The availability of ready-to-use public security datasets is fostering measurement-driven research by a wide community of academics and practitioners. Recent trends in this area put forth a substantial body of literature on anomaly and attack detection on the top of public labelled datasets. Much of this literature blindly reuses existing datasets by overlooking the cybersecurity facets of the network traffic therein, in terms of its real impact on service availability and performance of operations. This paper addresses the representativeness of network traffic data provided by public datasets for cybersecurity research. To this aim, it proposes an initial exploration of the topic by means of a case study on Denial of Service (DoS) traffic of CICIDS2017, which is a recent dataset collected in a controlled environment that gained massive attention over the past two years. DoS traffic, which is available in CICIDS2017 in the form of packet data files, is replayed against a victim server in a controlled testbed. Measurements indicate that the DoS traffic, although somewhat relevant at network-level, has limited impact at application-level (i.e., by taking into account the performance of the victim under attack). The findings provide some key insights into the limitations of the data assessed in the study, paving the way for the construction of more rigorous datasets conceived with a multilayer perspective and that reflect actual traffic conditions under normative operations and disruptive attacks.

A case study on the representativeness of public DoS network traffic data for cybersecurity research / Catillo, M.; Pecchia, A.; Rak, M.; Villano, U.. - (2020). (Intervento presentato al convegno 15th International Conference on Availability, Reliability and Security, ARES 2020 tenutosi a irl nel 2020) [10.1145/3407023.3407042].

A case study on the representativeness of public DoS network traffic data for cybersecurity research

Rak M.;
2020

Abstract

The availability of ready-to-use public security datasets is fostering measurement-driven research by a wide community of academics and practitioners. Recent trends in this area put forth a substantial body of literature on anomaly and attack detection on the top of public labelled datasets. Much of this literature blindly reuses existing datasets by overlooking the cybersecurity facets of the network traffic therein, in terms of its real impact on service availability and performance of operations. This paper addresses the representativeness of network traffic data provided by public datasets for cybersecurity research. To this aim, it proposes an initial exploration of the topic by means of a case study on Denial of Service (DoS) traffic of CICIDS2017, which is a recent dataset collected in a controlled environment that gained massive attention over the past two years. DoS traffic, which is available in CICIDS2017 in the form of packet data files, is replayed against a victim server in a controlled testbed. Measurements indicate that the DoS traffic, although somewhat relevant at network-level, has limited impact at application-level (i.e., by taking into account the performance of the victim under attack). The findings provide some key insights into the limitations of the data assessed in the study, paving the way for the construction of more rigorous datasets conceived with a multilayer perspective and that reflect actual traffic conditions under normative operations and disruptive attacks.
2020
A case study on the representativeness of public DoS network traffic data for cybersecurity research / Catillo, M.; Pecchia, A.; Rak, M.; Villano, U.. - (2020). (Intervento presentato al convegno 15th International Conference on Availability, Reliability and Security, ARES 2020 tenutosi a irl nel 2020) [10.1145/3407023.3407042].
File in questo prodotto:
File Dimensione Formato  
paper_70.pdf

non disponibili

Licenza: Non specificato
Dimensione 1.57 MB
Formato Adobe PDF
1.57 MB Adobe PDF   Visualizza/Apri   Richiedi una copia

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11588/986039
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus ND
  • ???jsp.display-item.citation.isi??? ND
social impact