Abstract | ||
---|---|---|
Network intrusion detection (NID) models increasingly rely on learning traffic microstructures that consist of pattern sequences in features such as interarrival time, size, or packet flags. We argue that precise and reproducible control over traffic microstructures is crucial to understand and improve NID-model behaviour. We demonstrate that probing a traffic classifier with appropriately generated microstructures reveals links between misclassifications and traffic characteristics, and correspondingly lets us improve the false positive rate by more than 500%. We examine how specific factors such as network congestion, load, conducted activity, or protocol implementation impact traffic microstructures, and how well their influence can be isolated in a controlled and near-deterministic traffic generation process. We then introduce DetGen, a traffic generation tool that provides precise microstructure control, and demonstrate how to generate traffic suitable to probe pre-trained NID-models. |
Year | DOI | Venue |
---|---|---|
2021 | 10.1007/978-3-030-90019-9_23 | SECURITY AND PRIVACY IN COMMUNICATION NETWORKS, SECURECOMM 2021, PT I |
Keywords | DocType | Volume |
Data generation, Network intrusion detection, Machine learning, Model development, Containerisation | Conference | 398 |
ISSN | Citations | PageRank |
1867-8211 | 0 | 0.34 |
References | Authors | |
0 | 3 |
Name | Order | Citations | PageRank |
---|---|---|---|
Henry Clausen | 1 | 0 | 1.69 |
Robert Flood | 2 | 0 | 0.34 |
David Aspinall | 3 | 2 | 1.73 |