Abstract | ||
---|---|---|
Evaluating network components such as network intrusion detection systems, firewalls, routers, or switches suffers from the lack of available network traffic traces that on the one hand are appropriate for a specific test environment but on the other hand have the same characteristics as actual traffic. Instead of just capturing traffic and replaying the trace, we identify a set of packet trace manipulation operations that enable us to generate a trace bottom-up: our trace primitives can be traces from different environments or artificially generated ones; our basic operations include merging of two traces, moving a flow across time, duplicating a flow, and stretching a flow's time-scale. After discussing the potential as ell as the dangers of each operation with respect to analysis at different protocol layers, we present a framework within which these operations can be realized and show an example configuration for our prototype. |
Year | DOI | Venue |
---|---|---|
2004 | 10.1145/1028788.1028821 | Internet Measurement Conference |
Keywords | Field | DocType |
basic operation,trace primitive,network component,packet trace manipulation operation,test lab,packet trace manipulation rramework,network intrusion detection system,different protocol layer,actual traffic,different environment,trace bottom-up,available network traffic trace,measurement,evaluation,bottom up,network | Traffic generation model,Network intrusion detection,Computer science,Network packet,Computer network,Network simulation,Real-time computing,Protocol stack,Merge (version control) | Conference |
ISBN | Citations | PageRank |
1-58113-821-0 | 6 | 0.72 |
References | Authors | |
6 | 4 |
Name | Order | Citations | PageRank |
---|---|---|---|
Andy Rupp | 1 | 196 | 16.95 |
Holger Dreger | 2 | 317 | 19.33 |
Anja Feldmann | 3 | 4935 | 596.02 |
Robin Sommer | 4 | 1428 | 78.48 |