I am using KDD cup 99 dataset in classifying network intrusions and normal data. So, I am just wondering is my system considered anomaly-based IDS or signature-based IDS?
KDD cup 99 dataset is a labelled dataset that can be used to evalate the efficiency of any IDS technology. However note that it must be used with care - it has been shown to have systematic biases, and is extremely outdated compared to todays traffic. It is therefore questionable how valid the results will be for real systems...
My opinion is that KDD CUP 99 data are obsolete and i believe the academic community should give researchers the opportunity to try new datasets and not asking them all the time to compare there results with this obsolete dataset. If you check the internet for example in Wireshark website you will find many pcap files from newer attacks. You can combine them and try make them as one dataset and test them with your IDS. If you manage to create a good dataset is good to publish it in the internet so that other researchers can test them also.
Now about your question is how you are going to use this data. I mean what IDS you are going to use. Most IDS like Snort are signature based. Anomaly based it need sensor across the network training etc. Check this article is very good http://www.scmagazine.com/signature-based-or-anomaly-based-intrusion-detection-the-practice-and-pitfalls/article/30471/
I hope i helped you.
Hi;
the KDD CUP 99 data set is considered anomaly-based IDS because the label class uses only for validation. Thus, you need to check your data without the label class and extract the behaviour then you can make your validation results.
Thanks
Mehdi
- Badges
- Science topic
- Similar topics
- Computer Communications (Networks)
- Simulators