LARIAT
{{distinguish|lariat}}
{{Short description|Network security platform}}
{{Use mdy dates|date=August 2022}}
{{Infobox information appliance
| name = Lincoln Adaptable Real-time Information Assurance Testbed
| aka = LARIAT
| image =
| caption =
| developer = MIT Lincoln Laboratory
| type = Network Security Testbed
| release date = {{Start date|2002}}
| retail availability =
| os = Modified Linux (for traffic generators)
| predecessor = Unnamed DARPA 1998/1999 testbed
| successor = LLSIM
| related =
| language = Java (for the GUI)
}}
The Lincoln Adaptable Real-time Information Assurance Testbed (LARIAT) is a physical{{Cite book |last1=Shahzad |first1=Khurram |title=Advances in security of information and communication networks : first international conference, SecNet 2013, Cairo, Egypt, September 3-5, 2013 : proceedings |last2=Woodhead |first2=Steve |last3=Bakalis |first3=Panos |date=2013 |publisher=Springer |isbn=978-3-642-40597-6 |editor-last=Hassanien |editor-first=Aboul Ella |location=Heidelberg |pages=56 |chapter=A Virtualized Network Testbed for Zero-Day Worm Analysis and Countermeasure Testing |oclc=858945327 |quote=The 1998 DARPA off-line intrusion detection evaluation and LARIAT are also two physical machine testbeds sponsored by US Air Force and developed at the Lincoln Laboratory, MIT. |editor-last2=Awad |editor-first2=Ali Ismail |editor-last3=Baba |editor-first3=Kensuke}} computing platform developed by the MIT Lincoln Laboratory as a testbed for network security applications.{{Cite book |last1=Wright |first1=Charles V. |title=Recent advances in intrusion detection : 13th International Symposium, RAID 2010, Ottawa, Ontario, Canada, September 15-17, 2010, proceedings |last2=Connelly |first2=Christopher |last3=Braje |first3=Timothy |last4=Rabek |first4=Jesse C. |last5=Rossey |first5=Lee M. |last6=Cunningham |first6=Robert K. |publisher=Springer |year=2010 |isbn=978-3-642-15512-3 |editor-last=Jha |editor-first=Somesh |location=Berlin |pages=218–237 |chapter=Generating Client Workloads and High-Fidelity Network Traffic for Controllable, Repeatable Experiments in Computer Security |oclc=676698663 |editor-last2=Sommer |editor-first2=Robin |editor-last3=Kreibich |editor-first3=Christian}} Use of the platform is restricted to the United States military, though some academic organizations can also use the platform under certain conditions.{{Cite journal |last1=García-Teodoro |first1=P. |last2=Díaz-Verdejo |first2=J. |last3=Maciá-Fernández |first3=G. |last4=Vázquez |first4=E. |year=2009 |title=Anomaly-based network intrusion detection: Techniques, systems and challenges |journal=Computers & Security |language=en |volume=28 |issue=1–2 |pages=18–28 |doi=10.1016/j.cose.2008.08.003 |quote=Unfortunately, LARIAT is restricted to US military environments and to some academic organizations under special circumstances. }}
LARIAT was designed to help with the development and testing of intrusion detection (ID) and information assurance (IA) technologies.{{cite book |doi=10.1109/AERO.2002.1036158 |chapter=LARIAT: Lincoln adaptable real-time information assurance testbed |title=Proceedings, IEEE Aerospace Conference |date=2002 |last1=Rossey |first1=L.M. |last2=Cunningham |first2=R.K. |last3=Fried |first3=D.J. |last4=Rabek |first4=J.C. |last5=Lippmann |first5=R.P. |last6=Haines |first6=J.W. |last7=Zissman |first7=M.A. |volume=6 |isbn=0-7803-7231-X }} Initially created in 2002,{{cite book |doi=10.1109/PST.2014.6890935 |chapter=Semi-synthetic data set generation for security software evaluation |title=2014 Twelfth Annual International Conference on Privacy, Security and Trust |date=2014 |last1=Skopik |first1=Florian |last2=Settanni |first2=Giuseppe |last3=Fiedler |first3=Roman |last4=Friedberg |first4=Ivo |pages=156–163 |isbn=978-1-4799-3503-1 }} LARIAT was the first simulated platform for ID testing{{Cite conference |last1=Årnes |first1=André |last2=Haas |first2=Paul |last3=Vigna |first3=Giovanni |last4=Kemmerer |first4=Richard A. |date=2006 |editor-last=Büschkes |editor-first=Roland |editor2-last=Laskov |editor2-first=Pavel |title=Detection of Intrusions and Malware & Vulnerability Assessment |series=Lecture Notes in Computer Science |location=Berlin, Heidelberg |publisher=Springer Berlin Heidelberg |volume=4064 |pages=144–163 |doi=10.1007/11790754_9 |isbn=978-3-540-36014-8 |chapter=Digital Forensic Reconstruction and the Virtual Security Testbed ViSe }} and was created to improve upon a preexisting non-simulated testbed that was created for DARPA's 1998 and 1999 ID analyses. LARIAT is used by the United States military for training purposes and automated systems testing.
Function
The platform simulates users and reflects vulnerabilities caused by design flaws and user interactions{{Cite book |last1=Yu |first1=T.H. |title=VizSEC 2007 : proceedings of the Workshop on Visualization for Computer Security |last2=Fuller |first2=B.W. |last3=Bannick |first3=J.H. |last4=Rossey |first4=L.M. |last5=Cunningham |first5=R.K. |date=2008 |publisher=Springer |isbn=978-3-540-78243-8 |editor-last=Goodall |editor-first=John R. |location=Berlin |pages=68 |chapter=Integrated Environment Management for Information Operations Testbeds |oclc=272298719 |editor-last2=Conti |editor-first2=Gregory |editor-last3=Ma |editor-first3=Kwan-Liu}} and allows for interaction with real-world programs such as web browsers and office suites while simulating realistic user activity on these applications.{{Cite report |id={{DTIC|AD1033870}} |title=Advanced Tools for Cyber Ranges |last=Braje |first=Timothy M. |date=February 15, 2016 |publisher=MIT Lincoln Laboratory |location=Lexington, Massachusetts |pages=5–6 |via=Defense Technical Information Center}} These virtual users are managed by Markov models which allow them to act differently from each other in a realistic way.{{Cite report |id={{DTIC|ADA594524}} |title=A Survey of Cyber Ranges and Testbeds |last1=Davis |first1=Jon |last2=Magrath |first2=Shane |date=December 1, 2013 |publisher=Defence Science and Technology Group |page=10 |via=Defense Technical Information Center}}
This results in a realistic simulation of an active network of users that can then be targeted for malicious attacks to test the effectiveness of the attacks against network defenses, while also testing the effectiveness of intrusion detection methods and software in a simulated real-world environment with actual users in amongst the malicious traffic on the network. This is done because network intrusion detection software cannot as easily find instances of malicious network traffic when it is mixed in with non-malicious network traffic generated by legitimate users of the network.
The traffic generators used by the testbed run on a modified version of Linux,{{cite book |doi=10.1109/DISCEX.2001.932190 |chapter=Extending the DARPA off-line intrusion detection evaluations |title=Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01 |date=2001 |last1=Haines |first1=J.W. |last2=Rossey |first2=L.M. |last3=Lippmann |first3=R.P. |last4=Cunningham |first4=R.K. |volume=1 |pages=35–45 |isbn=0-7695-1212-7 }} and a Java-based graphical user interface called Director is provided to allow users of the platform to configure and control testing parameters and to monitor the resulting network traffic.
Influence
Cyberwarfare training programs such as those at the Korea Institute of Military Science and Technology's research center use the principles and methodologies of the LARIAT platform in the development of simulated threat generators for cyberwarfare training.{{Cite journal |last1=Hong |first1=Suyoun |last2=Kim |first2=Kwangsoo |last3=Kim |first3=Taekyu |date=2019 |title=사이버전 훈련을 위한 ATT&CK 기반 모의 위협 발생기 설계 및 구현 |trans-title=The Design and Implementation of Simulated Threat Generator based on MITRE ATT&CK for Cyber Warfare Training |journal=Journal of the Korea Institute of Military Science and Technology |language=Korean |volume=22 |issue=6 |pages=797–805 |doi=10.9766/KIMST.2019.22.6.797 }} In non-security contexts, systems such as Artificial Intelligence programs build on the principles of the LARIAT platform to study and then simulate real-time user input and activity for automated testing systems.{{Cite book |last1=Poston |first1=Robin |title=HCI in business : second International Conference, HCIB 2015, held as part of HCI International 2015, Los Angeles, CA, USA, August 2-7, 2015, Proceedings |last2=Calvert |first2=Ashley |date=2015 |isbn=978-3-319-20895-4 |editor-last=Nah |editor-first=Fiona Fui-Hoon |location=Cham |pages=754 |chapter=Vision 2020: The Future of Software Quality Management and Impacts on Global User Acceptance |oclc=914296150 |editor-last2=Tan |editor-first2=Chuan-Hoo}}
=LLSIM=
The MIT Lincoln Laboratory designed the Lincoln Laboratory Simulator (LLSIM) as a fully virtualized Java-based successor to LARIAT that can be run on a single computer without the need for dedicated physical network hardware or expensive testbeds.{{cite book |doi=10.1109/SMCSIA.2003.1232429 |chapter=LLSIM: Network simulation for correlation and response testing |title=IEEE Systems, Man and Cybernetics Society Information Assurance Workshop, 2003 |date=2003 |last1=Haines |first1=J.W. |last2=Goulet |first2=S.A. |last3=Durst |first3=R.S. |last4=Champion |first4=T.G. |pages=243–250 |isbn=0-7803-7808-3 }} It is not a full replacement for LARIAT, however, as it does not generate low-level data such as network packets. While this makes it more scalable than LARIAT since it simplifies certain processes, it cannot be used for certain ID testing purposes that LARIAT can be utilized for.{{Cite thesis |last=Balzarotti |first=Davide |title=Testing Network Intrusion Detection Systems |date=June 28, 2006 |degree=PhD |publisher=Polytechnic University of Milan |citeseerx=10.1.1.129.9810}}