论文信息 - Computer Network Testbed at Binghamton University

Computer Network Testbed at Binghamton University

The Network Testbed at Binghamton University was designed to facilitate security research in the area of advanced IDS. It offers a secure, controlled environment for experimental analysis of the efficiency of various intrusion detection/mitigation and computer forensics systems. It allows for staging large scale experiments with real self-propagating malware on thousands of interacting heterogeneous nodes. This paper addresses some principles implemented in the Testbed design including the architecture, accessibility, security, and visualization. The Testbed provides effective ways to collect data representing the network and software operation. It facilitates secure time sharing of the hardware among different research projects. Its enhanced security is achieved by separation and hardening of the core services. The application of the Testbed is demonstrated by the following three experiments featuring novel IDS technologies: behavior-based IDS extracting predefined malicious functionalities from the system call data by semantic analysis, demonstration of the alarm propagation concept for the minimization of false alarms and the detection of distributed low and slow attacks, and network-wide IDS capable of automatic detection of functionalities and statistically significant variations of their relative frequencies indicative of information attacks.

Victor A. Skormin | Andrey M. Dolgikh | Tomas Nykodym | James Antonakos

[1] Robert Ricci,et al. A solver for the network testbed mapping problem , 2003, CCRV.

[2] Mike Hibler,et al. USENIX Association Proceedings of the General Track : 2003 USENIX Annual , 2003 .

[3] Victor A. Skormin,et al. Expressive, Efficient and Obfuscation Resilient Behavior Based IDS , 2010, ESORICS.

[4] Marianne Swanson,et al. Recommended Security Controls for Federal Information Systems | NIST , 2005 .

[5] Victor A. Skormin,et al. Automatic functionality detection in behavior-based IDS , 2011, 2011 - MILCOM 2011 Military Communications Conference.

[6] Takashi Washio,et al. Complete Mining of Frequent Patterns from Graphs: Mining Graph Data , 2003, Machine Learning.

[7] Victor A. Skormin,et al. Detection of Worm Propagation Engines in the System Call Domain using Colored Petri Nets , 2008, 2008 IEEE International Performance, Computing and Communications Conference.

[8] Thomas Peltier,et al. Information Security Risk Analysis: A Pedagogic Model Based on a Teaching Hospital , 2006 .

[9] Victor A. Skormin,et al. Large-scale Reconfigurable Virtual Testbed for Information Security Experiments , 2007, 2007 3rd International Conference on Testbeds and Research Infrastructure for the Development of Networks and Communities.

[10] Susan Snedakar. Vulnerability Assessment Tools , 2007 .

[11] Karen A. Scarfone,et al. Guide to Intrusion Detection and Prevention Systems (IDPS) , 2007 .