Intelligent Testing Framework for Network Security Devices - PowerPoint PPT Presentation

1 / 8
About This Presentation
Title:

Intelligent Testing Framework for Network Security Devices

Description:

Adel El-Atawy, Taghrid Samak, Khaled Ibrahim, Hazem Hamed, and Ehab ... Be smart, and avoid brute force testing. Exhaustive testing is not practically feasible. ... – PowerPoint PPT presentation

Number of Views:71
Avg rating:3.0/5.0
Slides: 9
Provided by: mnlabCs
Category:

less

Transcript and Presenter's Notes

Title: Intelligent Testing Framework for Network Security Devices


1
Intelligent Testing Framework for Network
Security Devices
  • Adel El-Atawy, Taghrid Samak, Khaled Ibrahim,
    Hazem Hamed, and Ehab Al-Shaer
  • School of Computer Science, Telecommunication,
    and Information Systems
  • DePaul University, Chicago, Illinois, USA
  • Email aelatawy,taghrid,kibrahim,hhamed,ehab_at_cs.
    depaul.edu

2
Motivation
  • Packet Filtering Algorithms are in continuous
    modification and optimization Their
    implementation needs to be tested.
  • We should utilize the information provided by the
    policy to minimize the number of test packets
    used.
  • Be smart, and avoid brute force testing.
    Exhaustive testing is not practically feasible.
    (Nice figure Total Exhaustive testing will take
    4x1013 years testing with a Giga packet/second)

3
Technical Approach
  • Having a system that is capable of smart
    selection of test packets using information about
    the network and the policy.
  • Selecting the best packets to cover the whole
    space of possible packets.
  • Use these packets to identify errors if any. By
    injecting the test packets, we can log the output
    and analyze it.

4
Steps of the solution
  • Partition the space of packet header values into
    SEGMENTS based on the policy.
  • Calculate the importance for each segment.
  • Select sample packets from each segment
    proportional to its weight
  • Inject the packets into the Firewall
  • Make sure each packet is handled correctly (i.e.,
    as indicated by the policy)

5
Framework Overview
6
Policy Generation
  • Using the given BNF, rule-by-rule generation
    takes place.
  • The edges of the graph representing the BNF carry
    the statistical guidelines for human-like
    policies (if required).
  • Can be provided independently of a specific BNF.

7
Details (1/2)
What is a segment ?
8
Details (2/2) (more animation)
Segment Weight
  • Weight of a segment is a function of different
    parameters that specify how critical is this
    segment w.r.t. testing
  • During a test interval of T seconds and using a
    rate of R packets/second, the number of generated
    packets ni for segment Si is given by the formula

9
System Overview
System Architecture
10
Evaluation
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Intelligent Testing Framework for Network Security Devices" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!