{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,24]],"date-time":"2026-04-24T14:58:54Z","timestamp":1777042734836,"version":"3.51.4"},"reference-count":52,"publisher":"Association for Computing Machinery (ACM)","issue":"2","license":[{"start":{"date-parts":[[2021,1,2]],"date-time":"2021-01-02T00:00:00Z","timestamp":1609545600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100001659","name":"Deutsche Forschungsgemeinschaft","doi-asserted-by":"crossref","award":["251805230\/GRK 2050"],"award-info":[{"award-number":["251805230\/GRK 2050"]}],"id":[{"id":"10.13039\/501100001659","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Priv. Secur."],"published-print":{"date-parts":[[2021,5,31]]},"abstract":"<jats:p>Most research in the field of network intrusion detection heavily relies on datasets. Datasets in this field, however, are scarce and difficult to reproduce. To compare, evaluate, and test related work, researchers usually need the same datasets or at least datasets with similar characteristics as the ones used in related work. In this work, we present concepts and the Intrusion Detection Dataset Toolkit (ID2T) to alleviate the problem of reproducing datasets with desired characteristics to enable an accurate replication of scientific results. Intrusion Detection Dataset Toolkit (ID2T) facilitates the creation of labeled datasets by injecting synthetic attacks into background traffic. The injected synthetic attacks created by ID2T blend with the background traffic by mimicking the background traffic\u2019s properties.<\/jats:p>\n          <jats:p>This article has three core contributions. First, we present a comprehensive survey on intrusion detection datasets. In the survey, we propose a classification to group the negative qualities found in the datasets. Second, the architecture of ID2T is revised, improved, and expanded in comparison to previous work. The architectural changes enable ID2T to inject recent and advanced attacks, such as the EternalBlue exploit or a peer-to-peer botnet. ID2T\u2019s functionality provides a set of tests, known as TIDED, that helps identify potential defects in the background traffic into which attacks are injected. Third, we illustrate how ID2T is used in different use-case scenarios to replicate scientific results with the help of reproducible datasets. ID2T is open source software and is made available to the community to expand its arsenal of attacks and capabilities.<\/jats:p>","DOI":"10.1145\/3424155","type":"journal-article","created":{"date-parts":[[2021,1,2]],"date-time":"2021-01-02T11:26:59Z","timestamp":1609586819000},"page":"1-39","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":65,"title":["On Generating Network Traffic Datasets with Synthetic Attacks for Intrusion Detection"],"prefix":"10.1145","volume":"24","author":[{"given":"Carlos Garcia","family":"Cordero","sequence":"first","affiliation":[{"name":"Technische Universit\u00e4t Darmstadt, Hessen, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Emmanouil","family":"Vasilomanolakis","sequence":"additional","affiliation":[{"name":"Aalborg University, Copenhagen, Denmark"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Aidmar","family":"Wainakh","sequence":"additional","affiliation":[{"name":"Technische Universit\u00e4t Darmstadt, Hessen, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Max","family":"M\u00fchlh\u00e4user","sequence":"additional","affiliation":[{"name":"Technische Universit\u00e4t Darmstadt, Hessen, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Simin","family":"Nadjm-Tehrani","sequence":"additional","affiliation":[{"name":"Link\u00f6ping University, Sweden"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2021,1,2]]},"reference":[{"key":"e_1_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1109\/BADGERS.2014.11"},{"key":"e_1_2_1_2_1","volume-title":"CDX 2009 Network.","author":"United States Military Academy.","year":"2009"},{"key":"e_1_2_1_3_1","unstructured":"Akamai. 2018. The state of the internet \/ security report. Retrieved from https:\/\/www.akamai.com\/uk\/en\/multimedia\/documents\/case-study\/spring-2018-state-of-the-internet-security-report.pdf.  Akamai. 2018. The state of the internet \/ security report. Retrieved from https:\/\/www.akamai.com\/uk\/en\/multimedia\/documents\/case-study\/spring-2018-state-of-the-internet-security-report.pdf."},{"key":"e_1_2_1_4_1","volume-title":"Technical Report","author":"Regis Barbosa Rafael Ramos"},{"key":"e_1_2_1_5_1","first-page":"1","article-title":"Packets found on an internet 1 introduction 2 address space oddities","volume":"23","author":"Bellovin Steven M.","year":"1992","journal-title":"Comput. Commun."},{"key":"e_1_2_1_6_1","first-page":"683","article-title":"Towards generating real-life datasets for network intrusion detection","volume":"17","author":"Bhuyan Monowar H.","year":"2015","journal-title":"Int. J. Netw. Secur."},{"key":"e_1_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.5555\/1496662.1496663"},{"key":"e_1_2_1_8_1","unstructured":"CAIDA. 2017. CAIDA Data\u2014Overview of Datasets Monitors and Reports. Retrieved from http:\/\/www.caida.org\/data\/overview\/.  CAIDA. 2017. CAIDA Data\u2014Overview of Datasets Monitors and Reports. Retrieved from http:\/\/www.caida.org\/data\/overview\/."},{"key":"e_1_2_1_9_1","unstructured":"National CyberWatch Center. 2017. Mid-Atlantic Collegiate Cyber Defense Competition. Retrieved from https:\/\/maccdc.org\/.  National CyberWatch Center. 2017. Mid-Atlantic Collegiate Cyber Defense Competition. Retrieved from https:\/\/maccdc.org\/."},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1109\/CNS.2015.7346912"},{"key":"e_1_2_1_11_1","doi-asserted-by":"crossref","unstructured":"Michelle Cotton Lars Eggert Joe Touch Magnus Westerlund and Stuart Cheshire. 2011. Internet Assigned Numbers Authority (IANA) Procedures for the Management of the Service name and Transport Protocol Port Number Registry. RFC 6335. Retrieved from http:\/\/buildbot.tools.ietf.org\/html\/rfc6335.  Michelle Cotton Lars Eggert Joe Touch Magnus Westerlund and Stuart Cheshire. 2011. Internet Assigned Numbers Authority (IANA) Procedures for the Management of the Service name and Transport Protocol Port Number Registry. RFC 6335. Retrieved from http:\/\/buildbot.tools.ietf.org\/html\/rfc6335.","DOI":"10.17487\/rfc6335"},{"key":"e_1_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/WCNC.2013.6555301"},{"key":"e_1_2_1_13_1","volume-title":"Zissman","author":"Cunningham Robert K.","year":"1999"},{"key":"e_1_2_1_14_1","first-page":"1","article-title":"tcplib: A library of internetwork traffic characteristics","volume":"48","author":"Danzig Peter B.","year":"1991","journal-title":"Library"},{"key":"e_1_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/1921168.1921179"},{"key":"e_1_2_1_16_1","unstructured":"Sebastian Garcia. 2011. Stratosphere Research Laboratory. Retrieved from https:\/\/www.stratosphereips.org\/.  Sebastian Garcia. 2011. Stratosphere Research Laboratory. Retrieved from https:\/\/www.stratosphereips.org\/."},{"key":"e_1_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2014.05.011"},{"key":"e_1_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1109\/PST.2016.7906980"},{"key":"e_1_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.17487\/RFC3260"},{"key":"e_1_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2017.03.018"},{"key":"e_1_2_1_21_1","unstructured":"Santiago Hern\u00e1ndez. 2018. Awesome-Cybersecurity-Datasets. Retrieved from https:\/\/github.com\/shramos\/Awesome-Cybersecurity-Datasets.  Santiago Hern\u00e1ndez. 2018. Awesome-Cybersecurity-Datasets. Retrieved from https:\/\/github.com\/shramos\/Awesome-Cybersecurity-Datasets."},{"key":"e_1_2_1_22_1","unstructured":"IMPACT. 2017. Information Marketplace. Retrieved from https:\/\/www.impactcybertrust.org.  IMPACT. 2017. Information Marketplace. Retrieved from https:\/\/www.impactcybertrust.org."},{"key":"e_1_2_1_23_1","doi-asserted-by":"crossref","unstructured":"Kadangode K. Ramakrishnan Sally Floyd and D. Black. 2001. The Addition of Explicit Congestion Notification (ECN\u201901) to IP. Technical Report.  Kadangode K. Ramakrishnan Sally Floyd and D. Black. 2001. The Addition of Explicit Congestion Notification (ECN\u201901) to IP. Technical Report.","DOI":"10.17487\/rfc3168"},{"key":"e_1_2_1_24_1","unstructured":"KDD Cup 99. 1999. Knowledge Discovery and Data Mining Tools Competition. Retrieved from http:\/\/kdd.ics.uci.edu\/databases\/kddcup99\/kddcup99.html.  KDD Cup 99. 1999. Knowledge Discovery and Data Mining Tools Competition. Retrieved from http:\/\/kdd.ics.uci.edu\/databases\/kddcup99\/kddcup99.html."},{"key":"e_1_2_1_25_1","volume-title":"Proceedings of the TERENA Networking Conference. 7.","author":"Koch Robert","year":"2014"},{"key":"e_1_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/1090191.1080118"},{"key":"e_1_2_1_28_1","unstructured":"Marc Liberatore and Prashant Shenoy. 2013. Umass trace repository. Retrieved from http:\/\/traces.cs.umass.edu.  Marc Liberatore and Prashant Shenoy. 2013. Umass trace repository. Retrieved from http:\/\/traces.cs.umass.edu."},{"key":"e_1_2_1_29_1","unstructured":"Thomas Lukaseder. 2017. 2017-SUEE-data-set. Retrieved from https:\/\/github.com\/vs-uulm\/2017-SUEE-data-set.  Thomas Lukaseder. 2017. 2017-SUEE-data-set. Retrieved from https:\/\/github.com\/vs-uulm\/2017-SUEE-data-set."},{"key":"e_1_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/952532.952601"},{"key":"e_1_2_1_31_1","volume-title":"Proceedings of the International Symposium on Recent Advances in Intrusion Detection. 220--237","author":"Matthew"},{"key":"e_1_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/382912.382923"},{"key":"e_1_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1109\/MilCIS.2015.7348942"},{"key":"e_1_2_1_34_1","volume-title":"Gurtov","author":"Nechaev Boris","year":"2010"},{"key":"e_1_2_1_35_1","unstructured":"NETRESEC. 2010. Capture files from Mid-Atlantic CCDC. Retrieved from https:\/\/www.netresec.com\/?page&equals;MACCDC.  NETRESEC. 2010. Capture files from Mid-Atlantic CCDC. Retrieved from https:\/\/www.netresec.com\/?page&equals;MACCDC."},{"key":"e_1_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1016\/S1389-1286(99)00112-7"},{"key":"e_1_2_1_37_1","doi-asserted-by":"crossref","unstructured":"Jon Postel et\u00a0al. 1981. Internet Protocol. RFC 791. Retrieved from http:\/\/buildbot.tools.ietf.org\/html\/rfc791.  Jon Postel et\u00a0al. 1981. Internet Protocol. RFC 791. Retrieved from http:\/\/buildbot.tools.ietf.org\/html\/rfc791.","DOI":"10.17487\/rfc0791"},{"key":"e_1_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1109\/CCECE.2018.8447661"},{"key":"e_1_2_1_39_1","doi-asserted-by":"crossref","unstructured":"Joyce Reynolds and Jon Postel. 1994. Assigned Numbers. Technical Report.  Joyce Reynolds and Jon Postel. 1994. Assigned Numbers. Technical Report.","DOI":"10.17487\/rfc1700"},{"key":"e_1_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/1341431.1341443"},{"key":"e_1_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.5555\/1855481.1855490"},{"key":"e_1_2_1_42_1","unstructured":"Mike Sconzo. 2015. Samples of Security Related Data. Retrieved from https:\/\/www.secrepo.com\/.  Mike Sconzo. 2015. Samples of Security Related Data. Retrieved from https:\/\/www.secrepo.com\/."},{"key":"e_1_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2011.12.012"},{"key":"e_1_2_1_44_1","volume-title":"Proceedings of the 6th Workshop on Cyber Security Experimentation and Test.","author":"Sonchack John"},{"key":"e_1_2_1_45_1","volume-title":"Description of Kyoto University benchmark data","author":"Song Jungsuk"},{"key":"e_1_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1109\/WISTDCS.2008.10"},{"key":"e_1_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-04968-2_4"},{"key":"e_1_2_1_48_1","unstructured":"SPIRENT. 2002. pcapr: PCAP files repository. Retrieved from https:\/\/www.pcapr.net\/.  SPIRENT. 2002. pcapr: PCAP files repository. Retrieved from https:\/\/www.pcapr.net\/."},{"key":"e_1_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.5555\/1736481.1736489"},{"key":"e_1_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1109\/NOMS.2016.7502989"},{"key":"e_1_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1145\/2716260"},{"key":"e_1_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1109\/PCCC.2015.7410282"},{"key":"e_1_2_1_53_1","volume-title":"Proceedings of the FLAIRS Conference. 252--256","author":"Zuech Richard","year":"2015"}],"container-title":["ACM Transactions on Privacy and Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3424155","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3424155","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T22:01:51Z","timestamp":1750197711000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3424155"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,1,2]]},"references-count":52,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2021,5,31]]}},"alternative-id":["10.1145\/3424155"],"URL":"https:\/\/doi.org\/10.1145\/3424155","relation":{},"ISSN":["2471-2566","2471-2574"],"issn-type":[{"value":"2471-2566","type":"print"},{"value":"2471-2574","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,1,2]]},"assertion":[{"value":"2018-06-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2020-09-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2021-01-02","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}