A survey of network-based intrusion detection data sets

Ring, Markus; Wunderlich, Sarah; Scheuring, Deniz; Landes, Dieter; Hotho, Andreas

doi:10.1016/j.cose.2019.06.005

Cited by 406 publications

(199 citation statements)

References 76 publications

(185 reference statements)

Supporting

Mentioning

198

Contrasting

Unclassified

Order By: Relevance

“…As a part of future work, it will be interesting to employ different intrusion detection datasets, subsequently gauge the performance of various classifiers. Experts have always urged the research community to experiment with different datasets and introduce novel techniques for network intrusion detection [33,34]. Another avenue which can be explored in future can possibly include the deployment of predictive models as scalable web services thereby leveraging the capabilities of MAMLS.…”

Section: Conclusion and Prospectsmentioning

confidence: 99%

Performance analysis of binary and multiclass models using azure machine learning

Rajagopal

Hareesha

Kundapur

2020

IJECE

View full text Add to dashboard Cite

Network data is expanding and that too at an alarming rate. Besides, the sophisticated attack tools used by hackers lead to capricious cyber threat landscape. Traditional models proposed in the field of network intrusion detection using machine learning algorithms emphasize more on improving attack detection rate and reducing false alarms but time efficiency is often overlooked. Therefore, in order to address this limitation, a modern solution has been presented using Machine Learning-as-a-Service platform. The proposed work analyses the performance of eight two-class and three multiclass algorithms using UNSW NB-15, a modern intrusion detection dataset. 82,332 testing samples were considered to evaluate the performance of algorithms. The proposed two class decision forest model exhibited 99.2% accuracy and took 6 seconds to learn 1,75,341 network instances. Multiclass classification task was also undertaken wherein attack types like generic, exploits, shellcode and worms were classified with a recall percentage of 99%, 94.49%, 91.79% and 90.9% respectively by the multiclass decision forest model that also leapfrogged others in terms of training and execution time.

show abstract

Section: Conclusion and Prospectsmentioning

confidence: 99%

Performance analysis of binary and multiclass models using azure machine learning

Rajagopal

Hareesha

Kundapur

2020

IJECE

View full text Add to dashboard Cite

show abstract

“…However, it should be noted that the detection mechanisms of many IDS described earlier rely on the network traffic characteristics of the network and transport layers, without taking into account possible cyberattacks taking place at the application layer protocols (e.g., Modbus, DNP3). Moreover, it is worth noting that most of the anomaly-based IDS utilise outdated publicly available datasets, such as KDD CUP 1999 and NSL-KDD [ 40 , 41 ]. These datasets were not created, considering the unique attributes of an SG environment; therefore, the detection mechanisms based on them cannot be considered as reliable.…”

Section: Related Work and Contributionsmentioning

confidence: 99%

ARIES: A Novel Multivariate Intrusion Detection System for Smart Grid

Radoglou-Grammatikis

Sarigiannidis

Efstathopoulos³

et al. 2020

Sensors

View full text Add to dashboard Cite

The advent of the Smart Grid (SG) raises severe cybersecurity risks that can lead to devastating consequences. In this paper, we present a novel anomaly-based Intrusion Detection System (IDS), called ARIES (smArt gRid Intrusion dEtection System), which is capable of protecting efficiently SG communications. ARIES combines three detection layers that are devoted to recognising possible cyberattacks and anomalies against (a) network flows, (b) Modbus/Transmission Control Protocol (TCP) packets and (c) operational data. Each detection layer relies on a Machine Learning (ML) model trained using data originating from a power plant. In particular, the first layer (network flow-based detection) performs a supervised multiclass classification, recognising Denial of Service (DoS), brute force attacks, port scanning attacks and bots. The second layer (packet-based detection) detects possible anomalies related to the Modbus packets, while the third layer (operational data based detection) monitors and identifies anomalies upon operational data (i.e., time series electricity measurements). By emphasising on the third layer, the ARIES Generative Adversarial Network (ARIES GAN) with novel error minimisation functions was developed, considering mainly the reconstruction difference. Moreover, a novel reformed conditional input was suggested, consisting of random noise and the signal features at any given time instance. Based on the evaluation analysis, the proposed GAN network overcomes the efficacy of conventional ML methods in terms of Accuracy and the F1 score.

show abstract

“…Because of that, some efforts have been made to generate them. Among other characteristics, they differ from the data format (flow-and packet-based mainly), the recording environment (synthetic, emulated or real), the duration and the freshness (up-to-date network traffic) [14,31].…”

Section: Network Datatasets For Nidss Evaluationmentioning

confidence: 99%

“…As authors claim in [31], there is no perfect dataset. Two reasons support such an affirmation: a) the ever-increasing number and kind of attacks [1,3], that makes very difficult to have up-to-date datasets; and b) specific applications may probably need specific datasets, thus considering all the previous characteristics unnecessary.…”

Section: Network Datatasets For Nidss Evaluationmentioning

confidence: 99%

Towards a Reliable Comparison and Evaluation of Network Intrusion Detection Systems Based on Machine Learning Approaches

et al. 2020

View full text Add to dashboard Cite

Presently, we are living in a hyper-connected world where millions of heterogeneous devices are continuously sharing information in different application contexts for wellness, improving communications, digital businesses, etc. However, the bigger the number of devices and connections are, the higher the risk of security threats in this scenario. To counteract against malicious behaviours and preserve essential security services, Network Intrusion Detection Systems (NIDSs) are the most widely used defence line in communications networks. Nevertheless, there is no standard methodology to evaluate and fairly compare NIDSs. Most of the proposals elude mentioning crucial steps regarding NIDSs validation that make their comparison hard or even impossible. This work firstly includes a comprehensive study of recent NIDSs based on machine learning approaches, concluding that almost all of them do not accomplish with what authors of this paper consider mandatory steps for a reliable comparison and evaluation of NIDSs. Secondly, a structured methodology is proposed and assessed on the UGR’16 dataset to test its suitability for addressing network attack detection problems. The guideline and steps recommended will definitively help the research community to fairly assess NIDSs, although the definitive framework is not a trivial task and, therefore, some extra effort should still be made to improve its understandability and usability further.

show abstract

A survey of network-based intrusion detection data sets

Cited by 406 publications

References 76 publications

Performance analysis of binary and multiclass models using azure machine learning

Performance analysis of binary and multiclass models using azure machine learning

ARIES: A Novel Multivariate Intrusion Detection System for Smart Grid

Towards a Reliable Comparison and Evaluation of Network Intrusion Detection Systems Based on Machine Learning Approaches

Contact Info

Product

Resources

About