Unraveled — A semi-synthetic dataset for Advanced Persistent Threats

Myneni, Sowmya; Jha, Kritshekhar; Sabur, Abdulhakim; Agrawal, Garima; Deng, Yuli; Chowdhary, Ankur; Huang, Dijiang

doi:10.1016/j.comnet.2023.109688

Cited by 17 publications

(8 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In this work, we chose the NSL-KDD dataset as it is one of the most widely used datasets carrying individual attack vectors that make a good study for our analysis in terms of generating the data using GANs. The later datasets such as CIC-IDS2017 [160], CIC-DDoS2019 [161], DAPT2020 [108], Unraveled (DAPT2021) [109], and CICEV2023 [162] carry attack vectors with complex correlated features. As a future work, we intend to study the capabilities of GANs in generative complex attacks like DDoS, SQL-Injection, and cross-site scripting using various generative models like LLMs and GANs.…”

Section: Discussionmentioning

confidence: 99%

“…Alternative approaches to creating a dataset have been proposed in the literature, including semi-synthetic and synthetic data generation techniques. In the semi-synthetic data generation approach, a network is set up, simulating a realistic network topology, and human penetration testers penetrate the network [108,109]. The dataset is then built by capturing the normal user behavior and the simulated attack behavior, followed by appropriately labeling those behaviors for developing statistical and machine learning models.…”

Section: Generating Cyberattack Data Using Generative Modelsmentioning

confidence: 99%

See 1 more Smart Citation

A Review of Generative Models in Generating Synthetic Attack Data for Cybersecurity

Agrawal,

Kaur,

Myneni

2024

Electronics

Self Cite

View full text Add to dashboard Cite

The ability of deep learning to process vast data and uncover concealed malicious patterns has spurred the adoption of deep learning methods within the cybersecurity domain. Nonetheless, a notable hurdle confronting cybersecurity researchers today is the acquisition of a sufficiently large dataset to effectively train deep learning models. Privacy and security concerns associated with using real-world organization data have made cybersecurity researchers seek alternative strategies, notably focusing on generating synthetic data. Generative adversarial networks (GANs) have emerged as a prominent solution, lauded for their capacity to generate synthetic data spanning diverse domains. Despite their widespread use, the efficacy of GANs in generating realistic cyberattack data remains a subject requiring thorough investigation. Moreover, the proficiency of deep learning models trained on such synthetic data to accurately discern real-world attacks and anomalies poses an additional challenge that demands exploration. This paper delves into the essential aspects of generative learning, scrutinizing their data generation capabilities, and conducts a comprehensive review to address the above questions. Through this exploration, we aim to shed light on the potential of synthetic data in fortifying deep learning models for robust cybersecurity applications.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Generating Cyberattack Data Using Generative Modelsmentioning

confidence: 99%

A Review of Generative Models in Generating Synthetic Attack Data for Cybersecurity

Agrawal,

Kaur,

Myneni

2024

Electronics

Self Cite

View full text Add to dashboard Cite

show abstract

“…For rapid processing, the stored data is required to be in structured form. This will help the system to process data retrieval commands quickly [10]. Beyond fundamentals of storage policies, CRC-NIDS desires to make a strategic function for its own pre-defined rules management [11].…”

Section: Database Valuations Over Nidsmentioning

confidence: 99%

Performance Improvement Scheme of NIDS Through Optimized Intrusion Pattern Database

Amjad,

Mumtaz,

Abbas

et al. 2024

IJORAS

View full text Add to dashboard Cite

Network-based intrusion detection systems (NIDS) are perceptively distributed devices within computer networks. They aim to examine traffic passing through the network on which they are installed passively. The database is the most vital part of network intrusion detection systems, as all the data converted information from the NIDS needs to be saved in a patterned structured manner. Understanding the usability of several available types of databases like central databases, Distributed databases, operational databases, etc., it is on the developer’s end to choose the most comprehensive one. Data transformation and performance speed are essential features that a stable database can handle. In this paper, we have analyzed the performance of multiple databases to find out the proficient way that favors NIDS optimization.

show abstract

“…There is a lack of robust attack datasets that can help detect sophisticated attacks, such as APTs [ 6 , 39 ]. The use of deception-based attacks for some recent datasets, such as DAPT2020 [ 40 ] and Unraveled [ 41 ], targeted a general class of APT attacks, by simulating the threat vectors used in APT attacks. As the scale of web infrastructure and web technologies expands, it will become difficult for security researchers to generate real attack samples by using attack simulations.…”

Section: Related Workmentioning

confidence: 99%

“…As the scale of web infrastructure and web technologies expands, it will become difficult for security researchers to generate real attack samples by using attack simulations. This research proposes complementing datasets such as DAPT2020 [ 40 ], and Unraveled [ 41 ], by generating fake attack data from real attack samples. GANs can create adversarial examples that mimic sophisticated attack techniques, as we have demonstrated in this research.…”

Section: Related Workmentioning

confidence: 99%

Generative Adversarial Network (GAN)-Based Autonomous Penetration Testing for Web Applications

Chowdhary,

Jha,

Zhao

2023

Sensors

Self Cite

View full text Add to dashboard Cite

The web application market has shown rapid growth in recent years. The expansion of Wireless Sensor Networks (WSNs) and the Internet of Things (IoT) has created new web-based communication and sensing frameworks. Current security research utilizes source code analysis and manual exploitation of web applications, to identify security vulnerabilities, such as Cross-Site Scripting (XSS) and SQL Injection, in these emerging fields. The attack samples generated as part of web application penetration testing on sensor networks can be easily blocked, using Web Application Firewalls (WAFs). In this research work, we propose an autonomous penetration testing framework that utilizes Generative Adversarial Networks (GANs). We overcome the limitations of vanilla GANs by using conditional sequence generation. This technique helps in identifying key features for XSS attacks. We trained a generative model based on attack labels and attack features. The attack features were identified using semantic tokenization, and the attack payloads were generated using conditional sequence GAN. The generated attack samples can be used to target web applications protected by WAFs in an automated manner. This model scales well on a large-scale web application platform, and it saves the significant effort invested in manual penetration testing.

show abstract

Unraveled — A semi-synthetic dataset for Advanced Persistent Threats

Cited by 17 publications

References 18 publications

A Review of Generative Models in Generating Synthetic Attack Data for Cybersecurity

A Review of Generative Models in Generating Synthetic Attack Data for Cybersecurity

Performance Improvement Scheme of NIDS Through Optimized Intrusion Pattern Database

Generative Adversarial Network (GAN)-Based Autonomous Penetration Testing for Web Applications

Contact Info

Product

Resources

About