A Traffic Merging and Generation Framework for Realistic Synthesis of Network Traffic

C. Gündogan, S. Passarelli, P. Hillmann, Christian Dietz, L. Stiemert

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademic

    77 Downloads (Pure)

    Abstract

    The Internet is steadily growing and is of increasing importance for our economy and society. Due to this increased importance it is also in the focus of attacks, e.g. distributed denial of service (DDoS) attacks. As attackers dynamically change their attack behaviour, novel detection approaches that are able to automatically adjust to these dynamic attacks are needed. To train and test such network anomaly detection systems, it is necessary to provide realistic data. As of today, this area of research suffers from the lack of publicly available datasets that can be used to train and test anomaly detection systems and are exchangeable to allow reproducible research. Therefore, we propose a novel framework that enables researchers and developers to generate customizable synthetic datasets. It not only allows to generate fully-synthetic network traffic, but also to generate semi-synthetic network traffic by merging of multiple network captures from reallive environments. Further, it allows the mapping of IP addresses as well as the modi﬿cation of other header ﬿elds, if desired. This enables researchers and developers to exchange network traces from sensitive environments without revealing any sensitive end-user related information, while perceiving the relevant characteristics of the network(s) and attack(s). In the following, we provide a description of, the problem, our concept and the features of our solution, the architecture and functional model and ﬿nally provide a short summary together with an outlook for future work.
    Original languageUndefined
    Title of host publicationProceedings of the 11th SPRING graduate workshop of the special interest group Security - Intrusion Detection and Response (SIDAR) of the German Informatics Society (GI) (SPRING 2016)
    Place of PublicationBonn, Germany
    PublisherSpecial interest group Security - Intrusion Detection and Response (SIDAR) German Informatics Society (GI)
    Pages9-10
    Number of pages2
    Publication statusPublished - Jun 2016

    Publication series

    NameSIDAR reports
    PublisherSpecial interest group Security - Intrusion Detection and Response (SIDAR) German Informatics Society (GI)
    VolumeSR-2016-01
    ISSN (Print)2190-846X

    Keywords

    • Synthetic Network Traffic
    • EWI-27846
    • Testing IDS

    Cite this

    Gündogan, C., Passarelli, S., Hillmann, P., Dietz, C., & Stiemert, L. (2016). A Traffic Merging and Generation Framework for Realistic Synthesis of Network Traffic. In Proceedings of the 11th SPRING graduate workshop of the special interest group Security - Intrusion Detection and Response (SIDAR) of the German Informatics Society (GI) (SPRING 2016) (pp. 9-10). (SIDAR reports; Vol. SR-2016-01). Bonn, Germany: Special interest group Security - Intrusion Detection and Response (SIDAR) German Informatics Society (GI).
    Gündogan, C. ; Passarelli, S. ; Hillmann, P. ; Dietz, Christian ; Stiemert, L. / A Traffic Merging and Generation Framework for Realistic Synthesis of Network Traffic. Proceedings of the 11th SPRING graduate workshop of the special interest group Security - Intrusion Detection and Response (SIDAR) of the German Informatics Society (GI) (SPRING 2016). Bonn, Germany : Special interest group Security - Intrusion Detection and Response (SIDAR) German Informatics Society (GI), 2016. pp. 9-10 (SIDAR reports).
    @inproceedings{f2e91f3ebc8143298df38f6ef7654f14,
    title = "A Traffic Merging and Generation Framework for Realistic Synthesis of Network Traffic",
    abstract = "The Internet is steadily growing and is of increasing importance for our economy and society. Due to this increased importance it is also in the focus of attacks, e.g. distributed denial of service (DDoS) attacks. As attackers dynamically change their attack behaviour, novel detection approaches that are able to automatically adjust to these dynamic attacks are needed. To train and test such network anomaly detection systems, it is necessary to provide realistic data. As of today, this area of research suffers from the lack of publicly available datasets that can be used to train and test anomaly detection systems and are exchangeable to allow reproducible research. Therefore, we propose a novel framework that enables researchers and developers to generate customizable synthetic datasets. It not only allows to generate fully-synthetic network traffic, but also to generate semi-synthetic network traffic by merging of multiple network captures from reallive environments. Further, it allows the mapping of IP addresses as well as the modi﬿cation of other header ﬿elds, if desired. This enables researchers and developers to exchange network traces from sensitive environments without revealing any sensitive end-user related information, while perceiving the relevant characteristics of the network(s) and attack(s). In the following, we provide a description of, the problem, our concept and the features of our solution, the architecture and functional model and ﬿nally provide a short summary together with an outlook for future work.",
    keywords = "Synthetic Network Traffic, EWI-27846, Testing IDS",
    author = "C. G{\"u}ndogan and S. Passarelli and P. Hillmann and Christian Dietz and L. Stiemert",
    year = "2016",
    month = "6",
    language = "Undefined",
    series = "SIDAR reports",
    publisher = "Special interest group Security - Intrusion Detection and Response (SIDAR) German Informatics Society (GI)",
    pages = "9--10",
    booktitle = "Proceedings of the 11th SPRING graduate workshop of the special interest group Security - Intrusion Detection and Response (SIDAR) of the German Informatics Society (GI) (SPRING 2016)",

    }

    Gündogan, C, Passarelli, S, Hillmann, P, Dietz, C & Stiemert, L 2016, A Traffic Merging and Generation Framework for Realistic Synthesis of Network Traffic. in Proceedings of the 11th SPRING graduate workshop of the special interest group Security - Intrusion Detection and Response (SIDAR) of the German Informatics Society (GI) (SPRING 2016). SIDAR reports, vol. SR-2016-01, Special interest group Security - Intrusion Detection and Response (SIDAR) German Informatics Society (GI), Bonn, Germany, pp. 9-10.

    A Traffic Merging and Generation Framework for Realistic Synthesis of Network Traffic. / Gündogan, C.; Passarelli, S.; Hillmann, P.; Dietz, Christian; Stiemert, L.

    Proceedings of the 11th SPRING graduate workshop of the special interest group Security - Intrusion Detection and Response (SIDAR) of the German Informatics Society (GI) (SPRING 2016). Bonn, Germany : Special interest group Security - Intrusion Detection and Response (SIDAR) German Informatics Society (GI), 2016. p. 9-10 (SIDAR reports; Vol. SR-2016-01).

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademic

    TY - GEN

    T1 - A Traffic Merging and Generation Framework for Realistic Synthesis of Network Traffic

    AU - Gündogan, C.

    AU - Passarelli, S.

    AU - Hillmann, P.

    AU - Dietz, Christian

    AU - Stiemert, L.

    PY - 2016/6

    Y1 - 2016/6

    N2 - The Internet is steadily growing and is of increasing importance for our economy and society. Due to this increased importance it is also in the focus of attacks, e.g. distributed denial of service (DDoS) attacks. As attackers dynamically change their attack behaviour, novel detection approaches that are able to automatically adjust to these dynamic attacks are needed. To train and test such network anomaly detection systems, it is necessary to provide realistic data. As of today, this area of research suffers from the lack of publicly available datasets that can be used to train and test anomaly detection systems and are exchangeable to allow reproducible research. Therefore, we propose a novel framework that enables researchers and developers to generate customizable synthetic datasets. It not only allows to generate fully-synthetic network traffic, but also to generate semi-synthetic network traffic by merging of multiple network captures from reallive environments. Further, it allows the mapping of IP addresses as well as the modi﬿cation of other header ﬿elds, if desired. This enables researchers and developers to exchange network traces from sensitive environments without revealing any sensitive end-user related information, while perceiving the relevant characteristics of the network(s) and attack(s). In the following, we provide a description of, the problem, our concept and the features of our solution, the architecture and functional model and ﬿nally provide a short summary together with an outlook for future work.

    AB - The Internet is steadily growing and is of increasing importance for our economy and society. Due to this increased importance it is also in the focus of attacks, e.g. distributed denial of service (DDoS) attacks. As attackers dynamically change their attack behaviour, novel detection approaches that are able to automatically adjust to these dynamic attacks are needed. To train and test such network anomaly detection systems, it is necessary to provide realistic data. As of today, this area of research suffers from the lack of publicly available datasets that can be used to train and test anomaly detection systems and are exchangeable to allow reproducible research. Therefore, we propose a novel framework that enables researchers and developers to generate customizable synthetic datasets. It not only allows to generate fully-synthetic network traffic, but also to generate semi-synthetic network traffic by merging of multiple network captures from reallive environments. Further, it allows the mapping of IP addresses as well as the modi﬿cation of other header ﬿elds, if desired. This enables researchers and developers to exchange network traces from sensitive environments without revealing any sensitive end-user related information, while perceiving the relevant characteristics of the network(s) and attack(s). In the following, we provide a description of, the problem, our concept and the features of our solution, the architecture and functional model and ﬿nally provide a short summary together with an outlook for future work.

    KW - Synthetic Network Traffic

    KW - EWI-27846

    KW - Testing IDS

    M3 - Conference contribution

    T3 - SIDAR reports

    SP - 9

    EP - 10

    BT - Proceedings of the 11th SPRING graduate workshop of the special interest group Security - Intrusion Detection and Response (SIDAR) of the German Informatics Society (GI) (SPRING 2016)

    PB - Special interest group Security - Intrusion Detection and Response (SIDAR) German Informatics Society (GI)

    CY - Bonn, Germany

    ER -

    Gündogan C, Passarelli S, Hillmann P, Dietz C, Stiemert L. A Traffic Merging and Generation Framework for Realistic Synthesis of Network Traffic. In Proceedings of the 11th SPRING graduate workshop of the special interest group Security - Intrusion Detection and Response (SIDAR) of the German Informatics Society (GI) (SPRING 2016). Bonn, Germany: Special interest group Security - Intrusion Detection and Response (SIDAR) German Informatics Society (GI). 2016. p. 9-10. (SIDAR reports).