Publication Details

ASNM Datasets: A Collection of Network Attacks for Testing of Adversarial Classifiers and Intrusion Detectors

HOMOLIAK, I.; MALINKA, K.; HANÁČEK, P. ASNM Datasets: A Collection of Network Attacks for Testing of Adversarial Classifiers and Intrusion Detectors. IEEE Access, 2020, vol. 8, no. 6, p. 112427-112453. ISSN: 2169-3536.

Czech title

ASNM datasety: kolekce síťových útoků pro testování adversariálních klasifikátorů a detektorů síťových prúniků

Type

journal article

Language

English

Authors

Homoliak Ivan, doc. Ing., Ph.D. (DITS)
Malinka Kamil, Mgr., Ph.D. (DITS)
Hanáček Petr, doc. Dr. Ing. (DITS)

URL

https://ieeexplore.ieee.org/document/9115004

Keywords

   - Dataset,
   - network intrusion detection,
   - adversarial classification,
   - evasions,
   - ASNM features,
   - buffer overflow,
   - non-payload-based obfuscations,
   - tunneling obfuscations

Abstract

In this paper, we present three datasets that have been built from network
traffic traces using ASNM features, designed in our previous work. The first
dataset was built using a state-of-the-art dataset called CDX 2009, while the
remaining two datasets were collected by us in 2015 and 2018, respectively. These
two datasets contain several adversarial obfuscation techniques that were applied
onto malicious as well as legitimate traffic samples during the execution of
particular TCP network connections. Adversarial obfuscation techniques were used
for evading machine learning-based network intrusion detection classifiers.
Further, we showed that the performance of such classifiers can be improved when
partially augmenting their training data by samples obtained from obfuscation
techniques. In detail, we utilized tunneling obfuscation in HTTP(S) protocol and
non-payload-based obfuscations modifying various properties of network traffic
by, e.g., TCP segmentation, re-transmissions, corrupting and reordering of
packets, etc. To the best of our knowledge, this is the first collection of
network traffic metadata that contains adversarial techniques and is intended for
non-payload-based network intrusion detection and adversarial classification.
Provided datasets enable testing of the evasion resistance of arbitrary
classifier that is using ASNM features.

Published

2020

Pages

112427–112453

Journal

IEEE Access, vol. 8, no. 6, ISSN 2169-3536

DOI

10.1109/ACCESS.2020.3001768

UT WoS

000546414500012

EID Scopus

2-s2.0-85087623071

BibTeX

@article{BUT162288,
  author="Ivan {Homoliak} and Kamil {Malinka} and Petr {Hanáček}",
  title="ASNM Datasets: A Collection of Network Attacks for Testing of Adversarial Classifiers and Intrusion Detectors",
  journal="IEEE Access",
  year="2020",
  volume="8",
  number="6",
  pages="112427--112453",
  doi="10.1109/ACCESS.2020.3001768",
  issn="2169-3536",
  url="https://ieeexplore.ieee.org/document/9115004"
}

Files