Generation of SSH Network Traffic Data for IDS Testbeds
نویسندگان
چکیده
We develop an algorithm for generating secure shell (ssh) network traffic that can find use as a part of a testbed for evaluating anomaly detection and intrusion detection systems in cyber security. Given an initial dataset describing real network traffic, the generator produces synthetic traffic with characteristics close to the original. The objective is to match parameters of the original traffic such as traffic volumes, session durations, diurnal patterns, and relationships between hosts in terms of communicating pairs and subsets.
منابع مشابه
Anomaly Detection Amidst Constant Anomalies: Training IDS On Constantly Attacked Data
Automated attack tools and the presence of a large number of untrained script kiddies has led to popular protocols such as SSH being constantly attacked by clumsy high-failure scans and bot harvesting attempts. These constant attacks result in a dearth of clean, attack-free network traffic logs, making training anomaly detectors for these protocols prohibitively difficult. We introduce a new fi...
متن کاملAnomaly Detection Amidst Constant Anomalies: Training IDS On Constantly Attacked Data (CMU-CyLab-08-006)
Automated attack tools and the presence of a large number of untrained script kiddies has led to popular protocols such as SSH being constantly attacked by clumsy high-failure scans and bot harvesting attempts. These constant attacks result in a dearth of clean, attack-free network traffic logs, making training anomaly detectors for these protocols prohibitively difficult. We introduce a new fi...
متن کاملFeatures Selection for Ids in Encrypted Traffic Using Genetic Algorithm
Intrusion Detection System (IDS) is one method to detect unauthorized intrusions into computer systems and networks. On the other hand, encrypted exchanges between users are widely used to ensure data security. Traditional IDSs are not able to reactive efficiently in encrypted and tunneled traffic due to inability to analyze packet content. An encrypted malicious traffic is able to evade the de...
متن کاملNetwork Traffic Generator for Cyber Security Testbeds
Hristo Djidjev, CCS-3; Lyudmil Aleksandrov, Bulgarian Academy of Sciences We have developed an algorithm for generating secure shell (SSH) network traffic that can be used as a test bed for evaluating anomaly detection and intrusion detection tools in a cybersecurity context. Given an initial dataset describing real network traffic, the generator produces synthetic traffic with characteristics ...
متن کاملSecurity System for Encrypted Environments (S2E2)
The percentage of encrypted network traffic increases steadily not only by virtual private networks of companies but also by protocols like SSH or SSL in the private sector. Traditional Intrusion Detection Systems (IDS) are not able to cope with encrypted traffic. There are a few systems which are able to handle encrypted lines but none of them is applicable in general because of the necessity ...
متن کامل