Abstract
Flow-based data sets are necessary for evaluating network-based intrusion de-
tection systems (NIDS). In this work, we propose a novel methodology for gener-
ating realistic flow-based network traffic. Our approach is based on Generative
Adversarial Networks (GANs) which achieve good results for image generation.
A major challenge lies in the fact that GANs can only process continuous at-
tributes. However, flow-based data inevitably contain categorical attributes
such as IP addresses or port numbers. Therefore, we propose three different
preprocessing approaches for flow-based data in order to transform them into
continuous values. Further, we present a new method for evaluating the gener-
ated flow-based network traffic which uses domain knowledge to define quality
tests. We use the three approaches for generating flow-based network traffic
based on the CIDDS-001 data set. Experiments indicate that two of the three
approaches are able to generate high quality data.
Users
Please
log in to take part in the discussion (add own reviews or comments).