Building an Emulation Environment for Cyber Security Analyses of Complex Networked Systems

TL;DR

This paper presents a methodology for creating customizable emulation environments for cyber security testing of complex networks, utilizing cloud technologies and security assessment techniques, and provides a rich dataset of network traffic.

Contribution

It introduces a novel approach combining network assessment and cloud tech to build adaptable emulation environments for cyber defense research.

Findings

Developed a flexible emulation environment with adjustable fidelity.

Collected and published a comprehensive dataset of benign and malicious network traffic.

Demonstrated the environment's effectiveness in studying cyber defense strategies.

Abstract

Computer networks are undergoing a phenomenal growth, driven by the rapidly increasing number of nodes constituting the networks. At the same time, the number of security threats on Internet and intranet networks is constantly growing, and the testing and experimentation of cyber defense solutions requires the availability of separate, test environments that best emulate the complexity of a real system. Such environments support the deployment and monitoring of complex mission-driven network scenarios, thus enabling the study of cyber defense strategies under real and controllable traffic and attack scenarios. In this paper, we propose a methodology that makes use of a combination of techniques of network and security assessment, and the use of cloud technologies to build an emulation environment with adjustable degree of affinity with respect to actual reference networks or planned systems. As a byproduct, starting from a specific study case, we collected a dataset consisting of complete network traces comprising benign and malicious traffic, which is feature-rich and publicly available.