关键词: 模拟数据集, 字节频度分布, 负载异常检测, 网络入侵检测系统

Abstract: Nowadays there isn’t yet adequately competent test dataset for payload based network anomaly intrusion detection system. A simulation network dataset construction approach based on virtual keywords is proposed, and the byte frequency distribution based models are tested on it. Experiment results indicate that the method provides dataset with controllable abnormal degree; detection threshold depends on characteristic of dataset including packets length distribution, deviation of normal/abnormal access to training data, etc. The single packet frequency distribution model is more sensitive to the alteration of abnormal degree of payload data than connection based model.

Key words: simulation dataset, byte frequency distribution, payload anomaly detection, Network Intrusion Detection System（NIDS）