Toward Developing a Realistic DDoS Dataset for Anomaly-based Intrusion Detection

An anomaly-based intrusion detection system (IDS) is considered an effective mechanism for detecting distributed denial of service (DDoS) attack, but the detection performance depends on good datasets used for training. There are synthetic or simulation-based datasets available with various limitations. To overcome the limitations of existing datasets, a realistic DDoS dataset is developed in this work using Spirent’s CyberFlood-CF20 emulator. Attack traffic is generated by CF20 and captured for feature extraction and labeling. Principal Component Analysis (PCA) is performed for dimensionality reduction of this dataset, and finally, the dataset and the performance of common machine learning algorithms are evaluated.