A Labeled Data Set for Flow-Based Intrusion Detection

Authors:
Anna Sperotto;Ramin Sadre;Frank Vliet;Aiko Pras
Affiliations:
Centre for Telematics and Information Technology Faculty of Electrical Engineering, Mathematics and Computer Science, University of Twente, Enschede, The Netherlands 7500 AE;Centre for Telematics and Information Technology Faculty of Electrical Engineering, Mathematics and Computer Science, University of Twente, Enschede, The Netherlands 7500 AE;Centre for Telematics and Information Technology Faculty of Electrical Engineering, Mathematics and Computer Science, University of Twente, Enschede, The Netherlands 7500 AE;Centre for Telematics and Information Technology Faculty of Electrical Engineering, Mathematics and Computer Science, University of Twente, Enschede, The Netherlands 7500 AE
Venue:
IPOM '09 Proceedings of the 9th IEEE International Workshop on IP Operations and Management
Year:
2009

Citing 9
Cited 6

The 1999 DARPA off-line intrusion detection evaluation

Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
Characteristics of internet background radiation

Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
A framework for malicious workload generation

Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Characterization of network-wide anomalies in traffic flows

Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Inferring Internet denial-of-service activity

ACM Transactions on Computer Systems (TOCS)
WebClass: adding rigor to manual labeling of traffic anomalies

ACM SIGCOMM Computer Communication Review
The need for simulation in evaluating anomaly detectors

ACM SIGCOMM Computer Communication Review
Anomaly Characterization in Flow-Based Traffic Time Series

IPOM '08 Proceedings of the 8th IEEE international workshop on IP Operations and Management
FLAME: a flow-level anomaly modeling engine

CSET'08 Proceedings of the conference on Cyber security experimentation and test

Hidden Markov Model Modeling of SSH Brute-Force Attacks

DSOM '09 Proceedings of the 20th IFIP/IEEE International Workshop on Distributed Systems: Operations and Management: Integrated Management of Systems, Services, Processes and People in IT
Machine learning approach for IP-flow record anomaly detection

NETWORKING'11 Proceedings of the 10th international IFIP TC 6 conference on Networking - Volume Part I
Cleaning your house first: shifting the paradigm on how to secure networks

AIMS'11 Proceedings of the 5th international conference on Autonomous infrastructure, management, and security: managing the dynamics of networks and services
Detection and classification of peer-to-peer traffic: A survey

ACM Computing Surveys (CSUR)
kENFIS: kNN-based evolving neuro-fuzzy inference system for computer worms detection

Journal of Intelligent & Fuzzy Systems: Applications in Engineering and Technology
Visual analysis of large-scale network anomalies

IBM Journal of Research and Development

Quantified Score

Hi-index	0.00

Visualization

Abstract

Flow-based intrusion detection has recently become a promising security mechanism in high speed networks (1-10 Gbps). Despite the richness in contributions in this field, benchmarking of flow-based IDS is still an open issue. In this paper, we propose the first publicly available, labeled data set for flow-based intrusion detection. The data set aims to be realistic , i.e., representative of real traffic and complete from a labeling perspective. Our goal is to provide such enriched data set for tuning, training and evaluating ID systems. Our setup is based on a honeypot running widely deployed services and directly connected to the Internet, ensuring attack-exposure. The final data set consists of 14.2M flows and more than 98% of them has been labeled.