Towards the creation of synthetic, yet realistic, intrusion detection datasets

Emmanouil Vasilomanolakis; Carlos Garcia Cordero; Nikolay Milanov; Max Mühlhäuser

doi:10.1109/NOMS.2016.7502989

Towards the creation of synthetic, yet realistic, intrusion detection datasets

Emmanouil Vasilomanolakis, Carlos Garcia Cordero, Nikolay Milanov, Max Mühlhäuser

Research output: Contribution to book/anthology/report/conference proceeding › Article in proceeding › Research › peer-review

18 Citations (Scopus)

Abstract

Intrusion Detection Systems (IDSs) are an important defense tool against the sophisticated and ever-growing network attacks. With this in mind, the research community has been immersed in the field of IDSs over the past years more than before. Still, assessing and comparing performance between different systems and algorithms remains one of the biggest challenges in this research area. IDSs need to be evaluated and compared against high quality datasets; nevertheless, the existing ones have become outdated or lack many essential requirements. We present the Intrusion Detection Dataset Toolkit (ID2T), an approach for creating out-of-the-box labeled datasets that contain user defined attacks. In this paper, we discuss the essential requirements needed to create synthetic, yet realistic, datasets with user defined attacks. We also present typical problems found in synthetic datasets and propose a software architecture for building tools that can cope with the most typical problems. A publicly available prototype, is implemented and evaluated. The evaluation comprises a performance analysis and a quality assessment of the generated datasets. We show that our tool can handle large amounts of network traffic and that it can generate synthetic datasets without the problems or shortcomings we identified in other datasets.

Original language	English
Title of host publication	Proceedings of the NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium
Editors	Sema Oktug Badonnel, Mehmet Ulema, Cicek Cavdar, Lisandro Zambenedetti Granville, Carlos Raniery P. dos Santos
Number of pages	6
Publisher	IEEE
Publication date	30 Jun 2016
Pages	1209-1214
Article number	7502989
ISBN (Electronic)	9781509002238
DOIs	https://doi.org/10.1109/NOMS.2016.7502989
Publication status	Published - 30 Jun 2016
Externally published	Yes
Event	2016 IEEE/IFIP Network Operations and Management Symposium, NOMS 2016 - Istanbul, Turkey Duration: 25 Apr 2016 → 29 Apr 2016

Conference

Conference	2016 IEEE/IFIP Network Operations and Management Symposium, NOMS 2016
Country/Territory	Turkey
City	Istanbul
Period	25/04/2016 → 29/04/2016

Series	Proceedings of the NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium

Bibliographical note

Publisher Copyright:
© 2016 IEEE.

Access to Document

10.1109/NOMS.2016.7502989

AUB Link

Search for the material in Aalborg University Library's search engine

Cite this

Vasilomanolakis, E., Cordero, C. G., Milanov, N., & Mühlhäuser, M. (2016). Towards the creation of synthetic, yet realistic, intrusion detection datasets. In S. O. Badonnel, M. Ulema, C. Cavdar, L. Z. Granville, & C. R. P. dos Santos (Eds.), Proceedings of the NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium (pp. 1209-1214). Article 7502989 IEEE. https://doi.org/10.1109/NOMS.2016.7502989

Vasilomanolakis, Emmanouil ; Cordero, Carlos Garcia ; Milanov, Nikolay et al. / Towards the creation of synthetic, yet realistic, intrusion detection datasets. Proceedings of the NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium. editor / Sema Oktug Badonnel ; Mehmet Ulema ; Cicek Cavdar ; Lisandro Zambenedetti Granville ; Carlos Raniery P. dos Santos. IEEE, 2016. pp. 1209-1214 (Proceedings of the NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium).

@inproceedings{6d2520099b644189b9378651a83fd6be,

title = "Towards the creation of synthetic, yet realistic, intrusion detection datasets",

abstract = "Intrusion Detection Systems (IDSs) are an important defense tool against the sophisticated and ever-growing network attacks. With this in mind, the research community has been immersed in the field of IDSs over the past years more than before. Still, assessing and comparing performance between different systems and algorithms remains one of the biggest challenges in this research area. IDSs need to be evaluated and compared against high quality datasets; nevertheless, the existing ones have become outdated or lack many essential requirements. We present the Intrusion Detection Dataset Toolkit (ID2T), an approach for creating out-of-the-box labeled datasets that contain user defined attacks. In this paper, we discuss the essential requirements needed to create synthetic, yet realistic, datasets with user defined attacks. We also present typical problems found in synthetic datasets and propose a software architecture for building tools that can cope with the most typical problems. A publicly available prototype, is implemented and evaluated. The evaluation comprises a performance analysis and a quality assessment of the generated datasets. We show that our tool can handle large amounts of network traffic and that it can generate synthetic datasets without the problems or shortcomings we identified in other datasets.",

author = "Emmanouil Vasilomanolakis and Cordero, {Carlos Garcia} and Nikolay Milanov and Max M{\"u}hlh{\"a}user",

note = "Publisher Copyright: {\textcopyright} 2016 IEEE.; 2016 IEEE/IFIP Network Operations and Management Symposium, NOMS 2016 ; Conference date: 25-04-2016 Through 29-04-2016",

year = "2016",

month = jun,

day = "30",

doi = "10.1109/NOMS.2016.7502989",

language = "English",

series = "Proceedings of the NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium",

pages = "1209--1214",

editor = "Badonnel, {Sema Oktug} and Mehmet Ulema and Cicek Cavdar and Granville, {Lisandro Zambenedetti} and {dos Santos}, {Carlos Raniery P.}",

booktitle = "Proceedings of the NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium",

publisher = "IEEE",

address = "United States",

}

Vasilomanolakis, E, Cordero, CG, Milanov, N & Mühlhäuser, M 2016, Towards the creation of synthetic, yet realistic, intrusion detection datasets. in SO Badonnel, M Ulema, C Cavdar, LZ Granville & CRP dos Santos (eds), Proceedings of the NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium., 7502989, IEEE, Proceedings of the NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium, pp. 1209-1214, 2016 IEEE/IFIP Network Operations and Management Symposium, NOMS 2016, Istanbul, Turkey, 25/04/2016. https://doi.org/10.1109/NOMS.2016.7502989

Towards the creation of synthetic, yet realistic, intrusion detection datasets. / Vasilomanolakis, Emmanouil; Cordero, Carlos Garcia; Milanov, Nikolay et al.
Proceedings of the NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium. ed. / Sema Oktug Badonnel; Mehmet Ulema; Cicek Cavdar; Lisandro Zambenedetti Granville; Carlos Raniery P. dos Santos. IEEE, 2016. p. 1209-1214 7502989 (Proceedings of the NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium).

Research output: Contribution to book/anthology/report/conference proceeding › Article in proceeding › Research › peer-review

TY - GEN

T1 - Towards the creation of synthetic, yet realistic, intrusion detection datasets

AU - Vasilomanolakis, Emmanouil

AU - Cordero, Carlos Garcia

AU - Milanov, Nikolay

AU - Mühlhäuser, Max

PY - 2016/6/30

Y1 - 2016/6/30

N2 - Intrusion Detection Systems (IDSs) are an important defense tool against the sophisticated and ever-growing network attacks. With this in mind, the research community has been immersed in the field of IDSs over the past years more than before. Still, assessing and comparing performance between different systems and algorithms remains one of the biggest challenges in this research area. IDSs need to be evaluated and compared against high quality datasets; nevertheless, the existing ones have become outdated or lack many essential requirements. We present the Intrusion Detection Dataset Toolkit (ID2T), an approach for creating out-of-the-box labeled datasets that contain user defined attacks. In this paper, we discuss the essential requirements needed to create synthetic, yet realistic, datasets with user defined attacks. We also present typical problems found in synthetic datasets and propose a software architecture for building tools that can cope with the most typical problems. A publicly available prototype, is implemented and evaluated. The evaluation comprises a performance analysis and a quality assessment of the generated datasets. We show that our tool can handle large amounts of network traffic and that it can generate synthetic datasets without the problems or shortcomings we identified in other datasets.

AB - Intrusion Detection Systems (IDSs) are an important defense tool against the sophisticated and ever-growing network attacks. With this in mind, the research community has been immersed in the field of IDSs over the past years more than before. Still, assessing and comparing performance between different systems and algorithms remains one of the biggest challenges in this research area. IDSs need to be evaluated and compared against high quality datasets; nevertheless, the existing ones have become outdated or lack many essential requirements. We present the Intrusion Detection Dataset Toolkit (ID2T), an approach for creating out-of-the-box labeled datasets that contain user defined attacks. In this paper, we discuss the essential requirements needed to create synthetic, yet realistic, datasets with user defined attacks. We also present typical problems found in synthetic datasets and propose a software architecture for building tools that can cope with the most typical problems. A publicly available prototype, is implemented and evaluated. The evaluation comprises a performance analysis and a quality assessment of the generated datasets. We show that our tool can handle large amounts of network traffic and that it can generate synthetic datasets without the problems or shortcomings we identified in other datasets.

UR - http://www.scopus.com/inward/record.url?scp=84979762848&partnerID=8YFLogxK

U2 - 10.1109/NOMS.2016.7502989

DO - 10.1109/NOMS.2016.7502989

M3 - Article in proceeding

AN - SCOPUS:84979762848

T3 - Proceedings of the NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium

SP - 1209

EP - 1214

BT - Proceedings of the NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium

A2 - Badonnel, Sema Oktug

A2 - Ulema, Mehmet

A2 - Cavdar, Cicek

A2 - Granville, Lisandro Zambenedetti

A2 - dos Santos, Carlos Raniery P.

PB - IEEE

T2 - 2016 IEEE/IFIP Network Operations and Management Symposium, NOMS 2016

Y2 - 25 April 2016 through 29 April 2016

ER -

Vasilomanolakis E, Cordero CG, Milanov N, Mühlhäuser M. Towards the creation of synthetic, yet realistic, intrusion detection datasets. In Badonnel SO, Ulema M, Cavdar C, Granville LZ, dos Santos CRP, editors, Proceedings of the NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium. IEEE. 2016. p. 1209-1214. 7502989. (Proceedings of the NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium). doi: 10.1109/NOMS.2016.7502989

Towards the creation of synthetic, yet realistic, intrusion detection datasets

Abstract

Conference

Bibliographical note

Access to Document

AUB Link

Other files and links

Fingerprint

Cite this