The simulation of malicious traffic using self-similar traffic model

Abstract

Detection of malicious activity in the network still is a challenge. The self-similarity feature of traffic can be used in an anomaly detection method. The influence of traffic generated by intruder who performs access attack is analyzed. In the other hands the simulation of threads is useful in designing and testing processes of a network. For this purpose a multi-layer 'on-off' model of traffic source is developed and a traffic generator is implemented according this model. Finally the real traffic including attacker flow is compared to the traffic generated by generator. This comparison proves that it is possible to simulate traffic similar to malicious one. © 2012 Springer-Verlag Berlin Heidelberg.