A distributed attack simulation for quantitative security evaluation using SimEvents

Any system during its lifecycle could be subject to internal or external accidental or malicious threats. Therefore attention to system security is very important nowadays. Security brings in concerns for availability, in addition to confidentiality and integrity. Many security assessment methodologies like ITSEC, CC and etc were used up to now, but most of them have some limitations for being used in design phase of systems. In this paper, simulation of a network system for quantitative security evaluation (QSE) based on discrete-event simulation (DES) by SimEvents is presented. First, the system in normal state is simulated then an attacker is modeled as a client by means of zombies attacks to the system. Subsequently the availability of system begins to decrease. Finally the system cannot respond to the requests. After this simulation, the availability of system as an important security measure in any moment of simulation time is measured. At the end, a case study of distributed denial of service (DDoS) simulation is presented and the availability measure of the system is evaluated.