Framework for generating IDS benchmarking Data sets
MetadataVis full innførsel
Benchmarking Intrusion Detection Systems, IDS, is needed for comparing different systems against each other and to determine how good a single system is. For this purpose there is a need to generate test data set, which is based on real network data. To construct data set that contains different attack profiles, special features of attacks are needed to be determined. These can be extracted from analyzing network traffic. The thesis will propose a framework for processing captured network packets and establishing connection records. We look into what features are relevant for IDS systems, by analyzing captured network packets from an academic network and trying to extract different characteristics that constitute attacks. These features can be used to uniquely identify a specific attack from all the connections. The experiment is used to determine characteristics of the constructed data set, and to determine the relevance of the extracted features.