The 1999 DARPA off-line intrusion detection evaluation
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
Characteristics of internet background radiation
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
A framework for malicious workload generation
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Characterization of network-wide anomalies in traffic flows
Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Inferring Internet denial-of-service activity
ACM Transactions on Computer Systems (TOCS)
WebClass: adding rigor to manual labeling of traffic anomalies
ACM SIGCOMM Computer Communication Review
The need for simulation in evaluating anomaly detectors
ACM SIGCOMM Computer Communication Review
Anomaly Characterization in Flow-Based Traffic Time Series
IPOM '08 Proceedings of the 8th IEEE international workshop on IP Operations and Management
FLAME: a flow-level anomaly modeling engine
CSET'08 Proceedings of the conference on Cyber security experimentation and test
Hidden Markov Model Modeling of SSH Brute-Force Attacks
DSOM '09 Proceedings of the 20th IFIP/IEEE International Workshop on Distributed Systems: Operations and Management: Integrated Management of Systems, Services, Processes and People in IT
Machine learning approach for IP-flow record anomaly detection
NETWORKING'11 Proceedings of the 10th international IFIP TC 6 conference on Networking - Volume Part I
Cleaning your house first: shifting the paradigm on how to secure networks
AIMS'11 Proceedings of the 5th international conference on Autonomous infrastructure, management, and security: managing the dynamics of networks and services
Detection and classification of peer-to-peer traffic: A survey
ACM Computing Surveys (CSUR)
kENFIS: kNN-based evolving neuro-fuzzy inference system for computer worms detection
Journal of Intelligent & Fuzzy Systems: Applications in Engineering and Technology
Visual analysis of large-scale network anomalies
IBM Journal of Research and Development
Hi-index | 0.00 |
Flow-based intrusion detection has recently become a promising security mechanism in high speed networks (1-10 Gbps). Despite the richness in contributions in this field, benchmarking of flow-based IDS is still an open issue. In this paper, we propose the first publicly available, labeled data set for flow-based intrusion detection. The data set aims to be realistic , i.e., representative of real traffic and complete from a labeling perspective. Our goal is to provide such enriched data set for tuning, training and evaluating ID systems. Our setup is based on a honeypot running widely deployed services and directly connected to the Internet, ensuring attack-exposure. The final data set consists of 14.2M flows and more than 98% of them has been labeled.