Creation of Flow-Based Data Sets for Intrusion Detection

Abstract:

Publicly available labelled data sets are necessary for evaluating anomaly-based Intrusion Detection Systems (IDSs). However, existing data sets are often not up-to-date or not yet published because of privacy concerns. This paper identifies requirements for good data sets and proposes an approach for their generation. The key idea is to use a test environment and emulate realistic user behaviour with parameterised scripts on the clients. Comprehensive logging mechanisms provide additional information which may be used for a better understanding of the inner dynamics of an IDS. Finally, the proposed approach is used to generate the flow-based CIDDS-002 data set.


AUTHORS

Photo of Markus Ring

Faculty of Electrical Engineering and Informatics Coburg University of Applied Sciences Coburg,
Germany

Markus Ring is a Research Associate at Coburg University of Applied Sciences and Arts where he is working on his doctoral thesis. He previously studied Informatics at Coburg. He has previously worked as a Network Administrator at T- Systems Enterprise GmbH. His research interests include the generation of realistic flow-based network data and the application of data-mining methods for cyber-security intrusion detection.

Photo of Sarah Wunderlich

Faculty of Electrical Engineering and Informatics Coburg University of Applied Sciences Coburg,
Germany

Sarah Wunderlich is a Research Associate at the Coburg University of Applied Sciences and Arts. She earned a master’s degree in Computer Science from Coburg in 2016. She has also worked as a Lecturer in Data Mining at Coburg. Her research interests include the generation of realistic flow-based network data and the application of data-mining methods for cyber-security intrusion detection.

Photo of Dominik Grüdl

Faculty of Electrical Engineering and Informatics Coburg University of Applied Sciences Coburg,
Germany

Dominik Grüdl is a graduate student at Coburg University of Applied Sciences and Arts, where he serves on Dr. Dieter Landes’ research team investigating Intrusion Detection Systems (IDSs). He completed undergraduate studies in Informatics at Coburg.

Photo of Dr. Dieter Landes

Faculty of Electrical Engineering and Informatics Coburg University of Applied Sciences Coburg,
Germany

Dr. Dieter Landes is a Professor of Software Engineering and Database Systems at Coburg University of Applied Sciences and Arts. He holds a diploma in Informatics from the University of Erlangen-Nuremberg, and a doctorate in Knowledge-Based Systems from the University of Karlsruhe. After several years working in industry— including time with Daimler Research—he joined Coburg in 1999. He has published 70 papers in journals, books, and at conferences. His research interests include requirements engineering, software- engineering education, learning analytics, and data mining.

Photo of Dr. Andreas Hotho

Data Mining and Information Retrieval Group University of Würzburg, Würzburg,
Germany

Dr. Andreas Hotho is a Professor at the University of Würzburg. He earned a doctorate from the University of Karlsruhe, where he worked from 1999 to 2004 at the Institute of Applied Informatics and Formal Description Methods (AIFB) in the areas of text, data, and web mining; semantic web; and information retrieval. From 2004 to 2009 he was a Senior Researcher at the University of Kassel. In 2011, he joined the L3S. Since 2005, he has been leading the development of BibSonomy, the social bookmark and publication-sharing platform. He has published more than 100 articles in journals and at conferences, has co-edited several special issues and books, and has co-chaired several workshops. He has worked as a reviewer for journals and has been a member of international conferences and workshop program committees. His research focuses on Data Science—in particular, on the combination of data mining, information retrieval, and the semantic web.

Journal of Information Warfare

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

Quick Links

View the latest issue of JIW.

Latest Edition

Purchase a subscription to JIW.

Subscribe

Keywords

C

C2
C2S
CDX
CIA
CIP
CPS

I

IA
ICS

S

SOA

X

XRY

Quill Logo

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

SUBSCRIBE NOW

Get in touch

  • Journal of Information Warfare
    114 Ballard Street
    Yorktown, VA
    23690
  • 757.871.3949
  • jiw@gbpts.com