The continued and rapid progress of network technology has revolutionized all modern critical infrastructures and business models. Technologies today are firmly relying on network and communication facilities which in turn make them dependent on network security. Network-security investments do not always guarantee the security of organizations. However, the evaluation of security solutions requires designing, testing and developing sophisticated security tools which are often very expensive. Simulation and virtualization techniques empower researchers to adapt all experimental scenarios of network security in a more cost and time-effective manner before deciding about the final security solution. This study presents a detailed guideline to model and develop a simultaneous virtualized and simulated environment for computer networks to practice different network attack scenarios. The preliminary object of this study is to create a test bed for network anomaly detection research. The required dataset for anomaly or attack detection studies can be prepared based on the proposed environment in this study. We used open source GNS3 emulation tool, Docker containers, pfSense firewall, NTOPNG network traffic-monitoring tool, BoNeSi DDoS botnet simulator, Ostinato network workload generation tool and MYSQL database to collect simulated network traffic data. This simulation environment can also be utilized in a variety of cybersecurity studies such as vulnerability analysis, attack detection, penetration testing and monitoring by minor changes.

Chapter Contents:

• 3.1 Introduction
• 3.1.1 Network simulation
• 3.1.2 Network emulation
• 3.1.3 The application of network simulation and emulation in network security
• 3.1.4 Virtualization
• 3.1.5 Virtualization using hypervisor
• 3.1.6 Virtualization using container
• 3.1.7 Virtual machines and simulation
• 3.2 Literature review
• 3.2.1 Network anomalies and detection methods
• 3.2.2 Network workload generators
• 3.2.3 Network simulation for security studies
• 3.3 Methodology
• 3.4 Defining a simulated and virtualized test bed for network anomaly detection researches
• 3.4.1 GNS3
• 3.4.2 Ubuntu
• 3.4.3 Network interfaces
• 3.5 Simulated environment for network anomaly detection researches
• 3.5.1 Victim machine
• 3.5.2 Attacker machine
• 3.5.3 pfSense firewall
• 3.5.3.1 Firewall configuration
• 3.5.4 NAT and VMware host-only networks
• 3.5.5 Traffic generator machine
• 3.5.6 NTOPNG tool
• 3.5.6.1 NTOPNG configuration
• 3.5.6.2 NTOPNG configuration to dump logs to Mysql machine
• 3.5.7 Repository machine
• 3.5.7.1 Repository machine configuration
• 3.5.7.2 Give a remote root access to Data_ Repository machine
• 3.6 Discussion and results
• 3.7 Summary
• References

Inspec keywords: virtualisation; computer network security; telecommunication traffic; invasive software

Other keywords: computer networks; pfSense firewall; network attack scenarios; network anomaly detection research; network security; Ostinato network workload generation tool; simulated network traffic data; open source GNS3 emulation tool; Docker containers; cybersecurity attack analysis; BoNeSi DDoS botnet simulator; network technology; NTOPNG network traffic-monitoring tool; network traffic logs; cybersecurity studies; communication facilities; virtualization techniques; security solutions; network-security investments; business models; attack detection; simultaneous virtualized environment

Subjects: Data security; Computer networks and techniques; Computer communications