A Survey of Intrusion Detection Systems Leveraging Host Data

Glass-Vanderlan, Tarrah R.; Iannacone, Michael D.; Vincent, Maria S.; Qian, Qian; Chen, Guihai; Bridges, Robert A.

doi:10.48550/arxiv.1805.06070

Cited by 3 publications

(3 citation statements)

References 130 publications

(170 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It should be noted that host-based intrusion detection data sets like ADFA [23] are not considered in this paper. Interested readers may find details on host-based intrusion detection data in Glass-Vanderlan et al [24].…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

A survey of network-based intrusion detection data sets

Ring

Wunderlich

Scheuring

et al. 2019

Computers & Security

535

235

View full text Add to dashboard Cite

Labeled data sets are necessary to train and evaluate anomaly-based network intrusion detection systems. This work provides a focused literature survey of data sets for networkbased intrusion detection and describes the underlying packetand flow-based network data in detail. The paper identifies 15 different properties to assess the suitability of individual data sets for specific evaluation scenarios. These properties cover a wide range of criteria and are grouped into five categories such as data volume or recording environment for offering a structured search. Based on these properties, a comprehensive overview of existing data sets is given. This overview also highlights the peculiarities of each data set. Furthermore, this work briefly touches upon other sources for network-based data such as traffic generators and data repositories. Finally, we discuss our observations and provide some recommendations for the use and the creation of network-based data sets.

show abstract

Section: Related Workmentioning

confidence: 99%

“…The data set is not labeled, but anonymized for privacy reasons, and contains more than 100 hours of network traffic in packet-based format. The data set can be downloaded at the website 24 .…”

Section: Data Setmentioning

confidence: 99%

A survey of network-based intrusion detection data sets

Ring

Wunderlich

Scheuring

et al. 2019

Computers & Security

535

235

View full text Add to dashboard Cite

show abstract

“…Today's network environments suffer from constant modification and improvements. Therefore, a rapid adaptation by NIDS is necessary if they do not want to become obsolete [1,2]. Consequently, NIDS based on statistical methods, machine learning, and data mining methods have increased their application in recent years mostly because of their generalization capabilities [3,4].…”

Section: Introductionmentioning

confidence: 99%

Datasets are not Enough: Challenges in Labeling Network Traffic

Guerra¹,

Catania²,

Veas³

2021

Preprint

View full text Add to dashboard Cite

In contrast to previous surveys, the present work is not focused on reviewing the datasets used in the network security field. The fact is that many of the available public labeled datasets represent the network behavior just for a particular time period. Given the rate of change in malicious behavior and the serious challenge to label, and maintain these datasets, they become quickly obsolete. Therefore, this work is focused on the analysis of current labeling methodologies applied to network-based data. In the field of network security, the process of labeling a representative network traffic dataset is particularly challenging and costly since very specialized knowledge is required to classify network traces. Consequently, most of the current traffic labeling methods are based on the automatic generation of synthetic network traces, which hides many of the essential aspects necessary for a correct differentiation between normal and malicious behavior. Alternatively, a few other methods incorporate non-experts users in the labeling process of real traffic with the help of visual and statistical tools. However, after conducting an in-depth analysis, it seems that all current methods for labeling suffer from fundamental drawbacks regarding the quality, volume, and speed of the resulting dataset. This lack of consistent methods for continuously generating a representative dataset with an accurate and validated methodology must be addressed by the network security research community. Moreover, a consistent label methodology is a fundamental condition for helping in the acceptance of novel detection approaches based on statistical and machine learning techniques.

show abstract

A systematic literature review of cyber-security data repositories and performance assessment metrics for semi-supervised learning

et al. 2023

View full text Add to dashboard Cite

In Machine Learning, the datasets used to build models are one of the main factors limiting what these models can achieve and how good their predictive performance is. Machine Learning applications for cyber-security or computer security are numerous including cyber threat mitigation and security infrastructure enhancement through pattern recognition, real-time attack detection, and in-depth penetration testing. Therefore, for these applications in particular, the datasets used to build the models must be carefully thought to be representative of real-world data. However, because of the scarcity of labelled data and the cost of manually labelling positive examples, there is a growing corpus of literature utilizing Semi-Supervised Learning with cyber-security data repositories. In this work, we provide a comprehensive overview of publicly available data repositories and datasets used for building computer security or cyber-security systems based on Semi-Supervised Learning, where only a few labels are necessary or available for building strong models. We highlight the strengths and limitations of the data repositories and sets and provide an analysis of the performance assessment metrics used to evaluate the built models. Finally, we discuss open challenges and provide future research directions for using cyber-security datasets and evaluating models built upon them.

show abstract

A Survey of Intrusion Detection Systems Leveraging Host Data

Cited by 3 publications

References 130 publications

A survey of network-based intrusion detection data sets

A survey of network-based intrusion detection data sets

Datasets are not Enough: Challenges in Labeling Network Traffic

A systematic literature review of cyber-security data repositories and performance assessment metrics for semi-supervised learning

Contact Info

Product

Resources

About