{"title":"SSENet-2011:网络入侵检测系统数据集及其与KDD CUP 99数据集的比较","authors":"Dataset Vasudevan, E. Harshini, S. Selvakumar","doi":"10.1109/AHICI.2011.6113948","DOIUrl":null,"url":null,"abstract":"In recent years the attack vectors in the network world have increased many fold with the increased usage of Internet and with the exponential growth of various applications. Network Intrusion Detection System (NIDS) is one of the most sought after system by security experts in safeguarding the network from both external and internal attacks. NIDS works mainly in two modes: Online and Offline. Online or real-time NIDS, such as Snort, Bro, etc., examines the packet structure to find intrusions, if any, and alerts the administrator. On the other hand, offline NIDS logs the packets flowing to and from the network, constructs features based on connections, and creates a dataset. Such NIDS datasets are used in research purposes for applying data mining, machine learning, evolutionary algorithms, etc., to detect attacks. KDD CUP 99 is one such widely used popular IDS dataset. KDD CUP 99 dataset is obsolete because many of the attacks performed to create the dataset do not exist now. Moreover, the features constructed do not pertain to network activities. It is a mixture of host based as well as network based features. So, the need for a new dataset, conforming to the present network activities and attack vectors, is inevitable. This motivated us to come out with a NIDS dataset, SSENet-2011 dataset, in this paper. SSENet-2011 dataset was constructed using Tstat tool. A real time experiment was performed, the network packets were captured, features were constructed, and the dataset was created. The created SSENet-2011 dataset was compared with the KDD CUP 99 dataset. From the experiments it is evident that a closed and secluded network such as SSENet and Tstat tool help researchers in developing and analyzing a new dataset which reflects the changing scenario of network activities.","PeriodicalId":371011,"journal":{"name":"2011 Second Asian Himalayas International Conference on Internet (AH-ICI)","volume":"6 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-12-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"52","resultStr":"{\"title\":\"SSENet-2011: A Network Intrusion Detection System dataset and its comparison with KDD CUP 99 dataset\",\"authors\":\"Dataset Vasudevan, E. Harshini, S. Selvakumar\",\"doi\":\"10.1109/AHICI.2011.6113948\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In recent years the attack vectors in the network world have increased many fold with the increased usage of Internet and with the exponential growth of various applications. Network Intrusion Detection System (NIDS) is one of the most sought after system by security experts in safeguarding the network from both external and internal attacks. NIDS works mainly in two modes: Online and Offline. Online or real-time NIDS, such as Snort, Bro, etc., examines the packet structure to find intrusions, if any, and alerts the administrator. On the other hand, offline NIDS logs the packets flowing to and from the network, constructs features based on connections, and creates a dataset. Such NIDS datasets are used in research purposes for applying data mining, machine learning, evolutionary algorithms, etc., to detect attacks. KDD CUP 99 is one such widely used popular IDS dataset. KDD CUP 99 dataset is obsolete because many of the attacks performed to create the dataset do not exist now. Moreover, the features constructed do not pertain to network activities. It is a mixture of host based as well as network based features. So, the need for a new dataset, conforming to the present network activities and attack vectors, is inevitable. This motivated us to come out with a NIDS dataset, SSENet-2011 dataset, in this paper. SSENet-2011 dataset was constructed using Tstat tool. A real time experiment was performed, the network packets were captured, features were constructed, and the dataset was created. The created SSENet-2011 dataset was compared with the KDD CUP 99 dataset. From the experiments it is evident that a closed and secluded network such as SSENet and Tstat tool help researchers in developing and analyzing a new dataset which reflects the changing scenario of network activities.\",\"PeriodicalId\":371011,\"journal\":{\"name\":\"2011 Second Asian Himalayas International Conference on Internet (AH-ICI)\",\"volume\":\"6 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2011-12-29\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"52\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2011 Second Asian Himalayas International Conference on Internet (AH-ICI)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/AHICI.2011.6113948\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 Second Asian Himalayas International Conference on Internet (AH-ICI)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/AHICI.2011.6113948","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 52
摘要
近年来,随着Internet使用量的增加和各种应用程序的指数级增长,网络世界中的攻击向量增加了许多倍。网络入侵检测系统(NIDS)是安全专家为保护网络免受外部和内部攻击而追捧的系统之一。网络入侵防御主要有两种工作模式:在线和离线。在线或实时NIDS(如Snort、Bro等)检查数据包结构以发现入侵(如果有的话),并向管理员发出警报。另一方面,脱机NIDS记录进出网络的数据包,根据连接构建特征,并创建数据集。这些NIDS数据集用于研究目的,用于应用数据挖掘,机器学习,进化算法等来检测攻击。KDD CUP 99就是这样一个广泛使用的流行IDS数据集。KDD CUP 99数据集已经过时,因为为创建该数据集而执行的许多攻击现在都不存在。此外,所构建的特征与网络活动无关。它混合了基于主机和基于网络的特性。因此,需要一个符合当前网络活动和攻击向量的新数据集是不可避免的。这促使我们在本文中提出了一个NIDS数据集,SSENet-2011数据集。使用Tstat工具构建SSENet-2011数据集。进行了实时实验,捕获了网络数据包,构造了特征,并创建了数据集。将创建的SSENet-2011数据集与KDD CUP 99数据集进行比较。从实验中可以明显看出,封闭和隐蔽的网络,如SSENet和Tstat工具,有助于研究人员开发和分析反映网络活动变化情景的新数据集。
SSENet-2011: A Network Intrusion Detection System dataset and its comparison with KDD CUP 99 dataset
In recent years the attack vectors in the network world have increased many fold with the increased usage of Internet and with the exponential growth of various applications. Network Intrusion Detection System (NIDS) is one of the most sought after system by security experts in safeguarding the network from both external and internal attacks. NIDS works mainly in two modes: Online and Offline. Online or real-time NIDS, such as Snort, Bro, etc., examines the packet structure to find intrusions, if any, and alerts the administrator. On the other hand, offline NIDS logs the packets flowing to and from the network, constructs features based on connections, and creates a dataset. Such NIDS datasets are used in research purposes for applying data mining, machine learning, evolutionary algorithms, etc., to detect attacks. KDD CUP 99 is one such widely used popular IDS dataset. KDD CUP 99 dataset is obsolete because many of the attacks performed to create the dataset do not exist now. Moreover, the features constructed do not pertain to network activities. It is a mixture of host based as well as network based features. So, the need for a new dataset, conforming to the present network activities and attack vectors, is inevitable. This motivated us to come out with a NIDS dataset, SSENet-2011 dataset, in this paper. SSENet-2011 dataset was constructed using Tstat tool. A real time experiment was performed, the network packets were captured, features were constructed, and the dataset was created. The created SSENet-2011 dataset was compared with the KDD CUP 99 dataset. From the experiments it is evident that a closed and secluded network such as SSENet and Tstat tool help researchers in developing and analyzing a new dataset which reflects the changing scenario of network activities.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
