Modeling and simulation at
the service of cyber security
Vahur Kotkas
IoC, dept. of Computer Science
Security issues
Availability
 Privacy
 Integrity
 Maintainability

How to defend ourselves

Be prepared (planning and built-up):


carry out analysis,
deploy reasonable equipment

purchase special equipment and prepare tools for








intrusion detection,
data-mining,
blacklist management and exchange,
filtering,
Logging
configure the equipment properly
reserve some resources for any case,
Have trained staff (education)
What kind of activities are needed?

Educational simulations


Network deployment planning



Topology, equipment, configuration
Usage optimization
Resource consumption analysis


Protocols, routing algorithms, configurations, ...
Hardware, services
Attack simulations
 Malware spread simulation
 Service availability simulations
 Do it all on top of a realistic model of Estonian Internet
Different levels of activities
High-level management
 Mid-level technical solutions
 Low-level real life

What is available?

Number of existing tools for network
simulations:


OPNET, OMNeT++, NS, Netscale, Netwiser,
J-Sim, PARSEC, QualNet, SSF, ...
Number of model (network topology)
generators

BRITE, Inet, Topgen, ReaSE, ...
What we do?

Modeling and simulation platform – CoCoViLa
(http://www.cs.ioc.ee/cocovila)

High-level behaviour descriptions



Combined simulators



Hierarchical visual composition
Expert-systems
Discrete event based simulation
Continuous-time simulation
Visualisation
Tools for different activity levels DEMO


Situation Analysis by Jüri Kivimaa et al.
Attack Trees by number of people including
Ahto Buldas, Aivo Jürgenson, Jan Willemson
etc.
 HNS (Hybrid Network Simulator) by Andres
Ojamaa
 GrADAR (Graph-based Automated Denial-ofService Attack Response) by Gabriel Klein et
al.
 EIM (Model of Estoian Internet) by Andres
Ojamaa et al.
Modeling and simulation in
the service of cyber security
Vahur Kotkas
IoC dept. of Computer Science