Federated TON_IoT windows datasets for evaluating AI-based security applications

Document Type

Conference Proceeding

Publication Title

2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)

First Page

848

Last Page

855

Publisher

IEEE

School

School of Science / ECU Security Research Institute

Funders

UNSW Canberra

Comments

Moustafa, N., Keshk, M., Debie, E., & Janicke, H. (2020, December - 2021, January). Federated TON_IoT windows datasets for evaluating AI-based security applications [Paper presentation]. 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), Guangzhou, China. https://ieeexplore.ieee.org/document/9343133

Abstract

© 2020 IEEE. Existing cyber security solutions have been basically developed using knowledge-based models that often cannot trigger new cyber-attack families. With the boom of Artificial Intelligence (AI), especially Deep Learning (DL) algorithms, those security solutions have been plugged-in with AI models to discover, trace, mitigate or respond to incidents of new security events. The algorithms demand a large number of heterogeneous data sources to train and validate new security systems. This paper presents the description of new datasets, the so-called ToN_IoT, which involve federated data sources collected from Telemetry datasets of IoT services, Operating system datasets of Windows and Linux, and datasets of Network traffic. The paper introduces the testbed and description of TON_IoT datasets for Windows operating systems. The testbed was implemented in three layers: edge, fog and cloud. The edge layer involves IoT and network devices, the fog layer contains virtual machines and gateways, and the cloud layer involves cloud services, such as data analytics, linked to the other two layers. These layers were dynamically managed using the platforms of software-Defined Network (SDN) and Network-Function Virtualization (NFV) using the VMware NSX and vCloud NFV platform. The Windows datasets were collected from audit traces of memories, processors, networks, processes and hard disks. The datasets would be used to evaluate various AI-based cyber security solutions, including intrusion detection, threat intelligence and hunting, privacy preservation and digital forensics. This is because the datasets have a wide range of recent normal and attack features and observations, as well as authentic ground truth events. The datasets can be publicly accessed from this link [1].

DOI

10.1109/TrustCom50675.2020.00114

Access Rights

subscription content

Link to Full Text

Share

 
COinS