GeNIS: A modular dataset for network intrusion detection and classification

Abstract

The development of artificial intelligence solutions for cyberattack detection and classification require high-quality and representative data. However, there is a scarcity of labelled datasets focused on the cyberattacks that target vulnerable small and medium-sized enterprises. To allow organizations to improve their intrusion detection systems according to their types of users, their active services, and the network protocols they use, it is necessary to provide reliable captures of different types of benign and malicious traffic. The GECAD Network Intrusion Scenarios (GeNIS) dataset contains multiple sequential attack scenarios and different types of realistic normal network activity, recorded during advanced network simulations on the Airbus CyberRange platform. The raw network packets were analyzed to generate labelled network flows, with the computation of statistical features to represent the traffic patterns of local and remote attackers, normal users and administrators, and background traffic of an enterprise computer network. GeNIS follows a modular design, providing raw packet capture next generation (PCAPNG) files with over 37 million packets of each intermediate attack step to enable an in-depth analysis with different flow exporters, feature extraction, and feature selection tools, as well as filtered CSV files with over 2.8 million flows created with 5, 10, 30, and 60 s flow intervals. The flows were preprocessed to provide a reliable benchmark dataset with the most relevant features for the training, validation, and testing of robust machine learning and deep learning models.