In order to address the continued escalation in the diversity, sophistication and quantity of malicious activity in the Internet, new methods for systematic testing and evaluation of next generation security systems and techniques are required. The objective of this research is to investigate and develop meta-environments for Emulab-based testbeds. A meta-environment is a set of testbed configurations, tools and processes developed for a specific security domain that enables experiments to be conducted in a simplified, realistic and consistent fashion. The first component of this research program is focused on investigating tools such as traffic generators that can be used across all metaenvironments. Next, five specific meta-environments will be investigated and developed for the following areas: 1) network intrusion detection, 2) firewalls, 3) honeynets, 4) denial of service defense, and 5) security perimeter design. Finally, mechanisms for federation between the Wisconsin Advanced Internet Lab, DETER and other Emulabbased testbeds that will enable large-scale experiments and transparent access to resources will be investigated. The broader impacts of this project are that it will simplify and accelerate the use of testbeds for security research, and enable consistent comparisons between new security systems and tools. The expected results of this work include tools, configurations, and documentation for the five meta-environments and testbed federation capability. The project also includes education and outreach activities that will develop network security lab exercise materials. These web-based materials will be openly available to the community, and will emphasize a hands-on approach intended to provide students with practical, relevant experiences.

Project Report

This project was based on the recognition that research on new methods for IT security is frequently limited by experimental infrastrcture that is available to the community. To that end, development of "meta-environments" for investigating diverse research topics was the overall objective for the project. A meta-environment is an infrastructure and/or set of tools that is focused on a specific topic and is developed to complement more general experimental infrastructures such as the GENI or DETER testbeds. The focus of the research studies conducted in this project was in four general areas: (i) network security such as perimeter defenses, (ii) Internet infrastructure and topology, (iii) Internet measurement and analysis, and (ii) Internet energy-awareness. The outcomes on efforts related to network security include a game-theoretic method for obfuscating network honeynets, which are widely used to understand malicious activity. This result has direct implications for new agile network defense methods, which are being studied today. A series of studies also developed new methods for network anomaly detection and situational awareness. Both are significant because of the growing diversity of attacks in the Internet that cannot be identified using standard signature-based methods. Next, the most important outcome of our efforts on understanding and protecting Internet infrastructure was the Internet Atlas portal. This portal is now the largest archive of Internet infrastructure data and includes capabilities for visualizing and collecting diverse data. It is used on a daily basis by researchers and practitioners from all over the world. Next, new capabilities for measuring and evaluting Internet properties were developed. These include the capability to audit the details of network devices in either a privilaged or unprivilages fashion and thereby assess compliance with either operational or security objectives. Capability to conduct scalable simulations of network behavior at the IP-flow level was also invented in this project. This capability enables simulations at scales that were not possible with existing simulation platforms and includes the ability to fully assess anomaly detetion tools across a broad range of conditions. Finally, while energy-awareness was not part of the original proposal, this topic emerged as a significant focus for the community over the past 5 years. Capabilities to assess energy use in a wide variety of configurations were developed along with techniques for significantly reducing energy consumed in both data centers and enterprise deployments. These have the potential to significantly reduce costs and pave the way for sustainable computing and communication in the future. Over the course of this project a balance was struck between conducting basic research (required for publication and graduate student development) and developing experimental infrastructure and tools (the key objective of the project). To that end, the major outcomes of the project are a combination of published research papers and infrastructure/tools that are openly available to the community. In terms of published research papers 20 manuscripts appeared in highly competitive peer-reviewed conference proceedings and journals. In terms of artifacts made available to the community, software distribuitons for 5 different tools are available online along with the Internet Atlas portal ( Finally, 6 graduate students received support from this grant. Through this support, they received training in networking, security, systems development and software engineering. Two staff members also received support. A large number of undergraduate students also benefitted directly from this project through the laboratory exercises that were developed as a result of the various studies. Those labs were conducted by undergraduates that took the Introduction to Networking course that the PI teaches at UW-Madison.

National Science Foundation (NSF)
Division of Computer and Network Systems (CNS)
Application #
Program Officer
Sylvia J. Spengler
Project Start
Project End
Budget Start
Budget End
Support Year
Fiscal Year
Total Cost
Indirect Cost
University of Wisconsin Madison
United States
Zip Code