HOMOLIAK, Ivan, Kamil MALINKA a Petr HANÁČEK. ASNM Datasets: A Collection of Network Attacks for Testing of Adversarial Classifiers and Intrusion Detectors. IEEE Access. PISCATAWAY: IEEE Xplore Digital Library, 2020, roč. 8, s. 112427-112453. ISSN 2169-3536. Dostupné z: https://dx.doi.org/10.1109/ACCESS.2020.3001768.
Další formáty:   BibTeX LaTeX RIS
Základní údaje
Originální název ASNM Datasets: A Collection of Network Attacks for Testing of Adversarial Classifiers and Intrusion Detectors
Autoři HOMOLIAK, Ivan, Kamil MALINKA a Petr HANÁČEK.
Vydání IEEE Access, PISCATAWAY, IEEE Xplore Digital Library, 2020, 2169-3536.
Další údaje
Originální jazyk angličtina
Typ výsledku Článek v odborném periodiku
Utajení není předmětem státního či obchodního tajemství
Impakt faktor Impact factor: 3.367
Doi http://dx.doi.org/10.1109/ACCESS.2020.3001768
UT WoS 000546414500012
Klíčová slova anglicky Feature extraction; Protocols; Network intrusion detection; Servers; Detectors; Dataset; network intrusion detection; adversarial classification; evasions; ASNM features; buffer overflow; non-payload-based obfuscations; tunneling obfuscations
Příznaky Mezinárodní význam, Recenzováno
Změnil Změnil: Mgr. Kamil Malinka, Ph.D., učo 49967. Změněno: 14. 9. 2021 09:35.
Anotace
In this paper, we present three datasets that have been built from network traffic traces using ASNM (Advanced Security Network Metrics) features, designed in our previous work. The first dataset was built using a state-of-the-art dataset CDX 2009 that was collected during a cyber defense exercise, while the remaining two datasets were collected by us in 2015 and 2018 using publicly available network services containing buffer overflow and other high severity vulnerabilities. These two datasets contain several adversarial obfuscation techniques that were applied onto malicious as well as legitimate traffic samples during "the execution" of their TCP network connections. Adversarial obfuscation techniques were used for evading machine learning-based network intrusion detection classifiers. We show that the performance of such classifiers can be improved when partially augmenting their training data by samples obtained from obfuscation techniques. In detail, we utilized tunneling obfuscation in HTTP(S) protocol and non-payload-based obfuscations modifying various properties of network traffic by, e.g., TCP segmentation, re-transmissions, corrupting and reordering of packets, etc. To the best of our knowledge, this is the first collection of network traffic data that contains adversarial techniques and is intended for non-payload-based network intrusion detection and adversarial classification. Provided datasets enable testing of the evasion resistance of arbitrary machine learning-based classifiers.
VytisknoutZobrazeno: 19. 9. 2024 03:51