Abstract
Flow-based intrusion detection has recently become a promising security mechanism in high speed networks (1-10 Gbps). Despite the richness in contributions in this field, benchmarking of flow-based IDS is still an open issue. In this paper, we propose the first publicly available, labeled data set for flow-based intrusion detection. The data set aims to be realistic, i.e., representative of real traffic and complete from a labeling perspective. Our goal is to provide such enriched data set for tuning, training and evaluating ID systems. Our setup is based on a honeypot running widely deployed services and directly connected to the Internet, ensuring attack-exposure. The final data set consists of 14.2M flows and more than 98% of them has been labeled.
Original language | English |
---|---|
Title of host publication | IP Operations and Management |
Subtitle of host publication | 9th IEEE International Workshop, IPOM 2009, Venice, Italy, October 29-30, 2009. Proceedings |
Editors | Giorgio Nunzi, Caterina Scoglio, Xing Li |
Place of Publication | Berlin |
Publisher | Springer |
Pages | 39-50 |
Number of pages | 12 |
ISBN (Electronic) | 978-3-642-04968-2 |
ISBN (Print) | 978-3-642-04967-5 |
DOIs | |
Publication status | Published - 21 Oct 2009 |
Event | 9th IEEE International Workshop on IP Operations and Management, IPOM 2009 - Venice, Italy Duration: 29 Oct 2009 → 30 Oct 2009 Conference number: 9 |
Publication series
Name | Lecture Notes in Computer Science |
---|---|
Publisher | Springer |
Volume | 5843 |
ISSN (Print) | 0302-9743 |
ISSN (Electronic) | 1611-3349 |
Workshop
Workshop | 9th IEEE International Workshop on IP Operations and Management, IPOM 2009 |
---|---|
Abbreviated title | IPOM |
Country/Territory | Italy |
City | Venice |
Period | 29/10/09 → 30/10/09 |