Newbie: Want to simulate attack signatures in my local network traffic. Fully lost

Hi guys!

Hope everyone's doing well here!

​

Disclaimer: I am a complete newbie to cybersecurity, in general. The question(s) that I want to ask are related to intrusion analysis and detection.

I'm working on my MS Project and I decided to pick something that would be slightly challenging but easy enough to initiate and complete (I was wrong! Its not easy) in a given timeframe.

​

Context about the project:

Regardless, the project involves ingesting real-time network traffic from my local machine (just one machine for now) and being able to detect, in real-time. a few abnormalities/attacks that may be simulated. The idea is to use Flink which is a streaming platform.

Right now, I'm using Elasticbeats on my machine which is sending the network traffic to ElasticSearch. These logs will be eventually written to Kafka, ingested and processed by Flink to detect abnormalities/attacks through heuristics. My understanding is that will be accomplished by setting up a few rules around attack signatures.

​

The Problem:

The biggest difficulty that I'm having right now is figuring out how do I simulate these attack signatures in my network traffic logs.

Is there any open source tools that I can potentially use that, on being specified something, would generate logs within my network traffic that would represent these abnormalities/attack_signatures that I would then ingest and detect?

I've been googling and learning concepts from the internet but as a beginner with limited time, I'm having some difficulties going through tons of the content available online and therefore, I am finding it hard to establish a good basis.

​

I'm sorry for any confusions I may have caused and would greatly appreciate all the answers.

​ submitted by /u/ateeb098
[link] [comments]


http://dlvr.it/SzkB1t