Software tool for testing the packet analyzer of network attack detection systems

Abstract

The paper is devoted to a model, technique and software tool for testing network attack detection systems (ADSs) from the point of view of the correct functioning of their internal packet analyzer. A client-server architecture of the software tool for generating the low-level network attacks is described. The paper outlines the experimental results of testing several ADSs by using the implemented software tool. The results of experiments, aimed at testing the ADSs on the ability to detect evasion and insertion attacks, are presented. We analyze the reaction of ADSs in response to various network packets subjected to various transformations at the levels both of IP and TCP protocols. Recommendations aimed at detecting and preventing such situations in computer networks are proposed.