• Login
    View Item 
    •   MINDS@UW Home
    • MINDS@UW Madison
    • College of Letters and Science, University of Wisconsin–Madison
    • Department of Computer Sciences, UW-Madison
    • CS Technical Reports
    • View Item
    •   MINDS@UW Home
    • MINDS@UW Madison
    • College of Letters and Science, University of Wisconsin–Madison
    • Department of Computer Sciences, UW-Madison
    • CS Technical Reports
    • View Item
    JavaScript is disabled for your browser. Some features of this site may not work without it.

    Toward Comprehensive Traffic Generation for Online IDS Evaluation

    Thumbnail
    File(s)
    TR1525.pdf (2.203Mb)
    Date
    2005
    Author
    Sommers, Joel
    Yegneswaran, Vinod
    Barford, Paul
    Publisher
    University of Wisconsin-Madison Department of Computer Sciences
    Metadata
    Show full item record
    Abstract
    We describe a traffic generation framework for conducting online evaluations of network intrusion detection systems over a wide range of realistic conditions. The framework integrates both benign and malicious traffic, enabling generation of IP packet streams with diverse characteristics from the perspective of {\em (i) packet content} (both header and payload), {\em (ii) packet mix} (order of packets in streams) and {\em (iii) packet volume} (arrival rate of packets in streams). We begin by describing a methodology for defining trust which forms the basis of our method for systematic extraction of ``benign'' traffic from live streams. We then detail how we combine these traces with application-specific automata to generate benign traffic streams. Next, we describe a methodology for malicious traffic generation, and techniques for integration with benign traffic to produce a range of realistic workload compositions. We realize our traffic generation framework in a tool we call Trident, and demonstrate its utility through a series of laboratory-based experiments using traces collected from our departmental border router, DARPA Intrusion Detection Evaluation data sets provided by Lincoln Lab, and a suite of malicious traffic modules that reproduce a broad range of attacks commonly seen in today's networks. Our experiments demonstrate the effects of varying packet content, mix, and volume on the performance of intrusion detection systems.
    Permanent Link
    http://digital.library.wisc.edu/1793/60436
    Citation
    TR1525
    Part of
    • CS Technical Reports

    Contact Us | Send Feedback
     

     

    Browse

    All of MINDS@UWCommunities & CollectionsBy Issue DateAuthorsTitlesSubjectsThis CollectionBy Issue DateAuthorsTitlesSubjects

    My Account

    LoginRegister

    Contact Us | Send Feedback