Generating realistic intrusion detection system dataset based on fuzzy qualitative modeling

- A fuzzy qualitative modeling based metric is proposed for evaluating the quality of an IDS dataset.
- A new IDS dataset is generated over multimillion scale Cyberrange testbed and provided publically.
- The proposed fuzzy qualitative modeling based metric is applied to proposed and existing major public IDS datasets to assess their quality of realism and to demonstrate the capability of proposed metric in examining the quality of an IDS dataset.

Prior to deploying any intrusion detection system, it is essential to obtain a realistic evaluation of its performance. However, the major problems currently faced by the research community is the lack of availability of any realistic evaluation dataset and systematic metric for assessing the quantified quality of realism of any intrusion detection system dataset. It is difficult to access and collect data from real-world enterprise networks due to business continuity and integrity issues. In response to this, in this paper, firstly, a metric using a fuzzy logic system based on the Sugeno fuzzy inference model for evaluating the quality of the realism of existing intrusion detection system datasets is proposed. Secondly, based on the proposed metric results, a synthetically realistic next generation intrusion detection systems dataset is designed and generated, and a preliminary analysis conducted to assist in the design of future intrusion detection systems. This generated dataset consists of both normal and abnormal reflections of current network activities occurring at critical cyber infrastructure levels in various enterprises. Finally, using the proposed metric, the generated dataset is analyzed to assess the quality of its realism, with its comparison with publicly available intrusion detection system datasets for verifying its superiority.