Name
Abstract | ||
|---|---|---|
Testing network-based security tools such as Intrusion Detection and Prevention Systems (IDS/IPS) differs from testing ordinary network tools (e.g., routers and switches). Basically, in addition to the parameters (such as bandwidth utilization, routing information and packets timing) that are important for network tools, security tools are more sensitive to issues like traffic composition, contents, and session level parameters. Generating a realistic synthetic traffic that keeps all the characteristics of the real traffic has proved to be difficult. For this reason, security testers often use real traffic traces in their test or evaluation. However, the available traces are often limited in number or size. Therefore, it is necessary to merge and manipulate traces to create a test environment that would be representative of the operational environment, and to inject attacks into the traffic. A variety of tools for recording, replaying as well as forging packets can be obtained easily, but there exist very few tools for manipulating traces so as to modify the traffic composition from the networking viewpoint. Among them, surprisingly there is no tool for manipulating traces without destructing their security-relevant characteristics. In this paper, we present a brief survey for trace manipulation and packet forging tools. Then we determine the requirements of tools for manipulating traces and injecting attacks while keeping their original characteristics. Finally, we present the architecture, and the implementation of our tool intended to fill this lack in security testing tools. |
Year | DOI | Venue |
|---|---|---|
2009 | 10.1109/WAINA.2009.36 | AINA Workshops |
Keywords | Field | DocType |
network tool,security evaluation,security tool,security testing tool,security tester,testing network-based security tool,realistic synthetic traffic,traffic composition,real traffic,operational environment,real traffic trace,network traffic traces,data mining,testing,protocols,intrusion detection system,intrusion detection,intrusion prevention system,security testing,information security,security,transport protocols,system testing,data security,bandwidth allocation,switches | Architecture,Security testing,Computer science,Bandwidth allocation,Network packet,Computer network,Intrusion prevention system,Intrusion detection system,Network traffic control,Bandwidth utilization,Distributed computing | Conference |
Citations | PageRank | References |
2 | 0.39 | 6 |
Authors | ||
3 | ||
Name | Order | Citations | PageRank |
|---|---|---|---|
| Mohamed Gadelrab | 1 | 2 | 0.39 |
| Anas Abou El Kalam | 2 | 433 | 40.81 |
| Yves Deswarte | 3 | 1142 | 156.24 |