Abstract
Thanks to its ability to face unknown attacks, Anomaly-based Intrusion Detection is a key research topic in network security and different statistical methods, fed by suitable traffic features, have been proposed in the literature. The choice of a proper dataset is a critical element not only for performance comparison, but also for the correct identification of the normal traffic behaviour. In this paper we address the general problem of selecting traffic features from recent real traffic traces (MAWI data set) and verify how the real-time constraint impacts on the general performance. Although a state-of-the-art IDS (Intrusion Detection System) based on deep neural networks is considered, our conclusions can be extended to any anomaly detection algorithm and advocate for a fair comparison of IDSs using representative datasets and traffic features that can be extracted on-line (and do not depend on the entire dataset).
Export citation and abstract BibTeX RIS
Content from this work may be used under the terms of the Creative Commons Attribution 3.0 licence. Any further distribution of this work must maintain attribution to the author(s) and the title of the work, journal citation and DOI.