A Traffic Merging and Generation Framework for Realistic Synthesis of Network Traffic

C. Gündogan, S. Passarelli, P. Hillmann, Christian Dietz, L. Stiemert

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademic

70 Downloads (Pure)

Abstract

The Internet is steadily growing and is of increasing importance for our economy and society. Due to this increased importance it is also in the focus of attacks, e.g. distributed denial of service (DDoS) attacks. As attackers dynamically change their attack behaviour, novel detection approaches that are able to automatically adjust to these dynamic attacks are needed. To train and test such network anomaly detection systems, it is necessary to provide realistic data. As of today, this area of research suffers from the lack of publicly available datasets that can be used to train and test anomaly detection systems and are exchangeable to allow reproducible research. Therefore, we propose a novel framework that enables researchers and developers to generate customizable synthetic datasets. It not only allows to generate fully-synthetic network traffic, but also to generate semi-synthetic network traffic by merging of multiple network captures from reallive environments. Further, it allows the mapping of IP addresses as well as the modi﬿cation of other header ﬿elds, if desired. This enables researchers and developers to exchange network traces from sensitive environments without revealing any sensitive end-user related information, while perceiving the relevant characteristics of the network(s) and attack(s). In the following, we provide a description of, the problem, our concept and the features of our solution, the architecture and functional model and ﬿nally provide a short summary together with an outlook for future work.
Original languageUndefined
Title of host publicationProceedings of the 11th SPRING graduate workshop of the special interest group Security - Intrusion Detection and Response (SIDAR) of the German Informatics Society (GI) (SPRING 2016)
Place of PublicationBonn, Germany
PublisherSpecial interest group Security - Intrusion Detection and Response (SIDAR) German Informatics Society (GI)
Pages9-10
Number of pages2
Publication statusPublished - Jun 2016

Publication series

NameSIDAR reports
PublisherSpecial interest group Security - Intrusion Detection and Response (SIDAR) German Informatics Society (GI)
VolumeSR-2016-01
ISSN (Print)2190-846X

Keywords

  • Synthetic Network Traffic
  • EWI-27846
  • Testing IDS

Cite this

Gündogan, C., Passarelli, S., Hillmann, P., Dietz, C., & Stiemert, L. (2016). A Traffic Merging and Generation Framework for Realistic Synthesis of Network Traffic. In Proceedings of the 11th SPRING graduate workshop of the special interest group Security - Intrusion Detection and Response (SIDAR) of the German Informatics Society (GI) (SPRING 2016) (pp. 9-10). (SIDAR reports; Vol. SR-2016-01). Bonn, Germany: Special interest group Security - Intrusion Detection and Response (SIDAR) German Informatics Society (GI).
Gündogan, C. ; Passarelli, S. ; Hillmann, P. ; Dietz, Christian ; Stiemert, L. / A Traffic Merging and Generation Framework for Realistic Synthesis of Network Traffic. Proceedings of the 11th SPRING graduate workshop of the special interest group Security - Intrusion Detection and Response (SIDAR) of the German Informatics Society (GI) (SPRING 2016). Bonn, Germany : Special interest group Security - Intrusion Detection and Response (SIDAR) German Informatics Society (GI), 2016. pp. 9-10 (SIDAR reports).
@inproceedings{f2e91f3ebc8143298df38f6ef7654f14,
title = "A Traffic Merging and Generation Framework for Realistic Synthesis of Network Traffic",
abstract = "The Internet is steadily growing and is of increasing importance for our economy and society. Due to this increased importance it is also in the focus of attacks, e.g. distributed denial of service (DDoS) attacks. As attackers dynamically change their attack behaviour, novel detection approaches that are able to automatically adjust to these dynamic attacks are needed. To train and test such network anomaly detection systems, it is necessary to provide realistic data. As of today, this area of research suffers from the lack of publicly available datasets that can be used to train and test anomaly detection systems and are exchangeable to allow reproducible research. Therefore, we propose a novel framework that enables researchers and developers to generate customizable synthetic datasets. It not only allows to generate fully-synthetic network traffic, but also to generate semi-synthetic network traffic by merging of multiple network captures from reallive environments. Further, it allows the mapping of IP addresses as well as the modi﬿cation of other header ﬿elds, if desired. This enables researchers and developers to exchange network traces from sensitive environments without revealing any sensitive end-user related information, while perceiving the relevant characteristics of the network(s) and attack(s). In the following, we provide a description of, the problem, our concept and the features of our solution, the architecture and functional model and ﬿nally provide a short summary together with an outlook for future work.",
keywords = "Synthetic Network Traffic, EWI-27846, Testing IDS",
author = "C. G{\"u}ndogan and S. Passarelli and P. Hillmann and Christian Dietz and L. Stiemert",
year = "2016",
month = "6",
language = "Undefined",
series = "SIDAR reports",
publisher = "Special interest group Security - Intrusion Detection and Response (SIDAR) German Informatics Society (GI)",
pages = "9--10",
booktitle = "Proceedings of the 11th SPRING graduate workshop of the special interest group Security - Intrusion Detection and Response (SIDAR) of the German Informatics Society (GI) (SPRING 2016)",

}

Gündogan, C, Passarelli, S, Hillmann, P, Dietz, C & Stiemert, L 2016, A Traffic Merging and Generation Framework for Realistic Synthesis of Network Traffic. in Proceedings of the 11th SPRING graduate workshop of the special interest group Security - Intrusion Detection and Response (SIDAR) of the German Informatics Society (GI) (SPRING 2016). SIDAR reports, vol. SR-2016-01, Special interest group Security - Intrusion Detection and Response (SIDAR) German Informatics Society (GI), Bonn, Germany, pp. 9-10.

A Traffic Merging and Generation Framework for Realistic Synthesis of Network Traffic. / Gündogan, C.; Passarelli, S.; Hillmann, P.; Dietz, Christian; Stiemert, L.

Proceedings of the 11th SPRING graduate workshop of the special interest group Security - Intrusion Detection and Response (SIDAR) of the German Informatics Society (GI) (SPRING 2016). Bonn, Germany : Special interest group Security - Intrusion Detection and Response (SIDAR) German Informatics Society (GI), 2016. p. 9-10 (SIDAR reports; Vol. SR-2016-01).

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademic

TY - GEN

T1 - A Traffic Merging and Generation Framework for Realistic Synthesis of Network Traffic

AU - Gündogan, C.

AU - Passarelli, S.

AU - Hillmann, P.

AU - Dietz, Christian

AU - Stiemert, L.

PY - 2016/6

Y1 - 2016/6

N2 - The Internet is steadily growing and is of increasing importance for our economy and society. Due to this increased importance it is also in the focus of attacks, e.g. distributed denial of service (DDoS) attacks. As attackers dynamically change their attack behaviour, novel detection approaches that are able to automatically adjust to these dynamic attacks are needed. To train and test such network anomaly detection systems, it is necessary to provide realistic data. As of today, this area of research suffers from the lack of publicly available datasets that can be used to train and test anomaly detection systems and are exchangeable to allow reproducible research. Therefore, we propose a novel framework that enables researchers and developers to generate customizable synthetic datasets. It not only allows to generate fully-synthetic network traffic, but also to generate semi-synthetic network traffic by merging of multiple network captures from reallive environments. Further, it allows the mapping of IP addresses as well as the modi﬿cation of other header ﬿elds, if desired. This enables researchers and developers to exchange network traces from sensitive environments without revealing any sensitive end-user related information, while perceiving the relevant characteristics of the network(s) and attack(s). In the following, we provide a description of, the problem, our concept and the features of our solution, the architecture and functional model and ﬿nally provide a short summary together with an outlook for future work.

AB - The Internet is steadily growing and is of increasing importance for our economy and society. Due to this increased importance it is also in the focus of attacks, e.g. distributed denial of service (DDoS) attacks. As attackers dynamically change their attack behaviour, novel detection approaches that are able to automatically adjust to these dynamic attacks are needed. To train and test such network anomaly detection systems, it is necessary to provide realistic data. As of today, this area of research suffers from the lack of publicly available datasets that can be used to train and test anomaly detection systems and are exchangeable to allow reproducible research. Therefore, we propose a novel framework that enables researchers and developers to generate customizable synthetic datasets. It not only allows to generate fully-synthetic network traffic, but also to generate semi-synthetic network traffic by merging of multiple network captures from reallive environments. Further, it allows the mapping of IP addresses as well as the modi﬿cation of other header ﬿elds, if desired. This enables researchers and developers to exchange network traces from sensitive environments without revealing any sensitive end-user related information, while perceiving the relevant characteristics of the network(s) and attack(s). In the following, we provide a description of, the problem, our concept and the features of our solution, the architecture and functional model and ﬿nally provide a short summary together with an outlook for future work.

KW - Synthetic Network Traffic

KW - EWI-27846

KW - Testing IDS

M3 - Conference contribution

T3 - SIDAR reports

SP - 9

EP - 10

BT - Proceedings of the 11th SPRING graduate workshop of the special interest group Security - Intrusion Detection and Response (SIDAR) of the German Informatics Society (GI) (SPRING 2016)

PB - Special interest group Security - Intrusion Detection and Response (SIDAR) German Informatics Society (GI)

CY - Bonn, Germany

ER -

Gündogan C, Passarelli S, Hillmann P, Dietz C, Stiemert L. A Traffic Merging and Generation Framework for Realistic Synthesis of Network Traffic. In Proceedings of the 11th SPRING graduate workshop of the special interest group Security - Intrusion Detection and Response (SIDAR) of the German Informatics Society (GI) (SPRING 2016). Bonn, Germany: Special interest group Security - Intrusion Detection and Response (SIDAR) German Informatics Society (GI). 2016. p. 9-10. (SIDAR reports).