Balancing Privacy and Fidelity in Packet Traces for Security Evaluation
Security mechanisms, such as firewalls and intrusion detection systems, protect networks by generating security alarms and possibly filtering attack traffic, according to a specified security policy. Evaluation of such security mechanisms remains a challenge. In this paper, the authors examine the problem of compiling a set of high fidelity traffic traces that include both attacks and background traffic, to make them available for trace-based evaluation of Internet firewalls and intrusion detection systems. For these traces to be representative of real-world Internet traffic traces at the time they are used, synthesizing or generating a trace is inadequate. Hence, developing an anonymization tool for captured traffic traces is necessary.