Garcia Cordero, Carlos ; Vasilomanolakis, Emmanouil ; Mühlhäuser, Max (2017)
ID2T - The Intrusion Detection Dataset Generation Toolkit.
Black Hat Europe 2017. London, United Kingdom (04.12.2017-07.12.2017)
Konferenzveröffentlichung, Bibliographie
Kurzbeschreibung (Abstract)
There is a never-ending arms race between attackers and defenders in the cyber-security world. Our tool, ID2T, tries to leverage the balance of power towards the defenders' side. ID2T enables security researchers and practitioners to test their defensive tools against synthetic attacks without risks. By injecting synthetic, yet realistic, attacks into network traces, detection mechanisms can be audited, tested and evaluated. ID2T emerges from the gaps that exist between the arsenals of attackers and defenders. Attackers have the upper hand with 0-day exploits and the malware that utilizes them. Ransomware, for example, makes the headlines more often than ever. The development of modern security mechanisms, on the contrary, is moving slowly. One of the reasons for the slow pace is that there are no clear strategies to evaluate novel defensive proposals. Researchers and security practitioners are forced to use archaic and unrealistic network traces to evaluate their proposals. The DARPA 1999 intrusion detection dataset is such an example. It contains 18-year-old network traces (with no resemblance to modern networks) and old attacks. ID2T stands for "Intrusion Detection Dataset Toolkit". It is an open source toolkit designed to inject synthetic, yet highly realistic attacks, into network traces with the PCAP format. ID2T provides a wide range of modern cyber-attacks for injection; from malware and web application attacks (e.g., against Joomla) to SQL injection and DDoS attacks. Injected attacks are made as realistic as possible by replicating the network conditions and characteristics of any inputted network trace. In this demo session we present the first public release of ID2T, which builds on top of our theoretical work.
| Typ des Eintrags: | Konferenzveröffentlichung |
|---|---|
| Erschienen: | 2017 |
| Autor(en): | Garcia Cordero, Carlos ; Vasilomanolakis, Emmanouil ; Mühlhäuser, Max |
| Art des Eintrags: | Bibliographie |
| Titel: | ID2T - The Intrusion Detection Dataset Generation Toolkit |
| Sprache: | Englisch |
| Publikationsjahr: | Dezember 2017 |
| Veranstaltungstitel: | Black Hat Europe 2017 |
| Veranstaltungsort: | London, United Kingdom |
| Veranstaltungsdatum: | 04.12.2017-07.12.2017 |
| URL / URN: | https://www.blackhat.com/eu-17/arsenal/schedule/index.html#i... |
| Zugehörige Links: | |
| Kurzbeschreibung (Abstract): | There is a never-ending arms race between attackers and defenders in the cyber-security world. Our tool, ID2T, tries to leverage the balance of power towards the defenders' side. ID2T enables security researchers and practitioners to test their defensive tools against synthetic attacks without risks. By injecting synthetic, yet realistic, attacks into network traces, detection mechanisms can be audited, tested and evaluated. ID2T emerges from the gaps that exist between the arsenals of attackers and defenders. Attackers have the upper hand with 0-day exploits and the malware that utilizes them. Ransomware, for example, makes the headlines more often than ever. The development of modern security mechanisms, on the contrary, is moving slowly. One of the reasons for the slow pace is that there are no clear strategies to evaluate novel defensive proposals. Researchers and security practitioners are forced to use archaic and unrealistic network traces to evaluate their proposals. The DARPA 1999 intrusion detection dataset is such an example. It contains 18-year-old network traces (with no resemblance to modern networks) and old attacks. ID2T stands for "Intrusion Detection Dataset Toolkit". It is an open source toolkit designed to inject synthetic, yet highly realistic attacks, into network traces with the PCAP format. ID2T provides a wide range of modern cyber-attacks for injection; from malware and web application attacks (e.g., against Joomla) to SQL injection and DDoS attacks. Injected attacks are made as realistic as possible by replicating the network conditions and characteristics of any inputted network trace. In this demo session we present the first public release of ID2T, which builds on top of our theoretical work. |
| Freie Schlagworte: | SPIN: Smart Protection in Infrastructures and Networks; Solutions; S1 |
| ID-Nummer: | TUD-CS-2017-0257 |
| Zusätzliche Informationen: | Blackhat Europe 2017 Arsenal |
| Fachbereich(e)/-gebiet(e): | 20 Fachbereich Informatik 20 Fachbereich Informatik > Telekooperation DFG-Sonderforschungsbereiche (inkl. Transregio) DFG-Sonderforschungsbereiche (inkl. Transregio) > Sonderforschungsbereiche Profilbereiche Profilbereiche > Cybersicherheit (CYSEC) LOEWE LOEWE > LOEWE-Zentren LOEWE > LOEWE-Zentren > CRISP - Center for Research in Security and Privacy DFG-Sonderforschungsbereiche (inkl. Transregio) > Sonderforschungsbereiche > SFB 1119: CROSSING – Kryptographiebasierte Sicherheitslösungen als Grundlage für Vertrauen in heutigen und zukünftigen IT-Systemen |
| Hinterlegungsdatum: | 02 Okt 2017 10:11 |
| Letzte Änderung: | 19 Jan 2022 13:49 |
| PPN: | |
| Export: | |
| Suche nach Titel in: | TUfind oder in Google |
 |
Frage zum Eintrag |
Optionen (nur für Redakteure)
 |
Redaktionelle Details anzeigen |
Drucken
Impressum