poster

Towards Efficient Labeling of Network Incident Datasets Using Tcpreplay and Snort

Authors:

Kohei Masumi,

Chansu Han,

Tao Ban,

Takeshi TakahashiAuthors Info & Claims

CODASPY '21: Proceedings of the Eleventh ACM Conference on Data and Application Security and Privacy

Pages 329 - 331

https://doi.org/10.1145/3422337.3450326

Published: 26 April 2021 Publication History

Get Access

Abstract

Research on network intrusion detection (NID) requires a large amount of traffic data with reliable labels indicating which packets are associated with particular network attacks. In this paper, we implement a prototype of an automated system to create labeled packet datasets for NID research. In this paper, we implement a prototype of an automated system to assign labels to packet datasets for NID research. By re-transmitting pre-captured packet data in a controlled network environment pre-installed with a network intrusion detection system, the system automatically assigns labels to attack packets within the packet data. In the feasibility study, we investigate factors that may influence the detection accuracy of the attacking packets and show an example using the prototype to label a packet file. Finally, we show an efficient way to locate the packets associated with issued NID alerts using this prototype.

Supplementary Material

MP4 File (CODASPY21-codas10p.mp4)

Research on network intrusion detection (NID) requires a large amount of traffic data with reliable labels indicating which packets are associated with particular network attacks. In this paper, we implement a prototype of an automated system to create labeled packet datasets for NID research. By re-transmitting pre-captured packet data in a controlled network environment pre-installed with a network intrusion detection system, the system automatically assigns labels to attack packets within the packet data. In the feasibility study, we investigate factors that may influence the detection accuracy of the attacking packets and show an example using the prototype to label a packet file. Finally, we show an efficient way to locate the packets associated with issued NID alerts using this prototype.

Download
10.81 MB

References

[1]

Fred Klassen. 2020. GitHub - appneta/tcpreplay: Pcap editing and replay tools for *NIX and Windows. https://github.com/appneta/tcpreplay (visited on 01/01/2021).

Google Scholar

[2]

Martin Roesch. 1999. Snort: lightweight intrusion detection for networks. In Proceedings of the 13th Conference on Systems Administration (LISA-99), Seattle, WA, USA, November 7--12, 1999. USENIX, 229--238.

Digital Library

Google Scholar

[3]

Ali Shiravi, Hadi Shiravi, Mahbod Tavallaee, and Ali A. Ghorbani. 2012. Toward developing a systematic approach to generate benchmark datasets for intrusion detection. Computers & Security, Vol. 31, 3 (May 2012), 357--374. https://doi.org/10.1016/j.cose.2011.12.012

Digital Library

Google Scholar

Cited By

View all

NAKAO KYOSHIOKA KSASAKI TTANABE RHUANG XTAKAHASHI TFUJITA ATAKEUCHI JMURATA NSHIKATA JIWAMOTO KTAKADA KISHIDA YTAKEUCHI MYANAI N(2023)Mitigate: Toward Comprehensive Research and Development for Analyzing and Combating IoT MalwareIEICE Transactions on Information and Systems10.1587/transinf.2022ICI0001E106.D:9(1302-1315)Online publication date: 1-Sep-2023
https://doi.org/10.1587/transinf.2022ICI0001
Lhamo ODoan TTasdemir EAttawna MSenk SFitzek FNguyen G(2023)Improving Reliability for Cloud-Native 5G and Beyond Using Network Coding2023 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN)10.1109/NFV-SDN59219.2023.10329609(1-7)Online publication date: 7-Nov-2023
https://doi.org/10.1109/NFV-SDN59219.2023.10329609
Yang QLiu CFu PWang BGou GXiong G(2023)A Recurrent Self-learning Labeler for Building Network Traffic Ground Truth2023 26th International Conference on Computer Supported Cooperative Work in Design (CSCWD)10.1109/CSCWD57460.2023.10152778(1196-1201)Online publication date: 24-May-2023
https://doi.org/10.1109/CSCWD57460.2023.10152778
Show More Cited By

Index Terms

Towards Efficient Labeling of Network Incident Datasets Using Tcpreplay and Snort
1. Security and privacy
  1. Intrusion/anomaly detection and malware mitigation
    1. Intrusion detection systems

Recommendations

Study of snort-based IDS
ICWET '10: Proceedings of the International Conference and Workshop on Emerging Trends in Technology

General trend in industry is a shift from Intrusion Detection Systems (IDS) to Intrusion Prevention Systems (IPS). In this paper, we have investigated the motivations behind this trend. In addition, we have surveyed some of the available IDS/IPS tools. ...
Enhancing byte-level network intrusion detection signatures with context
CCS '03: Proceedings of the 10th ACM conference on Computer and communications security

Many network intrusion detection systems (NIDS) use byte sequences as signatures to detect malicious activity. While being highly efficient, they tend to suffer from a high false-positive rate. We develop the concept of contextual signatures as an ...
Design of a Snort-Based Hybrid Intrusion Detection System
IWANN '09: Proceedings of the 10th International Work-Conference on Artificial Neural Networks: Part II: Distributed Computing, Artificial Intelligence, Bioinformatics, Soft Computing, and Ambient Assisted Living

Computer security has become a major problem in our society. In particular, computer network security is concerned with preventing the intrusion of an unauthorized person into a network of computers. An intrusion detection system (IDS) is a tool to ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

CODASPY '21: Proceedings of the Eleventh ACM Conference on Data and Application Security and Privacy

April 2021

348 pages

ISBN:9781450381437

DOI:10.1145/3422337

General Chair:
Anupam Joshi
University of Maryland, Baltimore County, USA
,
Program Chairs:
Barbara Carminati
University of Insubria, Italy
,
Rakesh M. Verma
University of Houston, USA

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 26 April 2021

Check for updates

Author Tags

Qualifiers

Poster

Conference

CODASPY '21

Sponsor:

SIGSAC

CODASPY '21: Eleventh ACM Conference on Data and Application Security and Privacy

April 26 - 28, 2021

Virtual Event, USA

Acceptance Rates

Overall Acceptance Rate 149 of 789 submissions, 19%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

8
Total Citations
View Citations
161
Total Downloads

Downloads (Last 12 months)30
Downloads (Last 6 weeks)0

Reflects downloads up to 21 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

NAKAO KYOSHIOKA KSASAKI TTANABE RHUANG XTAKAHASHI TFUJITA ATAKEUCHI JMURATA NSHIKATA JIWAMOTO KTAKADA KISHIDA YTAKEUCHI MYANAI N(2023)Mitigate: Toward Comprehensive Research and Development for Analyzing and Combating IoT MalwareIEICE Transactions on Information and Systems10.1587/transinf.2022ICI0001E106.D:9(1302-1315)Online publication date: 1-Sep-2023
https://doi.org/10.1587/transinf.2022ICI0001
Lhamo ODoan TTasdemir EAttawna MSenk SFitzek FNguyen G(2023)Improving Reliability for Cloud-Native 5G and Beyond Using Network Coding2023 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN)10.1109/NFV-SDN59219.2023.10329609(1-7)Online publication date: 7-Nov-2023
https://doi.org/10.1109/NFV-SDN59219.2023.10329609
Yang QLiu CFu PWang BGou GXiong G(2023)A Recurrent Self-learning Labeler for Building Network Traffic Ground Truth2023 26th International Conference on Computer Supported Cooperative Work in Design (CSCWD)10.1109/CSCWD57460.2023.10152778(1196-1201)Online publication date: 24-May-2023
https://doi.org/10.1109/CSCWD57460.2023.10152778
Miyamoto KIida MHan CBan TTakahashi TTakeuchi J(2023)Consolidating Packet-Level Features for Effective Network Intrusion Detection: A Novel Session-Level ApproachIEEE Access10.1109/ACCESS.2023.333560011(132792-132810)Online publication date: 2023
https://doi.org/10.1109/ACCESS.2023.3335600
Gyamfi EAnsere JKamal M(2023)Network Security System in Mobile Edge Computing-to-IoMT Networks Using Distributed ApproachSecurity and Risk Analysis for Intelligent Edge Computing10.1007/978-3-031-28150-1_9(171-191)Online publication date: 27-Feb-2023
https://doi.org/10.1007/978-3-031-28150-1_9
Schafer SLobel AMeyer U(2022)Accurate Real-Time Labeling of Application Traffic2022 IEEE 47th Conference on Local Computer Networks (LCN)10.1109/LCN53696.2022.9843419(291-294)Online publication date: 26-Sep-2022
https://doi.org/10.1109/LCN53696.2022.9843419
Ishibashi RMiyamoto KHan CBan TTakahashi TTakeuchi J(2022)Generating Labeled Training Datasets Towards Unified Network Intrusion Detection SystemsIEEE Access10.1109/ACCESS.2022.317609810(53972-53986)Online publication date: 2022
https://doi.org/10.1109/ACCESS.2022.3176098
Tao LWang XLiu YWu J(2021)Cloud-Based User Behavior Emulation Approach for Space-Ground Integrated NetworksSensors10.3390/s2201004422:1(44)Online publication date: 22-Dec-2021
https://doi.org/10.3390/s22010044

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Study of snort-based IDS

Enhancing byte-level network intrusion detection signatures with context

Design of a Snort-Based Hybrid Intrusion Detection System