IDS mailing list archives

Applying data mining to Intrusion Detection System

From: trantichphuoc () yahoo com
Date: 16 Jul 2005 12:33:07 -0000

Hi all,
I am a newbie in Network Security. I have looked at a webiste about KDD 99
(http://www-cse.ucsd.edu/users/elkan/clresults.html ) and I found this very interesting.
I would like to try the dataset and use some data mining tools to mine this. However, I am having few problems.

1. The data I downoaded from (http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html)

kddcup.data.gz The full data set (18M; 743M Uncompressed) -> I need the output (classified as normal or an intrusion)
so that a supervised learnign can be done. This file is too big so I cant even open it to see if it contains the
output.

kddcup.data_10_percent.gz A 10% subset. (2.1M; 75M Uncompressed) -> is this 10% extracted from the above whole data?

kddcup.newtestdata_10_percent_unlabeled.gz (1.4M; 45M Uncompressed) -> is that true the test data is not extracted
from the training data (743 Mb) ?

kddcup.testdata.unlabeled.gz (11.2M; 430M Uncompressed) -> is this test data the same with above test? and how
different?

kddcup.testdata.unlabeled_10_percent.gz (1.4M;45M Uncompressed)

corrected.gz Test data with corrected labels.

I see so many test sets and have no clue which one to use.

2. What tool would you recommend me to use to mine these data?

3. How can I run the scoring script in http://www-cse.ucsd.edu/users/elkan/awkscript.html
I dont know how to evaluate my model after I finish training. Do I have to send my model to the commeetee in order to
have it evaluated, or I just run

the script by myself. What I really want to evaluate my model is the way described in
http://www-cse.ucsd.edu/users/elkan/clresults.html

Could anyone please give me some advices about this?
Thanks
Have a nice day
Patrick Tran

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------

Current thread:

Applying data mining to Intrusion Detection System trantichphuoc (Jul 17)
- Re: Applying data mining to Intrusion Detection System Stefano Zanero (Jul 18)
- Re: [BULK] Applying data mining to Intrusion Detection System Sanjay Rawat (Jul 18)