dsrl-apt-2023: a new synthetic dataset for advanced persistent threats

Detecting advanced persistent threats (apts) is crucial, and a practical approach involves using an intrusion detection system (ids) integrated with supervised machine learning algorithms. these algorithms require a balanced dataset with ample attack samples to learn and recognize attack patterns effectively. however, widely used apt datasets, such as dapt2020 and scvic-apt-2021, suffer from imbalance issues that limit the performance of machine learning-based intrusion detection systems (ids). we introduce dsrl-apt-2023, a new balanced synthetic apt dataset generated using ctgan to address this challenge. the ctgan model is trained on the dapt2020 dataset to create this balanced dataset. we evaluate and compare the performance of six standard supervised machine learning algorithms—decision tree, support vector machine, k-nearest neighbor, logistic regression, random forest, and multi-layer perceptron— alongside an intrusion detection system (ids) called intelligent intrusion detection system, which is based on tree-structured machine learning models. our evaluation focuses on detecting attacks in dsrl-apt-2023 and compares its performance to dapt2020 and scvic-apt-2021. additionally, we assess the data quality of synthetic datasets generated by two prominent gans, copulagan, and ctgan, with ctgan demonstrating slightly superior performance in generating high-quality tabular data. our results demonstrate that machine learning algorithms and the intelligent ids can accurately detect attacks in the synthetic dataset, as evidenced by the f1-score metrics.