Labelled Network Capture Generation for Anomaly Detection

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 12056)


In the race to simplify man-machine interactions and maintenance processes, hardware is increasingly interconnected. With more connected devices than ever, in our homes and workplaces, the attack surface is increasing tremendously. To detect this growing flow of cyber-attacks, machine learning based intrusion detection systems are being deployed at an unprecedented pace. In turn, these require a constant feed of data to learn and differentiate normal traffic from abnormal traffic. Unfortunately, there is a lack of learning datasets available. In this paper, we present a software platform generating fully labelled datasets for data analysis and anomaly detection.


Network traffic generation Data analysis Intrusion detection systems Cyber security Network security 


  1. 1.
    Al Tobi, A.M., Duncan, I.: KDD 1999 generation faults: a review and analysis. J. Cyber Secur. Technol., 1–37 (2018).,
  2. 2.
    Bay, S.D., Hettich, S.: UCI KDD Cup 1999. University of California, Irvine, School of Information and Computer Sciences (1999).
  3. 3.
    Hald, S.L.N., Pedersen, J.M.: An updated taxonomy for characterizing hackers according to their threat properties. In: 2012 14th International Conference on Advanced Communication Technology, pp. 81–86. IEEE (2012)Google Scholar
  4. 4.
    Hindy, H., et al.: A taxonomy and survey of intrusion detection system design techniques, network threats and datasets. arXiv:1806.03517 [cs], June 2018
  5. 5.
    Kokkonen, T., Hämäläinen, T., Silokunnas, M., Siltanen, J., Zolotukhin, M., Neijonen, M.: Analysis of approaches to internet traffic generation for cyber security research and exercise. In: Balandin, S., Andreev, S., Koucheryavy, Y. (eds.) ruSMART 2015. LNCS, vol. 9247, pp. 254–267. Springer, Cham (2015). Scholar
  6. 6.
    Moustafa, N., Slay, J.: UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). In: 2015 Military Communications and Information Systems Conference (MilCIS), pp. 1–6. IEEE, Canberra, November 2015.,
  7. 7.
    Moustafa, N., Slay, J.: The evaluation of network anomaly detection systems: statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set. Inf. Secur. J.: Glob. Perspect. 25(1–3), 18–31 (2016).,
  8. 8.
    Moustafa, N., Slay, J., Creech, G.: Novel geometric area analysis technique for anomaly detection using trapezoidal area estimation on large-scale networks. IEEE Trans. Big Data, 1 (2017).,
  9. 9.
    Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.A.: A detailed analysis of the KDD CUP 99 data set. In: 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, pp. 1–6. IEEE, Ottawa, July 2009.,
  10. 10.
    Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.A.: NSL-KDD—Datasets—-Research—Canadian Institute for Cybersecurity—UNB, July 2009.
  11. 11.
    Varet, A., Larrieu, N.: How to generate realistic network traffic? In: IEEE COMPSAC 2014, 38th Annual International Computers, Software & Applications Conference, Västerås, Sweden (2014).
  12. 12.
    Vishwanath, K., Vahdat, A.: Swing: realistic and responsive network traffic generation. IEEE/ACM Trans. Netw. 17(3), 712–725 (2009). Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.Chair of Naval Cyber Defence, École Navale - CC 600Brest Cedex 9France
  2. 2.Naval Academy Research Institute, École Navale - CC 600Brest Cedex 9France
  3. 3.Division of Cyber-SecurityAbertay UniversityDundeeUK
  4. 4.Department of Electronic and Electrical EngineeringUniversity of StrathclydeGlasgowUK
  5. 5.Institut Mines-Télécom Atlantique, Lab-STICC CNRS UMR 6285BrestFrance

Personalised recommendations