IDS mailing list archives
Re: Intrusion Detection Evaluation Datasets
From: Jamie Riden <jamie.riden () gmail com>
Date: Mon, 9 Mar 2009 20:09:58 +0000
2009/3/4 snort user <snort.user () gmail com>:
Greetings to everyone. I have some questions regarding Intrusion detection evaluation datasets - Apart from the Darpa datasets and KDD datasets, are there other publicly available datasets? Are these datasets useful for evaluating a new IDS system or even a new detection technique?
Not the KDD '99 data set that I've played with - was categorised by various things, but had no actual payloads if I remember correctly. IMHO, the only way to evaluate an IDS is to plug it into your network - no one else is going to share sensitive traffic of that kind, even if they do it'll be different and the sheer volume of a continuous 100Mbs+ data feed is going to make such an exercise impractical. Also, I have a degree in machine learning and I know how hard it is to ensure that one data set (training data) is representative of your actual problem (test data). Find a friendly sysadmin and offer to trade: test your IDS in exchange for supplying them with any useful information you might discover. Sorry to be difficult :) cheers, Jamie PS: Not being anti-IDS. At my first security gig, I plugged snort into my 100Mbs core switch - very enlightening, and I would not be without an IDS sensor in any security role. -- Jamie Riden / jamesr () europe com / jamie () honeynet org uk http://www.ukhoneynet.org/members/jamie/
Current thread:
- Intrusion Detection Evaluation Datasets snort user (Mar 04)
- Re: Intrusion Detection Evaluation Datasets "Zow" Terry Brugger (Mar 06)
- Re: Intrusion Detection Evaluation Datasets Damiano Bolzoni (Mar 09)
- Re: Intrusion Detection Evaluation Datasets Jamie Riden (Mar 09)
- <Possible follow-ups>
- Re: Re: Intrusion Detection Evaluation Datasets zubair . shafiq (Mar 09)
- Re: Intrusion Detection Evaluation Datasets Stefano Zanero (Mar 09)
- Re: Re: Intrusion Detection Evaluation Datasets zubair . shafiq (Mar 10)
- Re: Intrusion Detection Evaluation Datasets Stefano Zanero (Mar 11)
- Re: Intrusion Detection Evaluation Datasets "Zow" Terry Brugger (Mar 12)
- Re: Intrusion Detection Evaluation Datasets Paul Palmer (Mar 12)
- Re: Intrusion Detection Evaluation Datasets Stuart Staniford (Mar 13)
- Re: Intrusion Detection Evaluation Datasets Stefano Zanero (Mar 13)
- Re: Intrusion Detection Evaluation Datasets "Zow" Terry Brugger (Mar 13)
- Re: Intrusion Detection Evaluation Datasets Paul Palmer (Mar 13)
- Re: Intrusion Detection Evaluation Datasets Stefano Zanero (Mar 11)