4th International ICST Conference on Testbeds and Research Infrastructures for the Development of Networks & Communities

Research Article

A Case Study in Testing a Network Security Algorithm

Download166 downloads
  • @INPROCEEDINGS{10.4108/tridentcom.2008.3220,
        author={Carrie E.  Gates},
        title={A Case Study in Testing a Network Security Algorithm},
        proceedings={4th International ICST Conference on Testbeds and Research Infrastructures for the Development of Networks \& Communities},
        publisher={ICST},
        proceedings_a={TRIDENTCOM},
        year={2010},
        month={5},
        keywords={Network Security Testing},
        doi={10.4108/tridentcom.2008.3220}
    }
    
  • Carrie E. Gates
    Year: 2010
    A Case Study in Testing a Network Security Algorithm
    TRIDENTCOM
    ICST
    DOI: 10.4108/tridentcom.2008.3220
Carrie E. Gates1,*
  • 1: CA Labs, CA Islandia, NY 11749
*Contact email: carrie.gates@ca.com

Abstract

Several difficulties arise when testing network security algorithms. First, using network data captured at a router does not guarantee that any instances of the security event of interest will be captured. Similarly, if the event of interest is not detected, this does not guarantee that it does not exist in the captured data. Further, such network data is often not publicly available, making comparisons with other detectors difficult. On the other extreme, purely simulated data can be made publicly available and can provide guarantees that the event of interest exists in the data set. However, simulated data often has unintended artifacts and may also incorporate the biases of the particular simulator. In this paper I describe an emulation approach that takes advantage of captured data while using the DETER network to generate realistic traffic for the event of interest. The problem domain was described in terms of seven variables, where the DETER network provided a flexible medium for examining the complete problem domain. The results of a set of experiments using this approach are provided, along with regression equations that describe the expected true and false positive rates.