Title :
On the Comparison of Network Attack Datasets: An Empirical Analysis
Author :
Berthier, Robin ; Korman, Dave ; Cukier, Michel ; Hiltunen, Matti ; Vesonder, Gregg ; Sheleheda, Daniel
Author_Institution :
Dept. of Mech. Eng., Univ. of Maryland, College Park, MD
Abstract :
Network malicious activity can be collected and reported by various sources using different attack detection solutions. The granularity of these solutions provides either very detailed information (intrusion detection systems, honeypots) or high-level trends (CAIDA, SANS). The problem for network security operators is often to select the sources of information to better protect their network. How much information from these sources is redundant and how much is unique? The goal of this paper is to show empirically that while some global attack events can be correlated across various sensors, the majority of incoming malicious activity has local specificities. This study presents a comparative analysis of four different attack datasets offering three different levels of granularity: 1) two high interaction honeynets deployed at two different locations (i.e., a corporate and an academic environment); 2) ATLAS which is a distributed network telescope from Arbor; and 3) Internet Protecttrade which is a global alerting service from AT&T.
Keywords :
Internet; security of data; ATLAS; distributed network telescope; intrusion detection systems; network attack datasets; network malicious activity; network security operators; Data analysis; Data security; IP networks; Information resources; Information security; Intrusion detection; Protection; Storage area networks; Telescopes; Web and internet services; corporate and academic network; empirical study; global alerts; honeypots; malicious activity;
Conference_Titel :
High Assurance Systems Engineering Symposium, 2008. HASE 2008. 11th IEEE
Conference_Location :
Nanjing
Print_ISBN :
978-0-7695-3482-4
DOI :
10.1109/HASE.2008.50
