Date Added: Sep 2013
Security mechanisms, such as firewalls and intrusion detection systems, protect networks by generating security alarms and possibly filtering attack traffic, according to a specified security policy. Evaluation of such security mechanisms remains a challenge. In this paper, the authors examine the problem of compiling a set of high fidelity traffic traces that include both attacks and background traffic, to make them available for trace-based evaluation of Internet firewalls and intrusion detection systems. For these traces to be representative of real-world Internet traffic traces at the time they are used, synthesizing or generating a trace is inadequate. Hence, developing an anonymization tool for captured traffic traces is necessary.