Authors:
Iman Sharafaldin
;
Arash Habibi Lashkari
and
Ali A. Ghorbani
Affiliation:
University of New Brunswick (UNB), Canada
Keyword(s):
Intrusion Detection, IDS Dataset, DoS, Web Attack, Infiltration, Brute Force.
Related
Ontology
Subjects/Areas/Topics:
Internet Technology
;
Intrusion Detection and Response
;
Web Information Systems and Technologies
Abstract:
With exponential growth in the size of computer networks and developed applications, the significant increasing
of the potential damage that can be caused by launching attacks is becoming obvious. Meanwhile,
Intrusion Detection Systems (IDSs) and Intrusion Prevention Systems (IPSs) are one of the most important
defense tools against the sophisticated and ever-growing network attacks. Due to the lack of adequate dataset,
anomaly-based approaches in intrusion detection systems are suffering from accurate deployment, analysis
and evaluation. There exist a number of such datasets such as DARPA98, KDD99, ISC2012, and ADFA13
that have been used by the researchers to evaluate the performance of their proposed intrusion detection and
intrusion prevention approaches. Based on our study over eleven available datasets since 1998, many such
datasets are out of date and unreliable to use. Some of these datasets suffer from lack of traffic diversity and
volumes, some of them do not cover the varie
ty of attacks, while others anonymized packet information and
payload which cannot reflect the current trends, or they lack feature set and metadata. This paper produces
a reliable dataset that contains benign and seven common attack network flows, which meets real world criteria
and is publicly avaliable. Consequently, the paper evaluates the performance of a comprehensive set of
network traffic features and machine learning algorithms to indicate the best set of features for detecting the
certain attack categories.
(More)