A critical evaluation of datasets for investigating IDSs and IPSs researches

Nehinbe, Joshua Ojo

doi:10.1109/cis.2011.6169141

Cited by 43 publications

(27 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The dataset includes trace files which are network packets and some traces on wireless applications [26,28]. It has been generated using a single TCP-based download request attack scenario.…”

Section: Umass (University Of Massachusetts -2011)mentioning

confidence: 99%

“…Nehinbe outlined an evaluation based on previous work regarding some aspects such as privacy issues, approval from owners, documentation problems, labeling, and anonymity [28]. Shiravi et al defined evaluation criteria with six aspects: Realistic network, realistic traffic, labeled dataset, total interaction capture, complete capture, and diversity of attacks.…”

Section: Testbed Design Strategiesmentioning

confidence: 99%

See 1 more Smart Citation

Towards a Reliable Intrusion Detection Benchmark Dataset

Sharafaldin¹,

Gharib²,

Lashkari³

et al. 2017

JSN

177

View full text Add to dashboard Cite

The urgently growing number of security threats on Internet and intranet networks highly demands reliable security solutions. Among various options, Intrusion Detection (IDSs) and Intrusion Prevention Systems (IPSs) are used to defend network infrastructure by detecting and preventing attacks and malicious activities. The performance of a detection system is evaluated using benchmark datasets. There exist a number of datasets, such as DARPA98, KDD99, ISC2012, and ADFA13, that have been used by researchers to evaluate the performance of their intrusion detection and prevention approaches. However, not enough research has focused on the evaluation and assessment of the datasets themselves and there is no reliable dataset in this domain. In this paper, we present a comprehensive evaluation of the existing datasets using our proposed criteria, a design and evaluation framework for IDS and IPS datasets, and a dataset generation model to create a reliable IDS or IPS benchmark dataset.

show abstract

Section: Umass (University Of Massachusetts -2011)mentioning

confidence: 99%

Section: Testbed Design Strategiesmentioning

confidence: 99%

Towards a Reliable Intrusion Detection Benchmark Dataset

Sharafaldin¹,

Gharib²,

Lashkari³

et al. 2017

JSN

177

View full text Add to dashboard Cite

show abstract

“…DoS or worms). Consequently, the quality of the generated data depends primarily on the IXIA Perfect Storm hardware 26 . The labeled data set contains approximately 1 million packets and is publicly available 27 .…”

Section: Data Setmentioning

confidence: 99%

A survey of network-based intrusion detection data sets

Ring

Wunderlich

Scheuring

et al. 2019

Computers & Security

463

199

View full text Add to dashboard Cite

Labeled data sets are necessary to train and evaluate anomaly-based network intrusion detection systems. This work provides a focused literature survey of data sets for networkbased intrusion detection and describes the underlying packetand flow-based network data in detail. The paper identifies 15 different properties to assess the suitability of individual data sets for specific evaluation scenarios. These properties cover a wide range of criteria and are grouped into five categories such as data volume or recording environment for offering a structured search. Based on these properties, a comprehensive overview of existing data sets is given. This overview also highlights the peculiarities of each data set. Furthermore, this work briefly touches upon other sources for network-based data such as traffic generators and data repositories. Finally, we discuss our observations and provide some recommendations for the use and the creation of network-based data sets.

show abstract

“…The quality of public datasets has been examined and questioned since their release at the end of the 1990s . In particular, there are a number of analyses and critical studies of DARPA'98, DARPA'99 and the derived KDD'99 dataset.…”

Section: Open Issuesmentioning

confidence: 99%

Similarity as a central approach to flow‐based anomaly detection

2014

View full text Add to dashboard Cite

SUMMARY Network flow monitoring is currently a common practice in mid‐ and large‐size networks. Methods of flow‐based anomaly detection are subject to ongoing extensive research, because detection methods based on deep packets have reached their limits. However, there is a lack of comprehensive studies mapping the state of the art in this area. For this reason, we have conducted a thorough survey of flow‐based anomaly detection methods published on academic conferences and used by the industry. We have analyzed these methods using the perspective of similarity which is inherent to any anomaly detection method. Based on this analysis, we have proposed a new taxonomy of network anomalies and a similarity‐oriented classification of flow‐based detection methods. We have also identified four issues requiring further research: the lack of flow‐based evaluation datasets, infeasible benchmarking of proposed methods, excessive false positive rate and limited coverage of certain anomaly classes. Copyright © 2014 John Wiley & Sons, Ltd.

show abstract

A critical evaluation of datasets for investigating IDSs and IPSs researches

Cited by 43 publications

References 5 publications

Towards a Reliable Intrusion Detection Benchmark Dataset

Towards a Reliable Intrusion Detection Benchmark Dataset

A survey of network-based intrusion detection data sets

Similarity as a central approach to flow‐based anomaly detection

Contact Info

Product

Resources

About