WinNTGen : Creation of a Windows NT 5.0+ network traffic generator

• Main Author: Boothe-Rabek, Jesse C. (Jesse Clayton), 1979-
• Other Authors: Robert K. Cunningham.
• Format: Others
• Language: English
• Published: Massachusetts Institute of Technology 2006
• Subjects: Electrical Engineering and Computer Science.
• Online Access: http://hdl.handle.net/1721.1/29667

Thesis (M.Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2003. === Includes bibliographical references (leaves 65-67). === The Lincoln Adaptable Real Time Information Assurance Testbed (LARIAT) project is the first fully automatable network testbed for the evaluation of information assurance (IA) technologies. It allows researchers to easily set up experiments that evaluate the accuracy of host-based and network-based intrusion detection systems (IDSs). Initially, the network traffic it could produce used UNIX services and protocols as implemented for the Linux and Solaris platforms. However, due to the widespread deployment of Windows-based systems in production environments, it is necessary to include Windows-based traffic when testing IA systems in order to provide a comprehensive evaluation. This thesis describes WinNTGen, a Windows network traffic generation system that integrates into the existing LARIAT framework and enables it to produce Windows-based network traffic. To do this, WinNTGen simulates the actions of a user controlling applications that in turn use network resources. This frees WinNTGen from the need to re-implement network protocols and allows it to operate at a higher level of abstraction. WinNTGen controls applications via loadable libraries that encapsulate the manner in which a typical user interacts with a particular application. The statistical parameters that specify the behavior of a user with each application are derived from real users' behavioral data as they interacted with each application. The system is flexible and extensible so that different versions of the same application as well as additional applications can be controlled by modifying and adding libraries. Finally, the reality and the throughput of the network traffic produced by the WinNTGen system are evaluated. === by Jesse C. Boothe-Rabek. === M.Eng.