A Reference Dataset for Network Traffic Activity Based Intrusion Detection System

Singh, Raman; Kumar, Harish; Singla, R. K.

doi:10.15837/ijccc.2015.3.1924

Cited by 12 publications

(6 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…ISCX 2012 [28] Four attack scenarios (1: Infiltrating the network from the inside; 2: HTTP DoS; 3: DDoS using an IRC botnet; 4: SSH brute force) ISOT [57] botnet (Storm, Waledac) KDD CUP 99 [42] DoS, privilege escalation (remote-to-local and user-to-root), probing Kent 2016 [58], [59] not specified Kyoto 2006+ [60] Various attacks against honeypots (e.g. backscatter, DoS, exploits, malware, port scans, shellcode) LBNL [61] port scans NDSec-1 [62] botnet (Citadel), brute force (against FTP, HTTP and SSH), DDoS (HTTP floods, SYN flooding and UDP floods), exploits, probe, spoofing, SSL proxy, XSS/SQL injection NGIDS-DS [19] backdoors, DoS, exploits, generic, reconnaissance, shellcode, worms NSL-KDD [63] DoS, privilege escalation (remote-to-local and user-to-root), probing PU-IDS [64] DoS, privilege escalation (remote-to-local and user-to-root), probing PUF [65] DNS attacks SANTA [35] (D)DoS (ICMP flood, RUDY, SYN flood), DNS amplification, heartbleed, port scans SSENET-2011 [47] DoS (executed through LOIC), port scans (executed through Angry IP Scanner, Nessus, Nmap), various attack tools (e.g. metasploit) SSENET-2014 [66] botnet, flooding, privilege escalation, port scans SSHCure [67] SSH attacks TRAbID [68] DoS (HTTP flood, ICMP flood, SMTP flood, SYN flood, TCP keepalive), port scans (ACK-Scan, FIN-Scan, NULL-Scan, OS Fingerprinting, Service Fingerprinting, UDP-Scan, XMAS-Scan) TUIDS [69], [70] botnet (IRC), DDoS (Fraggle flood, Ping flood, RST flood, smurf ICMP flood, SYN flood, UDP flood), port scans (e.g.…”

Section: Data Setmentioning

confidence: 99%

“…The authors developed a generator which extracts statistics of an input data set and uses these statistics to generate new synthetic instances. As a consequence, the work of Singh et al [64] could be seen as a traffic generator to create PU-IDS which contains about 200,000 data points and has the same attributes and format as the NSL-KDD data set. As NSL-KDD is based on KDD CUP 1999 which in turn is extracted from DARPA 1998, the year of creation is set to 1998 since the input for the traffic generator was captured back then.…”

Section: Data Setmentioning

confidence: 99%

See 1 more Smart Citation

A survey of network-based intrusion detection data sets

Ring

Wunderlich

Scheuring

et al. 2019

Computers & Security

561

235

View full text Add to dashboard Cite

Labeled data sets are necessary to train and evaluate anomaly-based network intrusion detection systems. This work provides a focused literature survey of data sets for networkbased intrusion detection and describes the underlying packetand flow-based network data in detail. The paper identifies 15 different properties to assess the suitability of individual data sets for specific evaluation scenarios. These properties cover a wide range of criteria and are grouped into five categories such as data volume or recording environment for offering a structured search. Based on these properties, a comprehensive overview of existing data sets is given. This overview also highlights the peculiarities of each data set. Furthermore, this work briefly touches upon other sources for network-based data such as traffic generators and data repositories. Finally, we discuss our observations and provide some recommendations for the use and the creation of network-based data sets.

show abstract

Section: Data Setmentioning

confidence: 99%

Section: Data Setmentioning

confidence: 99%

A survey of network-based intrusion detection data sets

Ring

Wunderlich

Scheuring

et al. 2019

Computers & Security

561

235

View full text Add to dashboard Cite

show abstract

“…3) PU-IDS DATASETS PU-IDS [24] is a derivative of the NSL-KDD data set, and its author has developed a generator that extracts the statistics of the input data set and then creates a new data set. A traffic generator has the same attributes and format as the NSL-KDD data set.…”

Section: ) Kdd Cup 1999 Datasetsmentioning

confidence: 99%

AI-IDS: Application of Deep Learning to Real-Time Web Intrusion Detection

Park²,

2020

View full text Add to dashboard Cite

Deep Learning has been widely applied to problems in detecting various network attacks. However, no cases on network security have shown applications of various deep learning algorithms in real-time services beyond experimental conditions. Moreover, owing to the integration of high-performance computing, it is necessary to apply systems that can handle large-scale traffic. Given the rapid evolution of web-attacks, we implemented and applied our Artificial Intelligence-based Intrusion Detection System (AI-IDS). We propose an optimal convolutional neural network and long short-term memory network (CNN-LSTM) model, normalized UTF-8 character encoding for Spatial Feature Learning (SFL) to adequately extract the characteristics of real-time HTTP traffic without encryption, calculating entropy, and compression. We demonstrated its excellence through repeated experiments on two public datasets (CSIC-2010, CICIDS2017) and fixed real-time data. By training payloads that analyzed true or false positives with a labeling tool, AI-IDS distinguishes sophisticated attacks, such as unknown patterns, encoded or obfuscated attacks from benign traffic. It is a flexible and scalable system that is implemented based on Docker images, separating user-defined functions by independent images. It also helps to write and improve Snort rules for signature-based IDS based on newly identified patterns. As the model calculates the malicious probability by continuous training, it could accurately analyze unknown web-attacks.

show abstract

“…KDD Cup [17], NSL-KDD [18] and PU-IDS [19] are outdated, and they are not suitable for today's evaluations because of the many modifications that have occurred in the traffic of networks so far.…”

Section: B Using Existing Datasetsmentioning

confidence: 99%

Towards Generating Benchmark Datasets for Worm Infection Studies

Asgari

Sadeghiyan

2020

2020 10th International Symposium onTelecommunications (IST)

View full text Add to dashboard Cite

Worm origin identification and propagation path reconstruction are among the most critical problems in digital forensics. Until now, several methods have been proposed for this purpose. However, there are no suitable datasets that contain both normal background traffic and worm traffic that researchers can use them to evaluate their methods. In this paper, we suggest a technique to generate such datasets using simulation. Then, we generate several datasets for Slammer, Code Red I, Code Red II and modified versions of these worms in different scenarios using this technique and make them publicly available.

show abstract

A Reference Dataset for Network Traffic Activity Based Intrusion Detection System

Cited by 12 publications

References 10 publications

A survey of network-based intrusion detection data sets

A survey of network-based intrusion detection data sets

AI-IDS: Application of Deep Learning to Real-Time Web Intrusion Detection

Towards Generating Benchmark Datasets for Worm Infection Studies

Contact Info

Product

Resources

About