Simulation of self-similarity in network utilization patterns as a precursor to automated testing of intrusion detection systems

The behavior of a certain class of automatic intrusion detection systems (IDSs) may be characterized as sensing patterns of network activity which are indicative of hostile intent. An obvious technique to test such a system is to engage the IDSs of interest, and then use human actors to introduce the activities of a would-be intruder. While having the advantage of realism, such an approach is difficult to scale to large numbers of intrusive behaviors. Instead it would be preferable to generate traffic which includes these manifestations of intrusive activity automatically. While such traffic would be difficult to produce in a totally general way, there are some aspects of network utilization which may be reproducible without excessive investment of resources. In particular, real network loading often exhibits patterns of self-similarity, which may be seen at various levels of time scaling. These patterns should be replicated in simulated network traffic as closely as is feasible, given the computational ability of the simulator. We propose the use of multiresolution wavelet analysis as a technique which may be used to accomplish the desired detection, and subsequent construction of self-similarity in the simulated traffic. Following a multiresolution decomposition of the traffic using an orthogonal filterbank, the resulting wavelet coefficients may be filtered according to their magnitude, Some of the coefficients may be discarded, yielding an efficient representation. We investigate the effect of compression upon the reconstructed signal's self-similarity, as measured by its estimated Hurst parameter.

[1]  Sally Floyd,et al.  Wide-area traffic: the failure of Poisson modeling , 1994 .

[2]  Mark Garland Hayden,et al.  The Ensemble System , 1998 .

[3]  Mark W. Garrett,et al.  Modeling and generation of self-similar vbr video traffic , 1994, SIGCOMM 1994.

[4]  W. Vogels,et al.  The Horus and Ensemble projects: accomplishments and limitations , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[5]  H. E. Hurst,et al.  Long-Term Storage Capacity of Reservoirs , 1951 .

[6]  Kenneth P. Birman,et al.  Dynamic Virtual Private Networks , 1997 .

[7]  Kenneth P. Birman,et al.  The Next-Generation Internet: Unsafe at Any Speed? , 2000, Computer.

[8]  Walter Willinger,et al.  Analysis, modeling and generation of self-similar VBR video traffic , 1994, SIGCOMM.

[9]  J. R. Wallis,et al.  Some long‐run properties of geophysical records , 1969 .

[10]  David D. Clark,et al.  Explicit allocation of best-effort packet delivery service , 1998, TNET.

[11]  Walter Willinger,et al.  On the self-similar nature of Ethernet traffic , 1993, SIGCOMM '93.

[12]  Dietmar Saupe,et al.  Chaos and fractals - new frontiers of science , 1992 .

[13]  W. Wayt Gibbs,et al.  Software's Chronic Crisis , 1994 .

[14]  D. Estrin,et al.  RSVP: a new resource reservation protocol , 1993, IEEE Communications Magazine.

[15]  I. Daubechies Orthonormal bases of compactly supported wavelets , 1988 .

[16]  Mikaël Bourges-Sevenier Réalisation d'une bibliothèque C de fonctions ondelettes , 1994 .

[17]  Mischa Schwartz,et al.  Telecommunication networks: protocols, modeling and analysis , 1986 .

[18]  David Clark,et al.  An Approach to Service Allocation in the Internet , 1997 .

[19]  A. Haar Zur Theorie der orthogonalen Funktionensysteme , 1910 .

[20]  Robbert van Renesse,et al.  Horus: a flexible group communication system , 1996, CACM.

[21]  QUTdN QeO,et al.  Random early detection gateways for congestion avoidance , 1993, TNET.

[22]  J. F. Bouchard,et al.  IEEE TRANSACTIONS ON SYSTEMS , MAN , AND CYBERNETICS — PART A : SYSTEMS AND HUMANS , 2001 .

[23]  Carleen Maitland,et al.  Trust in cyberspace , 2000 .

[24]  Oliver Rose,et al.  Estimation of the Hurst Parameter of Long-Range Dependent Time Series , 1996 .

[25]  Jean-Yves Le Boudec,et al.  A Markov modulated process for self - similar traffic Saarbrucken , 1995 .

[26]  Christoph Kreitz,et al.  Building reliable, high-performance communication systems from components , 2000, OPSR.