An Approach To Generate Testing Traffic In Evaluating Network Intrusion Detection Systems
会议名称:《第十届全国容错计算学术会议》
会议日期:2003年
学科分类:0810[工学-信息与通信工程] 08[工学] 080401[工学-精密仪器及机械] 0804[工学-仪器科学与技术] 080402[工学-测试计量技术及仪器] 0835[工学-软件工程] 081002[工学-信号与信息处理]
基 金:This work was supported by the National Natural Science Foundation of China(No.60273070)
关 键 词:intrusion detection testing traffic background traffic attack signature evaluation
摘 要:正A fundamental problem for evaluating network intrusion detection systems, which detect network intruders by passively monitoring one or more network links over which intruders’ traffic transits, is the ability of generating testing traffic, including large volume of background traffic and intrusive or anomalous traffic. In this paper, we present a new approach to generate testing traffic, in which background traffic is dumped from a real environment and saved as trace files of transformed packets, and by editing trace files with scripts or manually, attacks traffic is created and inserted in background traffic. We discuss how to dump background traffic and a script language that automatically generate different attacks traffic according to different attack signatures. And testing traffic is replayed with off line and fed to network intrusion detection systems. We then present the implementation of generating testing traffic in Linux and discuss some limitations to our approach.