Traffic Generation using Containerization for Machine Learning
This work addresses the data scarcity problem for researchers in network security, though it is incremental as it builds on existing containerization techniques.
The authors tackled the lack of adequate data for network intrusion detection by developing a novel data generation framework using Docker containers, which systematically addresses issues like heterogeneity and ground truth labels, and demonstrated its usefulness in a traffic classification example.
The design and evaluation of data-driven network intrusion detection methods are currently held back by a lack of adequate data, both in terms of benign and attack traffic. Existing datasets are mostly gathered in isolated lab environments containing virtual machines, to both offer more control over the computer interactions and prevent any malicious code from escaping. This procedure however leads to datasets that lack four core properties: heterogeneity, ground truth traffic labels, large data size, and contemporary content. Here, we present a novel data generation framework based on Docker containers that addresses these problems systematically. For this, we arrange suitable containers into relevant traffic communication scenarios and subscenarios, which are subject to appropriate input randomization as well as WAN emulation. By relying on process isolation through containerization, we can match traffic events with individual processes, and achieve scalability and modularity of individual traffic scenarios. We perform two experiments to assess the reproducability and traffic properties of our framework, and demonstrate the usefulness of our framework on a traffic classification example.