Validation of network simulation model with emulation using example malware

Under the Cyber Army Modeling and Simulation (CyAMS) program, a model validation was conducted using data from an emulated network for malware propagation to compare against the CyAMS finite state representation of network nodes and processes using behavioral simulation. During the validation process, the finite state machine model was effective in identifying important caveats in the emulation tests. Once the experimental parameters were correctly defined, the CyAMS model and the emulated networks showed similar outcomes. The simulation in this case utilized at most 3 CPU cores, whereas the emulation approach required roughly 2,000 real computers and 14,800 virtual machines. The results highlight the possibility that simulation methods can be as effective as emulation test beds in selected cases. Further, simulation results can be an effective tool to verify the goals of emulation based experiments in some cases. Results demonstrated that several orders of magnitude of less computing resources are required for a simulation compared to emulation for this particular test case.