Traffic Generation using Containerization for Machine Learning

Henry Clausen; Robert Flood; David Aspinall

doi:10.1145/3464458.3464460

Traffic Generation using Containerization for Machine Learning

Henry Clausen, Robert Flood, David Aspinall

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

The design and evaluation of data-driven network intrusion detection methods are currently held back by a lack of adequate data, both in terms of benign and attack traffic. Existing datasets are mostly gathered in isolated lab environments containing virtual machines, to both offer more control over the computer interactions and prevent any malicious code from escaping. This procedure however leads to datasets that lack four core properties: heterogeneity, ground truth traffic labels, large data size, and contemporary content. Here, we present a novel data generation framework based on Docker containers that addresses these problems systematically. For this, we arrange suitable containers into relevant traffic communication scenarios and subscenarios, which are subject to appropriate input randomization as well as WAN emulation. By relying on process isolation through containerization, we can match traffic events with individual processes, and achieve scalability and modularity of individual traffic scenarios. We perform two experiments to assess the reproducability and traffic properties of our framework, and demonstrate the usefulness of our framework on a traffic classification example.

Original language	English
Title of host publication	DYnamic and Novel Advances in Machine Learning and Intelligent Cyber Security Workshop Proceedings
Publisher	ACM Association for Computing Machinery
Number of pages	12
ISBN (Print)	978-1-4503-8490-2
DOIs	https://doi.org/10.1145/3464458.3464460
Publication status	Published - 25 Feb 2022
Event	DYnamic and Novel Advances in Machine Learning and Intelligent Cyber Security Workshop @ ACSAC 2019 - San Juan, Puerto Rico Duration: 9 Dec 2019 → 10 Dec 2019 https://www.acsac.org/2019/workshops/dynamics/

Conference

Conference	DYnamic and Novel Advances in Machine Learning and Intelligent Cyber Security Workshop @ ACSAC 2019
Abbreviated title	DYNAMICS 2019
Country/Territory	Puerto Rico
City	San Juan
Period	9/12/19 → 10/12/19
Internet address	https://www.acsac.org/2019/workshops/dynamics/

Keywords

Network security
datasets
machine learning
intrusion detection

Access to Document

10.1145/3464458.3464460Licence: All Rights Reserved

Traffic Generation_CLAUSEN_DOA28102019_AFVAccepted author manuscript, 729 KBLicence: All Rights Reserved

https://dl.acm.org/doi/10.1145/3464458.3464460Licence: All Rights Reserved

Cite this

@inproceedings{6ea4c7e0c56d4e0db5b9a5a16e82ee20,

title = "Traffic Generation using Containerization for Machine Learning",

abstract = "The design and evaluation of data-driven network intrusion detection methods are currently held back by a lack of adequate data, both in terms of benign and attack traffic. Existing datasets are mostly gathered in isolated lab environments containing virtual machines, to both offer more control over the computer interactions and prevent any malicious code from escaping. This procedure however leads to datasets that lack four core properties: heterogeneity, ground truth traffic labels, large data size, and contemporary content. Here, we present a novel data generation framework based on Docker containers that addresses these problems systematically. For this, we arrange suitable containers into relevant traffic communication scenarios and subscenarios, which are subject to appropriate input randomization as well as WAN emulation. By relying on process isolation through containerization, we can match traffic events with individual processes, and achieve scalability and modularity of individual traffic scenarios. We perform two experiments to assess the reproducability and traffic properties of our framework, and demonstrate the usefulness of our framework on a traffic classification example.",

keywords = "Network security, datasets, machine learning, intrusion detection",

author = "Henry Clausen and Robert Flood and David Aspinall",

note = "Funding Information: We are grateful to British Telecommunications PLC who are supporting the PhD research of the first author in the UK EPSRC CASE scheme, giving invaluable guidance on the needs and possibilities of intelligent security tools and their evaluation. Part of this paper draws on the 2019 MSc dissertation of the second author. Nikola Pavlov helped with some of the earlier implementation. The third author was supported by The Alan Turing Institute under the EP-SRC grant EP/N510129/1 and the Office of Naval Research ONR NICOP award N62909-17-1-2065. Funding Information: We are grateful to British Telecommunications PLC who are supporting the PhD research of the first author in the UK EPSRC CASE scheme, giving invaluable guidance on the needs and possibilities of intelligent security tools and their evaluation. Part of this paper draws on the 2019 MSc dissertation of the second author. Nikola Pavlov helped with some of the earlier implementation. The third author was supported by The Alan Turing Institute under the EPSRC grant EP/N510129/1 and the Office of Naval Research ONR NICOP award N62909-17-1-2065. Publisher Copyright: {\textcopyright} 2019 ACM.; DYnamic and Novel Advances in Machine Learning and Intelligent Cyber Security Workshop @ ACSAC 2019, DYNAMICS 2019 ; Conference date: 09-12-2019 Through 10-12-2019",

year = "2022",

month = feb,

day = "25",

doi = "10.1145/3464458.3464460",

language = "English",

isbn = "978-1-4503-8490-2",

booktitle = "DYnamic and Novel Advances in Machine Learning and Intelligent Cyber Security Workshop Proceedings",

publisher = "ACM Association for Computing Machinery",

url = "https://www.acsac.org/2019/workshops/dynamics/",

}

Clausen, H, Flood, R & Aspinall, D 2022, Traffic Generation using Containerization for Machine Learning. in DYnamic and Novel Advances in Machine Learning and Intelligent Cyber Security Workshop Proceedings., 3, ACM Association for Computing Machinery, DYnamic and Novel Advances in Machine Learning and Intelligent Cyber Security Workshop @ ACSAC 2019, San Juan, Puerto Rico, 9/12/19. https://doi.org/10.1145/3464458.3464460

TY - GEN

T1 - Traffic Generation using Containerization for Machine Learning

AU - Clausen, Henry

AU - Flood, Robert

AU - Aspinall, David

N1 - Funding Information: We are grateful to British Telecommunications PLC who are supporting the PhD research of the first author in the UK EPSRC CASE scheme, giving invaluable guidance on the needs and possibilities of intelligent security tools and their evaluation. Part of this paper draws on the 2019 MSc dissertation of the second author. Nikola Pavlov helped with some of the earlier implementation. The third author was supported by The Alan Turing Institute under the EP-SRC grant EP/N510129/1 and the Office of Naval Research ONR NICOP award N62909-17-1-2065. Funding Information: We are grateful to British Telecommunications PLC who are supporting the PhD research of the first author in the UK EPSRC CASE scheme, giving invaluable guidance on the needs and possibilities of intelligent security tools and their evaluation. Part of this paper draws on the 2019 MSc dissertation of the second author. Nikola Pavlov helped with some of the earlier implementation. The third author was supported by The Alan Turing Institute under the EPSRC grant EP/N510129/1 and the Office of Naval Research ONR NICOP award N62909-17-1-2065. Publisher Copyright: © 2019 ACM.

PY - 2022/2/25

Y1 - 2022/2/25

N2 - The design and evaluation of data-driven network intrusion detection methods are currently held back by a lack of adequate data, both in terms of benign and attack traffic. Existing datasets are mostly gathered in isolated lab environments containing virtual machines, to both offer more control over the computer interactions and prevent any malicious code from escaping. This procedure however leads to datasets that lack four core properties: heterogeneity, ground truth traffic labels, large data size, and contemporary content. Here, we present a novel data generation framework based on Docker containers that addresses these problems systematically. For this, we arrange suitable containers into relevant traffic communication scenarios and subscenarios, which are subject to appropriate input randomization as well as WAN emulation. By relying on process isolation through containerization, we can match traffic events with individual processes, and achieve scalability and modularity of individual traffic scenarios. We perform two experiments to assess the reproducability and traffic properties of our framework, and demonstrate the usefulness of our framework on a traffic classification example.

AB - The design and evaluation of data-driven network intrusion detection methods are currently held back by a lack of adequate data, both in terms of benign and attack traffic. Existing datasets are mostly gathered in isolated lab environments containing virtual machines, to both offer more control over the computer interactions and prevent any malicious code from escaping. This procedure however leads to datasets that lack four core properties: heterogeneity, ground truth traffic labels, large data size, and contemporary content. Here, we present a novel data generation framework based on Docker containers that addresses these problems systematically. For this, we arrange suitable containers into relevant traffic communication scenarios and subscenarios, which are subject to appropriate input randomization as well as WAN emulation. By relying on process isolation through containerization, we can match traffic events with individual processes, and achieve scalability and modularity of individual traffic scenarios. We perform two experiments to assess the reproducability and traffic properties of our framework, and demonstrate the usefulness of our framework on a traffic classification example.

KW - Network security

KW - datasets

KW - machine learning

KW - intrusion detection

U2 - 10.1145/3464458.3464460

DO - 10.1145/3464458.3464460

M3 - Conference contribution

SN - 978-1-4503-8490-2

BT - DYnamic and Novel Advances in Machine Learning and Intelligent Cyber Security Workshop Proceedings

PB - ACM Association for Computing Machinery

T2 - DYnamic and Novel Advances in Machine Learning and Intelligent Cyber Security Workshop @ ACSAC 2019

Y2 - 9 December 2019 through 10 December 2019

ER -

Traffic Generation using Containerization for Machine Learning

Abstract

Conference

Keywords

Access to Document

Fingerprint

Cite this