PyNetSim
PyNetSim is targeting the generation of background traffic and anomaly generation for testing anomaly detection algorithms. It is written in python and basically no simulation in terms of computer science but it uses parts of simulation theory. Therefore it is a generator of such traffic types. It deploys its full power when running on many virtual machines.
Why simulation?
- Reproducibility
- Knowledge about anomalies
- It is possible to model only special parts of interst
- Statistics:
- False positives and false negatives must be known!
- It is nearly impossible to know any anomalies of real data dumps!
- Usualy anomalies are rare, with simulation you can create the needed amount of data with the occurrence of anomalies you like
- No privacy concerns. You can share your dumps with any research partner you like
Why not?
- The internet is complex and it is impossible to model it
- Simulation may produce artefacts
- unrealistc amount of anomalies
- Small amount of simulation programs exist for this task
What can PyNetSim do?
- Background traffic generation:
- Browsing a set of pages at random and clicking on links (using selenium)
- Send, delete and get emails
- Voice and text chats with Skype
- Put, get and delete files with FTP
- Update system time with ntpdate
- Anomaly traffic generation:
- All sort of network scans nmap offers
- Supports metasploit rc files to generate all kinds of e.g. remote 2 local
- Arppoison with arpspoof
