A research process that ensures reproducible network security research

Access to ground-truth data is limited in network security research, especially at large-scale. If data is available, sharing is typically not possible due to privacy concerns and contractual requirements. Hence, reproducibility of research and comparability of results is difficult. For a prevailing empirical domain of research, the resulting lack of transparency is a methodological problem which especially affects network security management in practice. To address this problem, in this paper we propose a research process that ensures reproducibility by embodying both, synthetic and real-world data. Our motivation for this is to combine best of both worlds: synthetic data is used to establish ground-truth and real-world data to assure validity of results. To the best of our knowledge, no such process has been formulated until today.