A Traffic Merging and Generation Framework for Realistic Synthesis of Network Traffic

C. Gündogan, S. Passarelli, P. Hillmann, Christian Dietz, L. Stiemert

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademic

    184 Downloads (Pure)

    Abstract

    The Internet is steadily growing and is of increasing importance for our economy and society. Due to this increased importance it is also in the focus of attacks, e.g. distributed denial of service (DDoS) attacks. As attackers dynamically change their attack behaviour, novel detection approaches that are able to automatically adjust to these dynamic attacks are needed. To train and test such network anomaly detection systems, it is necessary to provide realistic data. As of today, this area of research suffers from the lack of publicly available datasets that can be used to train and test anomaly detection systems and are exchangeable to allow reproducible research. Therefore, we propose a novel framework that enables researchers and developers to generate customizable synthetic datasets. It not only allows to generate fully-synthetic network traffic, but also to generate semi-synthetic network traffic by merging of multiple network captures from reallive environments. Further, it allows the mapping of IP addresses as well as the modi﬿cation of other header ﬿elds, if desired. This enables researchers and developers to exchange network traces from sensitive environments without revealing any sensitive end-user related information, while perceiving the relevant characteristics of the network(s) and attack(s). In the following, we provide a description of, the problem, our concept and the features of our solution, the architecture and functional model and ﬿nally provide a short summary together with an outlook for future work.
    Original languageUndefined
    Title of host publicationProceedings of the 11th SPRING graduate workshop of the special interest group Security - Intrusion Detection and Response (SIDAR) of the German Informatics Society (GI) (SPRING 2016)
    Place of PublicationBonn, Germany
    PublisherSpecial interest group Security - Intrusion Detection and Response (SIDAR) German Informatics Society (GI)
    Pages9-10
    Number of pages2
    Publication statusPublished - Jun 2016
    Event11th SPRING graduate workshop of the special interest group Security - Intrusion Detection and Response (SIDAR) of the German Informatics Society (GI) (SPRING 2016) - Darmstadt, Germany
    Duration: 2 Jun 20163 Jun 2016

    Publication series

    NameSIDAR reports
    PublisherSpecial interest group Security - Intrusion Detection and Response (SIDAR) German Informatics Society (GI)
    VolumeSR-2016-01
    ISSN (Print)2190-846X

    Workshop

    Workshop11th SPRING graduate workshop of the special interest group Security - Intrusion Detection and Response (SIDAR) of the German Informatics Society (GI) (SPRING 2016)
    Period2/06/163/06/16
    Other2-3 Jun 2016

    Keywords

    • Synthetic Network Traffic
    • EWI-27846
    • Testing IDS

    Cite this