当前位置:
X-MOL 学术
›
ACM Trans. Priv. Secur.
›
论文详情
Our official English website, www.x-mol.net, welcomes your
feedback! (Note: you will need to create a separate account there.)
On Generating Network Traffic Datasets with Synthetic Attacks for Intrusion Detection
ACM Transactions on Privacy and Security ( IF 3.0 ) Pub Date : 2021-01-02 , DOI: 10.1145/3424155 Carlos Garcia Cordero 1 , Emmanouil Vasilomanolakis 2 , Aidmar Wainakh 1 , Max Mühlhäuser 1 , Simin Nadjm-Tehrani 3
ACM Transactions on Privacy and Security ( IF 3.0 ) Pub Date : 2021-01-02 , DOI: 10.1145/3424155 Carlos Garcia Cordero 1 , Emmanouil Vasilomanolakis 2 , Aidmar Wainakh 1 , Max Mühlhäuser 1 , Simin Nadjm-Tehrani 3
Affiliation
Most research in the field of network intrusion detection heavily relies on datasets. Datasets in this field, however, are scarce and difficult to reproduce. To compare, evaluate, and test related work, researchers usually need the same datasets or at least datasets with similar characteristics as the ones used in related work. In this work, we present concepts and the Intrusion Detection Dataset Toolkit (ID2T) to alleviate the problem of reproducing datasets with desired characteristics to enable an accurate replication of scientific results. Intrusion Detection Dataset Toolkit (ID2T) facilitates the creation of labeled datasets by injecting synthetic attacks into background traffic. The injected synthetic attacks created by ID2T blend with the background traffic by mimicking the background traffic’s properties. This article has three core contributions. First, we present a comprehensive survey on intrusion detection datasets. In the survey, we propose a classification to group the negative qualities found in the datasets. Second, the architecture of ID2T is revised, improved, and expanded in comparison to previous work. The architectural changes enable ID2T to inject recent and advanced attacks, such as the EternalBlue exploit or a peer-to-peer botnet. ID2T’s functionality provides a set of tests, known as TIDED, that helps identify potential defects in the background traffic into which attacks are injected. Third, we illustrate how ID2T is used in different use-case scenarios to replicate scientific results with the help of reproducible datasets. ID2T is open source software and is made available to the community to expand its arsenal of attacks and capabilities.
中文翻译:
使用综合攻击生成网络流量数据集以进行入侵检测
网络入侵检测领域的大多数研究都严重依赖于数据集。然而,该领域的数据集稀缺且难以复制。为了比较、评估和测试相关工作,研究人员通常需要与相关工作中使用的数据集相同或至少具有相似特征的数据集。在这项工作中,我们提出了概念和入侵检测数据集工具包 (ID2T),以缓解重现具有所需特征的数据集的问题,从而准确复制科学结果。入侵检测数据集工具包 (ID2T) 通过将合成攻击注入后台流量来促进标记数据集的创建。由 ID2T 创建的注入合成攻击通过模仿后台流量的属性与后台流量混合。这篇文章有三个核心贡献。首先,我们对入侵检测数据集进行了全面调查。在调查中,我们提出了一个分类来对数据集中发现的负面品质进行分组。其次,与之前的工作相比,ID2T 的架构进行了修改、改进和扩展。架构更改使 ID2T 能够注入近期和高级攻击,例如 EternalBlue 漏洞利用或点对点僵尸网络。ID2T 的功能提供了一组称为 TIDED 的测试,可帮助识别注入攻击的后台流量中的潜在缺陷。第三,我们说明了 ID2T 如何在不同的用例场景中使用,以借助可重现的数据集来复制科学结果。
更新日期:2021-01-02
中文翻译:
使用综合攻击生成网络流量数据集以进行入侵检测
网络入侵检测领域的大多数研究都严重依赖于数据集。然而,该领域的数据集稀缺且难以复制。为了比较、评估和测试相关工作,研究人员通常需要与相关工作中使用的数据集相同或至少具有相似特征的数据集。在这项工作中,我们提出了概念和入侵检测数据集工具包 (ID2T),以缓解重现具有所需特征的数据集的问题,从而准确复制科学结果。入侵检测数据集工具包 (ID2T) 通过将合成攻击注入后台流量来促进标记数据集的创建。由 ID2T 创建的注入合成攻击通过模仿后台流量的属性与后台流量混合。这篇文章有三个核心贡献。首先,我们对入侵检测数据集进行了全面调查。在调查中,我们提出了一个分类来对数据集中发现的负面品质进行分组。其次,与之前的工作相比,ID2T 的架构进行了修改、改进和扩展。架构更改使 ID2T 能够注入近期和高级攻击,例如 EternalBlue 漏洞利用或点对点僵尸网络。ID2T 的功能提供了一组称为 TIDED 的测试,可帮助识别注入攻击的后台流量中的潜在缺陷。第三,我们说明了 ID2T 如何在不同的用例场景中使用,以借助可重现的数据集来复制科学结果。
京公网安备 11010802027423号