🤖 AI Summary
Existing cybersecurity testbeds struggle to support geographically distributed collaborative research due to rapid technological evolution, low resource utilization, and restricted accessibility. To address these limitations, this work proposes a Federated Cybersecurity Testbed-as-a-Service (FCTaaS) framework, which enables, for the first time, federated collaboration across heterogeneous testbeds spanning multiple administrative and geographic domains. The framework integrates diverse testbed resources through virtual private networks and incorporates Suricata IDS/IPS to facilitate remote discovery, experiment orchestration, and joint execution. Evaluation through DoS attack and intrusion detection experiments demonstrates that FCTaaS incurs only 1% performance overhead, maintains network utilization below 49%, and achieves inter-node latencies as low as 5.63 ms and cross-regional latencies up to 147 ms, confirming its efficiency and practicality for collaborative cybersecurity research.
📝 Abstract
Rapid technological change is reshaping society through emerging domains such as autonomous vehicles and smart manufacturing, creating new research challenges in system design, operation, security, and training. Researchers often rely on testbeds to reproduce experimental scenarios, collect and analyze data, observe system behavior, and evaluate proposed solutions. However, the fast pace of innovation makes it difficult and costly for individual testbeds to remain representative of state-of-the-art systems, as doing so requires frequent upgrades and new capabilities. Moreover, access to specialized testbeds is often limited to a small group of researchers, leaving valuable infrastructure underutilized during its operational lifetime. This paper presents FCTaaS, a Federated Cybersecurity Testbed as a Service framework that enables heterogeneous cybersecurity testbeds to participate in a single experiment across geographical boundaries. By connecting independently managed testbeds through a Virtual Private Network (VPN), FCTaaS supports remote testbed discovery, experiment design, and coordinated experimentation. We evaluate FCTaaS across three case studies involving denial-of-service scenarios on smart infrastructure and intrusion detection and prevention workflows using a Suricata-based IDS/IPS testbed. The results show that FCTaaS enables effective cross-testbed experimentation while preserving visibility into attack traffic, IDS alerts, and detection-system resource stress. Even under resource-intensive attack scenarios, FCTaaS achieves limiting network utilization of 49%, introduces only 1% overhead, and supports latency ranging from 5.63 ms between local nodes to 147 ms between geographically dispersed nodes.