review-article

A survey of network-based intrusion detection data sets

Authors:

Sarah Wunderlich,

Deniz Scheuring,

Andreas HothoAuthors Info & Claims

Volume 86, Issue C

Pages 147 - 167

https://doi.org/10.1016/j.cose.2019.06.005

Published: 01 September 2019 Publication History

Abstract

Labeled data sets are necessary to train and evaluate anomaly-based network intrusion detection systems. This work provides a focused literature survey of data sets for network-based intrusion detection and describes the underlying packet- and flow-based network data in detail. The paper identifies 15 different properties to assess the suitability of individual data sets for specific evaluation scenarios. These properties cover a wide range of criteria and are grouped into five categories such as data volume or recording environment for offering a structured search. Based on these properties, a comprehensive overview of existing data sets is given. This overview also highlights the peculiarities of each data set. Furthermore, this work briefly touches upon other sources for network-based data such as traffic generators and data repositories. Finally, we discuss our observations and provide some recommendations for the use and the creation of network-based data sets.

References

[1]

M. Alkasassbeh, G. Al-Naymat, A. Hassanat, M. Almseidin, Detecting distributed denial of service attacks using data mining techniques, Int J Adv Comput Sci Appl (IJACSA) 7 (1) (2016) 436–445.

[2]

S. Anwar, J. Mohamad Zain, M.F. Zolkipli, Z. Inayat, S. Khan, B. Anthony, V. Chang, From intrusion detection to an intrusion response system: fundamentals, requirements, and future directions, Algorithms 10 (2) (2017) 39.

[3]

F.J. Aparicio-Navarro, K.G. Kyriakopoulos, D.J. Parish, Automatic dataset labelling and feature selection for intrusion detection systems, Proceedings of the IEEE military communications conference (MILCOM), IEEE, 2014, pp. 46–51,.

Digital Library

[4]

A.J. Aviv, A. Haeberlen, Challenges in Experimenting with Botnet Detection Systems, Proceedings of the conference on cyber security experimentation and test (CEST), USENIX Association, Berkeley, CA, USA, 2011.

[5]

F. Beer, T. Hofer, D. Karimi, U. Bühler, A new Attack Composition for Network Security, 10. DFN-Forum Kommunikationstechnologien, Gesellschaft für Informatik eV, 2017, pp. 11–20.

[6]

E.B. Beigi, H.H. Jazi, N. Stakhanova, A.A. Ghorbani, Towards effective feature selection in machine learning-based botnet detection approaches, Proceedings of the IEEE conference on communications and network security, IEEE, 2014, pp. 247–255,.

[7]

S. Bhattacharya, S. Selvakumar, SSENet-2014 Dataset: A Dataset for Detection of Multiconnection Attacks, Proceedings of the international conference on eco-friendly computing and communication systems (ICECCS), IEEE, 2014, pp. 121–126,.

[8]

M.H. Bhuyan, D.K. Bhattacharyya, J.K. Kalita, Network anomaly detection: methods, systems and tools, IEEE Commun Surv Tutor 16 (1) (2014) 303–336,.

[9]

M.H. Bhuyan, D.K. Bhattacharyya, J.K. Kalita, Towards generating real-life datasets for network intrusion detection, Int J Netw Secur (IJNS) 17 (6) (2015) 683–701.

[10]

D. Brauckhoff, A. Wagner, M. May, FLAME: a flow-level anomaly modeling engine, Proceedings of the workshop on cyber security experimentation and test (CSET), USENIX Association, 2008, pp. 1:1–1:6.

[11]

G. Brogi, V.V.T. Tong, Sharing and replaying attack scenarios with Moirai, RESSI 2017: Rendez-vous de la Recherche et de l’Enseignement de la Sécurité des Systémes d’Information, 2017.

[12]

Z.B. Celik, J. Raghuram, G. Kesidis, D.J. Miller, Salting public traces with attack traffic to test flow classifiers, Proceedings of the workshop on cyber security experimentation and test (CSET), 2011.

[13]

M. Cermak, T. Jirsik, P. Velan, J. Komarkova, S. Spacek, M. Drasar, T. Plesnik, Towards provable network traffic measurement and analysis via semi-labeled trace datasets, Proceedings of the network traffic measurement and analysis conference (TMA), IEEE, 2018, pp. 1–8,.

[14]

V. Chandola, E. Eilertson, L. Ertoz, G. Simon, V. Kumar, Data mining for cyber security, in: Singhal A. (Ed.), Data warehousing and data mining techniques for computer security, 1st, Springer, 2006, pp. 83–107.

[15]

B. Claise, Cisco Systems NetFlow Services Export Version 9, Internet Engineering Task Force (2004),.

Digital Library

[16]

B. Claise, Specification of the IP Flow Information Export (IPFIX) Protocol for the Exchange of IP Traffic Flow Information, Internet Engineering Task Force (2008),.

Digital Library

[17]

G. Creech, J. Hu, Generation of a New IDS Test Dataset: Time to Retire the KDD Collection, Proceedings of the IEEE wireless communications and networking conference (WCNC), IEEE, 2013, pp. 4487–4492,.

[18]

F. Erlacher, F. Dressler, How to Test an IDS?: GENESIDS: an automated system for generating attack traffic, Proceedings of the workshop on traffic measurements for cybersecurity (WTMC), ACM, New York, NY, USA, 2018, pp. 46–51,.

Digital Library

[19]

R. Fontugne, P. Borgnat, P. Abry, K. Fukuda, MAWILab: Combining diverse anomaly detectors for automated anomaly labeling and performance benchmarking, Proceedings of the international conference on emerging networking experiments and technologies (CoNEXT), ACM, New York, NY, USA, 2010, pp. 8:1–8:12,.

Digital Library

[20]

S. Garcia, M. Grill, J. Stiborek, A. Zunino, An empirical comparison of botnet detection methods, Comput Secur 45 (2014) 100–123,.

Digital Library

[21]

C.T. Giménez, A.P. Villegas, G.Á. Marañón, HTTP data set CSIC 2010, CSIC (2010).

[22]

Glass-Vanderlan T.R., Iannacone M.D., Vincent M.S., Bridges R.A., et al. A survey of intrusion detection systems leveraging host data. arXiv:1805060702018;.

[23]

P. Gogoi, M.H. Bhuyan, D. Bhattacharyya, J.K. Kalita, Packet and flow based network intrusion dataset, Proceedings of the international conference on contemporary computing, Springer, 2012, pp. 322–334,.

[24]

F. Gringoli, L. Salgarelli, M. Dusi, N. Cascarano, F. Risso, et al., GT: picking up the truth from the ground for internet traffic, ACM SIGCOMM Comput Commun Rev 39 (5) (2009) 12–18,.

Digital Library

[25]

F. Haddadi, A.N. Zincir-Heywood, Benchmarking the effect of flow exporters and protocol filters on botnet traffic classification, IEEE Syst J 10 (4) (2016) 1390–1401,.

[26]

W. Haider, J. Hu, J. Slay, B. Turnbull, Y. Xie, Generating realistic intrusion detection system dataset based on fuzzy qualitative modeling, J Netw Comput Appl 87 (2017) 185–192,.

Digital Library

[27]

J. Han, J. Pei, M. Kamber, Data mining: concepts and techniques, 3rd, Elsevier, 2011.

[28]

M. Hatada, M. Akiyama, T. Matsuki, T. Kasama, Empowering anti-malware research in Japan by sharing the MWS datasets, J Inf Process 23 (5) (2015) 579–588,.

[29]

H. He, E.A. Garcia, Learning from imbalanced data, IEEE Trans Knowl Data Eng 21 (9) (2009) 1263–1284,.

Digital Library

[30]

L. Hellemons, L. Hendriks, R. Hofstede, A. Sperotto, R. Sadre, A. Pras, SSHCure: a flow-based SSH intrusion detection system, Proceedings of the international conference on autonomous infrastructure, management and security (IFIP), Springer, 2012, pp. 86–97,.

Digital Library

[31]

R. Hofstede, L. Hendriks, A. Sperotto, A. Pras, SSH compromise detection using NetFlow/IPFIX, ACM SIGCOMM Comput Commun Rev 44 (5) (2014) 20–26,.

Digital Library

[32]

R. Hofstede, A. Pras, A. Sperotto, G.D. Rodosek, Flow-based compromise detection: lessons learned, IEEE Secur Privacy 16 (1) (2018) 82–89,.

[33]

C.M. Inacio, B. Trammell, YAF: yet another flowmeter, Proceedings of the large installation system administration conference, 2010, pp. 107–118.

[34]

M. Javed, V. Paxson, Detecting Stealthy, Distributed SSH Brute-Forcing, Proceedings of the ACM SIGSAC conference on computer & communications security, ACM, 2013, pp. 85–96,.

Digital Library

[35]

H.H. Jazi, H. Gonzalez, N. Stakhanova, A.A. Ghorbani, Detecting HTTP-based application layer DoS attacks on web servers in the presence of sampling, Comput Netw 121 (2017) 25–36,.

Digital Library

[36]

J. Jung, V. Paxson, A.W. Berger, H. Balakrishnan, Fast portscan detection using sequential hypothesis testing, Proceedings of the IEEE symposium on security & privacy, IEEE, 2004, pp. 211–225,.

[37]

D.J. Kelly, R.A. Raines, M.R. Grimaila, R.O. Baldwin, B.E. Mullins, A survey of state-of-the-art in anonymity metrics, Proceedings of the ACM workshop on network data anonymization, ACM, 2008, pp. 31–40,.

Digital Library

[38]

A.D. Kent, Comprehensive, multi-source cyber-security events, Los Alamos National Laboratory, 2015,.

[39]

A.D. Kent, Cybersecurity data sources for dynamic network research, Dynamic networks in cybersecurity, Imperial College Press, 2015, pp. 37–65,.

[40]

R. Koch, M. Golling, G.D. Rodosek, Towards comparability of intrusion detection systems: new data sets, Proceedings of the TERENA networking conference, 7, 2014.

[41]

C. Kolias, G. Kambourakis, A. Stavrou, S. Gritzalis, Intrusion detection in 802.11 networks: empirical evaluation of threats and a public dataset, IEEE Commun Surv Tutor 18 (1) (2016) 184–208,.

Digital Library

[42]

R.P. Lippmann, D.J. Fried, I. Graf, J.W. Haines, K.R. Kendall, D. McClung, D. Weber, S.E. Webster, D. Wyschogrod, R.K. Cunningham, et al., Evaluating intrusion detection systems : the 1998 DARPA off-line intrusion detection evaluation, Proceedings of the DARPA information survivability conference and exposition (DISCEX), 2, IEEE, 2000, pp. 12–26,.

[43]

R. Lippmann, J.W. Haines, D.J. Fried, J. Korba, K. Das, The 1999 DARPA off-line intrusion detection evaluation, Comput Netw 34 (4) (2000) 579–595,.

Digital Library

[44]

G. Maciá-Fernández, J. Camacho, R. Magán-Carrión, P. García-Teodoro, R. Therón, UGR’16: a new dataset for the evaluation of cyclostationarity-based network IDSs, Comput Secur 73 (2018) 411–424,.

[45]

M.V. Mahoney, Network traffic anomaly detection based on packet bytes, Proceedings of the ACM symposium on applied computing, ACM, 2003, pp. 346–350,.

Digital Library

[46]

M. Małowidzki, P. Berezinski, M. Mazur, Network intrusion detection: half a kingdom for a good dataset, Proceedings of the NATO STO SAS-139 workshop, Portugal, 2015.

[47]

J. McHugh, Testing intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by lincoln laboratory, ACM Trans Inf Syst Secur (TISSEC) 3 (4) (2000) 262–294,.

Digital Library

[48]

N. McKeown, T. Anderson, H. Balakrishnan, G. Parulkar, L. Peterson, J. Rexford, S. Shenker, J. Turner, OpenFlow: enabling innovation in campus networks, ACM SIGCOMM Comput Commun Rev 38 (2) (2008) 69–74,.

Digital Library

[49]

S. Molnár, P. Megyesi, G. Szabo, How to validate traffic generators?, Proceedings of the IEEE international conference on communications workshops (ICC), IEEE, 2013, pp. 1340–1344,.

[50]

N. Moustafa, J. Slay, UNSW-NB15: a comprehensive data set for network intrusion detection systems, Proceedings of the military communications and information systems conference (MilCIS), IEEE, 2015, pp. 1–6,.

[51]

M.M. Najafabadi, T.M. Khoshgoftaar, C. Kemp, N. Seliya, R. Zuech, Machine learning for detecting brute force attacks at the network level, Proceedings of the international conference on bioinformatics and bioengineering (BIBE), IEEE, 2014, pp. 379–385,.

Digital Library

[52]

J.O. Nehinbe, A critical evaluation of datasets for investigating IDSs and IPSs Researches, Proceedings of the IEEE international conference on cybernetic intelligent systems (CIS), IEEE, 2011, pp. 92–97,.

[53]

A. Nisioti, A. Mylonas, P.D. Yoo, V. Katos, From intrusion detection to attacker attribution: a comprehensive survey of unsupervised methods, IEEE Commun Surv Tutor 20 (4) (2018) 3369–3388,.

Digital Library

[54]

R. Pang, M. Allman, M. Bennett, J. Lee, V. Paxson, B. Tierney, A first look at modern enterprise traffic, Proceedings of the ACM SIGCOMM conference on internet measurement (IMC), USENIX Association, Berkeley, CA, USA, 2005, pp. 15–28.

[55]

R. Pang, M. Allman, V. Paxson, J. Lee, The devil and packet trace anonymization, ACM SIGCOMM Comput Commun Rev 36 (1) (2006) 29–38,.

Digital Library

[56]

Phaal P. sFlow Specification Version 5. 2004. https://sflow.org/sflow_version_5.txt

[57]

N. Rajasinghe, J. Samarabandu, X. Wang, INSecS-DCS: a highly customizable network intrusion dataset creation framework, Proceedings of the Canadian conference on electrical & computer engineering (CCECE), IEEE, 2018, pp. 1–4,.

[58]

M. Rehák, M. Pechoucek, K. Bartos, M. Grill, P. Celeda, V. Krmicek, CAMNEP: an intrusion detection system for high-speed networks, Prog Inform 5 (5) (2008) 65–74,.

[59]

M. Ring, D. Schlör, D. Landes, A. Hotho, Flow-based network traffic generation using generative adversarial networks, Comput Secur 82 (2019) 156–172,.

Digital Library

[60]

M. Ring, S. Wunderlich, D. Grüdl, D. Landes, A. Hotho, A toolset for intrusion and insider threat detection, in: Palomares I., Kalutarage H., Huang Y. (Eds.), Data analytics and decision support for cybersecurity: trends, methodologies and applications, Springer, 2017, pp. 3–31,.

[61]

M. Ring, S. Wunderlich, D. Grüdl, D. Landes, A. Hotho, Creation of flow-based data sets for intrusion detection, J Inf Warf 16 (2017) 40–53.

[62]

M. Ring, S. Wunderlich, D. Grüdl, D. Landes, A. Hotho, Flow-based benchmark data sets for intrusion detection, Proceedings of the European conference on cyber warfare and security (ECCWS), ACPI, 2017, pp. 361–369.

[63]

M. Ring, D. Landes, A. Hotho, Detection of slow port scans in flow-based network traffic, PLOS ONE 13 (9) (2018) 1–18,.

[64]

S. Saad, I. Traore, A. Ghorbani, B. Sayed, D. Zhao, W. Lu, J. Felix, P. Hakimian, Detecting P2P botnets through network behavior analysis and machine learning, Proceedings of the international conference on privacy, security and trust (PST), IEEE, 2011, pp. 174–180,.

[65]

B. Sangster, T. O’Connor, T. Cook, R. Fanelli, E. Dean, C. Morrell, G.J. Conti, Toward instrumenting network warfare competitions to generate labeled datasets, Proceedings of the workshop on cyber security experimentation and test (CSET), 2009.

[66]

J.J. Santanna, R. van Rijswijk-Deij, R. Hofstede, A. Sperotto, M. Wierbosch, L.Z. Granville, A. Pras, Booters - An analysis of DDoS-as-a-service attacks, Proceedings of the IFIP/IEEE international symposium on integrated network management (IM), 2015, pp. 243–251,.

[67]

I. Sharafaldin, A. Gharib, A.H. Lashkari, A.A. Ghorbani, Towards a reliable intrusion detection benchmark dataset, Softw Netw 2018 (1) (2018) 177–200,.

[68]

I. Sharafaldin, A.H. Lashkari, A.A. Ghorbani, Toward generating a new intrusion detection dataset and intrusion traffic characterization, Proceedings of the international conference on information systems security and privacy (ICISSP), 2018, pp. 108–116,.

[69]

R. Sharma, R. Singla, A. Guleria, A new labeled flow-based DNS dataset for anomaly detection: PUF dataset, Procedia Comput Sci 132 (2018) 1458–1466,.

Digital Library

[70]

A. Shiravi, H. Shiravi, M. Tavallaee, A.A. Ghorbani, Toward developing a systematic approach to generate benchmark datasets for intrusion detection, Comput Secur 31 (3) (2012) 357–374,.

Digital Library

[71]

R. Singh, H. Kumar, R. Singla, A reference dataset for network traffic activity based intrusion detection system, Int J Comput Commun Control 10 (3) (2015) 390–402,.

[72]

P. Siska, M.P. Stoecklin, A. Kind, T. Braun, A flow trace generator using graph-based traffic classification techniques, Proceedings of the international wireless communications and mobile computing conference (IWCMC), ACM, 2010, pp. 457–462,.

Digital Library

[73]

R. Sommer, V. Paxson, Outside the closed world: on using machine learning for network intrusion detection, Proceedings of the IEEE symposium on security and privacy, IEEE, 2010, pp. 305–316,.

Digital Library

[74]

J. Song, H. Takakura, Y. Okabe, M. Eto, D. Inoue, K. Nakao, Statistical analysis of honeypot data and building of Kyoto 2006+ Dataset for NIDS evaluation, Proceedings of the workshop on building analysis datasets and gathering experience returns for security, ACM, 2011, pp. 29–36,.

Digital Library

[75]

A. Sperotto, R. Sadre, P.T. de Boer, A. Pras, Hidden Markov model modeling of SSH brute-force attacks, Proceedings of the international workshop on distributed systems: operations and management, Springer, 2009, pp. 164–176,.

Digital Library

[76]

A. Sperotto, R. Sadre, F. Van Vliet, A. Pras, A labeled data set for flow-based intrusion detection, Proceedings of the international workshop on IP operations and management, Springer, 2009, pp. 39–50,.

Digital Library

[77]

A. Sridharan, T. Ye, S. Bhattacharyya, Connectionless port scan detection on the backbone, Proceedings of the IEEE international performance computing and communications conference, IEEE, 2006, pp. 10–19,.

[78]

S. Staniford, J.A. Hoagland, J.M. McAlerney, Practical automated detection of stealthy portscans, J Comput Secur 10 (1–2) (2002) 105–136.

[79]

M. Stevanovic, J.M. Pedersen, An analysis of network traffic classification for botnet detection, Proceedings of the IEEE international conference on cyber situational awareness, data analytics and assessment (CyberSA), IEEE, 2015, pp. 1–8,.

[80]

Stolfo S. (Date last accessed 22-June). 2018http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html

[81]

G. Szabó, D. Orincsay, S. Malomsoky, I. Szabó, On the validation of traffic classification algorithms, Proceedings of the international conference on passive and active network measurement, Springer, 2008, pp. 72–81,.

[82]

A.S. Tanenbaum, D. Wetherall, Computer networks, 5th, Pearson, 2011.

[83]

M. Tavallaee, E. Bagheri, W. Lu, A.A. Ghorbani, A detailed analysis of the KDD CUP 99 data set, Proceedings of the IEEE symposium on computational intelligence for security and defense applications, 2009, pp. 1–6,.

[84]

Turcotte M.J., Kent A.D., Hash C. Unified host and network data set. arXiv:1708075182017;.

[85]

E. Vasilomanolakis, C.G. Cordero, N. Milanov, M. Mühlhäuser, Towards the creation of synthetic, yet realistic, intrusion detection datasets, Proceedings of the IEEE network operations and management symposium (NOMS), IEEE, 2016, pp. 1209–1214,.

Digital Library

[86]

A.R. Vasudevan, E. Harshini, S. Selvakumar, SSENet-2011: a network intrusion detection system dataset and its comparison with KDD CUP 99 dataset, Proceedings of the second Asian Himalayas international conference on Internet (AH-ICI), 2011, pp. 1–5,.

[87]

E.K. Viegas, A.O. Santin, L.S. Oliveira, Toward a reliable anomaly-based intrusion detection in real-world environments, Comput Netw 127 (2017) 200–216,.

Digital Library

[88]

G. Wang, J. Hao, J. Ma, L. Huang, A new approach to intrusion detection using artificial neural networks and fuzzy clustering, Expert Syst Appl 37 (9) (2010) 6225–6232,.

Digital Library

[89]

J. Wang, I.C. Paschalidis, Botnet detection based on anomaly and community detection, IEEE Trans Control Netw Syst 4 (2) (2017) 392–404,.

[90]

C. Wheelus, T.M. Khoshgoftaar, R. Zuech, M.M. Najafabadi, A session based approach for aggregating network traffic data - The SANTA dataset, Proceedings of the IEEE international conference on bioinformatics and bioengineering (BIBE), IEEE, 2014, pp. 369–378,.

Digital Library

[91]

M.D. Wilkinson, M. Dumontier, I.J. Aalbersberg, G. Appleton, M. Axton, A. Baak, N. Blomberg, J.W. Boiten, L.B. da Silva Santos, P.E. Bourne, et al., The FAIR guiding principles for scientific data management and stewardship, Sci Data 3 (2016),.

[92]

J. Xu, J. Fan, M.H. Ammar, S.B. Moon, Prefix-Preserving IP Address Anonymization: measurement-based security evaluation and a new cryptography-based Scheme, Proceedings of the IEEE international conference on network protocols, IEEE, 2002, pp. 280–289,.

[93]

O. Yavanoglu, M. Aydos, A review on cyber security datasets for machine learning algorithms, Proceedings of the IEEE international conference on big data, IEEE, 2017, pp. 2186–2193,.

[94]

C. Yin, Y. Zhu, S. Liu, J. Fei, H. Zhang, An enhancing framework for botnet detection using generative adversarial networks, Proceedings of the international conference on artificial intelligence and big data (ICAIBD), 2018, pp. 228–234,.

[95]

J. Zhang, M. Zulkernine, A. Haque, Random-forests-based network intrusion detection systems, IEEE Trans Syst Man Cybern Part C (Appl Rev) 38 (5) (2008) 649–659,.

Digital Library

[96]

R. Zuech, T.M. Khoshgoftaar, N. Seliya, M.M. Najafabadi, C. Kemp, A new intrusion detection benchmarking system, Proceedings of the international florida artificial intelligence research society conference (FLAIRS), AAAI Press, 2015, pp. 252–256.

Cited By

Zhang HYe JHuang WLiu XGu J(2025)Survey of federated learning in intrusion detectionJournal of Parallel and Distributed Computing10.1016/j.jpdc.2024.104976195:COnline publication date: 1-Jan-2025
https://dl.acm.org/doi/10.1016/j.jpdc.2024.104976
Mills GAcquah DSowah R(2024)Network Intrusion Detection and Prevention System Using Hybrid Machine Learning with Supervised Ensemble Stacking ModelJournal of Computer Networks and Communications10.1155/2024/57756712024Online publication date: 1-Jan-2024
https://dl.acm.org/doi/10.1155/2024/5775671
Wardana ASukarno P(2024)Taxonomy and Survey of Collaborative Intrusion Detection System using Federated LearningACM Computing Surveys10.1145/370172457:4(1-36)Online publication date: 10-Dec-2024
https://dl.acm.org/doi/10.1145/3701724
Show More Cited By

Index Terms

A survey of network-based intrusion detection data sets

Index terms have been assigned to the content through auto-classification.

Recommendations

Network Intrusion Detection: Automated and Manual Methods Prone to Attack and Evasion

In this article, the authors describe common intrusion detection techniques, NIDS evasion methods, and how NIDSs detect intrusions. Additionally, we introduce new evasion methods, present test results for confirming attack outcomes based on server ...
Stream clustering guided supervised learning for classifying NIDS alerts
Abstract
A Network Intrusion Detection System (NIDS) is a network monitoring technology for identifying cyber attacks, botnet command and control traffic, and other unwanted network activity. Unfortunately, organizational NIDS solutions can often generate ...
Highlights
- Novel NIDS alert processing framework.
- The pipeline of low-cost unsupervised stream clustering and supervised machine learning.
- Method for the creation of labeled NIDS alert training data sets.
- Large publicly available NIDS ...
CONDOR: A Hybrid IDS to Offer Improved Intrusion Detection
TRUSTCOM '12: Proceedings of the 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications

Intrusion Detection Systems are an accepted and very useful option to monitor, and detect malicious activities. However, Intrusion Detection Systems have inherent limitations which lead to false positives and false negatives; we propose that combining ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Computers and Security

Computers and Security Volume 86, Issue C

Sep 2019

513 pages

ISSN:0167-4048

Issue’s Table of Contents

Elsevier Ltd.

Publisher

Elsevier Advanced Technology Publications

United Kingdom

Publication History

Published: 01 September 2019

Author Tags

Qualifiers

Review-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

124
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 07 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Zhang HYe JHuang WLiu XGu J(2025)Survey of federated learning in intrusion detectionJournal of Parallel and Distributed Computing10.1016/j.jpdc.2024.104976195:COnline publication date: 1-Jan-2025
https://dl.acm.org/doi/10.1016/j.jpdc.2024.104976
Mills GAcquah DSowah R(2024)Network Intrusion Detection and Prevention System Using Hybrid Machine Learning with Supervised Ensemble Stacking ModelJournal of Computer Networks and Communications10.1155/2024/57756712024Online publication date: 1-Jan-2024
https://dl.acm.org/doi/10.1155/2024/5775671
Wardana ASukarno P(2024)Taxonomy and Survey of Collaborative Intrusion Detection System using Federated LearningACM Computing Surveys10.1145/370172457:4(1-36)Online publication date: 10-Dec-2024
https://dl.acm.org/doi/10.1145/3701724
Bönninghausen PUetz RHenze M(2024)Introducing a Comprehensive, Continuous, and Collaborative Survey of Intrusion Detection DatasetsProceedings of the 17th Cyber Security Experimentation and Test Workshop10.1145/3675741.3675754(34-40)Online publication date: 13-Aug-2024
https://dl.acm.org/doi/10.1145/3675741.3675754
Poisson MCarnier RFukuda K(2024)GothX: a generator of customizable, legitimate and malicious IoT network trafficProceedings of the 17th Cyber Security Experimentation and Test Workshop10.1145/3675741.3675753(65-73)Online publication date: 13-Aug-2024
https://dl.acm.org/doi/10.1145/3675741.3675753
Chu AJiang XLiu SBhagoji ABronzino FSchmitt PFeamster N(2024)Feasibility of State Space Models for Network Traffic GenerationProceedings of the 2024 SIGCOMM Workshop on Networks for AI Computing10.1145/3672198.3673792(9-17)Online publication date: 4-Aug-2024
https://dl.acm.org/doi/10.1145/3672198.3673792
Catillo MPecchia ARepola AVillano U(2024)Towards realistic problem-space adversarial attacks against machine learning in network intrusion detectionProceedings of the 19th International Conference on Availability, Reliability and Security10.1145/3664476.3669974(1-8)Online publication date: 30-Jul-2024
https://dl.acm.org/doi/10.1145/3664476.3669974
Diaz-Verdejo JEstepa Alonso REstepa Alonso AMunoz-Calle JMadinabeitia G(2024)Biblio-US17: A labeled real URL dataset for anomaly-based intrusion detection systems developmentProceedings of the 2024 European Interdisciplinary Cybersecurity Conference10.1145/3655693.3661319(217-218)Online publication date: 5-Jun-2024
https://dl.acm.org/doi/10.1145/3655693.3661319
Memmesheimer PMachmeier SHeuveline V(2024)Increasing Detection Rate for Imbalanced Malicious Traffic using Generative Adversarial NetworksProceedings of the 2024 European Interdisciplinary Cybersecurity Conference10.1145/3655693.3655703(74-81)Online publication date: 5-Jun-2024
https://dl.acm.org/doi/10.1145/3655693.3655703
Jiang XLiu SGember-Jacobson ABhagoji ASchmitt PBronzino FFeamster N(2024)NetDiffusion: Network Data Augmentation Through Protocol-Constrained Traffic GenerationProceedings of the ACM on Measurement and Analysis of Computing Systems10.1145/36390378:1(1-32)Online publication date: 21-Feb-2024
https://dl.acm.org/doi/10.1145/3639037
Show More Cited By

View Options

View options

Media

Figures

Other

Tables

View Issue’s Table of Contents