Loading...

Analyzing and Evaluating Intrusion Detection Datasets and Providing a Solution to Solve their Weaknesses by Focusing on Benign traffic

Rezaei, Farzam | 2024

3 Viewed
  1. Type of Document: M.Sc. Thesis
  2. Language: Farsi
  3. Document No: 56904 (19)
  4. University: Sharif University of Technology
  5. Department: Computer Engineering
  6. Advisor(s): Jahangir, Amir Hossein
  7. Abstract:
  8. Today, with the increasing expansion and development of computer networks and information technology, network security has become an important concern for experts and researchers in this field. One of the main elements in the field of information and network security are intrusion detection systems. To maintain the accuracy and quality of these systems, we need to test and evaluate them frequently. The datasets of intrusion detection systems are one of the main tools for evaluating these systems. The quality and accuracy of these systems in detecting anomalies and attacks in the network largely rely on rich and complete data. Also, the main component of this datasets is the traffic data, which is divided into two categories, attack and benign, and to achieve the necessary accuracy and more realistic evaluation of these systems, along with the traffic of diverse and new attacks, there is a need for benign traffic that simulates the behavior and activity of real users. The simulation and generating of this benign traffic is associated with various challenges, and the generating of traffic that is complete in all respects and represents real world traffic has been difficult for researchers in this field. On the other hand, the use of real traffic captured in the real world may also be associated with anomalies that are difficult to detect and do not indicate completely benign traffic. There have been various datasets in this field, each of which has weaknesses, especially in the field of benign traffic. We selected CSE-CIC-IDS-2018 dataset as one of the most complete and latest references in this field to try to improve it in this field. In this research, we are trying to introducing a method to generate benign traffic so that it can relatively and acceptably simulate the behavior of real users. The generated traffic is evaluated against established criteria and compared to real-world traffic samples. In addition to the traffic generation method, this research analyzes the statistical characteristics of the real traffic and examines their effect on the realness of the generated traffic. Finally, the generated traffic is compared with the real traffic using statistical features and their similarity is checked, and thus based on this method, a combination of simulated traffic of several groups of users is generated and evaluated
  9. Keywords:
  10. Intrusion Detection System ; Dataset ; Network Traffic ; Modeling ; Network Assesment ; Traffic Generation

 Digital Object List

 Bookmark

No TOC