Modeling how users interact with Windows Outlook to crate realistic email traffic
Author(s)Hsu, Lisa, M. Eng. Massachusetts Institute of Technology
Massachusetts Institute of Technology. Dept. of Electrical Engineering and Computer Science.
MetadataShow full item record
The ever-present and increasing threat of abuse requires a systematic approach to information assurance to protect the security of systems and data. The Lincoln Adaptable Real-time Information Assurance Testbed (LARIAT) was developed to simplify and address problems that surfaced from DARPA evaluations on intrusion detection systems (IDS) development. LARIAT emulates the network traffic produced from one or more organizations connected to the internet. This thesis work focuses on developing the Outlook email model in WinNTGen, which simulates native Windows traffic in LARIAT. To accurately characterize email network traffic, data from seven real users is collected using an Outlook add-in built on the Microsoft .NET Framework for analysis to produce a more realistic usage behavior model. The analysis determined that users behave differently. Therefore, a state machine of the 20 prevailing user actions, and the 76 prevailing transitions was created for each user, to model each user separately.
Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, June 2007.Includes bibliographical references (p. 119-120).
DepartmentMassachusetts Institute of Technology. Dept. of Electrical Engineering and Computer Science.
Massachusetts Institute of Technology
Electrical Engineering and Computer Science.