Network Traffic Emulation for IDS Evaluation

Author

Yang, Wang ; Gong, Jian ; Ding, Wei ; Wu, Xiong

Author_Institution

Southeast Univ., Nanjing

fYear

2007

fDate

18-21 Sept. 2007

Firstpage

608

Lastpage

612

Abstract

The network traffic emulation is used in generating background traffic for IDSs evaluation. The Background traffic can be used to evaluate the false positive level and the performance of the misuse IDSs and help training normal behavior profiles for anomaly IDSs. Currently the emulation methods for the background traffic are either restricted by the performance bottleneck of the software and hardware, or lack of the semantic of flow and session. So they can ´t satisfy the IDS evaluation requirement in highspeed network environment. After analyzing the requirement of IDSs evaluation and the characteristics of network traffic, this paper proposes a differential equation model of active flow rate. Based on the equation, a structural simulation model of network flow is constructed and used in the network traffic emulation for IDS evaluation. This model is both simple for high performance and similar to the reality. The experiments show that the model proposed can generate traffic both realistic and controllable.

Keywords

security of data; active flow rate; background traffic; differential equation model; intrusion detection systems evaluation; network traffic emulation; Automatic testing; Communication system traffic control; Computer science; Differential equations; Emulation; Intrusion detection; Parallel processing; Performance analysis; Telecommunication traffic; Traffic control;

fLanguage

English

Publisher

ieee

Conference_Titel

Network and Parallel Computing Workshops, 2007. NPC Workshops. IFIP International Conference on

Conference_Location

Liaoning

Print_ISBN

978-0-7695-2943-1

Type

conf

DOI

10.1109/NPC.2007.125

Filename

4351552