A detailed analysis of the KDD CUP 99 data set

@article{Tavallaee2009ADA,
  title={A detailed analysis of the KDD CUP 99 data set},
  author={Mahbod Tavallaee and Ebrahim Bagheri and Wei Lu and Ali A. Ghorbani},
  journal={2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications},
  year={2009},
  pages={1-6}
}
During the last decade, anomaly detection has attracted the attention of many researchers to overcome the weakness of signature-based IDSs in detecting novel attacks, and KDDCUP'99 is the mostly widely used data set for the evaluation of these systems. Having conducted a statistical analysis on this data set, we found two important issues which highly affects the performance of evaluated systems, and results in a very poor evaluation of anomaly detection approaches. To solve these issues, we… Expand

Figures, Tables, and Topics from this paper

A Detailed Analysis on NSL-KDD Dataset Using Various Machine Learning Techniques for Intrusion Detection
TLDR
This paper focuses on detailed study on NSLKDD dataset that contains only selected record that provide a good analysis on various machine learning techniques for intrusion detection. Expand
Feature Selection in the Corrected KDD-dataset
  • S. Zargari, D. Voorhis
  • Computer Science
  • 2012 Third International Conference on Emerging Intelligent Data and Web Technologies
  • 2012
TLDR
This study attempts to explore significant features (curse of high dimensionality) in intrusion detection in order to be applied in data mining techniques resulting in faster training and testing process, less resource consumption as well as maintaining high detection rates. Expand
A Detailed Analysis of the CICIDS2017 Data Set
TLDR
CICIDS2017 as the last updated IDS dataset that contains benign and seven common attack network flows, which meets real world criteria and is publicly available is focused on and it is shown that the random forest algorithm as one of the best performing algorithm can achieve better results with superfeatures versus top selected features. Expand
A Study on NSL-KDD Dataset for Intrusion Detection System Based on Classification Algorithms
TLDR
The NSL-KDD data set is analysed and used to study the effectiveness of the various classification algorithms in detecting the anomalies in the network traffic patterns and the relationship of the protocols available in the commonly used network protocol stack with the attacks used by intruders to generate anomalous network traffic. Expand
Analysis of KDD Dataset Attributes - Class wise for Intrusion Detection
TLDR
Empirical analysis of KDD data set with respect to four classes which are Basic, Content, Traffic and Host shows the contribution of each of four classes of attributes on DR and FAR can help enhance the suitability of data set to achieve maximum DR with minimum FAR. Expand
A Survey of Intrusion Detection Models based on NSL-KDD Data Set
TLDR
A generic process flow for anomaly-based IDS is proposed and described and this process flow components are described in the context of related researches carried out using the NSL-KDD data set. Expand
Improving the Intrusion Detection Systems' Performance by Correlation as a Sample Selection Method
Due to a growing number of the computer networks in recent years, there has been an increasing interest in the intrusion detection systems (IDSs). In this paper we have proposed a method applied toExpand
A novel intrusion detection system based on the 2-dimensional space distribution of average matching degree
TLDR
A classification model is improved, which considers both misuse detection and anomaly detection in Intrusion Detection System (IDS), and the evaluation of the proposed model is carried out over NSL-KDD data sets. Expand
Combination of OMPCA and LDA for Anomaly Network Detection
TLDR
This paper suggests to use the optimal mean PCA as prestep before LDA in Linear Discriminant Analysis to keep just the worthless information from the original high dimensional data by using a feature extraction technique. Expand
Anomaly-Based Network Intrusion Detection System: A Machine Learning Approach
TLDR
UNSW-NB15 network data set came to solve the issues of NSL-KDD and was used in this project to evaluate Anomaly-based NIDs by using different machine learning methods such as Logistic Regression, Decision Tree, Random Forest and particularly an Artificial Neural Network with both binary and multi-class classification. Expand
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 32 REFERENCES
A framework for the evaluation of intrusion detection systems
TLDR
The intrusion detection operating characteristic (IDOC) curves are introduced as a new IDS performance tradeoff which combines in an intuitive way the variables that are more relevant to the intrusion detection evaluation problem. Expand
Measuring intrusion detection capability: an information-theoretic approach
TLDR
This paper provides a novel information-theoretic analysis of IDS and proposes a new metric, CI D (Intrusion Detection Capability), which is defined as the ratio of the mutual information between the IDS input and output to the entropy of the input. Expand
A Novel Anomaly Detection Scheme Based on Principal Component Classifier
Abstract : This paper proposes a novel scheme that uses robust principal component classifier in intrusion detection problems where the training data may be unsupervised. Assuming that anomalies canExpand
Unsupervised Anomaly Detection In Network Intrusion Detection Using Clusters
TLDR
This paper has discussed anomaly based instruction detection, pros and cons of anomalies detection, supervised and unsupervised anomaly detection, and the importance of knowing the training data used for anomaly detection. Expand
Cost-based modeling for fraud and intrusion detection: results from the JAM project
TLDR
There is clear evidence that state-of-the-art commercial fraud detection systems can be substantially improved in stopping losses due to fraud by combining multiple models of fraudulent transaction shared among banks. Expand
Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation
TLDR
An intrusion detection evaluation test bed was developed which generated normal traffic similar to that on a government site containing 100's of users on 1000's of hosts and the best systems failed to detect roughly half these new attacks which included damaging access to root-level privileges by remote users. Expand
Towards a Theory of Intrusion Detection
TLDR
The model captures and generalizes well-known methodologies in the intrusion detection area, and formulates security requirements based on both well- known complexity-theoretic notions and well-Known notions in cryptography (such as computational indistinguishability). Expand
The base-rate fallacy and the difficulty of intrusion detection
TLDR
There are indications that at least some types of intrusion detection have far to go before they can attain such low false alarm rates, due to the base-rate fallacy phenomenon. Expand
Evaluation of intrusion detectors: a decision theory approach
  • J. Gaffney, J. Ulvila
  • Computer Science
  • Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001
  • 2001
TLDR
It is demonstrated that the value of an intrusion detection system and the optimal operation of that system depend not only on the system's ROC curve, but also on cost metrics and the hostility of the operating environment as summarized by the probability of intrusion. Expand
An Analysis of the 1999 DARPA/Lincoln Laboratory Evaluation Data for Network Anomaly Detection
TLDR
This investigation of the 1999 background network traffic suggests the presence of simulation artifacts that would lead to overoptimistic evaluation of network anomaly detection systems. Expand
...
1
2
3
4
...