LLSIM: network simulation for correlation and response testing

LLSIM is an easily configurable network simulator that can produce a wide variety of data sets without expensive testbeds. These data sets are useful for researchers who are developing general-purpose correlation and response systems. LLSim is a Java-based event-driven simulator consisting of user-configurable core models of networks and hosts with network and host events. Several event generators and models of several intrusion detection sensors were developed On a typical PC workstation, LLSim can emulate arbitrary networks with hundreds of nodes and communication links, and can accurately simulate hundreds of intrusion detection sensors operating in these environments. It can also help researchers evaluate the effectiveness of simple response actions such as altering network firewall policies in response to an attack LLSim has been used to produce datasets used in the DARPA Cyber Panel program.