ABSTRACT
Denial of service attacks has shown to be one of the principal problems in the information security field on the Internet. Numerous works propose methodologies and tools to detect and mitigate DDoS attacks, and many of them use datasets to validate their proposal. The goal of this work is to identify undesirable, ideal and feasible characteristics of datasets used in DDoS researches. Moreover, an analysis of some datasets widely used in this research field in the light of the proposed characteristics will be made. The results have shown that datasets used broadly by researchers nowadays are outdated and unreproducible. On the other hand, there are more detailed and specific datasets on the attacks under discussion.
- Darren Anstee, C.F. Chui, Paul Bowen, and Gary Sockrider. 2017. Worldwide Infrastructure Security Report. Technical Report 2017 Volume XII. Arbor Networks, The security division of NETSCOUT.Google Scholar
- Sunny Behal and Krishan Kumar. 2016. Trends in Validation of DDoS Research. Procedia Computer Science 85 (2016), 7--15.Google ScholarCross Ref
- Sajal Bhatia, Desmond Schmidt, George Mohay, and Alan Tickle. 2014. A framework for generating realistic traffic for Distributed Denial-of-Service attacks and Flash Events. Computers and Security 40 (2014), 95--107. Google ScholarDigital Library
- Monowar H Bhuyan, Dhruba K Bhattacharyya, and Jugal K Kalita. 2015. Towards generating real-life datasets for network intrusion detection. International Journal of Network Security 17, 6 (2015), 683--701.Google Scholar
- Prasanta Gogoi, Monowar H Bhuyan, D K Bhattacharyya, and J K Kalita. 2012. Packet and Flow Based Network Intrusion Dataset. Contemporary Computing (2012), 322--334.Google Scholar
- John Heidemann and Christos Papadopoulos. 2009. Uses and challenges for network datasets. In Proceedings - Cybersecurity Applications and Technology Conference for Homeland Security, CATCH 2009. 73--82. Google ScholarDigital Library
- Nazrul Hoque, Dhruba K Bhattacharyya, and Jugal K Kalita. 2016. A novel measure for low-rate and high-rate DDoS attack detection using multivariate data analysis. In Communication Systems and Networks (COMSNETS), 2016 8th International Conference on. IEEE, 1--2.Google ScholarCross Ref
- Young Hyun, Bradley Huffaker, Dan Andersen, Emile Aben, Colleen Shannon, Matthew Luckie, and K Claffy. 2011. The CAIDA IPv4 routed/24 topology dataset. URL http://www.caida.org/data/active/ipv4_routed_24_topology_dataset.xml (2011).Google Scholar
- Hossein Hadian Jazi, Hugo Gonzalez, Natalia Stakhanova, and Ali A. Ghorbani. 2017. Detecting HTTP-based application layer DoS attacks on web servers in the presence of sampling. Computer Networks 121 (2017), 25--36. Google ScholarDigital Library
- Mattijs Jonker, Alistair King, Johannes Krupp, Christian Rossow, and Alberto Dainotti. 2017. A Third of the Internet is Under Attack: a Macroscopic Characterization of the DoS Ecosystem. In ACM Internet Measurement Conference. 1--15.Google Scholar
- Alexander Khalimonenko and Oleg Kupreev. 2017. DDoS attacks in Q1 2017. securelist.com (2017).Google Scholar
- Robert Koch, Mario Golling, and Gabi Dreo Rodosek. 2014. Towards Comparability of Intrusion Detection Systems: New Data Sets. TERENA Networking Conference (2014), 7.Google Scholar
- Keiichirou Kurihara and Kazuki Katagishi. 2014. A simple detection method for DoS attacks based on IP packets entropy values. Proceedings - 2014 9th Asia Joint Conference on Information Security, AsiaJCIS 2014 (2014), 44--51.Google ScholarCross Ref
- Richard Lippmann, Joshua W Haines, David J Fried, Jonathan Korba, and Kumar Das. 2000. The 1999 DARPA off-line intrusion detection evaluation. Computer networks 34, 4 (2000), 579--595. Google ScholarDigital Library
- Steve Mansfield-Devine. 2015. The growth and evolution of DDoS. Network Security 2015, 10 (2015), 13--20. Google ScholarDigital Library
- Nour Moustafa and Jill Slay. 2015. UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). In 2015 Military Communications and Information Systems Conference (MilCIS). 1--6.Google ScholarCross Ref
- Joshua Ojo Nehinbe. 2011. A critical evaluation of datasets for investigating IDSs and IPSs researches. Proceedings of 2011, 10th IEEE International Conference on Cybernetic Intelligent Systems, CIS 2011 (2011), 92--97.Google ScholarCross Ref
- Jose Jair Santanna, Roland Van Rijswijk-Deij, Rick Hofstede, Anna Sperotto, Mark Wierbosch, Lisandro Zambenedetti Granville, and Aiko Pras. 2015. Booters - An analysis of DDoS-as-a-service attacks. Proceedings of the 2015 IFIP/IEEE International Symposium on Integrated Network Management, IM 2015 (2015), 243--251.Google ScholarCross Ref
- Desmond Schmidt, Suriadi Suriadi, Alan Tickle, Andrew Clark, George Mohay, Ejaz Ahmed, and James Mackie. 2010. A distributed denial of service testbed. In What Kind of Information Society? Governance, Virtuality, Surveillance, Sustainability, Resilience. Springer, 338--349.Google Scholar
- Iman Sharafaldin, Amirhossein Gharib, Arash Habibi Lashkari, and Ali A Ghorbani. 2017. Towards a Reliable Intrusion Detection Benchmark Dataset. Software Networking 2017, 1 (2017), 177--200.Google ScholarCross Ref
- Ali Shiravi, Hadi Shiravi, Mahbod Tavallaee, and Ali A. Ghorbani. 2012. Toward developing a systematic approach to generate benchmark datasets for intrusion detection. Computers and Security (2012). Google ScholarDigital Library
- Mikko T Siponen and Harri Oinas-Kukkonen. 2007. A review of information security issues and respective research contributions. ACM SIGMIS Database: the DATABASE for Advances in Information Systems 38, 1 (2007), 60--80. Google ScholarDigital Library
Index Terms
- Qualitative evaluation of denial of service datasets
Recommendations
Mitigating denial of service attacks: a tutorial
This tutorial describes what Denial of Service (DOS) attacks are. how they can be carried out in IP networks, and how one can defend against them. Distributed DoS (DDoS) attacks are included here as a subset of DoS attacks. A DoS attack has two phases: ...
The Denial-of-Service Dance
By understanding the types of attacks available to an adversary, we can develop more effective defenses against them. A taxonomy of denial-of-service attacks based on a dance-hall metaphor is a step toward gaining such an understanding.
Denial of service attacks, defences and research challenges
This paper presents a review of current denial of service (DoS) attack and defence concepts, from a theoretical ad practical point of view. Seriousness of DoS attacks is tangible and they present one of the most significant threats to assurance of ...
Comments