Application-level simulation for network security
Abstract
We introduce and describe a novel network simulation tool called NeSSi (Network Security Simulator). NeSSi incorporates a variety of features relevant to network security distinguishing it from general-purpose network simulators. Its capabilities such as profile-based automated attack generation, traffic analysis and interface support for the plug-in of detection algorithms allow it to be used for security research and evaluation purposes. NeSSi has been utilized for testing intrusion detection algorithms, conducting network security analysis, and developing distributed security frameworks at the application level. NeSSi is built upon the agent componentware framework JIAC, resulting in a distributed and easy-to-extend architecture. In this paper, we provide an overview of the NeSSi architecture and briefly demonstrate its usage in three example security research projects. These projects comprise of evaluation of stand-alone detection unit performance, detection device deployment at central nodes in the network and comparison of different detection algorithms.