Snort mailing list archives

Re: Is it possible to apply DARPA dataset on snort to classify attack types?

From: Paulo Angelo <pa () pauloangelo com>
Date: Sat, 31 Mar 2018 22:40:17 -0300

Hi Thierry,

The DARPA dataset is a bit outdated (98/99). I suggest you to take a look
on the ISCX2012, CICIDS2017, or  CTU-13 datasets.

Some months ago I replayed the CTU-13 and part of the ISCX2012 dataset to
Snort and registered its output combined with the extracted flows. The
results are available at [1] (below). I submitted the finding as a paper,
which is still under review. So, there is no much publicly available
information yet about it. But I can send you some details in private upon
request.

I also recommend [2-3], which are updated papers that discuss about
datasets in the realm of intrusion detection systems.

I hope this may help you.

Best regards,

Paulo Angelo

[1] http://ids-hogzilla.org/dataset/
[2] Iman Sharafaldin, Arash Habibi Lashkari, and Ali A. Ghorbani, “Toward
Generating a New Intrusion Detection Dataset and Intrusion Traffic
Characterization”, 4th International Conference on Information Systems
Security and Privacy (ICISSP), Portugal, January 2018.
[3] Iman Sharafaldin, Amirhossein Gharib, Arash Habibi Lashkari, Ali A.
Ghorbani, "Towards a Reliable Intrusion Detection Benchmark Dataset", River
Journal, Vol 2017, Issue 1, P 177-200, Software Networking Journal, River
Publishers, January 2017.

On Sat, Mar 31, 2018 at 8:21 PM, 2014/2015 - Nsabimana Thierry <
thierry.nsabimana () aims-cameroon org> wrote:

Hello everyone,

I hope you are all doing great.  I have Implemented IDS  Using Genetic
Algorithm and Self Organizing Feature Maps algorithm. DARPA dataset from
MIT Lincoln Lab was used for training and testing the intrusion detection
rules. Varied Crossover probability, mutation probability and weights were
used to derive classification rate and detection rate. My question is
follows: " Is it possible to apply DARPA Dataset on Snort to derive
classification rate and detection rate of attacks? If not, Can you tell me
open sources security which can be both host intrusion detection system and
Network intrusion detection system to apply DARPA dataset?  I am not
familiar with snort but I want to apply it with DARPA dataset.

Could anyone help me.

Many thanks.

Thierry

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest
Snort news!

Please follow these rules: https://snort.org/faq/what-is-
the-mailing-list-etiquette

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Current thread:

Is it possible to apply DARPA dataset on snort to classify attack types? 2014/2015 - Nsabimana Thierry (Mar 31)
- Re: Is it possible to apply DARPA dataset on snort to classify attack types? Paulo Angelo (Mar 31)