Affiliations: [a]
Computer Science Department, Aqaba University of Technology, Aqaba, Jordan
| [b]
Computer Science Department, Tafila Technical University, Tafila, Jordan
| [c]
Computer Science Department, Princess Sumaya University for Technology, Amman, Jordan
Correspondence:
[*]
Corresponding author. Mohammad Almseidin, Computer Science Department, Aqaba University of Technology, Aqaba, Jordan. E-mail: [email protected].
Abstract: Nowadays, with the rapid increase in the number of applications and networks, the number of cyber multi-step attacks has been increasing exponentially. Thus, the need for a reliable and acceptable Intrusion Detection System (IDS) solution is becoming urgent to protect the networks and devices. However, implementing a robust IDS needs a reliable and up-to-date dataset in order to capture the behaviors of the new types of attacks especially a multi-step attack. In this paper, a new benchmark Multi-Step Cyber-Attack Dataset (MSCAD) is introduced. MSCAD includes two multi-step scenarios; the first scenario is a password cracking attack, and the second attack scenario is a volume-based Distributed Denial of Service (DDoS) attack. The MSCAD was assessed in two manners; firstly, the MSCAD was used to train IDS. Then, the performance of IDS was evaluated in terms of G-mean and Area Under Curve (AUC). Secondly, the MSCAD was compared with other free open-source and public datasets based on the latest keys criteria of a dataset evaluation framework. The results show that IDS-based MSCAD achieved the best performance with G-mean 0.83 and obtained good accuracy to detect the attacks. Besides, the MSCAD successfully passing twelve keys criteria.
