MSCAD

Nowadays, with the rapid increase in the number of applications and networks, the number of cyber multi-step attacks has been increasing exponentially. Thus, the need for a reliable and acceptable Intrusion Detection System (IDS) solution is becoming urgent to protect the networks and devices. However, implementing a robust IDS needs a reliable and up-to-date dataset in order to capture the behaviors of the new types of attacks, especially multi-step attacks. In this work, a new benchmark Multi-Step Cyber-Attack Dataset (MSCAD) is introduced. MSCAD includes two multi-step scenarios; the first scenario is a password cracking attack, and the second attack scenario is a volume-based Distributed Denial of Service (DDoS) attack. The MSCAD was assessed in two manners; firstly, the MSCAD was used to train IDS. Then, the performance of IDS was evaluated in terms of G-mean and Area Under Curve (AUC). Secondly, the MSCAD was compared with other free open-source and public datasets based on the latest key criteria of a dataset evaluation framework. The results show that IDS-based MSCAD achieved the best performance with G-mean of 0.83 and obtained good accuracy to detect the attacks. Besides, the MSCAD successfully passed twelve key criteria.

当前，随着应用与网络规模的快速扩张，网络多步攻击的数量正呈指数级增长。因此，为保护网络与设备，研发可靠且符合规范的入侵检测系统（Intrusion Detection System）解决方案的需求日益迫切。然而，搭建高性能的入侵检测系统需要依托可靠且实时更新的数据集，以捕捉新型攻击尤其是多步攻击的行为特征。本研究提出了一款全新的基准级网络多步攻击数据集（Multi-Step Cyber-Attack Dataset，MSCAD）。该数据集包含两类多步攻击场景：其一为密码破解攻击，其二为基于流量的分布式拒绝服务（Distributed Denial of Service，DDoS）攻击。研究从两个维度对MSCAD展开评估：首先，利用MSCAD训练入侵检测系统，并以G均值（G-mean）与曲线下面积（Area Under Curve，AUC）作为核心指标评估其性能；其次，依据最新数据集评估框架的关键评判标准，将MSCAD与其他免费开源的公开数据集进行对比。实验结果表明，基于MSCAD训练的入侵检测系统取得了最优性能，G均值达到0.83，且在攻击检测任务中具备优异的准确率。此外，MSCAD顺利通过了全部12项核心评判标准的验证。