Traffic Generation using Containerization for Machine Learning

Henry Clausen, Robert Flood, David Aspinall

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

The design and evaluation of data-driven network intrusion detection methods are currently held back by a lack of adequate data, both in terms of benign and attack traffic. Existing datasets are mostly gathered in isolated lab environments containing virtual machines, to both offer more control over the computer interactions and prevent any malicious code from escaping. This procedure however leads to datasets that lack four core properties: heterogeneity, ground truth traffic labels, large data size, and contemporary content. Here, we present a novel data generation framework based on Docker containers that addresses these problems systematically. For this, we arrange suitable containers into relevant traffic communication scenarios and subscenarios, which are subject to appropriate input randomization as well as WAN emulation. By relying on process isolation through containerization, we can match traffic events with individual processes, and achieve scalability and modularity of individual traffic scenarios. We perform two experiments to assess the reproducability and traffic properties of our framework, and demonstrate the usefulness of our framework on a traffic classification example.
Original languageEnglish
Title of host publicationDYnamic and Novel Advances in Machine Learning and Intelligent Cyber Security Workshop Proceedings
PublisherACM Association for Computing Machinery
Number of pages12
ISBN (Print)978-1-4503-8490-2
DOIs
Publication statusPublished - 25 Feb 2022
EventDYnamic and Novel Advances in Machine Learning and Intelligent Cyber Security Workshop @ ACSAC 2019 - San Juan, Puerto Rico
Duration: 9 Dec 201910 Dec 2019
https://www.acsac.org/2019/workshops/dynamics/

Conference

ConferenceDYnamic and Novel Advances in Machine Learning and Intelligent Cyber Security Workshop @ ACSAC 2019
Abbreviated titleDYNAMICS 2019
Country/TerritoryPuerto Rico
CitySan Juan
Period9/12/1910/12/19
Internet address

Keywords

  • Network security
  • datasets
  • machine learning
  • intrusion detection

Fingerprint

Dive into the research topics of 'Traffic Generation using Containerization for Machine Learning'. Together they form a unique fingerprint.

Cite this