Traffic generation plays an integral part of cyber-security defense testing in network testbeds. Generating just any traffic is easy, but generating realistic traffic is hard. The key reason for this is that "realistic" means different things to different people. The definition of realism depends on the use of the traffic in testing, but all existing traffic generators have a fixed definition of realism that users cannot change.
This project will build a traffic generator whose definition of realism can be fully specified by a user. The generator will consist of three modules: (1) a module that mines values for user-specified dimensions from traffic logs, (2) a module that generates random traffic that fits the model mined in the previous step, (3) a module that replays traffic from a log so that it exactly matches the logged traffic along the user- specified dimensions.
Intellectual Merit: The key novelty of this approach lies in the customizable definition of realism that the generator will support. By allowing users to specify their own reality dimensions this project's traffic generation tool will be generic enough to meet the evaluation needs of any cyber security researcher. Further, integration of the traffic generation from models and traffic replay in a single tool is novel; existing tools support only one of these generation approaches. Finally, the tool will support traffic generation at application, transport or network level while existing tools support it only at one select level.
Broader Impact: The proposed work will advance cyber-security defense research by supporting rigorous and realistic evaluation of its products. It will do that by both fitting researchers' needs and by being extremely portable and easy to deploy and use. Because users will be able to customize the definition of realism as they desire, the evaluation will properly stress the cyber-security defenses and its results will be predictive of the defenses performance in real deployment. The traffic generator's capabilities to both generate traffic from learned models and to replay it from network logs enable a wide range of testing strategies and support thorough exploration of problem space. Better evaluation strategies will lead to better cyber-security defenses. The project will integrate our traffic generator with the DETER testbed for cyber security experimentation. All software will also be released as open-source under the GNU GPL v3 license.