Application-level Simulation for Network Security

NeSSi (network security simulator) is a novel network simulation tool which incorporates a variety of features relevant to network security distinguishing it from general-purpose network simulators. Its capabilities such as profile-based automated attack generation, traffic analysis and support for detection algorithm plug-ins allow it to be used for security research and evaluation purposes. NeSSi has been successfully used for testing intrusion detection algorithms, conducting network security analysis and developing overlay security frameworks. NeSSi is built upon the agent framework JIAC, resulting in a distributed and extensible architecture. In this paper, we provide an overview of the NeSSi architecture as well as its distinguishing features and briefly demonstrate its application to current security research projects.

[1]  Murali S. Kodialam,et al.  Detecting network intrusions via sampling: a game theoretic approach , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).

[2]  Stephanie Forrest,et al.  Architecture for an Artificial Immune System , 2000, Evolutionary Computation.

[3]  Jan Keiser,et al.  Agent-based telematic services and telecom applications , 2001, CACM.

[4]  Stefano Basagni,et al.  Distributed clustering for ad hoc networks , 1999, Proceedings Fourth International Symposium on Parallel Architectures, Algorithms, and Networks (I-SPAN'99).

[5]  CIMD – Collaborative Intrusion and Malware Detection Technical Report : TUB-DAI 08 / 0801 , 2009 .

[6]  Tansu Alpcan,et al.  A Cooperative AIS Framework for Intrusion Detection , 2007, 2007 IEEE International Conference on Communications.

[7]  Donald F. Towsley,et al.  A study of networks simulation efficiency: fluid simulation vs. packet-level simulation , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[8]  Kimmo Hätönen,et al.  A computer host-based user anomaly detection system using the self-organizing map , 2000, Proceedings of the IEEE-INNS-ENNS International Joint Conference on Neural Networks. IJCNN 2000. Neural Computing: New Challenges and Perspectives for the New Millennium.

[9]  Alan S. Perelson,et al.  Self-nonself discrimination in a computer , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[10]  Tansu Alpcan,et al.  Decentralized Detector Generation in Cooperative Intrusion Detection Systems , 2007, SSS.

[11]  David M. Nicol,et al.  Advanced concepts in large-scale network simulation , 2005, Proceedings of the Winter Simulation Conference, 2005..

[12]  Jelena Mirkovic,et al.  Distributed worm simulation with a realistic Internet model , 2005, Workshop on Principles of Advanced and Distributed Simulation (PADS'05).

[13]  Ulrik Brandes,et al.  On variants of shortest-path betweenness centrality and their generic computation , 2008, Soc. Networks.

[14]  George F. Riley,et al.  The Georgia Tech Network Simulator , 2003, MoMeTools '03.

[15]  Karl N. Levitt,et al.  A general cooperative intrusion detection architecture for MANETs , 2005, Third IEEE International Workshop on Information Assurance (IWIA'05).

[16]  Hoh Peter In,et al.  A Scalable, Ordered Scenario-Based Network Security Simulator , 2004, AsiaSim.

[17]  David M. Nicol,et al.  RINSE: The Real-Time Immersive Network Simulation Environment for Network Security Exercises (Extended Version) , 2006, Simul..

[18]  David M. Nicol,et al.  RINSE: the real-time immersive network simulation environment for network security exercises , 2005, Workshop on Principles of Advanced and Distributed Simulation (PADS'05).

[19]  U. Brandes A faster algorithm for betweenness centrality , 2001 .

[20]  Rami Puzis,et al.  Fast algorithm for successive computation of group betweenness centrality. , 2007, Physical review. E, Statistical, nonlinear, and soft matter physics.

[21]  Zied Elouedi,et al.  Naive Bayes vs decision trees in intrusion detection systems , 2004, SAC '04.

[22]  Michael Bloem,et al.  Malware Filtering for Network Security Using Weighted Optimality Measures , 2007, 2007 IEEE International Conference on Control Applications.