Generating a benchmark cyber multi-step attacks dataset for intrusion detection

Abstract

Nowadays, with the rapid increase in the number of applications and networks, the number of cyber multi-step attacks has been increasing exponentially. Thus, the need for a reliable and acceptable Intrusion Detection System (IDS) solution is becoming urgent to protect the networks and devices. However, implementing a robust IDS needs a reliable and up-to-date dataset in order to capture the behaviors of the new types of attacks especially a multi-step attack. In this paper, a new benchmark Multi-Step Cyber-Attack Dataset (MSCAD) is introduced. MSCAD includes two multi-step scenarios; the first scenario is a password cracking attack, and the second attack scenario is a volume-based Distributed Denial of Service (DDoS) attack. The MSCAD was assessed in two manners; firstly, the MSCAD was used to train IDS. Then, the performance of IDS was evaluated in terms of G-mean and Area Under Curve (AUC). Secondly, the MSCAD was compared with other free open-source and public datasets based on the latest keys criteria of a dataset evaluation framework. The results show that IDS-based MSCAD achieved the best performance with G-mean 0.83 and obtained good accuracy to detect the attacks. Besides, the MSCAD successfully passing twelve keys criteria.