Generating realistic environments for cyber operations development, testing, and training

Training eective cyber operatives requires realistic network environments that incorporate the structural and social complexities representative of the real world. Network trac generators facilitate repeatable experiments for the development, training and testing of cyber operations. However, current network trac generators, ranging from simple load testers to complex frameworks, fail to capture the realism inherent in actual environments. In order to improve the realism of network trac generated by these systems, it is necessary to quantitatively measure the level of realism in generated trac with respect to the environment being mimicked. We categorize realism measures into statistical, content, and behavioral measurements, and propose various metrics that can be applied at each level to indicate how eectively the generated trac mimics the real world.

[1]  Amin Vahdat,et al.  Swing: realistic and responsive network traffic generation , 2009, TNET.

[2]  Albert-László Barabási,et al.  Internet: Diameter of the World-Wide Web , 1999, Nature.

[3]  Jan Madsen,et al.  Network traffic generator model for fast network-on-chip simulation , 2005, Design, Automation and Test in Europe.

[4]  H. Zimmermann,et al.  OSI Reference Model - The ISO Model of Architecture for Open Systems Interconnection , 1980, IEEE Transactions on Communications.

[5]  Salvatore J. Stolfo,et al.  Anomalous Payload-Based Network Intrusion Detection , 2004, RAID.

[6]  Alex Barsamian,et al.  Using principal component analysis for selecting network behavioral anomaly metrics , 2010, Defense + Commercial Sensing.

[7]  Joshua W. Haines,et al.  LLSIM: network simulation for correlation and response testing , 2003, Proceedings DARPA Information Survivability Conference and Exposition.

[8]  A. Botta,et al.  Multi-protocol and Multi-platform Traffic Generation and Measurement , 2010 .

[9]  Jesse C. Rabek,et al.  LARIAT: Lincoln adaptable real-time information assurance testbed , 2002, Proceedings, IEEE Aerospace Conference.

[10]  Paul Barford,et al.  Self-configuring network traffic generation , 2004, IMC '04.

[11]  Lada A. Adamic,et al.  The Nature of Markets in the World Wide Web , 1999 .

[12]  Mark E. J. Newman,et al.  Power-Law Distributions in Empirical Data , 2007, SIAM Rev..

[13]  Jafar Adibi,et al.  The Enron Email Dataset Database Schema and Brief Statistical Report , 2004 .