A Novel Approach to Network Traffic Analysis: the HERA tool

TL;DR

This paper introduces HERA, an open-source tool for generating accurate, customizable network flow datasets with labels, addressing inaccuracies and usability issues in existing tools, to improve intrusion detection system training.

Contribution

HERA is a novel, open-source tool that enables customizable, accurate network flow dataset generation with flexible labeling options, improving upon existing tools.

Findings

HERA accurately generates flow files and labels.

Validated with the UNSW-NB15 dataset.

Addresses inaccuracies in existing dataset tools.

Abstract

Cybersecurity threats highlight the need for robust network intrusion detection systems to identify malicious behaviour. These systems rely heavily on large datasets to train machine learning models capable of detecting patterns and predicting threats. In the past two decades, researchers have produced a multitude of datasets, however, some widely utilised recent datasets generated with CICFlowMeter contain inaccuracies. These result in flow generation and feature extraction inconsistencies, leading to skewed results and reduced system effectiveness. Other tools in this context lack ease of use, customizable feature sets, and flow labelling options. In this work, we introduce HERA, a new open-source tool that generates flow files and labelled or unlabelled datasets with user-defined features. Validated and tested with the UNSW-NB15 dataset, HERA demonstrated accurate flow and label generation.