The V-network: a testbed for malware analysis

This paper presents a virtualised network environment that serves as a stable and re-usable platform for the analysis of malware propagation. The platform, which has been developed using VMware virtualisation technology, enables the use of either a graphical user interface or scripts to create virtual networks, clone, restart and take snapshots of virtual machines, reset experiments, clean virtual machines and manage the entire infrastructure remotely. The virtualised environment uses open source routing software to support the deployment of intrusion detection systems and other malware attack sensors, and is therefore suitable for evaluating countermeasure systems before deployment on live networks. An empirical analysis of network worm propagation has been conducted using worm outbreak experiments on Class A size networks to demonstrate the capability of the developed platform

The V-Network testbed for malware analysis

This paper presents a virtualised network environment that serves as a stable and re-usable platform for the analysis of malware propagation. The platform, which has been developed using VMware virtualisation technology, enables the use of either a graphical user interface or scripts to create virtual networks, clone, restart and take snapshots of virtual machines, reset experiments, clean virtual machines and manage the entire infrastructure remotely. The virtualised environment uses open source routing software to support the deployment of intrusion detection systems and other malware attack sensors, and is therefore suitable for evaluating countermeasure systems before deployment on live networks. An empirical analysis of network worm propagation has been conducted using worm outbreak experiments on Class A size networks to demonstrate the capability of the developed platform

FABRIC: A National-Scale Programmable Experimental Network Infrastructure

FABRIC is a unique national research infrastructure to enable cutting-edge and exploratory research at-scale in networking, cybersecurity, distributed computing and storage systems, machine learning, and science applications. It is an everywhere-programmable nationwide instrument comprised of novel extensible network elements equipped with large amounts of compute and storage, interconnected by high speed, dedicated optical links. It will connect a number of specialized testbeds for cloud research (NSF Cloud testbeds CloudLab and Chameleon), for research beyond 5G technologies (Platforms for Advanced Wireless Research or PAWR), as well as production high-performance computing facilities and science instruments to create a rich fabric for a wide variety of experimental activities

A Review of Testbeds on SCADA Systems with Malware Analysis

Supervisory control and data acquisition (SCADA) systems are among the major types of Industrial Control Systems (ICS) and are responsible for monitoring and controlling essential infrastructures such as power generation, water treatment, and transportation. Very common and with high added-value, these systems have malware as one of their main threats, and due to their characteristics, it is practically impossible to test the security of a system without compromising it, requiring simulated test platforms to verify their cyber resilience. This review will discuss the most recent studies on ICS testbeds with a focus on cybersecurity and malware impact analysis

Doctor of Philosophy

dissertationNetwork emulation has become an indispensable tool for the conduct of research in networking and distributed systems. It offers more realism than simulation and more control and repeatability than experimentation on a live network. However, emulation testbeds face a number of challenges, most prominently realism and scale. Because emulation allows the creation of arbitrary networks exhibiting a wide range of conditions, there is no guarantee that emulated topologies reflect real networks; the burden of selecting parameters to create a realistic environment is on the experimenter. While there are a number of techniques for measuring the end-to-end properties of real networks, directly importing such properties into an emulation has been a challenge. Similarly, while there exist numerous models for creating realistic network topologies, the lack of addresses on these generated topologies has been a barrier to using them in emulators. Once an experimenter obtains a suitable topology, that topology must be mapped onto the physical resources of the testbed so that it can be instantiated. A number of restrictions make this an interesting problem: testbeds typically have heterogeneous hardware, scarce resources which must be conserved, and bottlenecks that must not be overused. User requests for particular types of nodes or links must also be met. In light of these constraints, the network testbed mapping problem is NP-hard. Though the complexity of the problem increases rapidly with the size of the experimenter's topology and the size of the physical network, the runtime of the mapper must not; long mapping times can hinder the usability of the testbed. This dissertation makes three contributions towards improving realism and scale in emulation testbeds. First, it meets the need for realistic network conditions by creating Flexlab, a hybrid environment that couples an emulation testbed with a live-network testbed, inheriting strengths from each. Second, it attends to the need for realistic topologies by presenting a set of algorithms for automatically annotating generated topologies with realistic IP addresses. Third, it presents a mapper, assign, that is capable of assigning experimenters' requested topologies to testbeds' physical resources in a manner that scales well enough to handle large environments

Building accurate radio environment maps from multi-fidelity spectrum sensing data

In cognitive wireless networks, active monitoring of the wireless environment is often performed through advanced spectrum sensing and network sniffing. This leads to a set of spatially distributed measurements which are collected from different sensing devices. Nowadays, several interpolation methods (e.g., Kriging) are available and can be used to combine these measurements into a single globally accurate radio environment map that covers a certain geographical area. However, the calibration of multi-fidelity measurements from heterogeneous sensing devices, and the integration into a map is a challenging problem. In this paper, the auto-regressive co-Kriging model is proposed as a novel solution. The algorithm is applied to model measurements which are collected in a heterogeneous wireless testbed environment, and the effectiveness of the new methodology is validated

Use of Tabu Search in a Solver to Map Complex Networks onto Emulab Testbeds

The University of Utah\u27s solver for the testbed mapping problem uses a simulated annealing metaheuristic algorithm to map a researcher\u27s experimental network topology onto available testbed resources. This research uses tabu search to find near-optimal physical topology solutions to user experiments consisting of scale-free complex networks. While simulated annealing arrives at solutions almost exclusively by chance, tabu search incorporates the use of memory and other techniques to guide the search towards good solutions. Both search algorithms are compared to determine whether tabu search can produce equal or higher quality solutions than simulated annealing in a shorter amount of time. It is assumed that all testbed resources remain available, and that hardware faults or another competing mapping process do not remove testbed resources while either search algorithm is executing. The results show that tabu search produces a higher proportion of valid solutions for 34 out of the 38 test networks than simulated annealing. For cases where a valid solution was found, tabu search executes more quickly for scale-free networks and networks with less than 100 nodes

EVA: a hybrid cyber range

Over the recent years, cyber attacks have increased constantly. Attacks targeting sensors networks, or exploiting the growing number of networked devices, are becoming even more frequent. This has led to the need to find a way to train the teams responsible for defending computer systems in order to make them able to respond to any threats quickly. The fact that it is impossible to carry out training operations directly on corporate networks or critical infrastructure has led to the birth of Cyber Ranges, virtual or hybrid systems that allow training in safe and isolated environments. In this paper we present a model for the implementation of a Hybrid Cyber-Range (HCR), based on the model of a real Water Supply System WSS). The HCR shall combine the dynamism and flexibility of virtualised Cyber-Ranges (CR) and the realism of Cyber-Physical Systems (CPS)