The Genesis Project: Network Decomposition in Monitoring and Simulation for Network Management and Intrusion Detection

Genesis proposes a novel approach to scalability and efficiency of parallel network monitoring, modeling and simulation for network management and intrusion detection. The basis of our approach is network decomposition that creates separate network domains. Each domain is independently monitored, modeled and simulated by separate software components. Domain monitoring involves a repository of data and collection agents while models and simulations are run by dedicated processor clusters allocated to each domain. Repositories and simulators collaborate on exchanging data and models to keep the network simulations consistent between domains. One of the desirable features of our design is its independence from the underlying simulators and repositories running in the individual domains. Hence, our architecture can be integrated with a number of existing technologies thereby supporting system interoperability. Our primary application is network management. The simulation in this application predicts changes in the network performance caused by network parameter tuning. Growing security threats to networks increase the importance of intrusion and anomaly detection. Using data collection agents, we create unique signatures for attacks or legitimate user activities (monitoring a stream of network packets at the server). Signatures are represented as probabilistic or time-dependent finite state automata and their parsers can easily be embedded into mobile agents. Genesis is useful in all applications in which speed of the simulation is of essence, such as: on-line network simulation, network management, ad-hoc network design, emergency network planning, or Internet simulation for computer networks. In addition to computer and communication networks, Genesis can also be used to simulate networks of flows of goods and products, vehicles, populations, etc. Keywords— Network Monitoring, Network Management, Network Simulation, Parallel Simulation, Intrusion Detection.