An Evaluation Framework for Intrusion Detection Dataset

ICISS 2016 - 2016 International Conference on Information Science and Security

Volumn , Issue , 2017, Pages

  Gharib, Amirhossein ^a   Sharafaldin, Iman ^a   Lashkari, Arash Habibi ^a   Ghorbani, Ali A ^a  

^a UNIVERSITY OF NEW BRUNSWICK   (Canada)

Author keywords

Evaluation Framework; IDS; Intrusion Detection; Intrusion Prevention; IPS

Indexed keywords

BENCHMARKING; MERCURY (METAL); NETWORK SECURITY;

COMPREHENSIVE EVALUATION; DESIGN AND DEVELOPMENT; EVALUATION AND ASSESSMENT; EVALUATION FRAMEWORK; INTRUSION DETECTION AND PREVENTION; INTRUSION PREVENTION; INTRUSION PREVENTION SYSTEMS; SECURITY SOLUTIONS;

INTRUSION DETECTION;

EID: 85018344606     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ICISSEC.2016.7885840     Document Type: Conference Paper

References (32)

1. J. O. Nehinbe, "A critical evaluation of datasets for investigating idss and ipss researches, " in IEEE 10th International Conference on Cybernetic Intelligent Systems (CIS), Sept 2011, pp. 92-97.
2. M. T. Ali Shiravi, Hadi Shiravi and A. A. Ghorbani, "Toward developing a systematic approach to generate benchmark datasets for intrusion detection, " Computers and Security, vol. 31, no. 3, pp. 357-374, 2012.
3. J. McHugh, "Testing intrusion detection systems: A critique of the 1998 and 1999 darpa intrusion detection system evaluations as performed by lincoln laboratory, " ACM Trans. Inf. Syst. Secur., vol. 3, no. 4, pp. 262-294, Nov. 2000.
4. C. Brown, A. Cowperthwaite, A. Hijazi, A. Somayaji, "Analysis of the 1999 darpa/lincoln laboratory ids evaluation data with netadhict, " in 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, July 2009, pp. 1-7.
5. I. U. University of California, "Kdd cup 1999, " 2007. [Online]. Available: Http://kdd. ics. uci. edu/databases/kddcup99/
6. M. Tavallaee, E. Bagheri, W. Lu, A. A. Ghorbani, "A detailed analysis of the kdd cup 99 data set, " in 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, July 2009, pp. 1-6.
7. J. O. Nehinbe, A Simple Method for Improving Intrusion Detections in Corporate Networks. Springer Berlin Heidelberg, 2010, pp. 111-122.
8. T. S. Group, "Defcon 8, 10 and 11, " 2000. [Online]. Available: Http://cctf. shmoo. com/
9. "Caida data set oc48 link a (san jose, ca), " 2002. [Online]. Available: Https://www. caida. org/data/passive/passive oc48 dataset. xml
10. "Caida ddos attack dataset, " 2007. [Online]. Available: Https://www. caida. org/data/passive/ddos-20070804 dataset. xml
11. "Caida anonymized internet traces 2016 dataset, " 2016. [Online]. Available: Https://www. caida. org/data/passive/passive 2016 dataset. xml
12. E. P. Proebstel, "Characterizing and improving distributed networkbased intrusion detection systems(nids):timestamp synchronization and sampled traffic, " Master's thesis, University of California DAVIS, CA, USA, 2008.
13. V. P. A. G. Boris Nechaev, Mark Allman, "Lawrence berkeley national laboratory (lbnl)/icsi enterprise tracing project, " 2004.
14. T. C. R. F. E. D. W. J. A. C. M. G. C. Benjamin Sangster, T. J. OConnor, "Toward instrumenting network warfare competitions to generate labeled datasets. " Usenix: The Advanced Computing System Association, 2009.
15. J. Song, H. Takakura, Y. Okabe, M. Eto, D. Inoue, K. Nakao, "Statistical analysis of honeypot data and building of kyoto 2006+ dataset for nids evaluation, " in Proceedings of the First Workshop on Building Analysis Datasets and Gathering Experience Returns for Security. ACM, 2011, pp. 29-36.
16. H. T. M. Sato, H. Yamaki, "Unknown attacks detection using feature extraction from anomaly-based ids alerts, " in Applications and the Internet (SAINT), 2012 IEEE/IPSJ 12th International Symposium on, July 2012, pp. 273-277.
17. C. H. R. Chitrakar, "Anomaly based intrusion detection using hybrid learning approach of combining k-medoids clustering and naive bayes classification, " in 8th International Conference on Wireless Communications, Networking and Mobile Computing (WiCOM), Sept 2012, pp. 1-5.
18. A. Sperotto, R. Sadre, F. Vliet, A. Pras, "A labeled data set for flowbased intrusion detection, " in Proceedings of the 9th IEEE International Workshop on IP Operations and Management IPOM09, 2009, pp. 39-50.
19. U. of Massachusetts Amherst, "Optimistic tcp acking, " 2011. [Online]. Available: Http://traces. cs. umass. edu/
20. B. N. L. Swagatika Prusty and M. Liberatore, "Forensic Investigation of the OneSwarm Anonymous Filesharing System, " in ACM Conference on Computer and Communications Security (CCS), October 2011.
21. G. Creech and J. Hu, "Generation of a new ids test dataset: Time to retire the kdd collection, " in 2013 IEEE Wireless Communications and Networking Conference (WCNC), 2013, pp. 4487-4492.
22. M. Xie and J. Hu, "Evaluating host-based anomaly detection systems: A preliminary analysis of adfa-ld, " in Image and Signal Processing (CISP), 2013 6th International Congress on, vol. 03, 2013, pp. 1711-1716.
23. M. Xie, J. Hu, J. Slay, "Evaluating host-based anomaly detection systems: Application of the one-class svm algorithm to adfa-ld, " in 2014 11th International Conference on Fuzzy Systems and Knowledge Discovery (FSKD), 2014, pp. 978-982.
24. R. M. Bill Buchanan, Flavien Flandrin and J. Graves, "A methodology to evaluate rate-based intrusion prevention system against distributed denial-of-service ddos, " 2011.
25. T. A. Ahmed Ejaz, Mohay George and B. Sajal, "Use of ip addresses for high rate flooding attack detection, " pp. 124-135, 2010.
26. J. Mirkovic, S. Fahmy, P. Reiher, R. K. Thomas, "How to test dos defenses, " in Conference For Homeland Security, 2009. CATCH '09. Cybersecurity Applications Technology, March 2009, pp. 103-117.
27. M. A. Rajab, J. Zarfoss, F. Monrose, A. Terzis, "My botnet is bigger than yours (maybe, better than yours) why size estimates remain challenging, " in Proceedings of the First Conference on First Workshop on Hot Topics in Understanding Botnets. USENIX Association, 2007, pp. 5-5.
28. J. Yu, H. Kang, D. Park, H.-C. Bang, D. W. Kang, "An in-depth analysis on traffic flooding attacks detection and system using data mining techniques, " J. Syst. Archit., vol. 59, no. 10, pp. 1005-1012, 2013.
29. P. Scott and E. Wilkins, "Evaluating data mining procedures: Techniques for generating artificial data sets, " Information and Software Technology, vol. 41, no. 9, pp. 579-587, 1999.
30. J. Heidemann and C. Papdopoulos, "Uses and challenges for network datasets, " in Cybersecurity Applications Technology Conference For Homeland Security, CATCH'09, March 2009, pp. 73-82.
31. L. W. Ghorbani Ali and T. Mahbod, "Network intrusion detection and prevention: Concepts and techniques, " New York, LLCC, 2010.
32. "Mcafee threat report, " 2016. [Online]. Available: Http://www. mcafee. com/ca/resources/reports/rp-quarterly-threatsmar-2016