Research Article
A Case Study in Testing a Network Security Algorithm
@INPROCEEDINGS{10.4108/tridentcom.2008.3220, author={Carrie E. Gates}, title={A Case Study in Testing a Network Security Algorithm}, proceedings={4th International ICST Conference on Testbeds and Research Infrastructures for the Development of Networks \& Communities}, publisher={ICST}, proceedings_a={TRIDENTCOM}, year={2010}, month={5}, keywords={Network Security Testing}, doi={10.4108/tridentcom.2008.3220} }
- Carrie E. Gates
Year: 2010
A Case Study in Testing a Network Security Algorithm
TRIDENTCOM
ICST
DOI: 10.4108/tridentcom.2008.3220
Abstract
Several difficulties arise when testing network security algorithms. First, using network data captured at a router does not guarantee that any instances of the security event of interest will be captured. Similarly, if the event of interest is not detected, this does not guarantee that it does not exist in the captured data. Further, such network data is often not publicly available, making comparisons with other detectors difficult. On the other extreme, purely simulated data can be made publicly available and can provide guarantees that the event of interest exists in the data set. However, simulated data often has unintended artifacts and may also incorporate the biases of the particular simulator. In this paper I describe an emulation approach that takes advantage of captured data while using the DETER network to generate realistic traffic for the event of interest. The problem domain was described in terms of seven variables, where the DETER network provided a flexible medium for examining the complete problem domain. The results of a set of experiments using this approach are provided, along with regression equations that describe the expected true and false positive rates.