Analysis of Approaches to Internet Traffic Generation for Cyber Security Research and Exercise

  • Tero KokkonenEmail author
  • Timo Hämäläinen
  • Marko Silokunnas
  • Jarmo Siltanen
  • Mikhail Zolotukhin
  • Mikko Neijonen
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9247)


Because of the severe global security threat of malwares, vulnerabilities and attacks against networked systems cyber-security research, training and exercises are required for achieving cyber resilience of organizations. Especially requirement for organizing cyber security exercises has become more and more relevant for companies or government agencies. Cyber security research, training and exercise require closed Internet like environment and generated Internet traffic. JAMK University of Applied Sciences has built a closed Internet-like network called Realistic Global Cyber Environment (RGCE). The traffic generation software for the RGCE is introduced in this paper. This paper describes different approaches and use cases to Internet traffic generation. Specific software for traffic generation is created, to which no existing traffic generation solutions were suitable.


Internet traffic generation Cyber security research and exercise Cyber security Network security 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    JAMK University of Applied Sciences, Jyväskylä Security Technology (JYVSECTEC), Realistic Global Cyber Environment (RGCE).
  2. 2.
    Zolotukhin, M., Hämäläinen, T., Kokkonen, T., Siltanen, J.: Analysis of HTTP requests for anomaly detection of web attacks. In: 2014 IEEE 12th International Conference on Dependable, Autonomic and Secure Computing, pp. 406–411, August 2014Google Scholar
  3. 3.
    Floyd, S., Paxson, V.: Difficulties in Simulating the Internet. IEEE/ACM Trans. Netw. 9(4), 392–403 (2001)CrossRefGoogle Scholar
  4. 4.
    Casilari, E., Gonzblez, F.J., Sandoval, F.: Modeling of HTTP traffic. Communications Letters, IEEE 5(6), 272–274 (2001)CrossRefGoogle Scholar
  5. 5.
    Botta, A., Dainotti, A., Pescapè, A.: A tool for the generation of realistic network workload for emerging networking scenarios. Computer Networks (Elsevier) 14(15), 3531–3547 (2012)CrossRefGoogle Scholar
  6. 6.
    Hong, S.-S., Wu, S.: On interactive internet traffic replay. In: Valdes, A., Zamboni, D. (eds.) RAID 2005. LNCS, vol. 3858, pp. 247–264. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  7. 7.
    Pries, R., Wamser, F., Staehle, D., Heck, K., Tran-Gia, P.: On traffic characteristics of a broadband wireless internet access. In: Next Generation Internet Networks, NGI 2009, pp. 1–7, July 2009Google Scholar
  8. 8.
    Li, T., Liu, J., Lei, Z., Xie, Y.: Characterizing service providers traffic of mobile internet services in cellular data network. In: 2013 5th International Conference on Intelligent Human-Machine Systems and Cybernetics (IHMSC), vol. 1, pp. 134–139, August 2013Google Scholar
  9. 9.
    The University of Southern California (USC-ISI), The Information Sciences Institute, TG Traffic Generation Tool.
  10. 10.
    The University of Kansas, The Information and Telecommunication Technology Center (ITTC), NetSpec Tool.
  11. 11.
  12. 12.
    pksh -the Packet Shell.
  13. 13.
    Universita’ degli Studi di Napoli “Federico II”, D-ITG, Distributed Internet Traffic Generator.
  14. 14.
    Angrisani, L., Botta, A., Miele, G., Vadursi, M.: An experimental characterization of the internal generation cycle of an open-source software traffic generator. In: 2013 IEEE International Workshop on Measurements and Networking Proceedings (M N), pp. 74–78, October 2013Google Scholar
  15. 15.
    Botta, A., Dainotti, A., Pescapè, A.: Do You Trust Your Software-Based Traffic Generator. IEEE Communications Magazine, 158–165 (2010)Google Scholar
  16. 16.
    White, B., et al.: An integrated experimental environment for distributed systems and networks. In: Proceedings of the 5th Symposium on Operating Systems Design and Implementation, 2002. USENIX Association, December 2002Google Scholar
  17. 17.
    Kleen, A.: Linux Programmer’s Manual RAW(7).
  18. 18.
    Kleen, A., Singhvi, N., Kuznetsov’s, A.: Linux Programmer’s Manual TCP(7).
  19. 19.
    Postel, J.: Transmission Control Protocol. RFC 793 (INTERNET STANDARD). Updated by RFCs 1122, 3168, 6093, 6528. Internet Engineering Task Force, September 1981.
  20. 20.
    Tanase, M.: IP Spoofing: An Introduction. The Security Blog, March 2003.
  21. 21.
    WireShark Wiki, Libpcap File Format.
  22. 22.
  23. 23.
    Khayari, R.E.A., Rücker, M., Lehman, A., Musovic, A.: ParaSynTG: a parameterized synthetic trace generator for representation of WWW traffic. In: SPECTS (2008), pp. 317–323, June 16-18, 2008Google Scholar
  24. 24.
    Postel, J.: User Datagram Protocol. RFC 768 (INTERNET STANDARD). Internet Engineering Task Force, August 1980.
  25. 25.
    The GO Programming Language.
  26. 26.
    Hoare, C.A.R.: Communicating Sequential Processess. Communications of the ACM 21(8), 666–677 (1978)zbMATHMathSciNetCrossRefGoogle Scholar
  27. 27.
    Fette, I., Melnikov, A.: WebSocket Protocol. RFC 6455 (INTERNET STANDARD). Internet Engineering Task Force, December 2011.
  28. 28.
    Ministry of defense press release May 8, 2013. Cyber Security Exercise in Jyväskylä, May 13–17, 2013. Kyberturvallisuusharjoitus Jyväskylässä, May 13–17, 2013.
  29. 29.
    Finnish Defence Forces Press Release, June 3, 2014, Performance of Cyber Security is developed by co-operation between Government Authorities and University. Kyber-suorituskykyä hiotaan viranomaisten ja korkeakoulujen yhteistyöllä.
  30. 30.
    Luo, S., Marin, G.A.: Realistic Internet traffic simulation through mixture modeling and a case study. In: Proceedings of the 2005 Winter Simulation Conference, pp. 2408–2416, December 4–7, 2005Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Tero Kokkonen
    • 1
    • 2
    Email author
  • Timo Hämäläinen
    • 2
  • Marko Silokunnas
    • 1
  • Jarmo Siltanen
    • 1
  • Mikhail Zolotukhin
    • 2
  • Mikko Neijonen
    • 1
  1. 1.Institute of Information TechnologyJAMK University of Applied SciencesJyväskyläFinland
  2. 2.Department of Mathematical Information TechnologyUniversity of JyväskyläJyväskyläFinland

Personalised recommendations