IBM Security QRadar

 View Only

QRIF Benchmarking - Introduction of Sliding Batch Randomization

By DOGA TAV posted Thu May 11, 2023 02:37 PM


Note: The work presented in this blog is protected by the following patent(s): "US-11290432-B2 -Secure data transfer architecture for benchmarking"


Problem: In ForensicsBenchmarker, sequentially sending generated files was not providing us the document accumulation in DB. The approach mentioned in the first part of the figure was implemented to alleviate that. However, with the large number of files in the sender's repository, randomizing them during the sending process was causing the process to hold on to the memory as it tries to reconstruct the session.

Solution: With Sliding Batch Randomization approach, the sender script aims to control the time sequence in the files to be sent. With the large enough batch size and randomizations in between, no more memory issues were hit and reached the intended number of accumulation of records DB compared to fully randomizing the repository.


Below is the diagram of the implemented change: