Network security is a significant need in today's interconnected electronic environment. With the rising adoption of cloud computing and virtualization, as well as the growing use of wireless and mobile devices for corporate business, organizations' networks are becoming increasingly complex and distributed. At the same time, organizations are facing ever-increasing complex security threats. To protect their network's integrity and availability, many organizations have invested heavily in security staff and technologies designed to identify, analyze and protect their computing infrastructure and network connections. Network mapping technologies can provide critical information about the organization's network to the personnel tasked with monitoring and protecting the network.

Lawrence Livermore National Laboratory (LLNL) has developed network characterization and discovery tool called NeMS to address the problem of mapping Internet Protocol (IP) networks. The tool can help users achieve network situational awareness without requiring extensive network preparation or prior information and without compromising the security posture of the mapped network.


LLNL's NeMS system enables network mapping operations by using two LLNL-developed software systems: LLNL's NeMS tool and the Everest visualization system. Each software system can be also used separately for their specific applications. When the two systems are used together as an iterative analysis platform, LLNL's NeMS system provides network security managers and information technology personnel with continuing network situational awareness.

The LLNL's NeMS tool is a software-based network characterization and discovery application. The LLNL's NeMS strives to produce a comprehensive representation of IP-based computer network environments. The LLNL's NeMS supports actionable intelligence and meaningful decision making by providing a view of the actual state of a computer network environment. Data discovered by the system can be stored, processed, viewed and analyzed by the appropriate information technology and security personnel. The final result of running LLNL's NeMS is a map of the target network environment. The LLNL's NeMS is designed and configurable to minimize disruptions and impacts on the target operational network and to require minimal intervention by network security staff. Similarly, LLNL's NeMS is designed to reduce the potential for overburdening the target network and should not affect the usability of the network services.

LLNL's Everest visualization system is a software tool for advanced graph visualization and analysis. Everest enables analysts to rapidly search, integrate, and gain insight from information that is stored in a variety of forms in pre-existing data sources. Everest's approach to modeling information allows new relations to be discerned in ways that aren't possible with traditional relational query techniques. For network security personnel, Everest enables users to view, search, and analyze the data from LLNL's NeMS or data fused to overlay logical network maps from LLNL's NeMS onto other information.



  • Creates a scalable, detailed map of the target network environment
  • Preserves the security posture of the mapped network
  • Requires very little preparation or pre-existing understanding of the network
  • Can be utilized from outside a firewall, or from one or more vantage points within a network
  • Enables users to quickly query details of network entities, attributes, roles, and logical relationships
  • Can automatically discover network features during mapping
  • Can intelligently control its own operation
Potential Applications

LLNL's NeMS system can be used to generate a new network map of an IP network, corroborate or update existing network maps, or overlay logical network maps onto other information.

Development Status

LLNL's NeMS has been demonstrated on Class B networks (2 million IPs) and can be scaled up to Class A networks (>16 million IPs).

Find more information here.

Reference Number