Visible to the public Federated TONİoT Windows Datasets for Evaluating AI-Based Security Applications

TitleFederated TONİoT Windows Datasets for Evaluating AI-Based Security Applications
Publication TypeConference Paper
Year of Publication2020
AuthorsMoustafa, N., Keshky, M., Debiez, E., Janicke, H.
Conference Name2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)
KeywordsAI-based security applications, cloud computing, composability, Computer crime, data privacy, Federated datasets, Internet of Things, Intrusion detection, Metrics, Operating systems, pubcrawl, resilience, Resiliency, security, testbed, Virtual machining, Windows operating system, Windows Operating System Security, Windows operating systems
Abstract

Existing cyber security solutions have been basically developed using knowledge-based models that often cannot trigger new cyber-attack families. With the boom of Artificial Intelligence (AI), especially Deep Learning (DL) algorithms, those security solutions have been plugged-in with AI models to discover, trace, mitigate or respond to incidents of new security events. The algorithms demand a large number of heterogeneous data sources to train and validate new security systems. This paper presents the description of new datasets, the so-called ToNIoT, which involve federated data sources collected from Telemetry datasets of IoT services, Operating system datasets of Windows and Linux, and datasets of Network traffic. The paper introduces the testbed and description of TONIoT datasets for Windows operating systems. The testbed was implemented in three layers: edge, fog and cloud. The edge layer involves IoT and network devices, the fog layer contains virtual machines and gateways, and the cloud layer involves cloud services, such as data analytics, linked to the other two layers. These layers were dynamically managed using the platforms of software-Defined Network (SDN) and Network-Function Virtualization (NFV) using the VMware NSX and vCloud NFV platform. The Windows datasets were collected from audit traces of memories, processors, networks, processes and hard disks. The datasets would be used to evaluate various AI-based cyber security solutions, including intrusion detection, threat intelligence and hunting, privacy preservation and digital forensics. This is because the datasets have a wide range of recent normal and attack features and observations, as well as authentic ground truth events. The datasets can be publicly accessed from this link [1].

DOI10.1109/TrustCom50675.2020.00114
Citation Keymoustafa_federated_2020