Toward developing a systematic approach to generate benchmark datasets for intrusion detection

Computers and Security

Volumn 31, Issue 3, 2012, Pages 357-374

  Shiravi, Ali ^a   Shiravi, Hadi ^a   Tavallaee, Mahbod ^a   Ghorbani, Ali A ^a  

^a UNIVERSITY OF NEW BRUNSWICK   (Canada)

Author keywords

Dataset generation; Intrusion detection; Network traffic profile

Indexed keywords

BENCHMARK DATASETS; CURRENT TRENDS; DATA SETS; DISTRIBUTION MODELS; MALICIOUS ACTIVITIES; MULTI-STAGE ATTACK; NETWORK BEHAVIORS; NETWORK INTRUSION DETECTION; NETWORK TRAFFIC PROFILE; PRIVACY ISSUE; REAL TRACE; REAL TRAFFIC; STATISTICAL CHARACTERISTICS; TRAFFIC COMPOSITIONS;

BEHAVIORAL RESEARCH; INTERNET PROTOCOLS; INTRUSION DETECTION;

STATISTICAL TESTS;

EID: 84859430323     PISSN: 01674048     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.cose.2011.12.012     Document Type: Article

References (37)

1. M. Arboi The NASL2 reference manual 2005 Nessus
2. A.L. Barabsi The origin of bursts and heavy tails in human dynamics Nature 435 2005 207 211
3. C. Brown, A. Cowperthwaite, A. Hijazi, and A. Somayaji Analysis of the 1999 DARPA/Lincoln laboratory IDS evaluation data with netadhict Proceedings of the second IEEE international conference on computational intelligence for security and defense applications 2009 IEEE Press Piscataway, NJ, USA 67 73
4. CAIDA The cooperative association for internet data analysis 2011 http://www.caida.org/
5. J. Cao, W.S. Cleveland, Y. Gao, K. Jeffay, F.D. Smith, and M.C. Weigle Stochastic models for generating synthetic HTTP source traffic IEEE INFOCOM 2004
6. F. Cuppens, and R. Ortalo LAMBDA: a language to model a database for detection of attacks RAID '00: proc. of the third international workshop on recent advances in intrusion detection 2000 197 216
7. P.B. Danzig, and S. Jamin tcplib: a library of internetwork traffic characteristics Technical Report 1991 Computer Science Department, USC
8. H. Ebel, L.I. Mielsch, and S. Bornholdt Scale-free topology of e-mail networks Phys Rev E 66 2002 35 103
9. S.T. Eckmann, G. Vigna, and R.A. Kemmerer STATL: an attack language for state-based intrusion detection J Comput Secur 10 2002 71 103 (Pubitemid 34531413)
10. J.P. Eckmann, E. Moses, and D. Sergi Entropy of dialogues creates coherent structures in e-mail traffic Proc Nat Acad Sci U S A 101 2004 14333 14337 (Pubitemid 39346749)
11. S.S. Hong, and S.F. Wu On interactive internet traffic replay RAID'05 2005 247 264 (Pubitemid 43973731)
12. R. Jain The art of computer systems performance analysis: techniques for experimental design, measurement, simulation, and modeling 1991 Wiley
13. H.G. Kayacik, and A.N. Zincir-heywood Generating representative traffic for intrusion detection system benchmarking Conference on communication networks and services research 2005 112 117 (Pubitemid 44130639)
14. K.C. Lan, and J.S. Heidemann Rapid model parameterization from traffic measurements ACM T Model Comput S 12 2002 201 229
15. Lawrence Berkeley National Laboratory and ICSI. LBNL/ICSI enterprise tracing project. www.icir.org/enterprise-tracing/.
16. Lawrence Berkeley National Laboratory The internet traffic archive 2010 http://ita.ee.lbl.gov/index.html
17. M.I.T. Lincoln Laboratory DARPA intrusion detection evaluation 2011 http://www.ll.mit.edu/mission/communications/ist/corpora/ideval/index.html
18. B.A. Mah An empirical model of HTTP network traffic Proceedings of the INFOCOM '97. Sixteenth annual joint conference of the IEEE computer and communications societies 1997 Driving the Information Revolution, IEEE Computer Society Washington, DC, USA 592
19. J. Mchugh Testing intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln laboratory ACM Trans Inf Syst Secur 3 2000 262 294
20. J. McHugh The 1998 Lincoln laboratory IDS evaluation Proceedings of the third international workshop on recent advances in intrusion detection (RAID) 2000 Springer-Verlag London, UK 145 161
21. C. Michel, and L. Mé ADeLe: an attack description language for knowledge-based intrustion detection Sec '01: proceedings of the 16th international conference on Information security: trusted information 2001 Kluwer Academic Publishers Norwell, MA, USA 353 368
22. Muscariello, L., 2006. On internet traffic measurements, characterization and modelling. Ph.D. thesis.
23. D. Mutz, G. Vigna, and R.A. Kemmerer An experience developing an IDS stimulator for the black-box testing of network intrusion detection systems Annual computer security applications conference 2003 374 383
24. S. Networks Custom attack simulation language (CASL) 1999
25. V. Paxson Empirically derived analytic models of wide-area TCP connections IEEE/ACM Trans Netw 2 1994 316 336
26. Rapid7 Metasploit penetration testing 2011 http://www.metasploit.com
27. G.F. Riley The Georgia tech network simulator Proceedings of the ACM SIGCOMM workshop on models, methods and tools for reproducible network research 2003 ACM New York, NY, USA 5 12
28. RTI International PREDICT: Protected repository for the defense of infrastructure against cyber threats 2011 http://www.predict.org/
29. R. Sommer, and V. Paxson Outside the closed world: on using machine learning for network intrusion detection Security and privacy, IEEE Symposium on 2010 305 316
30. J. Sommers, V. Yegneswaran, and P. Barford A framework for malicious workload generation Internet measurement conference 2004 82 87 (Pubitemid 40372033)
31. J. Sommers, V. Yegneswaran, and P. Barford Toward comprehensive traffic generation for online IDS evaluation Technical Report 2005 University of Wisconsin Madison
32. M. Tavallaee, N. Stakhanova, and A.A. Ghorbani Toward credible evaluation of anomaly-based intrusion detection methods Trans Sys Man Cyber Part C 40 2010 516 524
33. The Shmoo Group Defcon 2011 http://cctf.shmoo.com/
34. University of California KDD Cup 1999 data 2011 http://kdd.ics.uci.edu/ databases/kddcup99/kddcup99.html
35. V.C. Valgenti, and M.S. Kim Simulating content in traffic for benchmarking intrusion detection systems Proc of 4th international ICST conference on simulation tools and techniques SIMUTools2011 2011
36. M.C. Weigle, P. Adurthi, F. Hernndez-campos, K. Jeffay, and F.D. Smith Tmix: a tool for generating realistic TCP application workloads in ns-2 Comput Commun Rev 36 2006 65 76 (Pubitemid 44085529)
37. C.V. Wright, C. Connelly, T. Braje, J.C. Rabek, L.M. Rossey, and R.K. Cunningham Generating client workloads and high-fidelity network traffic for controllable, repeatable experiments in computer security Recent advances in intrusion detection 2010 218 237