Simulating Application Behavior for Network Monitoring and Security

TL;DR

This paper introduces a statistical framework for realistic network simulation by modeling application behavior with probability density functions, enabling better testing of monitoring and security tools.

Contribution

It presents a novel, scalable, and lightweight method for generating dynamic network traffic based on learned application patterns, improving over simplistic models.

Findings

Produces realistic, dynamic network traffic simulations

Enables rigorous testing of monitoring tools and anomaly detection

Open-source implementation for broad adoption

Abstract

Existing network simulations often rely on simplistic models that send packets at random intervals, failing to capture the critical role of application-level behaviour. This paper presents a statistical approach that extracts and models application behaviour using probability density functions to generate realistic network simulations. By convolving learned application patterns, the framework produces dynamic, scalable traffic representations that closely mimic real-world networks. The method enables rigorous testing of network monitoring tools and anomaly detection systems by dynamically adjusting application behaviour. It is lightweight, capable of running multiple emulated applications on a single machine, and scalable for analysing large networks where real data collection is impractical. To encourage adoption and further testing, the full code is provided as open-source, allowing researchers and practitioners to replicate and extend the framework for diverse network environments.