LARIAT

Lincoln Adaptable Real-time Information Assurance Testbed

Also known as	LARIAT
Developer	MIT Lincoln Laboratory
Type	Network Security Testbed
Release date	2002 (2002)
Operating system	Modified Linux (for traffic generators)
Predecessor	Unnamed DARPA 1998/1999 testbed
Successor	LLSIM
Language	Java (for the GUI)

The Lincoln Adaptable Real-time Information Assurance Testbed (LARIAT) is a physical^[1] computing platform developed by the MIT Lincoln Laboratory as a testbed for network security applications.^[2] Use of the platform is restricted to the United States military, though some academic organizations can also use the platform under certain conditions.^[3]

LARIAT was designed to help with the development and testing of intrusion detection (ID) and information assurance (IA) technologies.^[4] Initially created in 2002,^[5] LARIAT was the first simulated platform for ID testing^[6] and was created to improve upon a preexisting non-simulated testbed that was created for DARPA's 1998 and 1999 ID analyses.^[4] LARIAT is used by the United States military for training purposes and automated systems testing.^[7]

Function

The platform simulates users and reflects vulnerabilities caused by design flaws and user interactions^[8] and allows for interaction with real-world programs such as web browsers and office suites while simulating realistic user activity on these applications.^[9] These virtual users are managed by Markov models which allow them to act differently from each other in a realistic way.^[7]

This results in a realistic simulation of an active network of users that can then be targeted for malicious attacks to test the effectiveness of the attacks against network defenses, while also testing the effectiveness of intrusion detection methods and software in a simulated real-world environment with actual users in amongst the malicious traffic on the network. This is done because network intrusion detection software cannot as easily find instances of malicious network traffic when it is mixed in with non-malicious network traffic generated by legitimate users of the network.^[9]

The traffic generators used by the testbed run on a modified version of Linux,^[10] and a Java-based^[10] graphical user interface called Director^[7] is provided to allow users of the platform to configure and control testing parameters and to monitor the resulting network traffic.^[4][9]

Influence

Cyberwarfare training programs such as those at the Korea Institute of Military Science and Technology's research center use the principles and methodologies of the LARIAT platform in the development of simulated threat generators for cyberwarfare training.^[11] In non-security contexts, systems such as Artificial Intelligence programs build on the principles of the LARIAT platform to study and then simulate real-time user input and activity for automated testing systems.^[12]

LLSIM

The MIT Lincoln Laboratory designed the Lincoln Laboratory Simulator (LLSIM) as a fully virtualized Java-based successor to LARIAT that can be run on a single computer without the need for dedicated physical network hardware or expensive testbeds.^[5][13] It is not a full replacement for LARIAT, however, as it does not generate low-level data such as network packets. While this makes it more scalable than LARIAT since it simplifies certain processes, it cannot be used for certain ID testing purposes that LARIAT can be utilized for.^[14]

References

1. Shahzad, Khurram; Woodhead, Steve; Bakalis, Panos (2013). "A Virtualized Network Testbed for Zero-Day Worm Analysis and Countermeasure Testing". In Hassanien, Aboul Ella; Awad, Ali Ismail; Baba, Kensuke (eds.). Advances in security of information and communication networks : first international conference, SecNet 2013, Cairo, Egypt, September 3-5, 2013 : proceedings. Heidelberg: Springer. p. 56. ISBN 978-3-642-40597-6. OCLC 858945327. The 1998 DARPA off-line intrusion detection evaluation and LARIAT are also two physical machine testbeds sponsored by US Air Force and developed at the Lincoln Laboratory, MIT.
2. Wright, Charles V.; Connelly, Christopher; Braje, Timothy; Rabek, Jesse C.; Rossey, Lee M.; Cunningham, Robert K. (2010). "Generating Client Workloads and High-Fidelity Network Traffic for Controllable, Repeatable Experiments in Computer Security". In Jha, Somesh; Sommer, Robin; Kreibich, Christian (eds.). Recent advances in intrusion detection : 13th International Symposium, RAID 2010, Ottawa, Ontario, Canada, September 15-17, 2010, proceedings. Berlin: Springer. pp. 218–237. ISBN 978-3-642-15512-3. OCLC 676698663.
3. García-Teodoro, P.; Díaz-Verdejo, J.; Maciá-Fernández, G.; Vázquez, E. (2009). "Anomaly-based network intrusion detection: Techniques, systems and challenges". Computers & Security. 28 (1–2): 18–28. doi:10.1016/j.cose.2008.08.003 – via ScienceDirect. Unfortunately, LARIAT is restricted to US military environments and to some academic organizations under special circumstances.
4. Rossey, Lee M.; Cunningham, Robert K.; Fried, David J.; Rabek, Jesse C.; Lippmann, Richard P.; Haines, Joshua W.; Zissman, Marc A. (2002). "LARIAT: Lincoln adaptable real-time information assurance testbed". Proceedings, IEEE Aerospace Conference. Vol. 6. Big Sky, MT, USA: IEEE. pp. 6–2671–2676, -6-2682. doi:10.1109/AERO.2002.1036158. ISBN 978-0-7803-7231-3. S2CID 5993975. Retrieved August 11, 2022.
5. Skopik, Florian; Settanni, Giuseppe; Fiedler, Roman; Friedberg, Ivo (2014). "Semi-synthetic data set generation for security software evaluation". 2014 Twelfth Annual International Conference on Privacy, Security and Trust. Toronto, ON, Canada: IEEE. pp. 156–163. doi:10.1109/PST.2014.6890935. ISBN 978-1-4799-3503-1. S2CID 7953033.
6. Årnes, André; Haas, Paul; Vigna, Giovanni; Kemmerer, Richard A. (2006). "Digital Forensic Reconstruction and the Virtual Security Testbed ViSe". In Büschkes, Roland; Laskov, Pavel (eds.). Detection of Intrusions and Malware & Vulnerability Assessment. Lecture Notes in Computer Science. Vol. 4064. Berlin, Heidelberg: Springer Berlin Heidelberg. pp. 144–163. doi:10.1007/11790754_9. ISBN 978-3-540-36014-8.
7. Davis, Jon; Magrath, Shane (December 1, 2013). A Survey of Cyber Ranges and Testbeds (Report). Defence Science and Technology Group. p. 10. Retrieved August 12, 2022 – via Defense Technical Information Center.
8. Yu, T.H.; Fuller, B.W.; Bannick, J.H.; Rossey, L.M.; Cunningham, R.K. (2008). "Integrated Environment Management for Information Operations Testbeds". In Goodall, John R.; Conti, Gregory; Ma, Kwan-Liu (eds.). VizSEC 2007 : proceedings of the Workshop on Visualization for Computer Security. Berlin: Springer. p. 68. ISBN 978-3-540-78243-8. OCLC 272298719.
9. Braje, Timothy M. (February 15, 2016). Advanced Tools for Cyber Ranges (Report). Lexington, Massachusetts: MIT Lincoln Laboratory. pp. 5–6. Retrieved August 11, 2022 – via Defense Technical Information Center.
10. Haines, Joshua W.; Rossey, Lee M.; Lippmann, Richard P.; Cunningham, Robert K. (2001). "Extending the DARPA off-line intrusion detection evaluations". Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01. Vol. 1. Anaheim, CA, USA: IEEE Comput. Soc. pp. 35–45. doi:10.1109/DISCEX.2001.932190. ISBN 978-0-7695-1212-9. S2CID 12474163.
11. Hong, Suyoun; Kim, Kwangsoo; Kim, Taekyu (2019). "사이버전 훈련을 위한 ATT&CK 기반 모의 위협 발생기 설계 및 구현" [The Design and Implementation of Simulated Threat Generator based on MITRE ATT&CK for Cyber Warfare Training]. Journal of the Korea Institute of Military Science and Technology (in Korean). 22 (6): 797–805. doi:10.9766/KIMST.2019.22.6.797. ISSN 1598-9127.
12. Poston, Robin; Calvert, Ashley (2015). "Vision 2020: The Future of Software Quality Management and Impacts on Global User Acceptance". In Nah, Fiona Fui-Hoon; Tan, Chuan-Hoo (eds.). HCI in business : second International Conference, HCIB 2015, held as part of HCI International 2015, Los Angeles, CA, USA, August 2-7, 2015, Proceedings. Cham. p. 754. ISBN 978-3-319-20895-4. OCLC 914296150.
13. Haines, Joshua W.; Goulet, Stephen A.; Durst, Robert S.; Champion, Terrance G. (2003). "LLSIM: Network simulation for correlation and response testing". IEEE Systems, Man and Cybernetics Society Information Assurance Workshop, 2003. West Point, NY, USA: IEEE. pp. 243–250. doi:10.1109/SMCSIA.2003.1232429. ISBN 978-0-7803-7808-7. S2CID 62098823.
14. Balzarotti, Davide (June 28, 2006). Testing Network Intrusion Detection Systems (PhD thesis). Polytechnic University of Milan. CiteSeerX 10.1.1.129.9810.