LLSIM: network simulation for correlation and response testing

LLSIM: network simulation for correlation and response testing

The Lincoln Laboratory Simulator, LLSIM, is an easily configurable network simulator that can produce a wide variety of data sets without expensive testbeds. These data sets are useful for researchers who are developing general-purpose correlation and response systems. LLSIM is a Java-based, event-d...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Haines, J.W., Goulet, S.A., Durst, R.S., Champion, T.G.
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Automatic testing
Discrete event simulation
Force sensors
Hardware
Intrusion detection
Java
Laboratories
Sensor systems
System testing
Workstations
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:The Lincoln Laboratory Simulator, LLSIM, is an easily configurable network simulator that can produce a wide variety of data sets without expensive testbeds. These data sets are useful for researchers who are developing general-purpose correlation and response systems. LLSIM is a Java-based, event-driven simulator consisting of user-configurable core models of networks and hosts. Event generators produce network and host events in the simulated system and models of intrusion detection sensors generate realistic streams of alerts in relation to these events. On a typical PC workstation, LLSIM can emulate arbitrary networks with hundreds of nodes and communication links, and can accurately simulate hundreds of intrusion detection sensors operating in these environments. Researchers can generate many different datasets using LLSIM and can also evaluate the effectiveness of simple response actions like altering firewall policies in response to an attack. Sensor alert datasets generated by LLSIM have been used in the DARPA Cyber Panel program.
DOI:10.1109/SMCSIA.2003.1232429