Další formáty:
BibTeX
LaTeX
RIS
@article{1791748, author = {Homoliak, Ivan and Malinka, Kamil and Hanáček, Petr}, article_location = {PISCATAWAY}, doi = {http://dx.doi.org/10.1109/ACCESS.2020.3001768}, keywords = {Feature extraction; Protocols; Network intrusion detection; Servers; Detectors; Dataset; network intrusion detection; adversarial classification; evasions; ASNM features; buffer overflow; non-payload-based obfuscations; tunneling obfuscations}, language = {eng}, issn = {2169-3536}, journal = {IEEE Access}, title = {ASNM Datasets: A Collection of Network Attacks for Testing of Adversarial Classifiers and Intrusion Detectors}, volume = {8}, year = {2020} }
TY - JOUR ID - 1791748 AU - Homoliak, Ivan - Malinka, Kamil - Hanáček, Petr PY - 2020 TI - ASNM Datasets: A Collection of Network Attacks for Testing of Adversarial Classifiers and Intrusion Detectors JF - IEEE Access VL - 8 SP - 112427-112453 EP - 112427-112453 PB - IEEE Xplore Digital Library SN - 21693536 KW - Feature extraction KW - Protocols KW - Network intrusion detection KW - Servers KW - Detectors KW - Dataset KW - network intrusion detection KW - adversarial classification KW - evasions KW - ASNM features KW - buffer overflow KW - non-payload-based obfuscations KW - tunneling obfuscations N2 - In this paper, we present three datasets that have been built from network traffic traces using ASNM (Advanced Security Network Metrics) features, designed in our previous work. The first dataset was built using a state-of-the-art dataset CDX 2009 that was collected during a cyber defense exercise, while the remaining two datasets were collected by us in 2015 and 2018 using publicly available network services containing buffer overflow and other high severity vulnerabilities. These two datasets contain several adversarial obfuscation techniques that were applied onto malicious as well as legitimate traffic samples during "the execution" of their TCP network connections. Adversarial obfuscation techniques were used for evading machine learning-based network intrusion detection classifiers. We show that the performance of such classifiers can be improved when partially augmenting their training data by samples obtained from obfuscation techniques. In detail, we utilized tunneling obfuscation in HTTP(S) protocol and non-payload-based obfuscations modifying various properties of network traffic by, e.g., TCP segmentation, re-transmissions, corrupting and reordering of packets, etc. To the best of our knowledge, this is the first collection of network traffic data that contains adversarial techniques and is intended for non-payload-based network intrusion detection and adversarial classification. Provided datasets enable testing of the evasion resistance of arbitrary machine learning-based classifiers. ER -
HOMOLIAK, Ivan, Kamil MALINKA a Petr HANÁČEK. ASNM Datasets: A Collection of Network Attacks for Testing of Adversarial Classifiers and Intrusion Detectors. \textit{IEEE Access}. PISCATAWAY: IEEE Xplore Digital Library, 2020, roč.~8, s.~112427-112453. ISSN~2169-3536. Dostupné z: https://dx.doi.org/10.1109/ACCESS.2020.3001768.
|