Kohei Masumi, Chansu Han, Tao Ban, Takeshi Takahashi
{"title":"利用tcppreplay和Snort实现网络事件数据集的高效标记","authors":"Kohei Masumi, Chansu Han, Tao Ban, Takeshi Takahashi","doi":"10.1145/3422337.3450326","DOIUrl":null,"url":null,"abstract":"Research on network intrusion detection (NID) requires a large amount of traffic data with reliable labels indicating which packets are associated with particular network attacks. In this paper, we implement a prototype of an automated system to create labeled packet datasets for NID research. In this paper, we implement a prototype of an automated system to assign labels to packet datasets for NID research. By re-transmitting pre-captured packet data in a controlled network environment pre-installed with a network intrusion detection system, the system automatically assigns labels to attack packets within the packet data. In the feasibility study, we investigate factors that may influence the detection accuracy of the attacking packets and show an example using the prototype to label a packet file. Finally, we show an efficient way to locate the packets associated with issued NID alerts using this prototype.","PeriodicalId":187272,"journal":{"name":"Proceedings of the Eleventh ACM Conference on Data and Application Security and Privacy","volume":"110 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-04-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":"{\"title\":\"Towards Efficient Labeling of Network Incident Datasets Using Tcpreplay and Snort\",\"authors\":\"Kohei Masumi, Chansu Han, Tao Ban, Takeshi Takahashi\",\"doi\":\"10.1145/3422337.3450326\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Research on network intrusion detection (NID) requires a large amount of traffic data with reliable labels indicating which packets are associated with particular network attacks. In this paper, we implement a prototype of an automated system to create labeled packet datasets for NID research. In this paper, we implement a prototype of an automated system to assign labels to packet datasets for NID research. By re-transmitting pre-captured packet data in a controlled network environment pre-installed with a network intrusion detection system, the system automatically assigns labels to attack packets within the packet data. In the feasibility study, we investigate factors that may influence the detection accuracy of the attacking packets and show an example using the prototype to label a packet file. Finally, we show an efficient way to locate the packets associated with issued NID alerts using this prototype.\",\"PeriodicalId\":187272,\"journal\":{\"name\":\"Proceedings of the Eleventh ACM Conference on Data and Application Security and Privacy\",\"volume\":\"110 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-04-26\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"7\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the Eleventh ACM Conference on Data and Application Security and Privacy\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3422337.3450326\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the Eleventh ACM Conference on Data and Application Security and Privacy","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3422337.3450326","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Towards Efficient Labeling of Network Incident Datasets Using Tcpreplay and Snort
Research on network intrusion detection (NID) requires a large amount of traffic data with reliable labels indicating which packets are associated with particular network attacks. In this paper, we implement a prototype of an automated system to create labeled packet datasets for NID research. In this paper, we implement a prototype of an automated system to assign labels to packet datasets for NID research. By re-transmitting pre-captured packet data in a controlled network environment pre-installed with a network intrusion detection system, the system automatically assigns labels to attack packets within the packet data. In the feasibility study, we investigate factors that may influence the detection accuracy of the attacking packets and show an example using the prototype to label a packet file. Finally, we show an efficient way to locate the packets associated with issued NID alerts using this prototype.