Public intrusion datasets are contributing to make security research accessible to a large community of users, but are often trusted and reused neglecting the actual impact of the attacks therein on victim services. This paper documents a study aimed to assess whether the attacks provided by public datasets are impactful on their targets. DoS traffic data from five public datasets (CICIDS2017, ISCXIDS2012, NDSec-1 2016, MILCOM 2016 and SUEE 2017) are replayed, monitoring the performance of the victim server under different defense, configuration and load conditions. The obtained results show a partial ineffectiveness of the attacks of the datasets in the presence of defense mechanisms and suitable server configurations. These results pave the way for the construction of more rigorous datasets, collected on documented and realistic server configurations and reflecting actual traffic conditions under normative operations and disruptive attacks.

Demystifying the role of public intrusion datasets: A replication study of DoS network traffic data

Catillo M.
;
Pecchia A.;Villano U.
2021-01-01

Abstract

Public intrusion datasets are contributing to make security research accessible to a large community of users, but are often trusted and reused neglecting the actual impact of the attacks therein on victim services. This paper documents a study aimed to assess whether the attacks provided by public datasets are impactful on their targets. DoS traffic data from five public datasets (CICIDS2017, ISCXIDS2012, NDSec-1 2016, MILCOM 2016 and SUEE 2017) are replayed, monitoring the performance of the victim server under different defense, configuration and load conditions. The obtained results show a partial ineffectiveness of the attacks of the datasets in the presence of defense mechanisms and suitable server configurations. These results pave the way for the construction of more rigorous datasets, collected on documented and realistic server configurations and reflecting actual traffic conditions under normative operations and disruptive attacks.
2021
Availability
Denial of Service
Traffic replay
Web server
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/20.500.12070/48844
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 18
  • ???jsp.display-item.citation.isi??? 14
social impact