INSECS-DCS: A Highly Customizable Network Intrusion Dataset Creation Framework

One critical challenge in design and operation of network intrusion detection systems (IDS) is the limited datasets used for IDS training and its impact on the system performance. If the training dataset is not updated or lacks necessary attributes, it will affect the performance of the IDS. To overcome this challenge, we propose a highly customizable software framework capable of generating labeled network intrusion datasets on demand. In addition to the capability to customize attributes, it accepts two modes of data input and output. One input method is to collect real-time data by running the software at a chosen network node and the other is to get Raw PCAP files from another data provider. The output can be either Raw PCAP with selected attributes per packet or a processed dataset with customized attributes related to both individual packet features and overall traffic behavior within a time window. The abilities of this software are compared with a product which has similar intentions and notable novelties and capabilities of the proposed system have been noted.

[1]  Sangeeta Bhattacharya,et al.  SSENet-2014 Dataset: A Dataset for Detection of Multiconnection Attacks , 2014, 2014 3rd International Conference on Eco-friendly Computing and Communication Systems.

[2]  Nour Moustafa,et al.  UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set) , 2015, 2015 Military Communications and Information Systems Conference (MilCIS).

[3]  Michael K. Reiter,et al.  The Challenges of Effectively Anonymizing Network Data , 2009, 2009 Cybersecurity Applications & Technology Conference for Homeland Security.

[4]  Ravi Raj Choudhary,et al.  A review paper on IDS classification using KDD 99 and NSL KDD dataset in WEKA , 2017, 2017 International Conference on Computer, Communications and Electronics (Comptelix).

[5]  M. Malowidzki,et al.  Network Intrusion Detection : Half a Kingdom for a Good Dataset , 2015 .

[6]  Sudhir Kumar Sharma,et al.  Analysis of KDD Dataset Attributes - Class wise for Intrusion Detection , 2015 .

[7]  Ali A. Ghorbani,et al.  An Evaluation Framework for Intrusion Detection Dataset , 2016, 2016 International Conference on Information Science and Security (ICISS).

[8]  Hiroki Takakura,et al.  Statistical analysis of honeypot data and building of Kyoto 2006+ dataset for NIDS evaluation , 2011, BADGERS '11.

[9]  Taghi M. Khoshgoftaar,et al.  A New Intrusion Detection Benchmarking System , 2015, FLAIRS Conference.

[10]  Max Mühlhäuser,et al.  Towards the creation of synthetic, yet realistic, intrusion detection datasets , 2016, NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium.

[11]  Ali A. Ghorbani,et al.  Toward developing a systematic approach to generate benchmark datasets for intrusion detection , 2012, Comput. Secur..

[12]  VanLoi Cao,et al.  A scheme for building a dataset for intrusion detection systems , 2013, 2013 Third World Congress on Information and Communication Technologies (WICT 2013).

[13]  Max Mühlhäuser,et al.  ID2T: A DIY dataset creation toolkit for Intrusion Detection Systems , 2015, 2015 IEEE Conference on Communications and Network Security (CNS).