2018
DOI: 10.1016/j.procs.2018.05.079
|View full text |Cite
|
Sign up to set email alerts
|

A New Labeled Flow-based DNS Dataset for Anomaly Detection: PUF Dataset

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
8
0

Year Published

2019
2019
2024
2024

Publication Types

Select...
5
3
1

Relationship

0
9

Authors

Journals

citations
Cited by 15 publications
(8 citation statements)
references
References 8 publications
0
8
0
Order By: Relevance
“…Synthetic Minority Oversampling Technique (SMOTE) method was used for the generation of synthetic sample data. This method uses the K-nearest neighbor algorithm [31] to generate new samples. The literature mentions two similar methods ADASYN and RandomOverSampler.…”
Section: Dataset Preprocessing and Synthetic Minority Over-samplimentioning
confidence: 99%
“…Synthetic Minority Oversampling Technique (SMOTE) method was used for the generation of synthetic sample data. This method uses the K-nearest neighbor algorithm [31] to generate new samples. The literature mentions two similar methods ADASYN and RandomOverSampler.…”
Section: Dataset Preprocessing and Synthetic Minority Over-samplimentioning
confidence: 99%
“…Besides, abnormal attacks can be detected among various attacks by analysing the attacks. Although IDS can use network traffic data for detection of attacks and anomalies, it is much time consuming [51 ]. Because the C‐NSA is fast and is not required heavy computation load and complexity, it is thought that C‐NSA for abnormal traffic can perform the task of web application firewall positioned in front of IDS and even servers.…”
Section: Conclusion and Discussionmentioning
confidence: 99%
“…ISCX 2012 [28] Four attack scenarios (1: Infiltrating the network from the inside; 2: HTTP DoS; 3: DDoS using an IRC botnet; 4: SSH brute force) ISOT [57] botnet (Storm, Waledac) KDD CUP 99 [42] DoS, privilege escalation (remote-to-local and user-to-root), probing Kent 2016 [58], [59] not specified Kyoto 2006+ [60] Various attacks against honeypots (e.g. backscatter, DoS, exploits, malware, port scans, shellcode) LBNL [61] port scans NDSec-1 [62] botnet (Citadel), brute force (against FTP, HTTP and SSH), DDoS (HTTP floods, SYN flooding and UDP floods), exploits, probe, spoofing, SSL proxy, XSS/SQL injection NGIDS-DS [19] backdoors, DoS, exploits, generic, reconnaissance, shellcode, worms NSL-KDD [63] DoS, privilege escalation (remote-to-local and user-to-root), probing PU-IDS [64] DoS, privilege escalation (remote-to-local and user-to-root), probing PUF [65] DNS attacks SANTA [35] (D)DoS (ICMP flood, RUDY, SYN flood), DNS amplification, heartbleed, port scans SSENET-2011 [47] DoS (executed through LOIC), port scans (executed through Angry IP Scanner, Nessus, Nmap), various attack tools (e.g. metasploit) SSENET-2014 [66] botnet, flooding, privilege escalation, port scans SSHCure [67] SSH attacks TRAbID [68] DoS (HTTP flood, ICMP flood, SMTP flood, SYN flood, TCP keepalive), port scans (ACK-Scan, FIN-Scan, NULL-Scan, OS Fingerprinting, Service Fingerprinting, UDP-Scan, XMAS-Scan) TUIDS [69], [70] botnet (IRC), DDoS (Fraggle flood, Ping flood, RST flood, smurf ICMP flood, SYN flood, UDP flood), port scans (e.g.…”
Section: Data Setmentioning
confidence: 99%