LARIAT explained

LARIAT should not be confused with lariat.

Lincoln Adaptable Real-time Information Assurance Testbed
Aka:LARIAT
Developer:MIT Lincoln Laboratory
Type:Network Security Testbed
Os:Modified Linux (for traffic generators)
Predecessor:Unnamed DARPA 1998/1999 testbed
Successor:LLSIM
Language:Java (for the GUI)

The Lincoln Adaptable Real-time Information Assurance Testbed (LARIAT) is a physical[1] computing platform developed by the MIT Lincoln Laboratory as a testbed for network security applications.[2] Use of the platform is restricted to the United States military, though some academic organizations can also use the platform under certain conditions.[3]

LARIAT was designed to help with the development and testing of intrusion detection (ID) and information assurance (IA) technologies.[4] Initially created in 2002,[5] LARIAT was the first simulated platform for ID testing[6] and was created to improve upon a preexisting non-simulated testbed that was created for DARPA's 1998 and 1999 ID analyses. LARIAT is used by the United States military for training purposes and automated systems testing.

Function

The platform simulates users and reflects vulnerabilities caused by design flaws and user interactions[7] and allows for interaction with real-world programs such as web browsers and office suites while simulating realistic user activity on these applications.[8] These virtual users are managed by Markov models which allow them to act differently from each other in a realistic way.[9]

This results in a realistic simulation of an active network of users that can then be targeted for malicious attacks to test the effectiveness of the attacks against network defenses, while also testing the effectiveness of intrusion detection methods and software in a simulated real-world environment with actual users in amongst the malicious traffic on the network. This is done because network intrusion detection software cannot as easily find instances of malicious network traffic when it is mixed in with non-malicious network traffic generated by legitimate users of the network.

The traffic generators used by the testbed run on a modified version of Linux,[10] and a Java-based graphical user interface called Director is provided to allow users of the platform to configure and control testing parameters and to monitor the resulting network traffic.

Influence

Cyberwarfare training programs such as those at the Korea Institute of Military Science and Technology's research center use the principles and methodologies of the LARIAT platform in the development of simulated threat generators for cyberwarfare training.[11] In non-security contexts, systems such as Artificial Intelligence programs build on the principles of the LARIAT platform to study and then simulate real-time user input and activity for automated testing systems.[12]

LLSIM

The MIT Lincoln Laboratory designed the Lincoln Laboratory Simulator (LLSIM) as a fully virtualized Java-based successor to LARIAT that can be run on a single computer without the need for dedicated physical network hardware or expensive testbeds.[13] It is not a full replacement for LARIAT, however, as it does not generate low-level data such as network packets. While this makes it more scalable than LARIAT since it simplifies certain processes, it cannot be used for certain ID testing purposes that LARIAT can be utilized for.[14]

Notes and References

  1. Book: Shahzad . Khurram . Advances in security of information and communication networks : first international conference, SecNet 2013, Cairo, Egypt, September 3-5, 2013 : proceedings . Woodhead . Steve . Bakalis . Panos . 2013 . Springer . 978-3-642-40597-6 . Hassanien . Aboul Ella . Heidelberg . 56 . A Virtualized Network Testbed for Zero-Day Worm Analysis and Countermeasure Testing . 858945327 . The 1998 DARPA off-line intrusion detection evaluation and LARIAT are also two physical machine testbeds sponsored by US Air Force and developed at the Lincoln Laboratory, MIT. . Awad . Ali Ismail . Baba . Kensuke.
  2. Book: Wright . Charles V. . Recent advances in intrusion detection : 13th International Symposium, RAID 2010, Ottawa, Ontario, Canada, September 15-17, 2010, proceedings . Connelly . Christopher . Braje . Timothy . Rabek . Jesse C. . Rossey . Lee M. . Cunningham . Robert K. . Springer . 2010 . 978-3-642-15512-3 . Jha . Somesh . Berlin . 218–237 . Generating Client Workloads and High-Fidelity Network Traffic for Controllable, Repeatable Experiments in Computer Security . 676698663 . Sommer . Robin . Kreibich . Christian.
  3. García-Teodoro . P. . Díaz-Verdejo . J. . Maciá-Fernández . G. . Vázquez . E. . 2009 . Anomaly-based network intrusion detection: Techniques, systems and challenges . Computers & Security . en . 28 . 1–2 . 18–28 . 10.1016/j.cose.2008.08.003 . Unfortunately, LARIAT is restricted to US military environments and to some academic organizations under special circumstances. . ScienceDirect.
  4. Book: Rossey . Lee M. . Cunningham . Robert K. . Fried . David J. . Rabek . Jesse C. . Lippmann . Richard P. . Haines . Joshua W. . Zissman . Marc A. . Proceedings, IEEE Aerospace Conference . LARIAT: Lincoln adaptable real-time information assurance testbed . 2002 . https://ieeexplore.ieee.org/document/1036158 . Big Sky, MT, USA . . 6 . 6–2671–2676,-6-2682 . 10.1109/AERO.2002.1036158 . 978-0-7803-7231-3 . subscription . August 11, 2022 . 5993975.
  5. Book: Skopik . Florian . Settanni . Giuseppe . Fiedler . Roman . Friedberg . Ivo . 2014 Twelfth Annual International Conference on Privacy, Security and Trust . Semi-synthetic data set generation for security software evaluation . 2014 . https://ieeexplore.ieee.org/document/6890935 . Toronto, ON, Canada . IEEE . 156–163 . 10.1109/PST.2014.6890935 . 978-1-4799-3503-1 . 7953033.
  6. Årnes . André . Haas . Paul . Vigna . Giovanni . Kemmerer . Richard A. . 2006 . Büschkes . Roland . Laskov . Pavel . Detection of Intrusions and Malware & Vulnerability Assessment . Lecture Notes in Computer Science . Berlin, Heidelberg . Springer Berlin Heidelberg . 4064 . 144–163 . 10.1007/11790754_9 . 978-3-540-36014-8 . Digital Forensic Reconstruction and the Virtual Security Testbed ViSe . http://link.springer.com/10.1007/11790754_9.
  7. Book: Yu . T.H. . VizSEC 2007 : proceedings of the Workshop on Visualization for Computer Security . Fuller . B.W. . Bannick . J.H. . Rossey . L.M. . Cunningham . R.K. . 2008 . Springer . 978-3-540-78243-8 . Goodall . John R. . Berlin . 68 . Integrated Environment Management for Information Operations Testbeds . 272298719 . Conti . Gregory . Ma . Kwan-Liu.
  8. Advanced Tools for Cyber Ranges . Braje . Timothy M. . February 15, 2016 . . Lexington, Massachusetts . 5–6 . August 11, 2022 . Defense Technical Information Center.
  9. A Survey of Cyber Ranges and Testbeds . Davis . Jon . Magrath . Shane . December 1, 2013 . . 10 . August 12, 2022 . Defense Technical Information Center.
  10. Book: Haines . Joshua W. . Rossey . Lee M. . Lippmann . Richard P. . Cunningham . Robert K. . Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01 . Extending the DARPA off-line intrusion detection evaluations . 2001 . https://ieeexplore.ieee.org/document/932190 . Anaheim, CA, USA . IEEE Comput. Soc . 1 . 35–45 . 10.1109/DISCEX.2001.932190 . 978-0-7695-1212-9 . 12474163.
  11. Hong . Suyoun . Kim . Kwangsoo . Kim . Taekyu . 2019 . 사이버전 훈련을 위한 ATT&CK 기반 모의 위협 발생기 설계 및 구현 . The Design and Implementation of Simulated Threat Generator based on MITRE ATT&CK for Cyber Warfare Training . Journal of the Korea Institute of Military Science and Technology . Korean . 22 . 6 . 797–805 . 10.9766/KIMST.2019.22.6.797 . 1598-9127.
  12. Book: Poston . Robin . HCI in business : second International Conference, HCIB 2015, held as part of HCI International 2015, Los Angeles, CA, USA, August 2-7, 2015, Proceedings . Calvert . Ashley . 2015 . 978-3-319-20895-4 . Nah . Fiona Fui-Hoon . Cham . 754 . Vision 2020: The Future of Software Quality Management and Impacts on Global User Acceptance . 914296150 . Tan . Chuan-Hoo.
  13. Book: Haines . Joshua W. . Goulet . Stephen A. . Durst . Robert S. . Champion . Terrance G. . IEEE Systems, Man and Cybernetics Society Information Assurance Workshop, 2003 . LLSIM: Network simulation for correlation and response testing . 2003 . https://ieeexplore.ieee.org/document/1232429 . West Point, NY, USA . IEEE . 243–250 . 10.1109/SMCSIA.2003.1232429 . 978-0-7803-7808-7 . 62098823.
  14. Balzarotti . Davide . Testing Network Intrusion Detection Systems . June 28, 2006 . PhD . . 10.1.1.129.9810.