We introduce and describe a novel network simulation tool called NeSSi (Network Security Simulator). NeSSi incorporates a variety of features relevant to network security distinguishing it from general-purpose network simulators. Its capabilities such as profilebased automated attack generation, traffic analysis and interface support for the plug-in of detection algorithms allow it to be used for security research and evaluation purposes. NeSSi has been utilized for testing intrusion detection algorithms, conducting network security analysis, and developing distributed security frameworks at the application level. NeSSi is built upon the agent componentware framework JIAC [5], resulting in a distributed and easy-toextend architecture. In this paper, we provide an overview of the NeSSi architecture and briefly demonstrate its usage in three example security research projects. These projects comprise of evaluation of stand-alone detection unit performance, detection device deployment at central nodes in the network and comparison of different detection algorithms.
Network providers operate large DSL-based access networks to offer customers Broadband Internet. These networks are observed and managed by Performance Management Systems (PMS), that capture the actual situation to support network administration. In this regard, the administrator can cope with incidents such as link failures or congestion. We present an application for optimization and forecast of traffic distributions in DSL networks as an addition to an existing PMS. This application makes heavy use of simulation. In this way, we give a description of traffic models based on real network performance data reflecting: (I) individual subscribers and (II) an aggregated model for multiple subscribers. Then, we introduce the overall simulation approach based on the Network Security Simulator NeSSi 2 . The evaluation takes place by a use case for simulation-based verification of applied optimization strategies and a use case for continuous forecast to predict upcoming link congestion.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.