Thesis
Grammar-driven workload generation for efficient evaluation of intrusion detection systems
Washington State University
Master of Science (MS), Washington State University
2015
Handle:
https://hdl.handle.net/2376/103219
Abstract
Network Intrusion Detection Systems (NIDS) are deployed to protect local networks and computers from malicious attacks originating from remote locations. Proper evaluation of NIDS requires more scrutiny than the evaluation for general network appliances. The evaluation of NIDS is commonly done by sending pre-generated network traffic. However, since the limited amount of data is used as an input for evaluation, replaying the pre-generated traffic is unable to conduct exhaustive testing through the complex data structure used in NIDS. More sophisticated methods that generate workload directly from IDS rules consume too much resources and operate at a slower rate than the target network bandwidth. For more thorough evaluation, a novel approach to real-time workload generation for NIDS evaluation is proposed. It uses a generative grammar, of which the language is a subset of the set of strings matching the given rule database. The grammar is an optimized version of a context-free grammar equivalent to regular expressions from the rule database. It is designed to be memory-efficient and computationally light in generating workload. Experiments show that it generates workload that takes more than an order of magnitude longer for an IDS to process, at the generation speed four times as fast as the previous approach, while using only a fraction of memory.
Metrics
4 File views/ downloads
34 Record Views
Details
- Title
- Grammar-driven workload generation for efficient evaluation of intrusion detection systems
- Creators
- Min Shao
- Contributors
- Min Sik Kim (Degree Supervisor)
- Awarding Institution
- Washington State University
- Academic Unit
- Electrical Engineering and Computer Science, School of
- Theses and Dissertations
- Master of Science (MS), Washington State University
- Publisher
- Washington State University; [Pullman, Washington] :
- Identifiers
- 99900525272001842
- Language
- English
- Resource Type
- Thesis