A New Labeled Flow-based DNS Dataset for Anomaly Detection: PUF Dataset

Sharma, Rohini; Singla, R. K.; Guleria, Ajay

doi:10.1016/j.procs.2018.05.079

Cited by 15 publications

(8 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Synthetic Minority Oversampling Technique (SMOTE) method was used for the generation of synthetic sample data. This method uses the K-nearest neighbor algorithm [31] to generate new samples. The literature mentions two similar methods ADASYN and RandomOverSampler.…”

Section: Dataset Preprocessing and Synthetic Minority Over-samplimentioning

confidence: 99%

Increasing the Performance of Machine Learning-Based IDSs on an Imbalanced and Up-to-Date Dataset

2020

View full text Add to dashboard Cite

In recent years, due to the extensive use of the Internet, the number of networked computers has been increasing in our daily lives. Weaknesses of the servers enable hackers to intrude on computers by using not only known but also new attack-types, which are more sophisticated and harder to detect. To protect the computers from them, Intrusion Detection System (IDS), which is trained with some machine learning techniques by using a pre-collected dataset, is one of the most preferred protection mechanisms. The used datasets were collected during a limited period in some specific networks and generally don't contain up-to-date data. Additionally, they are imbalanced and cannot hold sufficient data for all types of attacks. These imbalanced and outdated datasets decrease the efficiency of current IDSs, especially for rarely encountered attack types. In this paper, we propose six machine-learning-based IDSs by using K Nearest Neighbor, Random Forest, Gradient Boosting, Adaboost, Decision Tree, and Linear Discriminant Analysis algorithms. To implement a more realistic IDS, an up-to-date security dataset, CSE-CIC-IDS2018, is used instead of older and mostly worked datasets. The selected dataset is also imbalanced. Therefore, to increase the efficiency of the system depending on attack types and to decrease missed intrusions and false alarms, the imbalance ratio is reduced by using a synthetic data generation model called Synthetic Minority Oversampling TEchnique (SMOTE). Data generation is performed for minor classes, and their numbers are increased to the average data size via this technique. Experimental results demonstrated that the proposed approach considerably increases the detection rate for rarely encountered intrusions.

show abstract

Section: Dataset Preprocessing and Synthetic Minority Over-samplimentioning

confidence: 99%

Increasing the Performance of Machine Learning-Based IDSs on an Imbalanced and Up-to-Date Dataset

2020

View full text Add to dashboard Cite

show abstract

“…Besides, abnormal attacks can be detected among various attacks by analysing the attacks. Although IDS can use network traffic data for detection of attacks and anomalies, it is much time consuming [51 ]. Because the C‐NSA is fast and is not required heavy computation load and complexity, it is thought that C‐NSA for abnormal traffic can perform the task of web application firewall positioned in front of IDS and even servers.…”

Section: Conclusion and Discussionmentioning

confidence: 99%

C‐NSA: a hybrid approach based on artificial immune algorithms for anomaly detection in web traffic

Dandıl

2020

IET Inf. secur

View full text Add to dashboard Cite

“…ISCX 2012 [28] Four attack scenarios (1: Infiltrating the network from the inside; 2: HTTP DoS; 3: DDoS using an IRC botnet; 4: SSH brute force) ISOT [57] botnet (Storm, Waledac) KDD CUP 99 [42] DoS, privilege escalation (remote-to-local and user-to-root), probing Kent 2016 [58], [59] not specified Kyoto 2006+ [60] Various attacks against honeypots (e.g. backscatter, DoS, exploits, malware, port scans, shellcode) LBNL [61] port scans NDSec-1 [62] botnet (Citadel), brute force (against FTP, HTTP and SSH), DDoS (HTTP floods, SYN flooding and UDP floods), exploits, probe, spoofing, SSL proxy, XSS/SQL injection NGIDS-DS [19] backdoors, DoS, exploits, generic, reconnaissance, shellcode, worms NSL-KDD [63] DoS, privilege escalation (remote-to-local and user-to-root), probing PU-IDS [64] DoS, privilege escalation (remote-to-local and user-to-root), probing PUF [65] DNS attacks SANTA [35] (D)DoS (ICMP flood, RUDY, SYN flood), DNS amplification, heartbleed, port scans SSENET-2011 [47] DoS (executed through LOIC), port scans (executed through Angry IP Scanner, Nessus, Nmap), various attack tools (e.g. metasploit) SSENET-2014 [66] botnet, flooding, privilege escalation, port scans SSHCure [67] SSH attacks TRAbID [68] DoS (HTTP flood, ICMP flood, SMTP flood, SYN flood, TCP keepalive), port scans (ACK-Scan, FIN-Scan, NULL-Scan, OS Fingerprinting, Service Fingerprinting, UDP-Scan, XMAS-Scan) TUIDS [69], [70] botnet (IRC), DDoS (Fraggle flood, Ping flood, RST flood, smurf ICMP flood, SYN flood, UDP flood), port scans (e.g.…”

Section: Data Setmentioning

confidence: 99%

A survey of network-based intrusion detection data sets

Ring

Wunderlich

Scheuring

et al. 2019

Computers & Security

534

235

View full text Add to dashboard Cite

Labeled data sets are necessary to train and evaluate anomaly-based network intrusion detection systems. This work provides a focused literature survey of data sets for networkbased intrusion detection and describes the underlying packetand flow-based network data in detail. The paper identifies 15 different properties to assess the suitability of individual data sets for specific evaluation scenarios. These properties cover a wide range of criteria and are grouped into five categories such as data volume or recording environment for offering a structured search. Based on these properties, a comprehensive overview of existing data sets is given. This overview also highlights the peculiarities of each data set. Furthermore, this work briefly touches upon other sources for network-based data such as traffic generators and data repositories. Finally, we discuss our observations and provide some recommendations for the use and the creation of network-based data sets.

show abstract

A New Labeled Flow-based DNS Dataset for Anomaly Detection: PUF Dataset

Cited by 15 publications

References 8 publications

Increasing the Performance of Machine Learning-Based IDSs on an Imbalanced and Up-to-Date Dataset

Increasing the Performance of Machine Learning-Based IDSs on an Imbalanced and Up-to-Date Dataset

C‐NSA: a hybrid approach based on artificial immune algorithms for anomaly detection in web traffic

A survey of network-based intrusion detection data sets

Contact Info

Product

Resources

About