Title :
LLSIM: network simulation for correlation and response testing
Author :
Haines, Joshua W. ; Goulet, Stephen A. ; Durst, Robert S. ; Champion, Terrance G.
Author_Institution :
Lincoln Lab., MIT, Lexington, MA, USA
Abstract :
LLSIM is an easily configurable network simulator that can produce a wide variety of data sets without expensive testbeds. These data sets are useful for researchers who are developing general-purpose correlation and response systems. LLSim is a Java-based event-driven simulator consisting of user-configurable core models of networks and hosts with network and host events. Several event generators and models of several intrusion detection sensors were developed On a typical PC workstation, LLSim can emulate arbitrary networks with hundreds of nodes and communication links, and can accurately simulate hundreds of intrusion detection sensors operating in these environments. It can also help researchers evaluate the effectiveness of simple response actions such as altering network firewall policies in response to an attack LLSim has been used to produce datasets used in the DARPA Cyber Panel program.
Keywords :
Java; computer networks; digital simulation; security of data; telecommunication computing; virtual machines; DARPA Cyber Panel program; Java-based event-driven simulator; LLSIM; PC workstation; arbitrary networks; communication links; configurable network simulator; correlation testing; data sets; datasets; event generators; general-purpose correlation systems; intrusion detection sensors; network firewall policies; network simulation; response systems; response testing; simple response actions; user-configurable core models; Automatic testing; Discrete event simulation; Force measurement; Intrusion detection; Java; Laboratories; Sensor systems; System testing; Traffic control; Workstations;
Conference_Titel :
DARPA Information Survivability Conference and Exposition, 2003. Proceedings
Print_ISBN :
0-7695-1897-4
DOI :
10.1109/DISCEX.2003.1194965
