INSECS-DCS: A Highly Customizable Network Intrusion Dataset Creation Framework

2018 IEEE Canadian Conference on Electrical & Computer Engineering (CCECE) Pub Date : 2018-05-13 DOI:10.1109/CCECE.2018.8447661

N. Rajasinghe, J. Samarabandu, Xianbin Wang

{"title":"INSECS-DCS: A Highly Customizable Network Intrusion Dataset Creation Framework","authors":"N. Rajasinghe, J. Samarabandu, Xianbin Wang","doi":"10.1109/CCECE.2018.8447661","DOIUrl":null,"url":null,"abstract":"One critical challenge in design and operation of network intrusion detection systems (IDS) is the limited datasets used for IDS training and its impact on the system performance. If the training dataset is not updated or lacks necessary attributes, it will affect the performance of the IDS. To overcome this challenge, we propose a highly customizable software framework capable of generating labeled network intrusion datasets on demand. In addition to the capability to customize attributes, it accepts two modes of data input and output. One input method is to collect real-time data by running the software at a chosen network node and the other is to get Raw PCAP files from another data provider. The output can be either Raw PCAP with selected attributes per packet or a processed dataset with customized attributes related to both individual packet features and overall traffic behavior within a time window. The abilities of this software are compared with a product which has similar intentions and notable novelties and capabilities of the proposed system have been noted.","PeriodicalId":181463,"journal":{"name":"2018 IEEE Canadian Conference on Electrical & Computer Engineering (CCECE)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-05-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"15","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 IEEE Canadian Conference on Electrical & Computer Engineering (CCECE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CCECE.2018.8447661","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 15

Abstract

One critical challenge in design and operation of network intrusion detection systems (IDS) is the limited datasets used for IDS training and its impact on the system performance. If the training dataset is not updated or lacks necessary attributes, it will affect the performance of the IDS. To overcome this challenge, we propose a highly customizable software framework capable of generating labeled network intrusion datasets on demand. In addition to the capability to customize attributes, it accepts two modes of data input and output. One input method is to collect real-time data by running the software at a chosen network node and the other is to get Raw PCAP files from another data provider. The output can be either Raw PCAP with selected attributes per packet or a processed dataset with customized attributes related to both individual packet features and overall traffic behavior within a time window. The abilities of this software are compared with a product which has similar intentions and notable novelties and capabilities of the proposed system have been noted.

查看原文本刊更多论文

一个高度可定制的网络入侵数据集创建框架

网络入侵检测系统(IDS)设计和运行中的一个关键挑战是用于IDS训练的有限数据集及其对系统性能的影响。如果训练数据集没有更新或缺少必要的属性，则会影响IDS的性能。为了克服这一挑战，我们提出了一个高度可定制的软件框架，能够根据需要生成标记的网络入侵数据集。除了自定义属性的功能之外，它还接受两种数据输入和输出模式。一种输入方法是通过在选定的网络节点上运行软件来收集实时数据，另一种输入方法是从另一个数据提供者处获取原始PCAP文件。输出可以是具有每个数据包选定属性的原始PCAP，也可以是具有与单个数据包特征和时间窗口内整体流量行为相关的自定义属性的处理过的数据集。将该软件的功能与具有类似意图的产品进行了比较，并指出了所提出系统的显着新颖性和功能。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2018 IEEE Canadian Conference on Electrical & Computer Engineering (CCECE)

自引率

0.00%

发文量