Dataset Generation Framework for Evaluation of IoT Linux Host-Based Intrusion Detection Systems.

As the IoT industry strongly extends there is a need for better security and threat detection tools. Many approaches are possible but the tendency is to detect attacks externally by using network traffic analysis. Network based intrusion detection could lead to satisfactory results however it is uncertain if host based methods would not give better results as IoT devices usually have repeatable and predictable behavior. Unfortunately host based detection methods can neither be directly compared against each other nor be compared to network based systems as there are no publicly available data sets with IoT device operating system traces. In this paper we propose and describe a framework which allows for emulation of IoT devices, simulation of random attacks and gathering of the operating system traces for Linux based IoT devices. We also publish the first gathered data set and we plan to release new extended data sets in near future.