Building an Emulation Environment for Cyber Security Analyses of Complex Networked Systems
This addresses the problem of testing cyber defense strategies in complex networked systems for security researchers and practitioners, though it is incremental as it builds on existing techniques.
The paper tackles the need for realistic test environments to evaluate cyber defense solutions by proposing a methodology that combines network and security assessment techniques with cloud technologies to build an emulation environment with adjustable affinity to real networks, and as a byproduct, provides a publicly available dataset of network traces with benign and malicious traffic.
Computer networks are undergoing a phenomenal growth, driven by the rapidly increasing number of nodes constituting the networks. At the same time, the number of security threats on Internet and intranet networks is constantly growing, and the testing and experimentation of cyber defense solutions requires the availability of separate, test environments that best emulate the complexity of a real system. Such environments support the deployment and monitoring of complex mission-driven network scenarios, thus enabling the study of cyber defense strategies under real and controllable traffic and attack scenarios. In this paper, we propose a methodology that makes use of a combination of techniques of network and security assessment, and the use of cloud technologies to build an emulation environment with adjustable degree of affinity with respect to actual reference networks or planned systems. As a byproduct, starting from a specific study case, we collected a dataset consisting of complete network traces comprising benign and malicious traffic, which is feature-rich and publicly available.