Framework for generating IDS benchmarking Data sets
Abstract
Benchmarking Intrusion Detection Systems, IDS, is needed for comparing different systems
against each other and to determine how good a single system is. For this purpose
there is a need to generate test data set, which is based on real network data. To construct
data set that contains different attack profiles, special features of attacks are needed to be
determined. These can be extracted from analyzing network traffic. The thesis will propose
a framework for processing captured network packets and establishing connection
records. We look into what features are relevant for IDS systems, by analyzing captured
network packets from an academic network and trying to extract different characteristics
that constitute attacks. These features can be used to uniquely identify a specific
attack from all the connections. The experiment is used to determine characteristics of
the constructed data set, and to determine the relevance of the extracted features.