The DHS DETER Project and IMPACT – Information Marketplace for Policy and Analysis of Cyber-risk & Trust – both provide information and resources for systems evaluation. We are working towards integrating these two platforms to enable seamless experimentation of large scale and complex systems on DETERLab using one or more data sets from IMPACT.
In 2013, we published a paper at the Homeland Security conference (HST 2013) that motivated the use of real world cyber attack data for systems evaluation and established a toolchain to enable rapid transition of the data from IMPACT to DETERLab. Based on our initial results, we are extending the toolchain to enable users to stream and transform the IMPACT data sets to allow for creating a wide range of evaluation scenarios.
Our recent presentation at the DHS DETER project review demonstrated two such examples of using IMPACT traffic traces in the testbed. In the first example, we processed attack traffic traces from IMPACT to identify attackers in a spoofed traffic trace based on the identification field in the IP header. We then created a scenario recreating the attacks on DETERLab. In the second example, we used the topology information from the Internet Atlas project along with attack traces, both available through the IMPACT project, to evaluate the effects of the attack on distributed wide area monitoring and control in the power grid.
Our vision is to develop easy to use tools and methods that will allow rapid transition of data into experiments using selectable and reusable components to stream and transform the data. Watch for updates at: http://deter-project.org/news