• DocumentCode
    2715958
  • Title

    Analysis of the 1999 DARPA/Lincoln Laboratory IDS evaluation data with NetADHICT

  • Author

    Brown, Carson ; Cowperthwaite, Alex ; Hijazi, Abdulrahman ; Somayaji, Anil

  • Author_Institution
    Carleton Comput. Security Lab., Carleton Univ., Ottawa, ON, Canada
  • fYear
    2009
  • fDate
    8-10 July 2009
  • Firstpage
    1
  • Lastpage
    7
  • Abstract
    The 1999 DARPA/Lincoln Laboratory IDS evaluation data has been widely used in the intrusion detection and networking community, even though it is known to have a number of artifacts. Here we show that many of these artifacts, including the lack of damaged or unusual background packets and uniform host distribution, can be easily extracted using NetADHICT, a tool we developed for understanding networks. In addition, using NetADHICT we were able to identify extreme temporal variation in the data, a characteristic that was not identified in past analyses. These results illustrate the utility of NetADHICT in characterizing network traces for experimental purposes.
  • Keywords
    data analysis; security of data; DARPA/Lincoln Laboratory IDS evaluation data analysis; NetADHICT; intrusion detection; networking community; Computational modeling; Data visualization; Intrusion detection; Laboratories; Military computing; Production; Protocols; Telecommunication traffic; Testing; Traffic control;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Computational Intelligence for Security and Defense Applications, 2009. CISDA 2009. IEEE Symposium on
  • Conference_Location
    Ottawa, ON
  • Print_ISBN
    978-1-4244-3763-4
  • Electronic_ISBN
    978-1-4244-3764-1
  • Type

    conf

  • DOI
    10.1109/CISDA.2009.5356522
  • Filename
    5356522
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2715958