A Reference Dataset for Network Traffic Activity Based Intrusion Detection System
Keywords:Intrusion Detection System, Network Traffic Dataset, Network Traffic Profiling, Behavioral Profiling, Traffic Activity profiling
AbstractThe network traffic dataset is a crucial part of anomaly based intrusion detection systems (IDSs). These IDSs train themselves to learn normal and anomalous activities. Properly labeled dataset is used for the training purpose. For the activities based IDSs, proper network traffic activity labeled dataset is the first requirement, however non-availability of such datasets is bottlenecked in the field of IDS research. In this experiment, a synthetic dataset "Panjab University - Intrusion Dataset (PU-IDS)" is created. The purpose of this study is to provide the researchers a reference dataset for the performance evaluation of network traffic activity based IDSs. University of New Brunswick Network Security Laboratory - Knowledge Disscovery in Databases (NSL-KDD) is a benchmark dataset for anomaly detection but it does not contain activity based labeling. So basic characteristics of this dataset are taken for the generation of the new synthetic dataset with various activities based labels. The dataset is first categorized as per protocol and service. Thereafter, as per minimum & maximum values of attributes, activity profiles are synthetically generated. This paper also discusses various statistical characteristics of PU-IDS. The total number of 198533 instances along with 273 of activity profiles are created. This dataset also contain different 98 protocol_service profiles.
Singh, R., Kumar H., Singla R.K (2012); Traffic Analysis of Campus Network for Classification of Broadcast Data. 47th Annual National Convention of Computer Society of India. Int. Conf. on Intelligent Infrastructure, MacGraw Hill Professional: 163-166.
Marchette, D. (1999); A Statistical Method for Profiling Network Traffic, Workshop on Intrusion Detection and Network Monitoring : 119-128.
Sengar, H.; Wang, X.; Wang, H.; Wijesekera, D.; Jajodia, S. (2009); Online detection of network traffic anomalies using behavioral distance, 17th Int. Workshop on Quality of Service: 1-9.
Jiang, X.; Zhu X. vEye (2009); Behavioral footprinting for self-propagating worm detection and profiling, Knowledge and information systems; 18(2): 231-262 http://dx.doi.org/10.1007/s10115-008-0137-3
Oh, H.S.; Lee, W.S. (2003); An anomaly intrusion detection method by clustering normal user behavior, Computers & Security, 22(7): 596-612. http://dx.doi.org/10.1016/S0167-4048(03)00710-7
Asai, H.; Fukuda, K. ; Esaki, H. (2011); Traffic causality graphs: profiling network applications through temporal and spatial causality of flows, Proc. of the 23rd Int. Teletraffic Congress : 95-102.
Zoquete, A.; Correia, P.; Shamalizadeh, H. (2011); Packet tagging system for enhanced traffic profiling. IEEE 5th Int. Conf. on Internet Multimedia Systems Architecture and Application (IMSAA) : 1-6. http://dx.doi.org/10.1109/IMSAA.2011.6156362
Iliofotou, M.; Gallagher, B.; Eliassi-Rad, T.; Xie, G.; Faloutsos, M.(2010); Profiling-byassociation: a resilient traffic profiling solution for the internet backbone. Proc. of the 6th Int. Conference Co-NEXT'10 : DOI: 10.1145/1921168.1921171. http://dx.doi.org/10.1145/1921168.1921171
Xu, K.; Zhang, Z.L.; Bhattacharyya S.(2008); Internet traffic behavior profiling for network security monitoring. IEEE/ACM Trans. on Networking, 16(6): 1241-1252. http://dx.doi.org/10.1109/TNET.2007.911438
Herrmann, D.; Banse, C.; Federrath, H.(2013); Behavior-based tracking: Exploiting characteristic patterns in DNS traffic. Computers & Security, 39 (Part A): 17-33. http://dx.doi.org/10.1016/j.cose.2013.03.012
ONLINE OPEN ACCES: Acces to full text of each article and each issue are allowed for free in respect of Attribution-NonCommercial 4.0 International (CC BY-NC 4.0.
You are free to:
-Share: copy and redistribute the material in any medium or format;
-Adapt: remix, transform, and build upon the material.
The licensor cannot revoke these freedoms as long as you follow the license terms.
DISCLAIMER: The author(s) of each article appearing in International Journal of Computers Communications & Control is/are solely responsible for the content thereof; the publication of an article shall not constitute or be deemed to constitute any representation by the Editors or Agora University Press that the data presented therein are original, correct or sufficient to support the conclusions reached or that the experiment design or methodology is adequate.