Proceedings of the International Conference «Wave Electronics and its Application in Information and Telecommunication Systems (WECONF)».IEEE # 47647. Saint Petersburg State University of Aerospace Instrumentation. June 03-07, 2019
The article describes the shortcomings of the modern datasets used in the development of next-generation intrusion detection systems and proposed new requirements for datasets. Based on the requirements, new software architecture has been proposed, which allows to model modern computer attacks and at the same time “mark up” logs generated on hosts and by network traffic. Using the proposed software architecture, it is possible to create datasets that will contain tagged instances with features both from host logs and from network traffic. This will allow using collected dataset when building next-generation intrusion detection systems (IDS).