AADS dataset
Description
Adaptive Anomaly Detection System (AADS) is a Denial of Service attack detection system that leverages architectural advantages of Software Defined Networks to detect anomalies in real-time. The data in this dataset was generated using Mininet on Raspberry Pi hardware for a period of 10 hours. Topology consisted of 8 nodes, with three kinds of traffic generation - Video streaming, File transfer and HTTP web traffic. Models - Restricted Boltzmann Machine, Variational Auto-Encoder and Neural Basis Expansion Analysis for Time Series were trained on this data and compared for results w.r.t. prediction time and deviation score. Neural Basis model gave the best result with an anomaly prediction time of 25 milliseconds and deviation score of 133. Deviation score is a measure of how well the model separates normal data from abnormal data. Note that this data only contains normal traffic flow, and attack spike can be generated by injecting a high packet count to a random entry.
Files
Steps to reproduce
Mininet emulation tool was used on Raspberry Pi zero. A Ryu controller was setup on a Virtual Machine in the same subnet. By sending OpenFlow request (OFPFlowStatsRequest) to the switch, the data plane replies (OFPFlowStatsReply) with packet count, duration, number of flows and other such parameters. This was done periodically with a time period of 10 seconds. Packet count was extracted and indexed with a timestamp. Traffic flow among nodes was simulated using appropriate tools - ffmpeg and netcat for Video streaming, python server and wget for File transfer, python server and curl for HTTP web traffic.