Network traffic datasets are regularly criticized, notably for the lack of realism and diversity in their attack or benign traffic. Generating synthetic network traffic using generative machine learning techniques is a recent area of research that could complement experimental test beds and help assess the efficiency of network security tools such as network intrusion detection systems. Most methods generating synthetic network flows disregard the temporal dependencies between them, leading to unrealistic traffic. To address this issue, we introduce FlowChronicle, a novel synthetic network flow generation tool from mined patterns and Bayesian networks. As a core component, we propose a novel pattern miner in combination with statistical models to preserve temporal dependencies. We empirically compare our method against state-of-the-art techniques on several criteria, namely realism, diversity, compliance, and novelty. This evaluation demonstrates the capability of FlowChronicle to achieve high-quality generation while significantly outperforming the other methods in preserving temporal dependencies between flows. Besides, in contrast to deep learning methods, the patterns identified by FlowChronicle are explainable, and experts can verify their soundness. Our work substantially advances synthetic network traffic generation, offering a method that enhances both the utility and trustworthiness of the generated network flows.
History
Primary Research Area
Trustworthy Information Processing
CISPA Affiliation
Yes
Journal
Proceedings of the ACM on Networking
Volume
2
Page Range
1-20
Publisher
Association for Computing Machinery (ACM)
Open Access Type
Not Open Access
Sub Type
Article
BibTeX
@article{Cüppers:Schoen:Blanc:Gimenez:2024,
title = "FlowChronicle: Synthetic Network Flow Generation through Pattern Set Mining",
author = "Cüppers, Joscha" AND "Schoen, Adrien" AND "Blanc, Gregory" AND "Gimenez, Pierre-Francois",
year = 2024,
month = 11,
journal = "Proceedings of the ACM on Networking",
number = "CoNEXT4",
pages = "1--20",
publisher = "Association for Computing Machinery (ACM)",
issn = "2834-5509",
doi = "10.1145/3696407"
}