On generating network traffic datasets with synthetic attacks for intrusion detection

05/01/2019
by   Carlos Garcia Cordero, et al.
0

Most research in the area of intrusion detection requires datasets to develop, evaluate or compare systems in one way or another. In this field, however, finding suitable datasets is a challenge on to itself. Most publicly available datasets have negative qualities that limit their usefulness. In this article, we propose ID2T (Intrusion Detection Dataset Toolkit) to tackle this problem. ID2T facilitates the creation of labeled datasets by injecting synthetic attacks into background traffic. The injected synthetic attacks blend themselves with the background traffic by mimicking the background traffic's properties to eliminate any trace of ID2T's usage. This work has three core contribution areas. First, we present a comprehensive survey on intrusion detection datasets. In the survey, we propose a classification to group the negative qualities we found in the datasets. Second, the architecture of ID2T is revised, improved and expanded. The architectural changes enable ID2T to inject recent and advanced attacks such as the widespread EternalBlue exploit or botnet communication patterns. The toolkit's new functionality provides a set of tests, known as TIDED (Testing Intrusion Detection Datasets), that help identify potential defects in the background traffic into which attacks are injected. Third, we illustrate how ID2T is used in different use-case scenarios to evaluate the performance of anomaly and signature-based intrusion detection systems in a reproducible manner. ID2T is open source software and is made available to the community to expand its arsenal of attacks and capabilities.

READ FULL TEXT
research
03/06/2019

A Survey of Network-based Intrusion Detection Data Sets

Labeled data sets are necessary to train and evaluate anomaly-based netw...
research
07/27/2021

Intrusion Detection with Machine Learning Using Open-Sourced Datasets

No significant research has been conducted so far on Intrusion detection...
research
02/07/2018

New Use Cases for Snort: Cloud and Mobile Environments

First, this case study explores an Intrusion Detection System package ca...
research
11/12/2020

Traffic Generation using Containerization for Machine Learning

The design and evaluation of data-driven network intrusion detection met...
research
08/06/2019

A Public Network Trace of a Control and Automation System

The increasing number of attacks against automation systems such as SCAD...
research
02/28/2019

A comparative evaluation of novelty detection algorithms for discrete sequences

The identification of anomalies in temporal data is a core component of ...

Please sign up or login with your details

Forgot password? Click here to reset