Modeling how users interact with Windows Outlook to crate realistic email traffic
DownloadFull printable version (7.677Mb)
Other Contributors
Massachusetts Institute of Technology. Dept. of Electrical Engineering and Computer Science.
Advisor
Richard Lippmann.
Terms of use
Metadata
Show full item recordAbstract
The ever-present and increasing threat of abuse requires a systematic approach to information assurance to protect the security of systems and data. The Lincoln Adaptable Real-time Information Assurance Testbed (LARIAT) was developed to simplify and address problems that surfaced from DARPA evaluations on intrusion detection systems (IDS) development. LARIAT emulates the network traffic produced from one or more organizations connected to the internet. This thesis work focuses on developing the Outlook email model in WinNTGen, which simulates native Windows traffic in LARIAT. To accurately characterize email network traffic, data from seven real users is collected using an Outlook add-in built on the Microsoft .NET Framework for analysis to produce a more realistic usage behavior model. The analysis determined that users behave differently. Therefore, a state machine of the 20 prevailing user actions, and the 76 prevailing transitions was created for each user, to model each user separately.
Description
Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, June 2007. Includes bibliographical references (p. 119-120).
Date issued
2007Department
Massachusetts Institute of Technology. Department of Electrical Engineering and Computer SciencePublisher
Massachusetts Institute of Technology
Keywords
Electrical Engineering and Computer Science.