DSTO: Experimental Research Infrastructure for Network Topology Research

An important problem in defence surveillance is creating a capability for discovering the topology of an adversary’s communications network from indirect data, such as measurements of the delays of packets across the network in question, the existence of flows through a network and the capture of routing related messaging.

The problem

Such problems come under the general heading of inverse problems, and are often solved using “tomographic” techniques.

A major problem in the conduct of such research is the difficulty in validating the effectiveness of the tomographic techniques developed. Typically, the difficulty arises in two distinct forms:

Simulated networks are often employed in research because they enable controlled experiments to be conducted, and causes and effects can be more readily identified. Simulated networks, however, typically lack the “richness” of real networks, for example, being restricted to investigation only of interior routing protocols, through having relatively few nodes, or using only simulated traffic rather than actual traffic generated by real applications.

Real network data is difficult to obtain, difficult to manage, and it is almost impossible to obtain clear information on “ground truth”, that is, if a major network event is observed it is rarely possible to find out the actual cause of the event.

The solution

Building on the Netkit platform developed by Roma Tre University, we have developed a network emulation environment for network tomography research verification and validation. In our environment virtual machines operate as routers in a virtual network. Each router can be individually configured and can run real network routing protocols, in this case, using open source software implementations of protocols such as BGP, RIP and so on. Multiple Autonomous Systems (ASs) can be configured, and real applications configured to run across the virtual network. Real users can also be connected into the virtual network.

The researcher is then in a position to make specific changes to the network state, observe and measure the changes that occur, and validate network analysis undertaken on the collected data against the “ground truth”.

The advantage to Defence is that research is enabled to be undertaken at all levels of the network, from link level through network level through application level, in a significantly more realistic environment that provided through the use of traditional simulation packages such as OPNET and NS-2.