Wide area traffic: the failure of Poisson modeling
IEEE/ACM Transactions on Networking (TON)
Mersenne twister: a 623-dimensionally equidistributed uniform pseudo-random number generator
ACM Transactions on Modeling and Computer Simulation (TOMACS) - Special issue on uniform random number generation
The 1999 DARPA off-line intrusion detection evaluation
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
Rapid model parameterization from traffic measurements
ACM Transactions on Modeling and Computer Simulation (TOMACS)
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
Bench-style network research in an Internet Instance Laboratory
ACM SIGCOMM Computer Communication Review
Self-configuring network traffic generation
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
A framework for malicious workload generation
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
An integrated experimental environment for distributed systems and networks
OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
Scalability and accuracy in a large-scale network emulator
OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
Generating Representative Traffic for Intrusion Detection System Benchmarking
CNSR '05 Proceedings of the 3rd Annual Communication Networks and Services Research Conference
Empirical Models of TCP and UDP End-User Network Traffic from NETI@home Data Analysis
Proceedings of the 20th Workshop on Principles of Advanced and Distributed Simulation
Tmix: a tool for generating realistic TCP application workloads in ns-2
ACM SIGCOMM Computer Communication Review
In VINI veritas: realistic and controlled network experimentation
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
Realistic and responsive network traffic generation
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
USim: A User Behavior Simulation Framework for Training and Testing IDSes in GUI Based Systems
ANSS '06 Proceedings of the 39th annual Symposium on Simulation
Failure trends in a large disk drive population
FAST '07 Proceedings of the 5th USENIX conference on File and Storage Technologies
Detours: binary interception of Win32 functions
WINSYM'99 Proceedings of the 3rd conference on USENIX Windows NT Symposium - Volume 3
The ghost in the browser analysis of web-based malware
HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
Large-scale virtualization in the Emulab network testbed
ATC'08 USENIX 2008 Annual Technical Conference on Annual Technical Conference
SS'08 Proceedings of the 17th conference on Security symposium
To catch a predator: a natural language approach for eliciting malicious payloads
SS'08 Proceedings of the 17th conference on Security symposium
Sikuli: using GUI screenshots for search and automation
Proceedings of the 22nd annual ACM symposium on User interface software and technology
The flexlab approach to realistic evaluation of networked systems
NSDI'07 Proceedings of the 4th USENIX conference on Networked systems design & implementation
On interactive internet traffic replay
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
Automatic network intrusion detection: Current techniques and open issues
Computers and Electrical Engineering
Real-time volume control for interactive network traffic replay
Computer Networks: The International Journal of Computer and Telecommunications Networking
Hi-index | 0.00 |
Rigorous scientific experimentation in system and network security remains an elusive goal. Recent work has outlined three basic requirements for experiments, namely that hypotheses must be falsifiable, experiments must be controllable, and experiments must be repeatable and reproducible. Despite their simplicity, these goals are difficult to achieve, especially when dealing with client-side threats and defenses, where often user input is required as part of the experiment. In this paper, we present techniques for making experiments involving security and client-side desktop applications like web browsers, PDF readers, or host-based firewalls or intrusion detection systems more controllable and more easily repeatable. First, we present techniques for using statistical models of user behavior to drive real, binary, GUI-enabled application programs in place of a human user. Second, we present techniques based on adaptive replay of application dialog that allow us to quickly and efficiently reproduce reasonable mock-ups of remotely-hosted applications to give the illusion of Internet connectedness on an isolated testbed. We demonstrate the utility of these techniques in an example experiment comparing the system resource consumption of a Windows machine running anti-virus protection versus an unprotected system.