Generation of a new IDS test dataset: Time to retire the KDD collection

Author

Creech, Gideon ; Jiankun Hu

Author_Institution

Univ. of New South Wales, Sydney, NSW, Australia

fYear

2013

fDate

7-10 April 2013

Firstpage

4487

Lastpage

4492

Abstract

Intrusion detection systems are generally tested using datasets compiled at the end of last century, justified by the need for publicly available test data and the lack of any other alternative datasets. Prominent amongst this legacy group is the KDD project. Whilst a seminal contribution at the time of compilation, these datasets no longer represent relevant architecture or contemporary attack protocols, and are beset by data corruptions and inconsistencies. Hence, testing of new IDS approaches against these datasets does not provide an effective performance metric, and contributes to erroneous efficacy claims. This paper introduces a new publicly available dataset which is representative of modern attack structure and methodology. The new dataset is contrasted with the legacy datasets, and the performance difference of commonly used intrusion detection algorithms is highlighted.

Keywords

data mining; security of data; IDS test dataset; KDD collection; contemporary attack protocols; data corruptions; erroneous efficacy claims; intrusion detection systems; legacy datasets; legacy group; modern attack structure; performance metric; Clustering algorithms; Computers; Intrusion detection; Linux; Operating systems; Payloads;

fLanguage

English

Publisher

ieee

Conference_Titel

Wireless Communications and Networking Conference (WCNC), 2013 IEEE

Conference_Location

Shanghai

ISSN

1525-3511

Print_ISBN

978-1-4673-5938-2

Electronic_ISBN

1525-3511

Type

conf

DOI

10.1109/WCNC.2013.6555301

Filename

6555301