Methods, systems, and computer readable media for measuring detection accuracy of a security device using benign traffic
First Claim
1. A method for measuring detection accuracy of a security device using benign traffic, the method comprising:
- at an Internet protocol (IP) traffic simulator having a first communications interface and a second communications interface;
sending, by the first communications interface, a plurality of benign data packets to a security device, wherein the plurality of benign data packets is engineered to include content associated with one or more malicious data packets;
receiving, by the second communications interface, one or more of the plurality of benign data packets via the security device; and
determining, using statistics associated with the plurality of benign data packets, a detection accuracy metric associated with the security device, wherein determining the detection accuracy metric includes dividing a number of benign data packets returned to the IP traffic simulator via the security device by a number of benign data packets sent by the IP traffic simulator to the security device; and
identifying, using distinct characteristics associated with the plurality of benign data packets, wherein the distinct characteristics includes at least one characteristic that affects detection accuracy, a portion of a first packet of the plurality of benign data packets that causes the security device to block the first packet.
6 Assignments
0 Petitions
Accused Products
Abstract
Methods, systems, and computer readable media for measuring detection accuracy of a security device using benign traffic are disclosed. According to one method, the method occurs at an Internet protocol (IP) traffic simulator having a first communications interface and a second communications interface. The method includes sending, by the first communications interface, a plurality of benign data packets to a security device, wherein the plurality of benign data packets is engineered to be similar to one or more malicious data packets. The method also includes receiving, by the second communications interface, zero or more of the plurality of benign data packets via the security device. The method further includes determining, using statistics associated with the plurality of benign data packets, a detection accuracy metric associated with the security device.
-
Citations
20 Claims
-
1. A method for measuring detection accuracy of a security device using benign traffic, the method comprising:
at an Internet protocol (IP) traffic simulator having a first communications interface and a second communications interface; sending, by the first communications interface, a plurality of benign data packets to a security device, wherein the plurality of benign data packets is engineered to include content associated with one or more malicious data packets; receiving, by the second communications interface, one or more of the plurality of benign data packets via the security device; and determining, using statistics associated with the plurality of benign data packets, a detection accuracy metric associated with the security device, wherein determining the detection accuracy metric includes dividing a number of benign data packets returned to the IP traffic simulator via the security device by a number of benign data packets sent by the IP traffic simulator to the security device; and identifying, using distinct characteristics associated with the plurality of benign data packets, wherein the distinct characteristics includes at least one characteristic that affects detection accuracy, a portion of a first packet of the plurality of benign data packets that causes the security device to block the first packet. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
10. A system for measuring detection accuracy of a security device using benign traffic, the system comprising:
-
an Internet protocol (IP) traffic simulator, the IP traffic simulator comprising; a first physical communications interface configured to send a plurality of benign data packets to a security device, wherein the plurality of benign data packets is engineered to include content associated with one or more malicious data packets; a second physical communications interface configured to receive one or more of the plurality of benign data packets via the security device; and a detection accuracy module (DAM) configured to determine, using statistics associated with the plurality of benign data packets, a detection accuracy metric associated with the security device, wherein determining the detection accuracy metric includes dividing a number of benign data packets returned to the IP traffic simulator via the security device by a number of benign data packets sent by the IP traffic simulator to the security device and to identify, using distinct characteristics associated with the plurality of benign data packets, wherein the distinct characteristics includes at least one characteristic that affects detection accuracy, a portion of a first packet of the plurality of benign data packets that causes the security device to block the first packet. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A non-transitory computer readable medium comprising computer executable instructions embodied in the non-transitory computer readable medium that when executed by a processor of a computer control the computer to perform steps comprising:
at an Internet protocol (IP) traffic simulator having a first communications interface and a second communications interface; sending, by the first communications interface, a plurality of benign data packets to a security device, wherein the plurality of benign data packets is engineered to include content associated with one or more malicious data packets; receiving, by the second communications interface, one or more of the plurality of benign data packets via the security device; and determining, using statistics associated with the plurality of benign data packets, a detection accuracy metric associated with the security device, wherein determining the detection accuracy metric includes dividing a number of benign data packets returned to the IP traffic simulator via the security device by a number of benign data packets sent by the IP traffic simulator to the security device; and identifying, using distinct characteristics associated with the plurality of benign data packets, wherein the distinct characteristics includes at least one characteristic that affects detection accuracy, a portion of a first packet of the plurality of benign data packets that causes the security device to block the first packet.
Specification