Novel bi-directional flow-based traffic generation framework for ids evaluation and exploratory data analysis

Abstract

Flow-based network traffic information has been recently used to detect malicious intrusion. However, several available public flow-based datasets are unidirectional, and bidirectional flow-based datasets are rarely available. In this paper, a novel framework to generate bidirectional flow-based datasets for IDS evaluation is proposed. The generated dataset has the mixed combination of normal background traffic and attack traffic. The background traffic is based on the key traffic feature of the MAWI network traffic traces, and five popular attack traffics are generated based on their statistical traffic features. The generated dataset is characterized using the PCA approach, and we found out that benign and malicious traffic are distinct. With the proposed framework, a dataset of bi-directional flow-based traffic is generated and it would be used for evaluating an effective intrusion detection engine.