Garcia Cordero, Carlos ; Vasilomanolakis, Emmanouil ; Wainakh, Aidmar ; Mühlhäuser, Max ; Nadjm-Tehrani, Simin (2019)
On generating network traffic datasets with synthetic attacks for intrusion detection.
doi: 10.48550/arXiv.1905.00304
Report, Bibliographie
Kurzbeschreibung (Abstract)
Most research in the area of intrusion detection requires datasets to develop, evaluate or compare systems in one way or another. In this €eld, however, €nding suitable datasets is a challenge on to itself. Most publicly available datasets have negative qualities that limit their usefulness. In this article, we propose ID2T (Intrusion Detection Dataset Toolkit) to tackle this problem. ID2T facilitates the creation of labeled datasets by injecting synthetic aŠacks into background tra•c. Œe injected synthetic aŠacks blend themselves with the background tra•c by mimicking the background tra•c’s properties to eliminate any trace of ID2T’s usage. Œisworkhasthreecorecontributionareas. First, we present a comprehensive survey on intrusion detection datasets. In the survey, we propose a classi€cation to group the negative qualities we found in the datasets. Second, the architecture of ID2T is revised, improved and expanded. Œe architectural changes enable ID2T to inject recent and advanced aŠacks such as the widespread EternalBlue exploit or botnet communication paŠerns. Œe toolkit’s new functionality provides a set of tests, known as TIDED (Testing Intrusion Detection Datasets), that help identify potential defects in the background tra•c into which aŠacks are injected. Œird, we illustrate how ID2T is used in di‚erent use-case scenarios to evaluate the performance of anomaly and signature-based intrusion detection systems in a reproducible manner. ID2T is open source so‰ware and is made available to the community to expand its arsenal of aŠacks and capabilities.
| Typ des Eintrags: | Report |
|---|---|
| Erschienen: | 2019 |
| Autor(en): | Garcia Cordero, Carlos ; Vasilomanolakis, Emmanouil ; Wainakh, Aidmar ; Mühlhäuser, Max ; Nadjm-Tehrani, Simin |
| Art des Eintrags: | Bibliographie |
| Titel: | On generating network traffic datasets with synthetic attacks for intrusion detection |
| Sprache: | Englisch |
| Publikationsjahr: | 1 Mai 2019 |
| Verlag: | arXiv |
| Reihe: | Cryptography and Security |
| Kollation: | 31 Seiten |
| DOI: | 10.48550/arXiv.1905.00304 |
| URL / URN: | http://arxiv.org/abs/1905.00304 |
| Kurzbeschreibung (Abstract): | Most research in the area of intrusion detection requires datasets to develop, evaluate or compare systems in one way or another. In this €eld, however, €nding suitable datasets is a challenge on to itself. Most publicly available datasets have negative qualities that limit their usefulness. In this article, we propose ID2T (Intrusion Detection Dataset Toolkit) to tackle this problem. ID2T facilitates the creation of labeled datasets by injecting synthetic aŠacks into background tra•c. Œe injected synthetic aŠacks blend themselves with the background tra•c by mimicking the background tra•c’s properties to eliminate any trace of ID2T’s usage. Œisworkhasthreecorecontributionareas. First, we present a comprehensive survey on intrusion detection datasets. In the survey, we propose a classi€cation to group the negative qualities we found in the datasets. Second, the architecture of ID2T is revised, improved and expanded. Œe architectural changes enable ID2T to inject recent and advanced aŠacks such as the widespread EternalBlue exploit or botnet communication paŠerns. Œe toolkit’s new functionality provides a set of tests, known as TIDED (Testing Intrusion Detection Datasets), that help identify potential defects in the background tra•c into which aŠacks are injected. Œird, we illustrate how ID2T is used in di‚erent use-case scenarios to evaluate the performance of anomaly and signature-based intrusion detection systems in a reproducible manner. ID2T is open source so‰ware and is made available to the community to expand its arsenal of aŠacks and capabilities. |
| Zusätzliche Informationen: | 1. Version |
| Fachbereich(e)/-gebiet(e): | 20 Fachbereich Informatik 20 Fachbereich Informatik > Telekooperation |
| Hinterlegungsdatum: | 06 Apr 2020 12:02 |
| Letzte Änderung: | 19 Dez 2024 09:06 |
| PPN: | |
| Export: | |
| Suche nach Titel in: | TUfind oder in Google |
 |
Frage zum Eintrag |
Optionen (nur für Redakteure)
 |
Redaktionelle Details anzeigen |
Drucken
Impressum