Dataset Generation for Development of Multi-Node Cyber Threat Detection Systems

Bieniasz, Jędrzej; Szczypiorski, Krzysztof

doi:10.3390/electronics10212711

Cited by 3 publications

(2 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The trend is shifting towards analyzing existing cyber threat cases and replicating network traffic to reproduce them in cyberspace [22]. Vishwanath et al designed a method for stochastic generation of network traffic, duplication of actual network traffic, and delivering commands to test network applications [23], while Bieniasz et al proposed an approach for creating datasets for researching cyber threats on multi-node systems [24]. Thus, international research has been conducted on techniques to classify normal/abnormal traffic in a cyber training environment based on existing threat cases, and there is a need to build automated cyber training grounds through research on network traffic classification techniques.…”

Section: A Network Traffic Classification In Cyber Trainingmentioning

confidence: 99%

An Investigation of Learning Model Technologies for Network Traffic Classification Design in Cyber Security Exercises

Jang,

Kim,

Shin

et al. 2023

IEEE Access

View full text Add to dashboard Cite

With the proliferation of network systems, the boundaries between cyber and physical environments are blurring, leading to an increased risk of sophisticated cyber-attacks equipped with advanced technologies. In particular, as advancements in artificial intelligence through learning models have led to automated attacks and attack scenarios, countries are implementing cyber training and constructing training systems to respond to cyber security threats. This cyber training is based on existing cyber-attacks and conducted in virtual spaces similar to reality, generating network traffic through simulators and focusing on training for attack response and cyber resilience. However, the exponential increase in the number of networkbased devices and the amount of network traffic they generate is leading to a gradual increase in threats to cyber security. In this study, we first investigated the existing port number-based network traffic classification technologies and payload-based network traffic classification technologies to identify their shortcomings in the current network environment. We then categorized existing studies into supervised, unsupervised, and reinforcement learning to analyze the technology of classifying network traffic based on learning models as well as classification methods, procedures, performance standards, evaluation methods, quality of service/quality of experience, etc. Based on the analysis, we presented limitations for application to training networks according to the learning method and suggested recommendations for establishing future research directions. Therefore, refining learning model-based network traffic classification technology will contribute to the construction of automated cyber training grounds such as cyber-attack-defense scenarios, network traffic anomaly detection, and maximizing cumulative rewards.

show abstract

Section: A Network Traffic Classification In Cyber Trainingmentioning

confidence: 99%

An Investigation of Learning Model Technologies for Network Traffic Classification Design in Cyber Security Exercises

Jang,

Kim,

Shin

et al. 2023

IEEE Access

View full text Add to dashboard Cite

show abstract

“…Bieniasz et al [10] proposed a new approach to generating datasets for cyber threat research in a multi-node system. Towards this purpose, the proof-of-concept of such a system was implemented and could be used to collect unique datasets with examples of information hiding techniques.…”

mentioning

confidence: 99%

Cybersecurity and Data Science

Szczypiorski

2022

Electronics

Self Cite

View full text Add to dashboard Cite

show abstract

Design and Implementation of Multi-Cyber Range for Cyber Training and Testing

et al. 2022

View full text Add to dashboard Cite

It is essential to build a practical environment of the training/test site for cyber training and weapon system test evaluation. In a military environment, cyber training sites should be continuously developed according to the characteristics of the military. Weapons with cyber security capabilities should be deployed through cyber security certification. Recently, each military has been building its own cyber range that simulates its battlefield environment. However, since the actual battlefield is an integrated operation environment, the cyber range built does not reflect the integrated battlefield environment that is interconnected. This paper proposes a configuration plan and operation function to construct a multi-cyber range reflecting the characteristics of each military to overcome this situation. In order to test the multi-cyber range, which has scenario authoring and operation functions, and can faithfully reflect reality, the impact of DDoS attacks is tested. It is a key to real-world mission-based test evaluation to ensure interoperability between military systems. As a result of the experiment, it was concluded that if a DDoS attack occurs due to the infiltration of malicious code into the military network, it may have a serious impact on securing message interoperability between systems in the military network. Cyber range construction technology is being developed not only in the military, but also in school education and businesses. The proposed technology can also be applied to the construction of cyber ranges in industries where cyber-physical systems are emphasized. In addition, it is a field that is continuously developing with the development of technology, such as being applied as an experimental site for learning machine learning systems.

show abstract

Dataset Generation for Development of Multi-Node Cyber Threat Detection Systems

Cited by 3 publications

References 23 publications

An Investigation of Learning Model Technologies for Network Traffic Classification Design in Cyber Security Exercises

An Investigation of Learning Model Technologies for Network Traffic Classification Design in Cyber Security Exercises

Cybersecurity and Data Science

Design and Implementation of Multi-Cyber Range for Cyber Training and Testing

Contact Info

Product

Resources

About