Dynamic Content Generation for the Evaluation of Network Applications

Abstract

Generating application-level content within network simulations and/or testbed environments tends toward an ad-hoc process reliant primarily on evaluator expertise. Such ad-hoc approaches are laborious and often fail to capture important aspects of how content is distributed within traffic. Further, while many tools allow for the generation of a wide-range of content types, there exists no coherent model for populating these tools with the necessary data. To address these issues we propose two models for dynamically generating content so as to provide a systematic means for populating a test with relevant data. First we create content targeting Network Intrusion Detection Systems (NIDS) that are severely impacted by the composition of the traffic combined with the set of known signatures. Most NIDS evaluation techniques employ on/off models where a packet is either malicious or not. Such evaluation ignores the case where the content of a benign packet partially intersects with one or many signatures, causing more processing for the NIDS. To address this hole in evaluation we propose a traffic model that uses the target NIDS signature set to create partially-matching traffic. This partially-matching traffic then allows the systematic examination of the NIDS across multiple scenarios. Such evaluation provides insight into the idiosyncrasies of a NIDS that would remain hidden if evaluated under current methodologies. Next, we broaden our content generation model to account for all network applications. We create a content generative model for identifying, harvesting, and assigning application-level content to simulated traffic. This model ties consumers of content to the producers of the content as well to a particular content category. This approach then allows for said content to be tied to a workload generator or simulator of choice to evaluate a given network application. Finally, we discuss the implementation of these models and potential optimizations for high-speed environments. Ultimately, the models provided here allow for the systematic generation of content for network applications and serves to bridge the gap in current evaluation methodologies between network traffic simulation and content.