Computer Network Testbed at Binghamton University

The Network Testbed at Binghamton University was designed to facilitate security research in the area of advanced IDS. It offers a secure, controlled environment for experimental analysis of the efficiency of various intrusion detection/mitigation and computer forensics systems. It allows for staging large scale experiments with real self-propagating malware on thousands of interacting heterogeneous nodes. This paper addresses some principles implemented in the Testbed design including the architecture, accessibility, security, and visualization. The Testbed provides effective ways to collect data representing the network and software operation. It facilitates secure time sharing of the hardware among different research projects. Its enhanced security is achieved by separation and hardening of the core services. The application of the Testbed is demonstrated by the following three experiments featuring novel IDS technologies: behavior-based IDS extracting predefined malicious functionalities from the system call data by semantic analysis, demonstration of the alarm propagation concept for the minimization of false alarms and the detection of distributed low and slow attacks, and network-wide IDS capable of automatic detection of functionalities and statistically significant variations of their relative frequencies indicative of information attacks.