Toward instrumenting network warfare competitions to generate labeled datasets

Authors:
Benjamin Sangster;T. J. O'Connor;Thomas Cook;Robert Fanelli;Erik Dean;William J. Adams;Chris Morrell;Gregory Conti
Affiliations:
United States Military Academy, West Point, New York;United States Military Academy, West Point, New York;United States Military Academy, West Point, New York;United States Military Academy, West Point, New York;United States Military Academy, West Point, New York;United States Military Academy, West Point, New York;United States Military Academy, West Point, New York;United States Military Academy, West Point, New York
Venue:
CSET'09 Proceedings of the 2nd conference on Cyber security experimentation and test
Year:
2009

Citing 3
Cited 4

Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory

ACM Transactions on Information and System Security (TISSEC)
Characteristics of internet background radiation

Proceedings of the 4th ACM SIGCOMM conference on Internet measurement
Bro: a system for detecting network intruders in real-time

SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7

A hybrid model for correlating alerts of known and unknown attack scenarios and updating attack graphs

Computer Networks: The International Journal of Computer and Telecommunications Networking
Simulating content in traffic for benchmarking intrusion detection systems

Proceedings of the 4th International ICST Conference on Simulation Tools and Techniques
An application-level content generative model for network applications

Proceedings of the 5th International ICST Conference on Simulation Tools and Techniques
Human perspective to anomaly detection for cybersecurity

Journal of Intelligent Information Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

Unlabeled network traffic data is readily available to the security research community, but there is a severe shortage of labeled datasets that allow validation of experimental results. The labeled DARPA datasets of 1998 and 1999, while innovative at the time, are of only marginal utility in today's threat environment. In this paper we demonstrate that network warfare competitions can be instrumented to generate modern labeled datasets. Our contributions include design parameters for competitions as well as results and analysis from a test implementation of our techniques. Our results indicate that network warfare competitions can be used to generate scientifically valuable labeled datasets and such games can thus be used as engines to produce future datasets on a routine basis.