Publications
Generating client workloads and high-fidelity network traffic for controllable, repeatable experiments in computer security
Summary
Summary
Rigorous scientific experimentation in system and network security remains an elusive goal. Recent work has outlined three basic requirements for experiments, namely that hypotheses must be falsifiable, experiments must be controllable, and experiments must be repeatable and reproducible. Despite their simplicity, these goals are difficult to achieve, especially when dealing...
Extending the DARPA off-line intrusion detection evaluations
Summary
Summary
The 1998 and 1999 DARPA off-line intrusion detection evaluations assessed the performance of intrusion detection systems using realistic background traffic and many examples of realistic attacks. This paper discusses three extensions to these evaluations. First, the Lincoln Adaptable Real-time Information Assurance Testbed (LARIAT) has been developed to simplify intrusion detection...
SARA: Survivable Autonomic Response Architecture
Summary
Summary
This paper describes the architecture of a system being developed to defend information systems using coordinated autonomic responses. The system will also be used to test the hypothesis that an effective defense against fast, distributed information attacks requires rapid, coordinated, network-wide responses. The core components of the architecture are a...