TY - GEN
T1 - A Traffic Merging and Generation Framework for Realistic Synthesis of Network Traffic
AU - Gündogan, C.
AU - Passarelli, S.
AU - Hillmann, P.
AU - Dietz, Christian
AU - Stiemert, L.
PY - 2016/6
Y1 - 2016/6
N2 - The Internet is steadily growing and is of increasing importance for our economy and society. Due to this increased importance it is also in the focus of attacks, e.g. distributed denial of service (DDoS) attacks. As attackers dynamically change their attack behaviour, novel detection approaches that are able to automatically adjust to these dynamic attacks are needed. To train and test such network anomaly detection systems, it is necessary to provide realistic data. As of today, this area of research suffers from the lack of publicly available datasets that can be used to train and test anomaly detection systems and are exchangeable to allow reproducible research. Therefore, we propose a novel framework that enables researchers and developers to generate customizable synthetic datasets. It not only allows to generate fully-synthetic network traffic, but also to generate semi-synthetic network traffic by merging of multiple network captures from reallive environments. Further, it allows the mapping of IP addresses as well as the modication of other header elds, if desired. This enables researchers and developers to exchange network traces from sensitive environments without revealing any sensitive end-user related information, while perceiving the relevant characteristics of the network(s) and attack(s). In the following, we provide a description of, the problem, our concept and the features of our solution, the architecture and functional model and nally provide a short summary together with an outlook for future work.
AB - The Internet is steadily growing and is of increasing importance for our economy and society. Due to this increased importance it is also in the focus of attacks, e.g. distributed denial of service (DDoS) attacks. As attackers dynamically change their attack behaviour, novel detection approaches that are able to automatically adjust to these dynamic attacks are needed. To train and test such network anomaly detection systems, it is necessary to provide realistic data. As of today, this area of research suffers from the lack of publicly available datasets that can be used to train and test anomaly detection systems and are exchangeable to allow reproducible research. Therefore, we propose a novel framework that enables researchers and developers to generate customizable synthetic datasets. It not only allows to generate fully-synthetic network traffic, but also to generate semi-synthetic network traffic by merging of multiple network captures from reallive environments. Further, it allows the mapping of IP addresses as well as the modication of other header elds, if desired. This enables researchers and developers to exchange network traces from sensitive environments without revealing any sensitive end-user related information, while perceiving the relevant characteristics of the network(s) and attack(s). In the following, we provide a description of, the problem, our concept and the features of our solution, the architecture and functional model and nally provide a short summary together with an outlook for future work.
KW - Synthetic Network Traffic
KW - EWI-27846
KW - Testing IDS
M3 - Conference contribution
T3 - SIDAR reports
SP - 9
EP - 10
BT - Proceedings of the 11th SPRING graduate workshop of the special interest group Security - Intrusion Detection and Response (SIDAR) of the German Informatics Society (GI) (SPRING 2016)
PB - Special interest group Security - Intrusion Detection and Response (SIDAR) German Informatics Society (GI)
CY - Bonn, Germany
T2 - 11th SPRING graduate workshop of the special interest group Security - Intrusion Detection and Response (SIDAR) of the German Informatics Society (GI) (SPRING 2016)
Y2 - 2 June 2016 through 3 June 2016
ER -