Skip to content

Payload-Byte is a tool for extracting and labeling packet capture (Pcap) files of modern network intrusion detection datasets.

License

Notifications You must be signed in to change notification settings

Yasir-ali-farrukh/Payload-Byte

Repository files navigation

Scapy  Payload-Byte

DOI

Payload-Byte is a tool for extracting and labeling packet capture (PCAP) files of modern network intrusion detection system datasets.

Since packet-based approaches for Network Intrusion Detection Systems (NIDS) suffer from a lack of standardization, resulting in incomparability and reproducibility issues. Moreover, there are no standard labeled datasets available unlike flow-based datasets, forcing researchers to follow bespoke labeling pipelines for individual approaches. Without a standardized baseline, proposed approaches cannot be compared and evaluated with each other. One cannot gauge whether the proposed approach is a methodological advancement or is just being benefited from the proprietary interpretation of the dataset. Payload-Byte addresses the comparability and reproducibility issues by extracting and labeling network packets according to the available meta-data.

The function of this tool is to provide a standardized baseline for extracting and labeling PCAP files of available network intrusion detection system datasets for future reasearch work.

Processed Datasets

For the ease of future researchers, we have included the processed and labeled payload data of two widely utilized network intrusion detection system datasets. They are available under Data Folder.

  • UNSW-NB15
  • CIC-IDS2017

Usage

There are two different ways through which results can be generated completely.

  1. The first one is using Pipeline.ipynb notebook which is a pipeline in which you just need to specify the directories of PCAP files and CSV files. Rest will be computed automatically. Note: For this approach, you should have enough space in your drive.
  2. The other approach is to utilize the functions seperately which is being illustrated in Individual_approach folder (UNDER CONSTRUCTION).

Citation

If you are using our tool, kindly cite our related papers paper which outlines the details of the tools and its processing.

@INPROCEEDINGS{Payload-Byte,
 author={Farrukh, Yasir Ali and Khan, Irfan and Wali, Syed and Bierbrauer, David and Pavlik, John A. and Bastian, Nathaniel D.},
 booktitle={2022 IEEE/ACM International Conference on Big Data Computing, Applications and Technologies (BDCAT)}, 
 title={Payload-Byte: A Tool for Extracting and Labeling Packet Capture Files of Modern Network Intrusion Detection Datasets}, 
 year={2022},
 pages={58-67},
 doi={10.1109/BDCAT56447.2022.00015}}

Furthermore, our recent publication provides additional insights on how to effectively utilize payload information for classification.

SeNet-I: An approach for detecting network intrusions through serialized network traffic images)

@article{SeNet-I,
title = {SeNet-I: An approach for detecting network intrusions through serialized network traffic images},
journal = {Engineering Applications of Artificial Intelligence},
volume = {126},
pages = {107169},
year = {2023},
issn = {0952-1976},
doi = {https://doi.org/10.1016/j.engappai.2023.107169},
url = {https://www.sciencedirect.com/science/article/pii/S0952197623013532},
author = {Yasir Ali Farrukh and Syed Wali and Irfan Khan and Nathaniel D. Bastian}}

AIS-NIDS: An intelligent and self-sustaining network intrusion detection system

@article{AIS-NIDS,
title = {AIS-NIDS: An intelligent and self-sustaining network intrusion detection system},
journal = {Computers & Security},
volume = {144},
pages = {103982},
year = {2024},
issn = {0167-4048},
doi = {https://doi.org/10.1016/j.cose.2024.103982},
url = {https://www.sciencedirect.com/science/article/pii/S0167404824002876},
author = {Yasir Ali Farrukh and Syed Wali and Irfan Khan and Nathaniel D. Bastian}}