One important contribution of our work is to validate the proposed models and corresponding control systems experimentally. We plan to use a network simulator as one of our experimental testbeds. Network simulators have been extensively used to validate and evaluate the performance of network protocols.
The ns network simulator is a good example of a widely used, public domain discrete event simulator targeted at network protocol research. It was originally implemented at LBL and is currently being extended as part of the DARPA-funded VINT project at USC ISI. We will likely choose ns as our simulation platform. Our goal is to implement the proposed control systems within ns and evaluate their cost-effectiveness.
There are several advantages to using ns. First, it provides flexibility by allowing simulation of protocols at different layers of the network protocol stack. Because it has been widely used by the networking research community, it has accumulated considerable "common knowledge" in the form of contributed modules implementing different network protocols. Providing a composable simulation framework is indeed one of VINT's goals. For example, at the routing layer, it supports both unicast and multicast. At the transport layer ns includes implementations of different versions of TCP. ns can also be used in emulation mode; this allows the simulator to interface to a live network by accepting/injecting traffic from/into a real network. ns 's emulation facility is especially useful for our work since it serves as an intermediate step between pure simulation and full-blown live experimentation. Another important consideration for using ns is the fact that the technology is being developed locally at USC-ISI. Therefore, we have access to the development team and expert users locally, as well as a natural technology transfer channel.
To drive our simulations we will employ real Internet traffic in the form of packet traces. Trace-driven simulations have been widely used in systems validation and performance evaluation in different areas of computer science and electrical engineering. They have been particularly important in computer networking research. Seminal work in protocol design and performance evaluation have made extensive use of trace-driven simulations. More recently, performance evaluation and tuning of World-Wide Web protocols and applications have also employed trace-driven simulation techniques.
As a result, public domain packet traces have been made available to the Internet research community. The National Laboratory for Applied Network Research (NLANR) maintains a collection of packet traces (containing only packet header information) that are publically accessible. The Internet Traffic Archive is another well-known source of publically available Internet packet traces.
We will implement the proposed algorithms within ns and drive our simulations using several packet traces that are representative of traffic on the Internet. Packet traces will serve as input to the proposed traffic models and intrusion detection and response control systems. Simulations will subject the proposed models and control systems to various traffic patterns and boundary conditions. Simulation results will provide feedback into the modeling tasks and are key to understanding and tuning the proposed models.
One of the research issues that we will be faced in this task is to understand where to implement the proposed models and control systems in relation to the Internet (or TCP/IP) protocol stack. In light of the end-to-end argument in layered system design, we will consider the trade-offs of implementing at the data-link, network, transport, or even application layers.
References:
UCB/LBNL/VINT Network Simulator - ns (version
2)
Author: UCB's ns development group
http://www-mash.CS.Berkeley.EDU/ns/
Virtual InterNetwork Testbed
Author: USC-ISI VINT group
Year: October 1997
http://netweb.usc.edu/vint/
NLANR network traffic packet header
traces
Author: NLANR Measurement and Operations Analysis Team
http://moat.nlanr.net/Traces/
The Internet Traffic Archive
http://ita.ee.lbl.gov/index.html
The CRISIS Project
Author: Brian Tung
http://gost.isi.edu/projects/crisis/
