Towards a Reliable Intrusion Detection Benchmark Dataset

Sharafaldin, Iman; Gharib, Amirhossein; Lashkari, Arash Habibi; Ghorbani, Ali A.

doi:10.13052/jsn2445-9739.2017.009

Cited by 180 publications

(94 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…For the experiments, we implemented the proposed approach (genetic algorithm and the two anomaly‐based intrusion detection methods) on the Apache Spark and used the CICIDS2017 dataset, which is distributed into eight CSV files (and respective PCAP files). We describe in Table the content of each file referring to them as “File k ,” for k = 0.0.7.…”

Section: Experiments and Resultsmentioning

confidence: 99%

See 1 more Smart Citation

Adaptive anomaly‐based intrusion detection system using genetic algorithm and profiling

Resende

Drummond

2018

Security and Privacy

View full text Add to dashboard Cite

Intrusion detection systems have been playing an important role in defeating treats in the Cyberspace. In this context, researchers have been proposing anomaly-based methods for intrusion detection, on which the "normal" behavior is defined and the deviations (anomalies) are pointed out as intrusions. In this case, profiling is a relevant procedure used to establish a baseline for the normal behavior. In this work, an adaptive approach based on genetic algorithm is used to select features for profiling and parameters for anomaly-based intrusion detection methods. Additionally, two anomaly-based methods are introduced to be coupled with the proposed approach. One is based on basic statistics and the other is based on a projected clustering procedure. In the presented experiments performed on the CICIDS2017 dataset, our methods achieved results as good as detection rate equals to 92.85% and false positive rate of 0.69%. The presented approach iteratively adapts to new attacks and to the environmental requirements, such as security staff's preferences and available computational resources. KEYWORDSadaptive intrusion detection systems, anomaly-based intrusion detection, apache spark, machine learning, profiling, projected clustering 1 Security Privacy. 2018;1:e36.wileyonlinelibrary.com/journal/spy2

show abstract

Section: Experiments and Resultsmentioning

confidence: 99%

“…We implemented our approach on a scalable architecture supported by Apache Spark and we used in the presented experiments the CICIDS2017 dataset proposed by Sharafaldin et al The approach provided good results in terms of adaptability, detection rates (DR), and FPR. The results varied depending on the attack types.…”

Section: Introductionmentioning

confidence: 99%

Adaptive anomaly‐based intrusion detection system using genetic algorithm and profiling

Resende

Drummond

2018

Security and Privacy

View full text Add to dashboard Cite

show abstract

“…We do not develop an evaluation score like Haider et al [19] or Sharafaldin et al [30] since we do not want to judge the importance of different data set properties. In our opinion, the importance of certain properties depends on the specific evaluation scenario and should not be generally judged in a survey.…”

Section: Data Set Propertiesmentioning

confidence: 99%

“…Normal user behavior includes HTTP, SMTP, SSH and SNMP traffic while malicious network traffic encompasses port scans and DoS attacks. TRAbID is publicly available 30 .…”

Section: Data Setmentioning

confidence: 99%

A survey of network-based intrusion detection data sets

Ring

Wunderlich

Scheuring

et al. 2019

Computers & Security

465

199

View full text Add to dashboard Cite

Labeled data sets are necessary to train and evaluate anomaly-based network intrusion detection systems. This work provides a focused literature survey of data sets for networkbased intrusion detection and describes the underlying packetand flow-based network data in detail. The paper identifies 15 different properties to assess the suitability of individual data sets for specific evaluation scenarios. These properties cover a wide range of criteria and are grouped into five categories such as data volume or recording environment for offering a structured search. Based on these properties, a comprehensive overview of existing data sets is given. This overview also highlights the peculiarities of each data set. Furthermore, this work briefly touches upon other sources for network-based data such as traffic generators and data repositories. Finally, we discuss our observations and provide some recommendations for the use and the creation of network-based data sets.

show abstract

“…Each solution processes its information from files, since the vulnerabilities have been encountered in an enriched ".XML" (.nessus) [12], and both the real-time files and the filtering work in a ".txt" file. We generated a transformation flow for the vulnerabilities, which originated from the PVS system (Fig.…”

Section: Design and Implementation Of Algorithms And The Applicatimentioning

confidence: 99%

Aplicación de Inteligencia de Negocios para el análisis de vulnerabilidades en pro de incrementar el nivel de seguridad en un CSIRT académico

et al. 2018

View full text Add to dashboard Cite

This study aimed at designing a potential solution through Business Intelligence for acquiring data and information from a wide variety of sources and utilizing them in the decision-making of the vulnerability analysis of an Academic CSIRT (Computer Security Incident Response Team). This study was developed in a CSIRT that gathers a variety of Ecuadorian universities. We applied the Action-Research methodology with a qualitative approach, divided into three phases: First, we qualitatively evaluated two intrusion detection analysis tools (Passive Scanner and Snort) to verify their advantages and their ability to be exclusive or complementary; simultaneously, these tools recorded the real-time logs of the incidents in a MySQL related database. Second, we applied the Ralph Kimball's methodology to develop several routines that allowed applying the "Extract, Transform, and Load" process of the non-normalized logs that were subsequently processed by a graphical user interface. Third, we built a software application using Scrum to connect the obtained logs to the Pentaho BI tool, and thus, generate early alerts as a strategic factor. The results demonstrate the functionality of the designed solution, which generates early alerts, and consequently, increases the security level of the CSIRT members.

show abstract

Towards a Reliable Intrusion Detection Benchmark Dataset

Cited by 180 publications

References 17 publications

Adaptive anomaly‐based intrusion detection system using genetic algorithm and profiling

Adaptive anomaly‐based intrusion detection system using genetic algorithm and profiling

A survey of network-based intrusion detection data sets

Aplicación de Inteligencia de Negocios para el análisis de vulnerabilidades en pro de incrementar el nivel de seguridad en un CSIRT académico

Contact Info

Product

Resources

About