Abstract
Due to the increasing amount of data traveling computer networks every day, efficient management of this information is required to ensure the quality of the services provided by them. Development of new network management tools and mechanisms is a widely approached area due to its importance, not only to the current technology, but also to next generation network standards and equipments. Several researches have been directed to the use of IP Flows in order to increase the efficiency of these management tools. Although there are several proposed approaches in this area, most of them don't have suitable test scenarios to validate their performance results. In this study, we present Scorpius, a new simulation tool able to help testing network management mechanisms based on IP Flows. Scorpius is capable of simulating different kinds of anomalies, such as Denial of Service (DoS), Distributed Denial of Service (DDoS), Flash Crowd and Port Scan, directly into the flow export files. This characteristic unites the advantages of tests in real network environments without the drawbacks of the occurrence of real anomalies and attacks, even controlled ones. This approach makes the processes of performance analysis of anomaly detection approaches easier, without interfering or hampering the operation of the analyzed network. In order to validate the efficiency of the presented tool, we use real data collected from a large-scale network environment.
Highlights
One of the most relevant aspects about modern society is the importance of information
Aiming to unite the advantages of each one of these environments, as well as mitigate their disadvantages, this paper presents an alternative for network anomaly detection approaches testing: an IP Flow anomaly simulation tool called Scorpius
The input data of Scorpius are the IP flow data which describes the behavior of a normal day, on which a simulation of a specific anomaly is performed
Summary
One of the most relevant aspects about modern society is the importance of information. Aiming to unite the advantages of each one of these environments, as well as mitigate their disadvantages, this paper presents an alternative for network anomaly detection approaches testing: an IP Flow anomaly simulation tool called Scorpius (de Assis, 2014) This tool is capable of simulating different kinds of anomalies directly into flow export files, such as Denial of Service (DoS), Distributed Denial of Service (DDoS), Flash Crowd and Port Scan. This approach unites the efficiency of real network test scenarios with the precision of simulated networks and controlled attacks without interfering or hampering the network operation.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
