Scaling Network Security Experiments
pdf
ABSTRACT
Internet-scale security experimentation is challenging since it is typically infeasible to perform the experiments directly on a production network. Additionally, many network attacks involve both the network data and control planes. For instance, routing session resets have been observed with data-plane Denial of Service (DoS) attacks. During the slammer worm propagation, inter-domain route withdrawals increased, possibly due to address resolution messages caused by traffic to nonexistent addresses. Researchers thus resort to hybrids of simulation, emulation, and testbed experiments, employing a variety of scaling techniques.
Selecting an experimental platform for a network security experiment entails a delicate balance between scalability and fidelity. The results of a non-representative experiment can be misleading, and unexpected bugs may not be discovered until an Internet protocol or application is deployed onto an operational network, causing severe damage.
Our work compares simulation, emulation, and testbed techniques for security experimentation, and explores the tradeoffs among them. We design a new framework to map experimental topology nodes onto testbed resources and scaling techniques, according to user-specified fidelity requirements. We demonstrate our mapping framework on two case studies: (1) experiments studying the impact of worm propa- gation on routing, and (2) experiments with a distributed DoS attack launched by a large botnet.
Award ID: 0831353
Submitted by Katie Dey
on
ABSTRACT
Internet-scale security experimentation is challenging since it is typically infeasible to perform the experiments directly on a production network. Additionally, many network attacks involve both the network data and control planes. For instance, routing session resets have been observed with data-plane Denial of Service (DoS) attacks. During the slammer worm propagation, inter-domain route withdrawals increased, possibly due to address resolution messages caused by traffic to nonexistent addresses. Researchers thus resort to hybrids of simulation, emulation, and testbed experiments, employing a variety of scaling techniques.
Selecting an experimental platform for a network security experiment entails a delicate balance between scalability and fidelity. The results of a non-representative experiment can be misleading, and unexpected bugs may not be discovered until an Internet protocol or application is deployed onto an operational network, causing severe damage.
Our work compares simulation, emulation, and testbed techniques for security experimentation, and explores the tradeoffs among them. We design a new framework to map experimental topology nodes onto testbed resources and scaling techniques, according to user-specified fidelity requirements. We demonstrate our mapping framework on two case studies: (1) experiments studying the impact of worm propa- gation on routing, and (2) experiments with a distributed DoS attack launched by a large botnet.
Award ID: 0831353