TU Darmstadt / ULB / TUbiblio

Towards the creation of synthetic, yet realistic, intrusion detection datasets <b>(best paper award)</b>

Vasilomanolakis, Emmanouil and Cordero, Carlos Garcia and Milanov, Nikolay and Mühlhäuser, Max :
Towards the creation of synthetic, yet realistic, intrusion detection datasets <b>(best paper award)</b>.
IEEE/IFIP Workshop on Security for Emerging Distributed Network Technologies (DISSECT) IEEE
[Conference or Workshop Item] , (2016)

Abstract

Intrusion Detection Systems (IDSs) are an important defense tool against the sophisticated and ever-growing network attacks. With this in mind, the research community has been immersed in the field of IDSs over the past years more than before. Still, assessing and comparing performance between different systems and algorithms remains one of the biggest challenges in this research area. IDSs need to be evaluated and compared against high quality datasets; nevertheless, the existing ones have become outdated or lack many essential requirements. We present the Intrusion Detection Dataset Toolkit (ID2T), an approach for creating out-of-the-box labeled datasets that contain user defined attacks. In this paper, we discuss the essential requirements needed to create synthetic, yet realistic, datasets with user defined attacks. We also present typical problems found in synthetic datasets and propose a software architecture for building tools that can cope with the most typical problems. A publicly available prototype, is implemented and evaluated. The evaluation comprises a performance analysis and a quality assessment of the generated datasets. We show that our tool can handle large amounts of network traffic and that it can generate synthetic datasets without the problems or shortcomings we identified in other datasets.

Item Type: Conference or Workshop Item
Erschienen: 2016
Creators: Vasilomanolakis, Emmanouil and Cordero, Carlos Garcia and Milanov, Nikolay and Mühlhäuser, Max
Title: Towards the creation of synthetic, yet realistic, intrusion detection datasets <b>(best paper award)</b>
Language: German
Abstract:

Intrusion Detection Systems (IDSs) are an important defense tool against the sophisticated and ever-growing network attacks. With this in mind, the research community has been immersed in the field of IDSs over the past years more than before. Still, assessing and comparing performance between different systems and algorithms remains one of the biggest challenges in this research area. IDSs need to be evaluated and compared against high quality datasets; nevertheless, the existing ones have become outdated or lack many essential requirements. We present the Intrusion Detection Dataset Toolkit (ID2T), an approach for creating out-of-the-box labeled datasets that contain user defined attacks. In this paper, we discuss the essential requirements needed to create synthetic, yet realistic, datasets with user defined attacks. We also present typical problems found in synthetic datasets and propose a software architecture for building tools that can cope with the most typical problems. A publicly available prototype, is implemented and evaluated. The evaluation comprises a performance analysis and a quality assessment of the generated datasets. We show that our tool can handle large amounts of network traffic and that it can generate synthetic datasets without the problems or shortcomings we identified in other datasets.

Title of Book: IEEE/IFIP Workshop on Security for Emerging Distributed Network Technologies (DISSECT)
Publisher: IEEE
Uncontrolled Keywords: - SSI - Area Secure Smart Infrastructures;Secure Services
Divisions: Department of Computer Science
Department of Computer Science > Telecooperation
LOEWE
LOEWE > LOEWE-Zentren
LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
Event Location: Istanbul, Turkey
Date Deposited: 31 Dec 2016 12:59
DOI: 10.1109/NOMS.2016.7502989
Identification Number: TUD-CS-2016-0034
Related URLs:
Export:

Optionen (nur für Redakteure)

View Item View Item