Loading...
Analysis and Evaluation of Intrusion Detection Datasets and Providing a Solution to Make Them Real
Shabani Eshkalak, Majedeh | 2022
149
Viewed
- Type of Document: M.Sc. Thesis
- Language: Farsi
- Document No: 55364 (19)
- University: Sharif University of Technology
- Department: Computer Engineering
- Advisor(s): Jahangir, Amir Hossein
- Abstract:
- The rapid advancement of information technology and computer networks raised concerns of the users and network administrators regarding security. The development of computer networks and the increase in the number of specialists in this field led to the increase in the number of people who seek to abuse these networks, people known as attackers. The attackers look for security defects in a network to penetrate and abuse it proportionate to their needs. Considering the risks of these attacks, it is necessary to have an intrusion detection system (IDS). IDSs are capable of detecting attack traffic or suspected traffic, then, they alert the network administrators, and consequently, stop the attack. There are various types of IDSs, each of which enjoys special features in detecting attacks. The application of IDSs depends on their accuracy and capability in detecting attacks. The ever-increasing rise of attacks demands the consistent evaluation of IDS. IDS evaluation is carried out using a dataset in a non-real environment to determine the effective detection extent of each IDS. These datasets play a crucial role in the process of evaluation, yet they have few deficiencies. This research investigated studies conducted in this field. Having analyzed the available dataset, it examined the current defects and deficiencies of the datasets and evaluated them. Then, it proposed a method to ameliorate the deficiencies of datasets to improve the evaluation output proportionate to the infrastructures and features of IDSs. Finally, the proposed method was examined and compared with other available methods. A set of attacks was added to dataset 2018 such that it would include at least one MITRE tactic
- Keywords:
- Intrusion Detection System ; Network Assesment ; Network Security ; Computer Information Security ; Attack Detection ; Dataset