Ad Hoc Network Visualizationwith VisualCyberVAN

CMPSC 597GModule Name: Tactical Network Visualization

with VisualCyberVAN

Professor Patrick McDanielJoshua Crafts

Fall 2015

The Ontology of Network Security

“The overall objective of the Cyber Security CRA is to develop a fundamental

understanding of cyber phenomena, including aspects of human attackers, cyber

defenders, and end users, so that fundamental laws, theories, and theoretically

grounded and empirically validated models can be applied to a broad range of Army

domains, applications, and environments.”

To meet these goals with respect to understanding networks, we use the CyberVAN

testbed developed by ACS. Any suitable testbed for network security, like CyberVAN,

needs to be oriented toward replicating real tactical networks.

Tactical Networks

● Are Mobile Ad Hoc Networks (MANETs)

● Are wireless, and based on radio communication

● Nodes can function as routers

● Nodes can enter and exit the network at any time

● Nodes are not fixed and can move location

● Consequently, topology is dynamic

● Testbed must create Virtual Ad Hoc Networks (VANs) which share these

properties to ensure consistency with the real world scenarios studied

CyberVAN

ACS’s CyberVAN uses distributed resources to facilitate MANET simulation with the

following features:

● Dynamic addition/deletion/modification of network endpoints

● Ability to run automated and concurrent tests on a network scenario

● Large scale simulations at varying time granularity using “time sync”

The Problem: Situational Awareness

“The overall objective of the Cyber Security CRA is to develop a fundamental

understanding of cyber phenomena”

“since there are no dedicated routers, every node participates in packet forwarding, i.e.

every node is a router; since the location of a node is not fixed and nodes can enter and

leave the network at any time, network topology is dynamic.”

Understanding a network is already complex; how can we meet our overall objective of

understanding when we’re talking about a network for which topology is dynamic?

The Answer: Visualization

Hardware/Deployment Visualization

Show supporting hardware for CyberVAN deployment:

● Servers simulating endpoints

● Server running simulation

● Server viewing simulation

● Technical characteristics of deployment hardware

Fundamental Problems of Visualization

● Presenting the most useful information most obviously

○ Understanding the most useful information at all levels of granularity (in time and space)

● Giving effective access to finer details without crowding the broad presentation

(tooltips, color coding, connections, etc.)

● Using space effectively (graph of subnet connections, graph of subnet with

endpoints, etc.)

● Grouping related objects (network nodes, servers, etc.)

How Can We Improve This?

Currently, VisualCyberVAN displays the environment of an imported network

scenario, the fundamental initial structure of the scenario.

Sufficient visualization would show the progression of the scenario, and allow some

level of control over how the scenario is observed as it progresses.

We also want to be able to modify and export scenarios.

We also want to be able to visualize network traffic as it occurs in the simulation.

Summary

● Network simulation is hard, particularly with tactical ad hoc networks

● Once the network is simulated, understanding the simulation or explaining it to

the laymen is even harder

● To meet the overall goal of the CRA, we need some deeper level of understanding

for this simulation testbed

● We need a visualization to effectively solve this problem

● Fundamental problems of visualization are based on effectively presenting the

most useful information in the most obvious way at all levels of granularity

● The same method used to approach visualizing the environment can also be used

to approach progression and traffic