Generating representative Web workloads for network and server performance evaluation
SIGMETRICS '98/PERFORMANCE '98 Proceedings of the 1998 ACM SIGMETRICS joint international conference on Measurement and modeling of computer systems
Proceedings of the 2003 ACM workshop on Rapid malcode
On the performance of middleboxes
Proceedings of the 3rd ACM SIGCOMM conference on Internet measurement
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
A taxonomy of DDoS attack and DDoS defense mechanisms
ACM SIGCOMM Computer Communication Review
Self-configuring network traffic generation
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Denial of service via algorithmic complexity attacks
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Performance adaptation in real-time intrusion detection systems
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
Blowtorch: a framework for firewall test automation
Proceedings of the 20th IEEE/ACM international Conference on Automated software engineering
An evaluation technique for network intrusion detection systems
InfoScale '06 Proceedings of the 1st international conference on Scalable information systems
Combining filtering and statistical methods for anomaly detection
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
Tracking the role of adversaries in measuring unwanted traffic
SRUTI'06 Proceedings of the 2nd conference on Steps to Reducing Unwanted Traffic on the Internet - Volume 2
Automating DDoS experimentation
DETER Proceedings of the DETER Community Workshop on Cyber Security Experimentation and Test on DETER Community Workshop on Cyber Security Experimentation and Test 2007
FLAME: a flow-level anomaly modeling engine
CSET'08 Proceedings of the conference on Cyber security experimentation and test
Firewall policy verification and troubleshooting
Computer Networks: The International Journal of Computer and Telecommunications Networking
On fast generation of fractional Gaussian noise
Computational Statistics & Data Analysis
Hidden Markov Model Modeling of SSH Brute-Force Attacks
DSOM '09 Proceedings of the 20th IFIP/IEEE International Workshop on Distributed Systems: Operations and Management: Integrated Management of Systems, Services, Processes and People in IT
A Labeled Data Set for Flow-Based Intrusion Detection
IPOM '09 Proceedings of the 9th IEEE International Workshop on IP Operations and Management
A flow trace generator using graph-based traffic classification techniques
Proceedings of the 6th International Wireless Communications and Mobile Computing Conference
Tools for worm experimentation on the DETER testbed
International Journal of Communication Networks and Distributed Systems
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Characterizing Intelligence Gathering and Control on an Edge Network
ACM Transactions on Internet Technology (TOIT)
Detecting, validating and characterizing computer infections in the wild
Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference
A fast worm scan detection tool for VPN congestion avoidance
DIMVA'06 Proceedings of the Third international conference on Detection of Intrusions and Malware & Vulnerability Assessment
Attacking confidentiality: an agent based approach
ISI'06 Proceedings of the 4th IEEE international conference on Intelligence and Security Informatics
Simulating content in traffic for benchmarking intrusion detection systems
Proceedings of the 4th International ICST Conference on Simulation Tools and Techniques
An application-level content generative model for network applications
Proceedings of the 5th International ICST Conference on Simulation Tools and Techniques
A tool for the generation of realistic network workload for emerging networking scenarios
Computer Networks: The International Journal of Computer and Telecommunications Networking
Hi-index | 0.00 |
Malicious traffic from self-propagating worms and denial-of-service attacks constantly threatens the everyday operation of Internet systems. Defending networks from these threats demands appropriate tools to conduct comprehensive vulnerability assessments of networked systems. This paper describes MACE, a unique environment for recreating a wide range of malicious packet traffic in laboratory testbeds. MACE defines a model for flexible composition of malicious traffic that enables both known attacks (such as the Welchia worm) and new attack variants to be created. We implement this model in an extensible library for attack traffic specification and generation. To demonstrate the capability of MACE, we provide an analysis of stress tests conducted on a popular firewall and two popular network intrusion detection systems. Our results expose potential weaknesses of these systems and reveal that modern firewalls and network intrusion detection systems could be easily overwhelmed by simple attacks launched from a small number of hosts.