| With the deep research on network security field and the extensive application of network service, the demand for network attack raw dataset is increasing.However, owning to its sensitivity and privacy, it is tough to get such attack data. At present, people collect attack tools or develop attack scripts to construct such data. Obviously, those methods exist lots of disadvantage and the efficiency is quite low. So how to generate high quality attack data in an efficient way has become the research concentration of the network security. It can greatly promote the research on network security and improve the quality of network service.State Key Laboratory of Networking and Switching Technology of Beijing University of Posts & Telecommunications (BUPT) is responsible for the ministry of education Project "Network Security Fundamental Resource and Scientific Lab Platform".Network attack data generation in this paper is an important part.This paper analyzed the limitation of current methods of generating attack data and proposed a novel network attack data generating system. The system collects raw data using Snort, analyzes the data using alert correlation and other technologies and extracts abnormal traffic from the raw data. The abnormal traffic is organized in the format of attack dataset.In terms of organization, this paper first introduced the research background, network attack and Intrusion Detection System. Second, the paper proposed the design and implementation of threat data collection subsystem, alert correlation subsystem and attack data extraction subsystem. In the end, we perform the test using the attack dataset of DARPA98 and the traffic from the core router of CERNET. |
PDF Full Text Request