, especially emulation, require the ability to map virtual resources requested by an experimenter onto available physical resources. These resources include hosts, routers, switches, and the links that connect them. Experimenter requests, such as nodes with special hardware or software, must be satisfied, and bottleneck links and other scarce resources in the physical topology should be conserved when physical resources are shared. In the face of these constraints, this mapping becomes an NP-hard problem. Yet, in order to prevent mapping time from becoming a serious hindrance to experimentation, this process cannot consume an excessive amount of time.In this paper, we explore this problem, which we call the network testbed mapping problem. We describe the interesting challenges that characterize it, and explore its application to emulation and other spaces, such as distributed simulation. We present the design, implementation, and evaluation of a solver for this problem, which is in production use on the Netbed shared network testbed. Our solver builds on simulated annealing to find very good solutions in a few seconds for our historical workload, and scales gracefully on large well-connected synthetic topologies.
Abstract. A honeynet is a portion of routed but otherwise unused address space that is instrumented for network traffic monitoring. It is an invaluable tool for understanding unwanted Internet traffic and malicious attacks. We analyze the problem of defending honeynets from systematic mapping (a serious threat to their viability) as a simple twoperson game. Our theoretical ideas provide the first formalism of the honeynet monitoring problem, illustrate the viability of network address shuffling, and inform the design of next generation honeynet defense systems.
Abstract-Over the past several years, honeynets have proven invaluable for understanding the characteristics of unwanted Internet traffic from misconfigurations and malicious attacks. In this paper, we address the problem of defending honeynets against systematic mapping by malicious parties, so we can ensure that honeynets remain viable in the long term. Our approach is based on two ideas: (i) counting the number of probes received in the honeynet, and (ii) shuffling the location of live systems with those that comprise the honeynet in a larger address space after the probe count has exceeded a threshold. We describe four different strategies for randomizing the location of the honeynet. Each strategy is defined in terms of the degree of defense that it provides and its associated computational and state requirements. We implement a prototype middlebox that we call Kaleidoscope to gain practical insight on the feasibility of these strategies. Through a series of tests we show that the system is capable of effectively defending honeynets in large networks with limited impact on normal traffic, and that it continues to respond well in the face of large resource attacks.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.