Network Intrusion Detection: A Comprehensive Analysis of CIC-IDS2017

Arnaud Rosay; Eloïse Cheval; Florent Carlier; Pascal Leroux

doi:10.5220/0010774000003120

Network Intrusion Detection: A Comprehensive Analysis of CIC-IDS2017

Arnaud Rosay, Eloïse Cheval, Florent Carlier, Pascal Leroux

2022

Abstract

With an ever increasing number of connected devices, network intrusion detection is more important than ever. Over the past few decades, several datasets were created to address this security issue. Analysis of older datasets, such as KDD-Cup99 and NSL-KDD, uncovered problems, paving the way for newer datasets that solved the identified issues. Among the recent datasets for network intrusion detection, CIC-IDS2017 is now widely used. It presents the advantage of being available as raw data and as flow-based features in CSV files. In this paper, we analyze this dataset in detail and report several problems we discovered in the flows extracted from the network packets. To address these issues, we propose a new feature extraction tool called LycoSTand, available as open source. We create LYCOS-IDS2017 dataset by extracting features from CIC-IDS2017 raw data files. The performance comparison between the original and the new datasets shows significant improvements for all machine learning algorithms we tested. Beyond the improvements on CIC- IDS2017, we discuss other datasets that are affected by the same problems and for which LycoSTand could be used to generate improved network intrusion detection datasets.

Download

Paper Citation

in Harvard Style

Rosay A., Cheval E., Carlier F. and Leroux P. (2022). Network Intrusion Detection: A Comprehensive Analysis of CIC-IDS2017. In Proceedings of the 8th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-553-1, pages 25-36. DOI: 10.5220/0010774000003120

in Bibtex Style

@conference{icissp22,
author={Arnaud Rosay and Eloïse Cheval and Florent Carlier and Pascal Leroux},
title={Network Intrusion Detection: A Comprehensive Analysis of CIC-IDS2017},
booktitle={Proceedings of the 8th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2022},
pages={25-36},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0010774000003120},
isbn={978-989-758-553-1},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 8th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Network Intrusion Detection: A Comprehensive Analysis of CIC-IDS2017
SN - 978-989-758-553-1
AU - Rosay A.
AU - Cheval E.
AU - Carlier F.
AU - Leroux P.
PY - 2022
SP - 25
EP - 36
DO - 10.5220/0010774000003120