8th International Conference on

Autonomous Infrastructure, Management and Security

(AIMS 2014)

June 30 - July 3, 2014, Brno, Czech Republic


Detailed information about labs, including labs venue and co-chair contacts can be found here.

Lab 1: Tuesday July 1

Fast Network Simulation Setup

Slides from lab 1: download here


Arguably, one of the most cumbersome tasks required to run a network experiment is the setup of a complete scenario and its implementation in the target simulator or emulator. This process includes selecting an appropriate topology, provision nodes and links with all required parameters and, finally, configure traffic sources or generate traffic matrices.

Executing all these tasks manually is both time-consuming and error-prone. The Fast Network Simulation Setup (FNSS) toolchain addresses this problem by allowing users to generate even complex experiment scenarios with few lines of Python code and deploy them in the preferred target simulator. FNSS currently supports ns-2, ns-3, mininet as well as custom-built C++, Java and Python simulators.

The lab is divided in three parts. In the first part, participants will be familiarized with various models and datasets of networks topologies. They will also learn the most commonly used models to assign link capacities, delays and buffer sizes and how to synthetically generate realistic traffic matrices. The second part will provide an overview of the FNSS toolchain. Participants will learn the how install and configure it and will be walked through its main features. Finally, in the third part, participants will learn through live coding examples how to easily generate complex simulation scenarios and deploy them on a number of different simulators or emulators.


  • Modelling networks and traffic
    • Network topology models and datasets
    • Assignment of link capacities, delays, weights and buffer sizes
    • Modelling traffic matrices
  • Overview of FNSS
    • Installation and configuration
    • Architecture and features overview
  • Live coding examples
    • Create complete simulation scenarios
    • Deploy topologies on mininet platform
    • Deploy topologies and traffic matrices on custom-built simulators


Lorenzo Saino Lorenzo Saino is a research assistant and Ph.D. candidate at the department of Electronic and Electrical Engineering of University College London, UK. His current research interests include Information-Centric Networking, with particular focus on caching and routing aspects, and modelling and simulation of computer networks. Previously, he was a research engineer at Orange Labs, where he worked on a range of subjects including mobile network architecture, information security and mobile computing. Mr. Saino received his B.S. in Telecommunications Engineering from Politecnico di Milano, Italy, and his M.S. In Telecommunications from University College London UK.

Lab 2: Wednesday July 2

Deploying OpenFlow experiments on the Virtual Wall testbed

Slides from lab 2: download here


Software-defined networking (SDN) greatly increases network management flexibility by decoupling decision making (i.e., control plane) from traffic forwarding (i.e., data plane) in network equipment. This enables network control to become directly programmable, and allows intelligent software components to dynamically reconfigure the network based on service requirements and network conditions. OpenFlow is without a doubt the most widely known implementation of the SDN concept. It is a protocol which structures the communication between the network's data and control plane and provides granular traffic control.

The goal of this hands-on tutorial is to familiarize the participant with the concept of SDN in general and with OpenFlow in particular. We will explore OpenFlow's capabilities to dynamically reroute traffic, guarantee bandwidth, and differentiate flows. Participants will be given the opportunity to apply their acquired knowledge by setting up an OpenFlow-based experiment that guarantees the Quality of Service requirements of a networked video application. The experiment will be run in a live network setting, facilitated by the Virtual Wall testbed.

The Virtual Wall is a testbed facility for setting up large-scale network topologies. The Virtual Wall nodes can be assigned different functionalities and organised in arbitrary network topologies on the fly. As such, it is a generic experimental environment for advanced network, distributed software and service evaluation, and supports scalability research. The facility has been made available to the research community through different FP7 FIRE projects. The tutorial will provide a brief theoretical introduction about the Virtual Wall's capabilities in preparation of the hands-on part.


  • SDN and OpenFlow (± 60 min)
    • General introduction to the SDN concept
    • The OpenFlow protocol and architecture
    • Routing and differentiated-service capabilities of OpenFlow
  • The Virtual Wall testbed (± 20 min)
    • General introduction to large-scale network testbeds and Emulab
    • Overview of the Virtual Wall's functionality
  • Hands-on OpenFlow experiment (± 90 min)
    • Configuring a network topology
    • Installing and configuring OpenFlow
    • Running a QoS-differentiation experiment


Niels Bouten Niels Bouten obtained his M.Sc. degree in computer science in June 2011 from Ghent University, Belgium. In August 2011, he joined the Department of Information Technology at Ghent University, where he is currently active as a Ph.D. student. His main research interests are the application of autonomic network management approaches in multimedia delivery. He is currently involved in the FP7 NoE Flamingo European project.

Maxim Claeys Maxim Claeys obtained a masters degree in computer science from Ghent University, Belgium, in June 2012. In August 2012, he joined the Department of Information Technology at Ghent University, where he is active as a Ph.D. student. His main research interests are the application of autonomic network management approaches in multimedia delivery. The focus of this research is mainly on the end-to-end Quality of Experience optimization, ranging from the design of autonomous clients to intelligent in-network decision taking.

Jeroen Famaey Jeroen Famaey is affiliated with the department of Information Technology at Ghent University and iMinds as a post-doctoral researcher. He received his M.Sc. degree in computer science from Ghent University in 2007 and a Ph.D. in Computer Science Engineering in June 2012. His research interests include multimedia service delivery, autonomic communications and federated network management. He is, and has been, involved in several European projects, including CELTIC RUBENS, FP7 STREP OCEAN and FP7 NoE Flamingo.

Lab 3: Thursday July 3

Cybernetic Proving Ground: a Cloud-based Security Research Testbed

Slides from lab 3: introduction, game


Cyber attacks have become ubiquitous and in order to face current threats it is important to understand them. However, studying these attacks in a real environment is not often viable. Therefore, it is necessary to find other methods of examining the nature of the attacks. This tutorial will present Cybernetic Proving Ground (CPG) that is being developed at Masaryk University. The CPG is a cloud based framework that allows users to instantiate and run miscellaneous security and forensic scenarios.

The CPG provides a generic way to simulate and study a wide range of cyber attacks. It facilitates an establishment of isolated virtual environments that researchers can use to pursue controlled analysis of the attacks. Using virtualization and clouds, we managed to provide an environment, where it is possible to configure any common network configuration. Therefore, we are able to fulfill needs of many types of security scenarios. The user can use the CPG to set up isolated environments very quickly without the necessity of knowing details about network configuration or deploying auxiliary services such as a monitoring infrastructure.

The tutorial is divided in three parts. In the first part of the tutorial, participants will learn how to access the CPG infrastructure and how to configure a scenario. The second part of the tutorial will focus on running a security scenario. The participants will take part in the scenario as each of them will have a machine to control. An overall status of the CPG scenario will be monitored in the course of the simulation. We will show how to use CPG to easily generate network scenarios, deploy them to simulate and evaluate experiments in a large cloud-based environment.


  • Cybernetic Proving Ground demonstration (60 min.)
    • CPG overview - presentation
    • Preparing DDoS attack scenario infrastructure - presentation
    • DDoS attack scenario - live demo
    • Q&A
  • Penetration testing scenario - hands-on demo (120 min.)
    • Scenario infrastructure deployment
    • Penetration testing (3 levels)
    • Scenario evaluation


Jakub Čegan Jakub Čegan is a member of a Cybernetic Proving Ground (CPG) project team and he is responsible for the development of CPG security scenarios and project releases. He is also member of a Computer Security Incident Response Team of Masaryk University (CSIRT-MU) and he participates in other security related projects such as a system for sharing of detected security events (Warden) of CESNET, the Czech NREN. Jakub graduated from Brno University of technology, Czech Republic in 2012 and earned his second Master's Degree at Masaryk University, Brno, Czech Republic in 2013.

Martin Vizváry Martin Vizváry graduated from Masaryk University, Brno, Czech Republic in 2013 with master's degree in Applied informatics. He is pursuing Ph.D. degree in Computer Systems and Technologies at the same university in the field of mitigation of DDoS attack in Software Defined Networks. Martin is member of Computer Security Incident Response Team of Masaryk University (CSIRT-MU) and Cybernetic Proving Ground project. His research interests are network-based intrusion detection, distributed denial of service attacks and software defined networking.

Michal Procházka Michal Procházka has been doing research in area of computer security and digital identity since his studies on Masaryk University, Brno, Czech Republic. He graduated from the university in 2006 with master's degree in Applied informatics. Currently he is involved in several security related projects like Cybernetic Proving Ground and Czech CyberCrime Centre of Excellence. He is also member of three CSIRT teams: EGI CSIRT, CESNET CERTS and CSIRT MU.