ASNM Datasets: A Collection of Network Attacks for Testing of
Adversarial Classifiers and Intrusion Detectors

J 2020

ASNM Datasets: A Collection of Network Attacks for Testing of Adversarial Classifiers and Intrusion Detectors

HOMOLIAK, Ivan, Kamil MALINKA a Petr HANÁČEK

Základní údaje

Originální název

ASNM Datasets: A Collection of Network Attacks for Testing of Adversarial Classifiers and Intrusion Detectors

Autoři

HOMOLIAK, Ivan, Kamil MALINKA a Petr HANÁČEK

Vydání

IEEE Access, PISCATAWAY, IEEE Xplore Digital Library, 2020, 2169-3536

Další údaje

Jazyk

angličtina

Typ výsledku

Článek v odborném periodiku

Utajení

není předmětem státního či obchodního tajemství

Impakt faktor

Impact factor: 3.367

DOI

http://dx.doi.org/10.1109/ACCESS.2020.3001768

UT WoS

000546414500012

Klíčová slova anglicky

Feature extraction; Protocols; Network intrusion detection; Servers; Detectors; Dataset; network intrusion detection; adversarial classification; evasions; ASNM features; buffer overflow; non-payload-based obfuscations; tunneling obfuscations

Příznaky

Mezinárodní význam, Recenzováno

Změněno: 14. 9. 2021 09:35, Mgr. Kamil Malinka, Ph.D.

Anotace

V originále

In this paper, we present three datasets that have been built from network traffic traces using ASNM (Advanced Security Network Metrics) features, designed in our previous work. The first dataset was built using a state-of-the-art dataset CDX 2009 that was collected during a cyber defense exercise, while the remaining two datasets were collected by us in 2015 and 2018 using publicly available network services containing buffer overflow and other high severity vulnerabilities. These two datasets contain several adversarial obfuscation techniques that were applied onto malicious as well as legitimate traffic samples during "the execution" of their TCP network connections. Adversarial obfuscation techniques were used for evading machine learning-based network intrusion detection classifiers. We show that the performance of such classifiers can be improved when partially augmenting their training data by samples obtained from obfuscation techniques. In detail, we utilized tunneling obfuscation in HTTP(S) protocol and non-payload-based obfuscations modifying various properties of network traffic by, e.g., TCP segmentation, re-transmissions, corrupting and reordering of packets, etc. To the best of our knowledge, this is the first collection of network traffic data that contains adversarial techniques and is intended for non-payload-based network intrusion detection and adversarial classification. Provided datasets enable testing of the evasion resistance of arbitrary machine learning-based classifiers.

Citovat

HOMOLIAK, Ivan, Kamil MALINKA a Petr HANÁČEK. ASNM Datasets: A Collection of Network Attacks for Testing of Adversarial Classifiers and Intrusion Detectors. IEEE Access. PISCATAWAY: IEEE Xplore Digital Library, 2020, roč. 8, s. 112427-112453. ISSN 2169-3536. Dostupné z: https://dx.doi.org/10.1109/ACCESS.2020.3001768.

@article{1791748,
   author = {Homoliak, Ivan and Malinka, Kamil and Hanáček, Petr},
   article_location = {PISCATAWAY},
   doi = {http://dx.doi.org/10.1109/ACCESS.2020.3001768},
   keywords = {Feature extraction; Protocols; Network intrusion detection; Servers; Detectors; Dataset; network intrusion detection; adversarial classification; evasions; ASNM features; buffer overflow; non-payload-based obfuscations; tunneling obfuscations},
   language = {eng},
   issn = {2169-3536},
   journal = {IEEE Access},
   title = {ASNM Datasets: A Collection of Network Attacks for Testing of Adversarial Classifiers and Intrusion Detectors},
   volume = {8},
   year = {2020}
}

TY  - JOUR
ID  - 1791748
AU  - Homoliak, Ivan - Malinka, Kamil - Hanáček, Petr
PY  - 2020
TI  - ASNM Datasets: A Collection of Network Attacks for Testing of Adversarial Classifiers and Intrusion Detectors
JF  - IEEE Access
VL  - 8
SP  - 112427-112453
EP  - 112427-112453
PB  - IEEE Xplore Digital Library
SN  - 21693536
KW  - Feature extraction
KW  - Protocols
KW  - Network intrusion detection
KW  - Servers
KW  - Detectors
KW  - Dataset
KW  - network intrusion detection
KW  - adversarial classification
KW  - evasions
KW  - ASNM features
KW  - buffer overflow
KW  - non-payload-based obfuscations
KW  - tunneling obfuscations
N2  - In this paper, we present three datasets that have been built from network traffic traces using ASNM (Advanced Security Network Metrics) features, designed in our previous work. The first dataset was built using a state-of-the-art dataset CDX 2009 that was collected during a cyber defense exercise, while the remaining two datasets were collected by us in 2015 and 2018 using publicly available network services containing buffer overflow and other high severity vulnerabilities. These two datasets contain several adversarial obfuscation techniques that were applied onto malicious as well as legitimate traffic samples during "the execution" of their TCP network connections. Adversarial obfuscation techniques were used for evading machine learning-based network intrusion detection classifiers. We show that the performance of such classifiers can be improved when partially augmenting their training data by samples obtained from obfuscation techniques. In detail, we utilized tunneling obfuscation in HTTP(S) protocol and non-payload-based obfuscations modifying various properties of network traffic by, e.g., TCP segmentation, re-transmissions, corrupting and reordering of packets, etc. To the best of our knowledge, this is the first collection of network traffic data that contains adversarial techniques and is intended for non-payload-based network intrusion detection and adversarial classification. Provided datasets enable testing of the evasion resistance of arbitrary machine learning-based classifiers.
ER  -

HOMOLIAK, Ivan, Kamil MALINKA a Petr HANÁČEK. ASNM Datasets: A Collection of Network Attacks for Testing of Adversarial Classifiers and Intrusion Detectors. \textit{IEEE Access}. PISCATAWAY: IEEE Xplore Digital Library, 2020, roč.~8, s.~112427-112453. ISSN~2169-3536. Dostupné z: https://dx.doi.org/10.1109/ACCESS.2020.3001768.

Podrobný výpis o publikaci