ABSTRACT
Evaluating IDS algorithms and systems is often an ad-hoc process and makes it hard to compare evaluation results and performance of IDS systems. There is a need for divers and realistic test traffic and for developing metrics to be able to judge whether some generated traffic is a representative sample of observed traffic. In this paper, the authors propose a framework for a network traffic generator which creates diverse traffic through a variety of traffic sources and describe a working implementation of it. The lessons learned from this experience can serve as the basis to create a detailed specification for an open-source implementation of the framework.
Supplemental Material
Available for Download
- Athanasiades, N., Abler, R., Levine, J., Owen, H., and Riley, G. 2003. Intrusion Detection Testing and Benchmarking Methodologies, Proc 1st IEEE Int'natl Workshop on Information Assurance (IWIA '03), p. 63--72. http://doi.acm.org/857183.857559 Google ScholarDigital Library
- Brugger, T. 2007. An Approach for Computer Network Comparison. http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.89.8911Google Scholar
- Chen, H., Al-Nashif, Y., Qu, G., and Hariri, S. 2007. Self-Configuration of Network Security, in Proc. 11th IEEE International Enterprise Distributed Object Computing Conference (EDOC 2007), 15--19 October 2007, Annapolis, Maryland, USA: 97--110 Google ScholarDigital Library
- DETERnet Testbed http://www.isi.edu/deterGoogle Scholar
- Floyd, S. and Paxon, V. 2001. Difficulties in simulating the Internet, in IEEE/ACM Transaction on Network (TON), 2001, 9(4):393--403. Google ScholarDigital Library
- Gates, C. E. 2008. A Case Study in Testing a Network Security Algorithm, in Proceedings of the 4th International Conference on Testbeds and Research Infrastructures for the Development of Networks and Communities. Innsbruck, Austria. March 18--20, 28. DOI=http://doi.acm.org/1390576.1390610 Google ScholarDigital Library
- Haines, J., Lippmann, R., Fried, D., Zissman, M., Tran, E., and Boswell, S. 2001. 1999 DARPA Intrusion Detection Evaluation: Design and Procedures, Lincoln Laboratory Technical Report 1062, MIT, 2001Google Scholar
- Hariri, S., Khargharia, B., Chen, H., Zhang, Y., Kim, B., Liu, H., and Parashar, M. 2006. The Autonomic Computing Paradigm, Cluster Computing: The Journal of Networks, Software Tools and Applications, Special Issue on Autonomic Computing, Vol. 9, No. 2, 2006, Springer-Verlag. Google ScholarDigital Library
- Hariri, S., Qu, G., Chen, H., Al-Nashif, Y., and Yousif, M. Autonomic Network Security Management: Design and Evaluation, Accepted by ACM Transactions on Autonomous and Adaptive Systems - Special Issue on Adaptive Learning in Autonomic Communication, 2007.Google Scholar
- Leland, W., Taqqu, M., Willinger, W., and Wilson, D. 1994. On the self-similar nature of Ethernet traffic (extended version), IEEE/ACM Trans. Networking, vol. 2, pp. 1--15, Feb. 1994. Google ScholarDigital Library
- Luo, S. and Marin, G. 2005. G. Realistic Internet Traffic Simulation Through Mixture Modeling and A Case Study, Proceedings of the 2005 Winter Simulation Conference, M. E. Kuhl, N. M. Steiger, F. B. Armstrong, and J. A. Joines (eds.), 2005, pp 2408--2416 Google ScholarDigital Library
- Massicotti, F., Gagnon, F., Labiche, Y., Briand, L., and Couture, M. 2006. Automatic Evaluation of Intrusion Detection Systems, Proceedings of the 22nd Annual Computer Security Applications Conf., pp 361--70, DOI=http://doi.acm.org/1191891 Google ScholarDigital Library
- Mutz, D., Vigna, G., and Kemmerer, R. 2003. An Experience Developing an IDS Stimulator for the Black-Box Testing of Network Intrusion Detection Systems, Annual Computer Security Conf, Las Vegas, NV, p. 374--83, DOI=http://doi.acm.org/956465 Google ScholarDigital Library
- The Network Simulator -- ns-2 http://www.isi.edu/nsname/nsGoogle Scholar
- Vizsec datasets http://www.vizsec.org/datasetsGoogle Scholar
- Walsh, J. and Koconis, D. 2006. Background Traffic and Network IPS Testing, Technical Report of ICSAlabs, July 2006Google Scholar
- Yang, W., Gong, Y., Ding, W., and Wu, X. 2007. Network Traffic Emulation for IDS Evaluation, NPC '07, p. 608--612, DOI= http://doi.acm.org/1306873.1306988 Google ScholarDigital Library
- Yurcik, W., Woolam, C., Hellings, G., Khan, and L., Thuraisingham, B. 2008. Privacy/Analysis Tradeoffs in Sharing Anonymized Packet Traces: Single-Field Case, Third International Conference on Availability, Reliability and Security, pp.237--244, 200 Google ScholarDigital Library
Index Terms
- Plug & execute framework for network traffic generation
Recommendations
Dynamic Self-configuration of User QoS for Next Generation Network
NPC '09: Proceedings of the 2009 Sixth IFIP International Conference on Network and Parallel ComputingTraditional network configuration managements for users’ QoS can achieve well performance to some extent, but all of them could not be applied to the next generation network (NGN) directly, such as integrated services (Intserv) and differentiated ...
Generating Representative Video Teleconferencing Traffic
CSET '22: Proceedings of the 15th Workshop on Cyber Security Experimentation and TestVideo teleconferencing (VTC) is a dominant network application, yet there is a dearth of tools to generate such traffic for systematic and reproducible experimentation. We present a framework to create representative video teleconferencing traffic and ...
RENETO, a realistic network traffic generator for OMNeT++/INET
SimuTools '13: Proceedings of the 6th International ICST Conference on Simulation Tools and TechniquesWe present in this paper RENETO, a packet-level traffic generator for OMNeT++/INET. In order to achieve realistic traffic behavior, a first tool computes a model by doing an automatic analysis of a real traffic capture. This analysis extracts ...
Comments