ABSTRACT
Research on network intrusion detection (NID) requires a large amount of traffic data with reliable labels indicating which packets are associated with particular network attacks. In this paper, we implement a prototype of an automated system to create labeled packet datasets for NID research. In this paper, we implement a prototype of an automated system to assign labels to packet datasets for NID research. By re-transmitting pre-captured packet data in a controlled network environment pre-installed with a network intrusion detection system, the system automatically assigns labels to attack packets within the packet data. In the feasibility study, we investigate factors that may influence the detection accuracy of the attacking packets and show an example using the prototype to label a packet file. Finally, we show an efficient way to locate the packets associated with issued NID alerts using this prototype.
Supplemental Material
- Fred Klassen. 2020. GitHub - appneta/tcpreplay: Pcap editing and replay tools for *NIX and Windows. https://github.com/appneta/tcpreplay (visited on 01/01/2021).Google Scholar
- Martin Roesch. 1999. Snort: lightweight intrusion detection for networks. In Proceedings of the 13th Conference on Systems Administration (LISA-99), Seattle, WA, USA, November 7--12, 1999. USENIX, 229--238.Google ScholarDigital Library
- Ali Shiravi, Hadi Shiravi, Mahbod Tavallaee, and Ali A. Ghorbani. 2012. Toward developing a systematic approach to generate benchmark datasets for intrusion detection. Computers & Security, Vol. 31, 3 (May 2012), 357--374. https://doi.org/10.1016/j.cose.2011.12.012Google ScholarDigital Library
Index Terms
- Towards Efficient Labeling of Network Incident Datasets Using Tcpreplay and Snort
Recommendations
Study of snort-based IDS
ICWET '10: Proceedings of the International Conference and Workshop on Emerging Trends in TechnologyGeneral trend in industry is a shift from Intrusion Detection Systems (IDS) to Intrusion Prevention Systems (IPS). In this paper, we have investigated the motivations behind this trend. In addition, we have surveyed some of the available IDS/IPS tools. ...
Enhancing byte-level network intrusion detection signatures with context
CCS '03: Proceedings of the 10th ACM conference on Computer and communications securityMany network intrusion detection systems (NIDS) use byte sequences as signatures to detect malicious activity. While being highly efficient, they tend to suffer from a high false-positive rate. We develop the concept of contextual signatures as an ...
Design of a Snort-Based Hybrid Intrusion Detection System
IWANN '09: Proceedings of the 10th International Work-Conference on Artificial Neural Networks: Part II: Distributed Computing, Artificial Intelligence, Bioinformatics, Soft Computing, and Ambient Assisted LivingComputer security has become a major problem in our society. In particular, computer network security is concerned with preventing the intrusion of an unauthorized person into a network of computers. An intrusion detection system (IDS) is a tool to ...
Comments