Table 1 Evolving Attacks in the CICIDS2017 Dataset
From: Conceptualisation of Cyberattack prediction with deep learning
Attack Class | Description | Number of Instances | |
|---|---|---|---|
Train | Test | ||
Benign | Normal network traffic | 4003 | 1000 |
Brute force | This attack is used for password cracking as well as the discovery of hidden pages and content in a web application | 5000 | 1708 |
Heartbleed | The heartbleed attack emanates from a bug in the OpenSSL cryptography library, which is an implementation of the Transport Layer Security (TLS) protocol | 6 | 5 |
Botnet | This attack uses a number of devices connected over the Internet to circumvent and exploit vulnerable machines | 1500 | 466 |
DoS | The Denial of Service (DoS) attack temporarily or indefinitely disrupts services on a host machine connected to the Internet. These services then become unavailable to the intended users for the period of the attack | 8000 | 3936 |
DDoS | Usually results from a botnet of compromised machines flooding the bandwidth or resources of a victim machine | 95,000 | 32,538 |
Web | Includes SQL injection, Cross-Site Scripting (XSS) and Brute force over HTTP: | 1600 | 580 |
SQL injection is a code injection technique that is used to attack data-driven applications. An attacker can create a string of SQL commands in order to force the database to divulge its contents. | |||
XSS attack allows attackers to inject client-side scripts into web pages, which are viewed by other users. | |||
Brute force over HTTP enables an attacker to try a list of passwords to find the administrator’s password. | |||
Infiltration | This is an attack that exploits the vulnerability of a software in order to execute a backdoor on the victim’s machine. This can lead to attacks such as IP Sweep, port scan and service enumerations. | 700 | 281 |