The Internet is steadily growing and is of increasing importance for our economy and society. Due to this increased importance it is also in the focus of attacks, e.g. distributed denial of service (DDoS) attacks. As attackers dynamically change their attack behaviour, novel detection approaches that are able to automatically adjust to these dynamic attacks are needed. To train and test such network anomaly detection systems, it is necessary to provide realistic data. As of today, this area of research suﬀers from the lack of publicly available datasets that can be used to train and test anomaly detection systems and are exchangeable to allow reproducible research. Therefore, we propose a novel framework that enables researchers and developers to generate customizable synthetic datasets. It not only allows to generate fully-synthetic network traﬃc, but also to generate semi-synthetic network traﬃc by merging of multiple network captures from reallive environments. Further, it allows the mapping of IP addresses as well as the modication of other header elds, if desired. This enables researchers and developers to exchange network traces from sensitive environments without revealing any sensitive end-user related information, while perceiving the relevant characteristics of the network(s) and attack(s). In the following, we provide a description of, the problem, our concept and the features of our solution, the architecture and functional model and nally provide a short summary together with an outlook for future work.
|Publisher||Special interest group Security - Intrusion Detection and Response (SIDAR) German Informatics Society (GI)|
|Workshop||11th SPRING graduate workshop of the special interest group Security - Intrusion Detection and Response (SIDAR) of the German Informatics Society (GI) (SPRING 2016)|
|Period||2/06/16 → 3/06/16|
|Other||2-3 Jun 2016|
- Synthetic Network Traffic
- Testing IDS