Creating and analyzing denial-of-service attack datasets using the MENTORED Testbed
Abstract
The use of testbeds in cybersecurity research enhances the creation of representative datasets. Some works focus on creating a dataset using a dedicated testbed for the experimental scenario, limiting the exploration of variations and requiring the creation of new testbeds to generate new datasets. This work describes a workflow that allows the flexible creation of representative datasets using the MENTORED Testbed and presents and analyzes the MENTORED-SBRC2024 dataset with slowloris DDoS attacks. The proposed workflow’s main highlight is the ability to recreate datasets through small changes in experiments. The created dataset was used to evaluate intrusion detection models using machine learning to analyze their applicability and representativeness. We executed DDoS scenario variations with up to 352 nodes.
References
Alomari, E., Manickam, S., Gupta, B. B., Karuppayah, S., and Alfaris, R. (2012). Botnetbased distributed denial of service (ddos) attacks on web servers: Classification and art. International Journal of Computer Applications, 49.
Alsaedi, A., Moustafa, N., Tari, Z., Mahmood, A., and Anwar, A. (2020). Ton iot telemetry dataset: A new generation dataset of iot and iiot for data-driven intrusion detection systems. Ieee Access, 8:165130–165150.
Alshaibi, A., Al-Ani, M., Al-Azzawi, A., Konev, A., and Shelupanov, A. (2022). The comparison of cybersecurity datasets. Data, 7(2):22.
Damon, E., Dale, J., Laron, E., Mache, J., Land, N., and Weiss, R. (2012). Hands-on denial of service lab exercises using slowloris and rudy. In Proceedings of the 2012 Information Security Curriculum Development Conference, InfoSecCD ’12, page 21–29, New York, NY, USA. Association for Computing Machinery.
Ferrag, M. A., Friha, O., Hamouda, D., Maglaras, L., and Janicke, H. (2022). Edge-iiotset: A new comprehensive realistic cyber security dataset of iot and iiot applications for centralized and federated learning. IEEE Access, 10:40281–40306.
Gemmer, D. D., Meyer, B. H., de Mello, E. R., Schwarz, M., Wangham, M. S., and Nogueira, M. (2023). A scalable cyber security framework for the experimentation of ddos attacks of things. In NOMS 2023-2023 IEEE/IFIP Network Operations and Management Symposium, pages 1–7. IEEE.
Gomez, J., Kfoury, E. F., Crichigno, J., and Srivastava, G. (2023). A survey on network simulators, emulators, and testbeds used for research and education. Computer Networks, 237:110054.
Koroniotis, N., Moustafa, N., Sitnikova, E., and Turnbull, B. (2019). Towards the development of realistic botnet dataset in the internet of things for network forensic analytics: Bot-iot dataset. Future Generation Computer Systems, 100:779–796.
Maseer, Z. K., Yusof, R., Bahaman, N., Mostafa, S. A., and Foozy, C. F. M. (2021). Benchmarking of machine learning for anomaly based intrusion detection systems in the cicids2017 dataset. IEEE access, 9:22351–22370.
Mirkovic, J. and Benzel, T. (2013). Deterlab testbed for cybersecurity research and education. Journal of Computing Sciences in Colleges, 28(4):163–163.
Moustafa, N. (2021). A new distributed architecture for evaluating ai-based security systems at the edge: Network ton iot datasets. Sustainable Cities and Society, 72:102994.
Moustis, D. and Kotzanikolaou, P. (2013). Evaluating security controls against http-based ddos attacks. In IISA 2013, pages 1–6.
Peterson, J. M., Leevy, J. L., and Khoshgoftaar, T. M. (2021). A review and analysis of the bot-iot dataset. In 2021 IEEE International Conference on Service-Oriented System Engineering (SOSE), pages 20–27.
Poniszewska-Marańda, A. and Czechowska, E. (2021). Kubernetes cluster for automating software production environment. Sensors, 21(5):1910.
Prates Jr, N. G., Andrade, A. M., de Mello, E. R., Wangham, M. S., and Nogueira, M. (2021). Um ambiente de experimentação em cibersegurança para internet das coisas. In Anais do VI Workshop do testbed FIBRE, pages 68–79. SBC.
Tsai, C.-F., Hsu, Y.-F., Lin, C.-Y., and Lin, W.-Y. (2009). Intrusion detection by machine learning: A review. expert systems with applications, 36(10):11994–12000.
Van der Maaten, L. and Hinton, G. (2008). Visualizing data using t-sne. Journal of machine learning research, 9(11).
Veksler, V. D., Buchler, N., Hoffman, B. E., Cassenti, D. N., Sample, C., and Sugrim, S. (2018). Simulations in cyber-security: a review of cognitive modeling of network attackers, defenders, and users. Frontiers in psychology, 9:691.
Yaltirakli, G. (2015). Low bandwidth dos tool. slowloris rewrite in python. [link].
Alsaedi, A., Moustafa, N., Tari, Z., Mahmood, A., and Anwar, A. (2020). Ton iot telemetry dataset: A new generation dataset of iot and iiot for data-driven intrusion detection systems. Ieee Access, 8:165130–165150.
Alshaibi, A., Al-Ani, M., Al-Azzawi, A., Konev, A., and Shelupanov, A. (2022). The comparison of cybersecurity datasets. Data, 7(2):22.
Damon, E., Dale, J., Laron, E., Mache, J., Land, N., and Weiss, R. (2012). Hands-on denial of service lab exercises using slowloris and rudy. In Proceedings of the 2012 Information Security Curriculum Development Conference, InfoSecCD ’12, page 21–29, New York, NY, USA. Association for Computing Machinery.
Ferrag, M. A., Friha, O., Hamouda, D., Maglaras, L., and Janicke, H. (2022). Edge-iiotset: A new comprehensive realistic cyber security dataset of iot and iiot applications for centralized and federated learning. IEEE Access, 10:40281–40306.
Gemmer, D. D., Meyer, B. H., de Mello, E. R., Schwarz, M., Wangham, M. S., and Nogueira, M. (2023). A scalable cyber security framework for the experimentation of ddos attacks of things. In NOMS 2023-2023 IEEE/IFIP Network Operations and Management Symposium, pages 1–7. IEEE.
Gomez, J., Kfoury, E. F., Crichigno, J., and Srivastava, G. (2023). A survey on network simulators, emulators, and testbeds used for research and education. Computer Networks, 237:110054.
Koroniotis, N., Moustafa, N., Sitnikova, E., and Turnbull, B. (2019). Towards the development of realistic botnet dataset in the internet of things for network forensic analytics: Bot-iot dataset. Future Generation Computer Systems, 100:779–796.
Maseer, Z. K., Yusof, R., Bahaman, N., Mostafa, S. A., and Foozy, C. F. M. (2021). Benchmarking of machine learning for anomaly based intrusion detection systems in the cicids2017 dataset. IEEE access, 9:22351–22370.
Mirkovic, J. and Benzel, T. (2013). Deterlab testbed for cybersecurity research and education. Journal of Computing Sciences in Colleges, 28(4):163–163.
Moustafa, N. (2021). A new distributed architecture for evaluating ai-based security systems at the edge: Network ton iot datasets. Sustainable Cities and Society, 72:102994.
Moustis, D. and Kotzanikolaou, P. (2013). Evaluating security controls against http-based ddos attacks. In IISA 2013, pages 1–6.
Peterson, J. M., Leevy, J. L., and Khoshgoftaar, T. M. (2021). A review and analysis of the bot-iot dataset. In 2021 IEEE International Conference on Service-Oriented System Engineering (SOSE), pages 20–27.
Poniszewska-Marańda, A. and Czechowska, E. (2021). Kubernetes cluster for automating software production environment. Sensors, 21(5):1910.
Prates Jr, N. G., Andrade, A. M., de Mello, E. R., Wangham, M. S., and Nogueira, M. (2021). Um ambiente de experimentação em cibersegurança para internet das coisas. In Anais do VI Workshop do testbed FIBRE, pages 68–79. SBC.
Tsai, C.-F., Hsu, Y.-F., Lin, C.-Y., and Lin, W.-Y. (2009). Intrusion detection by machine learning: A review. expert systems with applications, 36(10):11994–12000.
Van der Maaten, L. and Hinton, G. (2008). Visualizing data using t-sne. Journal of machine learning research, 9(11).
Veksler, V. D., Buchler, N., Hoffman, B. E., Cassenti, D. N., Sample, C., and Sugrim, S. (2018). Simulations in cyber-security: a review of cognitive modeling of network attackers, defenders, and users. Frontiers in psychology, 9:691.
Yaltirakli, G. (2015). Low bandwidth dos tool. slowloris rewrite in python. [link].
Published
2024-05-20
How to Cite
MEYER, Bruno Henrique; GEMMER, Davi Daniel; SANTANA, Khalil G. Q. de; FERREIRA, João Vitor; MELLO, Emerson Ribeiro de; NOGUEIRA, Michele; WANGHAM, Michelle S..
Creating and analyzing denial-of-service attack datasets using the MENTORED Testbed. In: BRAZILIAN SYMPOSIUM ON COMPUTER NETWORKS AND DISTRIBUTED SYSTEMS (SBRC), 42. , 2024, Niterói/RJ.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2024
.
p. 812-825.
ISSN 2177-9384.
DOI: https://doi.org/10.5753/sbrc.2024.1480.
