Tasks Skaion has performed for customers including DARPA, NSA, CERT, JHU APL, ARL and AFRL:

Traffic Generation

Skaion has developed a number of custom traffic generation tools to "build the haystack" for cyber tests. These include:
  • Generating traffic at ~100Gb using custom clients and servers with ~20 machines (achieved 36Gb with 2 machines)
  • Generating traffic from hundreds of thousands of IPs using dozens of machines
  • Generating a mixture of protocols including HTTP(s), SMTP, several varieties of P2P, and others
  • Driving hosts (Windows XP, Windows 7, Windows 2008, Fedora Core 15) using unmodified applications in realistic ways to test host-based systems using both virtual machines (VMWare Workstation/ESXi, QEMU) and physical machines
  • Software to interact with custom web applications
  • Software to interact with custom desktop applications providing specific desired behavior (e.g., chat over multicast)

Test Setup/Execution

In addition to traffic generation, Skaion has helped prepare ranges for testing and ensured they performed as expected. Tasks included:
  • Custom modifications to QEMU to allow data collection outside the view of the system under test
  • Range/Test control software ensuring the correct, properly configured VMs were running prior to each test case, along with automating data collection after each case
  • Network validation tools
  • Windows network setup/administration
  • Linux network setup/administration
  • Custom data collection and analysis tools

Red Team/Malicious

Many tests need specific test vectors. Skaion has provided these for several projects, developing novel malicious code to test 0-day infections with desired properties. Often the exploits attack manufactured vulnerabilities to prevent the malware from running in the wild.

Additionally, a critique of some data sets noted that malicious traffic is too easily identified when no other nefarious traffic exists in the data. To address that concern, Skaion provides automated scans and "ankle biters" whose attacks should not succeed, but which build richer traffic for the test.

A Skaion Traffic Generator powers the live demo at FlowTraq and 2 of our data sets are available in PREDICT