拓扑生成工具生成路由器级虚拟网络拓扑,在此基础上根据不同类型的网络拓扑特征运用离心中心性、K壳分解、度中心性的方法实现中心节点的识别,而后对于不同类型中心节点使用最短路径、逐层搜索、最大度搜索的方法进行边缘路由节点的选定,最后添加主机节点,实现包括路由器、终端节点等全要素的上万节点规模虚拟网络拓扑生成。万节点级规模的虚拟网络拓扑生成实验表明,VNTGM方法可在1分钟内完成1万节点规模,并在5分钟内完成3万节点规模的全要素大规模虚拟网络拓扑的生成,大大降低了配置复杂度。

Building a virtual network topology environment based on experimental requirements is the primary problem when conducting large-scale network security experiments.The current virtual network topology generation based on graphics rendering,configuration scripts,and general topology generation tools could hardly meet the requirements of experimental environment fidelity and flexibility.To address such problems in large-scale virtual network topology generation as incomplete features and complicated configuration,this paper proposes a virtual network topology generation method VNTGM,which uses existing topology generation tools to generate router-level virtual network topology.On this basis,different types of networks are used.Topological features use centrifugation centering,K-shell decomposition,and degree-centricity to realize the identification of the central node,and then use the shortest path,layer-by-layer search,and maximum search methods for the selection of edge routing nodes for different types of central nodes.A host node is added to implement tens of thousands of node-scale virtual network topology generation including all elements such as routers and terminal nodes.The virtual node topology generation experiment of 10,000-node class shows that the VNTGM method can complete the generation of full-featured large-scale virtual network topology with the scale of 10,000 nodes in one minute and the scale of 30,000 nodes in five minutes,which greatly reduces the configuration complexity.