StealthNet

StealthNet, a GOTS library that works in conjunction with Joint Network Emulator (JNE), was derived from a research project with the U.S. Department of Defense. StealthNet features models for a Live-Virtual-Constructive (LVC) framework for network simulation, test and evaluation of operational networks defenses against cyber attacks. The library contains models for accurate cyber threat simulation at all layers of the networking stack. It features; cyber threat models for adaptive and coordinated attacks, scalability to test attacks on large communication networks, and cyber test and analysis metrics to quantify the information and the operational impact of cyber offense and defense strategies. It enables an environment and methodology for testing blue systems against cyber attacks in order to discover and validate vulnerabilities and to assess mission impact. StealthNet has many cyber response capabilities, which include model jamming detection and prevention, encryption, firewall, anonymous routing, backup channels, eavesdropping, routing misconfigurations, Denial of Service, and network and application scanning to name a few. It has the ability to interoperate in both live and virtual environments helping to determine and understand user behavior on how people communication with each other in a distributed test-bed with live cyber threats.

StealthNet allows users to represent in simulation a wide range of cyber attacks operating on tactical and enterprise network architecture and devices. They have the ability to represent attacks ranging from PHY layer attacks to application/middleware attacks as well as defense mechanisms; OS related vulnerabilities, user behavior models, adaptive attacks and coordinated attack mechanisms. StealthNet is also capable of performing scanning activities to gain information about the simulated network architecture as a prelude to initiate cyber and kinetic attacks.

StealthNet leverages Parallel Discrete Event Simulation (PDES) to model the large-scale cyber threats on networks with hundreds to thousands of wired and wireless components. It enables live users to devise attack strategies against a LVC representation of the network which lets the user script a sequence of attacks where new attacks can be initiated automatically based on success or failure of the preceding attack. These scripted attacks are useful for comparing the robustness of different tactical network architectures under a given set of attacks.