In our recent dataset evaluation framework (Gharib et al., 2016), we have identified eleven criteria that are necessary for building a reliable benchmark dataset. They have been executed both morning and afternoon on Tuesday, Wednesday, Thursday and Friday. The implemented attacks include Brute Force FTP, Brute Force SSH, DoS, Heartbleed, Web Attack, Infiltration, Botnet and DDoS. Monday is the normal day and only includes the benign traffic. on Friday July 7, 2017, for a total of 5 days. The data capturing period started at 9 a.m., Monday, Jand ended at 5 p.m. For this dataset, we built the abstract behaviour of 25 users based on the HTTP, HTTPS, FTP, SSH, and email protocols. 2016) to profile the abstract behavior of human interactions and generates naturalistic benign background traffic. We have used our proposed B-Profile system (Sharafaldin, et al. Generating realistic background traffic was our top priority in building this dataset. Also available is the extracted features definition. It also includes the results of the network traffic analysis using CICFlowMeter with labeled flows based on the time stamp, source, and destination IPs, source and destination ports, protocols and attack (CSV files).
Some are also lacking feature set and metadata.ĬICIDS2017 dataset contains benign and the most up-to-date common attacks, which resembles the true real-world data (PCAPs). Some of these datasets suffer from the lack of traffic diversity and volumes, some do not cover the variety of known attacks, while others anonymize packet payload data, which cannot reflect the current trends. Our evaluations of the existing eleven datasets since 1998 show that most are out of date and unreliable. Due to the lack of reliable test and validation datasets, anomaly-based intrusion detection approaches are suffering from consistent and accurate performance evolutions. Intrusion Detection Systems (IDSs) and Intrusion Prevention Systems (IPSs) are the most important defense tools against the sophisticated and ever-growing network attacks. Intrusion Detection Evaluation Dataset (CIC-IDS2017)
0 kommentar(er)
