Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization

被引:2408
作者
Sharafaldin, Iman [1 ]
Lashkari, Arash Habibi [1 ]
Ghorbani, Ali A. [1 ]
机构
[1] Univ New Brunswick UNB, Canadian Inst Cybersecur CIC, Fredericton, NB, Canada
来源
ICISSP: PROCEEDINGS OF THE 4TH INTERNATIONAL CONFERENCE ON INFORMATION SYSTEMS SECURITY AND PRIVACY | 2018年
基金
加拿大自然科学与工程研究理事会;
关键词
Intrusion Detection; IDS Dataset; DoS; Web Attack; Infiltration; Brute Force;
D O I
10.5220/0006639801080116
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
With exponential growth in the size of computer networks and developed applications, the significant increasing of the potential damage that can be caused by launching attacks is becoming obvious. Meanwhile, Intrusion Detection Systems (IDSs) and Intrusion Prevention Systems (IPSs) are one of the most important defense tools against the sophisticated and ever-growing network attacks. Due to the lack of adequate dataset, anomaly-based approaches in intrusion detection systems are suffering from accurate deployment, analysis and evaluation. There exist a number of such datasets such as DARPA98, KDD99, ISC2012, and ADFA13 that have been used by the researchers to evaluate the performance of their proposed intrusion detection and intrusion prevention approaches. Based on our study over eleven available datasets since 1998, many such datasets are out of date and unreliable to use. Some of these datasets suffer from lack of traffic diversity and volumes, some of them do not cover the variety of attacks, while others anonymized packet information and payload which cannot reflect the current trends, or they lack feature set and metadata. This paper produces a reliable dataset that contains benign and seven common attack network flows, which meets real world criteria and is publicly avaliable. Consequently, the paper evaluates the performance of a comprehensive set of network traffic features and machine learning algorithms to indicate the best set of features for detecting the certain attack categories.
引用
收藏
页码:108 / 116
页数:9
相关论文
共 27 条
[1]  
[Anonymous], 2011, WORKSHOP BUILDING AN, DOI DOI 10.1145/1978672.1978676
[2]  
[Anonymous], 2016, P 2016 INT C INF SCI
[3]  
[Anonymous], 2018, Softw. Netw., DOI DOI 10.13052/JSN2445-9739.2017.009
[4]  
Brown C., 2009, Planning for disaster debris management, P1
[5]  
Chitrakar R, 2012, INT C WIREL COMM NET
[6]  
Creech G, 2013, 2013 IEEE WIRELESS COMMUNICATIONS AND NETWORKING CONFERENCE (WCNC), P4487
[7]  
Ghorbani Ali L. W., 2010, NETWORK INTRUSION DE
[8]   Uses and Challenges for Network Datasets [J].
Heidemann, John ;
Papadopoulos, Christos .
CATCH 2009: CYBERSECURITY APPLICATIONS AND TECHNOLOGY CONFERENCE FOR HOMELAND SECURITY, PROCEEDINGS, 2009, :73-82
[9]  
Koch R., 2017, P TERENA NETW C, P7
[10]   Characterization of Tor Traffic using Time based Features [J].
Lashkari, Arash Habibi ;
Gil, Gerard Draper ;
Mamun, Mohammad Saiful Islam ;
Ghorbani, Ali A. .
ICISSP: PROCEEDINGS OF THE 3RD INTERNATIONAL CONFERENCE ON INFORMATION SYSTEMS SECURITY AND PRIVACY, 2017, :253-262