In this article, some researchers from Germany bring up the issue of obtaining relevant datasets in order to test cybersecurity tools.
The authors try to design a way to “generate meaningful, reproducible, and adaptable log datasets for sound scientific cybersecurity experiments”. Their goals are ambitious. They designed a testbed that generates log data containing normal activity and the possibility of running attacks among it. But most of all, they did it in a transparent, explicable and replicable way. Then they evaluate their tool with a multi-step attack. They evaluate their tool with a practical experiment on detecting a multi-step intrusion of an enterprise network and show that the resulting experiment is indeed valid, controlled, and reproducible.
It’s a promising work to say the least !
