Browse > Article

A Design of Flexible Testbed for Network Security Evaluation  

Im, Yi-Jin (성균관대학교 정보통신공학부)
Choi, Hyoung-Kee (성균관대학교 정보통신공학부)
Kim, Ki-Yoon ((주)파이오링크)
Publication Information
Journal of KIISE:Information Networking / v.37, no.1, 2010 , pp. 16-26 More about this Journal
Abstract
We present a testbed for collecting log information and evaluating network security under various attacks. This testbed is modeled on real Internet, where attack traffic coexists with normal traffic. Attacks can be produced either by attack tools directly or by data sets including attack traffic. It costs less time and money than existing ones which are both costly and often time consuming in constructing. Also, it can be easily revised or extended according to the traffic types or the uses. Therefore, using our testbed can make various tests more efficient and facilitate collecting log information of sensors with attacks. We discuss how to use our testbed through replay procedures of DDoS attack and worm. We also discuss how we surmount some difficulty in constructing the testbed.
Keywords
testbed; network security; dataset; attack;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Juan Toledo and Riccardo Ghetta, "EtherApe," available at http://etherape.sourceforge.net
2 The netfilter, "netfilter/iptables project," available at http://www.netfilter.org
3 NLANR Measurement and Network Analysis Group, "NLANR PMA," available at http://pma.nlanr.net
4 Projects that have actively used isi.deterlab.net (Vers: 4.37 Build: 04/13/2006), "deterlab," available at http://www.isi.deterlab.net/projectlist.php3
5 Cristina Abad et al, "Log Correlation for Intrusion Detection: A Proof of Concept," Computer Security Applications Conference, December 2003.
6 Lawrence Berkeley National Laboratory, "Bro Intrusion Detection System," available at http://www. bro-ids.org
7 Edgewall Software, "Tcpreplay," available at http:// tcpreplay.synfin.net/trac/
8 HIT Testbed, "RESIZE_PACKET," available at http://hit.skku.edu/RESIZE_PACKET/
9 ntop.org, "Ntop," available at http://www.ntop.org
10 Cooperative Association for Internet Data Analysis, "Cooperative Association for Internet Data Analysis (CAIDA)," available at http://www.caida.org
11 Jelena Mirkovic et al., "Measuring Denial of Service," Quality of Protection Workshop co-located with CCS 2006, October 2006.
12 Sourcefire, "Snort," available at http://www.snort.org
13 HIT Testbed, "ARP_GENERATOR," available at http://hit.skku.edu/ARP_GENERATOR/
14 Gautam Singaraju, Lawrence Teo and Yuliang Zheng, "A Testbed for Quantitative Assessment of Intrusion Detection Systems using Fuzzy Logic," Second IEEE International Information Assurance Workshop (IWIA'04), pp.79-83, January 2004.
15 The UCI KDD Archive, "KDD Cup 1999 Data," available at http://www.ics.uci.edu/~kdd/databases/ kddcup99/kddcup99.html
16 MAWI Working Group, "MAWI Working Group Traffic Archive," available at http://tracer.csl.sony.co.jp/mawi/
17 HIT Testbed, "TSH2TCPDUMP," available at http://hit.skku.edu/TSH2TCPDUMP/
18 Richard P. Lippmann et al., "Evaluating Intrusion Detection Systems: the 1998 DARPA Off-Line Intrusion Detection Evaluation," Proceedings of the 2000 DARPA Information Survivability Conference and Exposition, vol.2, pp.12-26, January 2000.
19 Cyber Defense Technology Experimental Research project, "DETER," available at http://www.isi.edu/ deter/.
20 Lincoln Laboratory Massachusetts Institute of Technology, "MIT Lincoln Laboratory-DARPA Intrusion Detection Evaluation Data Sets," available at http://www.ll.mit.edu/IST/ideva l/data/data_index.html
21 Dean Turner et al., "Symantec Internet Security Threat Report Trends for July 05–December 05 Volume IX, March 2006," Symantec, March 2006.