Skip to main content
SpringerLink
Log in

Dataset Report: LID-DS 2021

  • Conference paper
  • First Online:
Critical Information Infrastructures Security (CRITIS 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13723))

  • 382 Accesses

Abstract

To advance research on system call based HIDS, we present LID-DS 2021, a recording framework, a dataset for comparative analysis, and a library for evaluating HIDS algorithms.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 44.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 59.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://github.com/DjPasco/AWSCTD - date accessed: October 17, 2022.

  2. 2.

    A list of the LID-DS-2021 scenarios including their description, classification by simple/multi-step, and their source code can be found at https://github.com/LID-DS/LID-DS/wiki/Scenarios.

  3. 3.

    Common Vulnerabilities and Exposures (CVE): a reference-method for publicly known information-security vulnerabilities and exposures. See: https://cve.mitre.org/.

  4. 4.

    Example code: https://github.com/LID-DS/LID-DS/wiki/ids_example.

  5. 5.

    https://github.com/LID-DS/LID-DS.

References

  1. Arp, D., et al.: Dos and don’ts of machine learning in computer security. In: Proceedings of the USENIX Security Symposium (2022)

    Google Scholar 

  2. Čeponis, D., Goranin, N.: Towards a robust method of dataset generation of malicious activity for anomaly-based HIDS training and presentation of AWSCTD dataset. Baltic J. Modern Comput. 6(3), 217–234 (2018)

    Article  Google Scholar 

  3. Creech, G.: Developing a high-accuracy cross platform host-based intrusion detection system capable of reliably detecting zero-day attacks, Ph. D. thesis, UNSW Sydney (2014)

    Google Scholar 

  4. Debar, H., Dacier, M., Wespi, A.: Towards a taxonomy of intrusion-detection systems. Comput. Netw. 31(8), 805–822 (1999)

    Article  Google Scholar 

  5. Deng, S.: Empirical model of www document arrivals at access link. In: Proceedings of ICC/SUPERCOMM1996-International Conference on Communications, vol. 3, pp. 1797–1802. IEEE (1996)

    Google Scholar 

  6. Grimmer, M., Kaelble, T., Rahm, E.: Improving host-based intrusion detection using thread information. In: Meng, W., Katsikas, S.K. (eds.) EISA 2021. CCIS, vol. 1403, pp. 159–177. Springer, Cham (2022). https://doi.org/10.1007/978-3-030-93956-4_10

    Chapter  Google Scholar 

  7. Grimmer, M., Röhling, M.M., Kreusel, D., Ganz, S.: A modern and sophisticated host based intrusion detection data set. IT-Sicherheit als Voraussetzung für eine erfolgreiche Digitalisierung, pp. 135–145 (2019)

    Google Scholar 

  8. Han, X., Pasquier, T., Bates, A., Mickens, J., Seltzer, M.: Unicorn: runtime provenance-based detector for advanced persistent threats. arXiv preprint arXiv:2001.01525 (2020)

  9. Hofmeyr, S.A., Forrest, S., Somayaji, A.: Intrusion detection using sequences of system calls. J. Comput. Secur. 6(3), 151–180 (1998)

    Article  Google Scholar 

  10. MIT Lincoln Laboratory: 1998 darpa intrusion detection evaluation data set. https://www.ll.mit.edu/r-d/datasets/1998-darpa-intrusion-detection-evaluation-dataset (1998). Accessed 10 Mar 2022

  11. MIT Lincoln Laboratory: 1999 darpa intrusion detection evaluation data set. https://www.ll.mit.edu/r-d/datasets/1999-darpa-intrusion-detection-evaluation-dataset (1998). Accessed 10 Mar 2022

  12. Park, D., Kim, S., Kwon, H., Shin, D., Shin, D.: Host-based intrusion detection model using Siamese network. IEEE Access 9, 76614–76623 (2021)

    Article  Google Scholar 

  13. Pendleton, M., Xu, S.: A dataset generator for next generation system call host intrusion detection systems. In: MILCOM 2017–2017 IEEE Military Communications Conference (MILCOM), pp. 231–236. IEEE (2017)

    Google Scholar 

  14. Röhling, M.M., Grimmer, M., Kreubel, D., Hoffmann, J., Franczyk, B.: Standardized container virtualization approach for collecting host intrusion detection data. In: 2019 Federated Conference on Computer Science and Information Systems (FedCSIS), pp. 459–463. IEEE (2019)

    Google Scholar 

  15. Wagner, D., Soto, P.: Mimicry attacks on host-based intrusion detection systems. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, pp. 255–264 (2002)

    Google Scholar 

  16. Wunderlich, S., Ring, M., Landes, D., Hotho, A.: Comparison of system call representations for intrusion detection. In: Martínez Álvarez, F., Troncoso Lora, A., Sáez Muñoz, J.A., Quintián, H., Corchado, E. (eds.) CISIS/ICEUTE -2019. AISC, vol. 951, pp. 14–24. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-20005-3_2

    Chapter  Google Scholar 

Download references

Acknowledgement

This work was supported by the German Federal Ministry of Education and Research(BMBF, 01IS18026B) by funding the competence center for Big Data and AI “ScaDS.AI” Dresden/Leipzig.

Author information

Authors and Affiliations

  1. Leipzig University, Augustuspl. 10, 04109, Leipzig, Germany

    Martin Grimmer, Tim Kaelble, Felix Nirsberger, Emmely Schulze, Toni Rucks, Jörn Hoffmann & Erhard Rahm

Authors
  1. Martin Grimmer
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Tim Kaelble
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Felix Nirsberger
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Emmely Schulze
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Toni Rucks
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Jörn Hoffmann
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Erhard Rahm
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Martin Grimmer .

Editor information

Editors and Affiliations

  1. Lucerne University of Applied Sciences, Lucerne, Switzerland

    Bernhard Hämmerli

  2. Universität der Bundeswehr München, Neubiberg, Germany

    Udo Helmbrecht

  3. Universität der Bundeswehr München, Neubiberg, Germany

    Wolfgang Hommel

  4. Universität der Bundeswehr München, Neubiberg, Germany

    Leonhard Kunczik

  5. Universität der Bundeswehr München, Neubiberg, Germany

    Stefan Pickl

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Grimmer, M. et al. (2023). Dataset Report: LID-DS 2021. In: Hämmerli, B., Helmbrecht, U., Hommel, W., Kunczik, L., Pickl, S. (eds) Critical Information Infrastructures Security. CRITIS 2022. Lecture Notes in Computer Science, vol 13723. Springer, Cham. https://doi.org/10.1007/978-3-031-35190-7_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-35190-7_6

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-35189-1

  • Online ISBN: 978-3-031-35190-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation