Traffic Generation using Containerization for Machine Learning

TL;DR

This paper introduces a containerization-based framework for generating diverse, labeled network traffic data to improve machine learning-based intrusion detection, addressing limitations of existing datasets.

Contribution

The authors present a novel Docker-based data generation framework that creates scalable, heterogeneous, and labeled network traffic datasets with realistic scenarios for cybersecurity research.

Findings

Framework produces diverse, labeled traffic data with realistic properties.

Experiments demonstrate reproducibility and scalability of the data generation process.

Application to traffic classification shows practical utility.

Abstract

The design and evaluation of data-driven network intrusion detection methods are currently held back by a lack of adequate data, both in terms of benign and attack traffic. Existing datasets are mostly gathered in isolated lab environments containing virtual machines, to both offer more control over the computer interactions and prevent any malicious code from escaping. This procedure however leads to datasets that lack four core properties: heterogeneity, ground truth traffic labels, large data size, and contemporary content. Here, we present a novel data generation framework based on Docker containers that addresses these problems systematically. For this, we arrange suitable containers into relevant traffic communication scenarios and subscenarios, which are subject to appropriate input randomization as well as WAN emulation. By relying on process isolation through containerization, we can match traffic events with individual processes, and achieve scalability and modularity of individual traffic scenarios. We perform two experiments to assess the reproducability and traffic properties of our framework, and demonstrate the usefulness of our framework on a traffic classification example.