From Replay to Regeneration: Recovery of UDP Flood Network Attack Scenario Based on SDN

In recent years, various network attacks have emerged. These attacks are often recorded in the form of Pcap data, which contains many attack details and characteristics that cannot be analyzed through traditional methods alone. Therefore, restoring the network attack scenario through scene reconstruction to achieve data regeneration has become an important entry point for detecting and defending against network attacks. However, current network attack scenarios mainly reproduce the attacker's attack steps by building a sequence collection of attack scenarios, constructing an attack behavior diagram, or simply replaying the captured network traffic. These methods still have shortcomings in terms of traffic regeneration. To address this limitation, this paper proposes an SDN-based network attack scenario recovery method. By parsing Pcap data and utilizing network topology reconstruction, probability, and packet sequence models, network traffic data can be regenerated. The experimental results show that the proposed method is closer to the real network, with a higher similarity between the reconstructed and actual attack scenarios. Additionally, this method allows for adjusting the intensity of the network attack and the generated topology nodes, which helps network defenders better understand the attackers' posture and analyze and formulate corresponding security strategies.

Automated summary

In recent years, various network attacks have increased, while their details and characteristics are often recorded in Pcap data. Analyzing these details solely through traditional methods is not effective, hence the importance of restoring network attack scenarios through scene reconstruction for detecting and defending against network attacks. This paper proposes an SDN-based network attack scenario recovery method that can regenerate network traffic data by parsing Pcap data and utilizing network topology reconstruction, probability, and packet sequence models. Experimental results show a higher similarity between the reconstructed and actual attack scenarios, providing network defenders with a better understanding of the attackers' posture and enabling them to formulate appropriate security strategies.