I have been using Wire-shark and Mat-Lab but Datasets like the AFDA-LD are just confusing, so i think using different tools can be useful, if you want to evaluate algorithms.
It depends you could simply import them into ELK like platform to analyse what kind of events are present , ELK - Elastic Logstash Kibana . Subsequently write advanced algorithms to find anomalies etc.
Not sure if host based IDS like OSSEC supports these events
You can use different statistical analysis tools like Argus, tcpstat, tcpdstat, wireshark, and there are many more to do the analysis. but the thing here is, its on you how well you analyze the datasets depends on your requirement.
The tools to use for analyzing IDS data set depends on the objective of analyzing the data. If you are intending to identify the false alarms in the the IDS data set, you can use clustering algorithms as well. If you want to do a specific analysis, a custom written python or perl script could help.
that depends on your targeted objective. what do you want to analyze ? and what are you searching for? if you are looking for unusual behavior, you can use heuristic technique or deep learning mechanism like tensorflow to flag such abnormalities
Thank you for all your responses, i want to view Anomalous Behaviour on IDS Datasets
Yandisha, your response seems like very general with respect to IDS. In IDS Datasets, majority or ALL of the entries is about anomalous behavior. Or else you mean traffic data sets. Clarify to provide a better response on this...
I am new on this field and i am searching for attacks on recent datasets such as ISCX and how to identify these attacks but i failed to understand the AFDA-LD datasets, so i thought maybe looking for a different tool would help me to analyse the AFDA-LD. I am interested on implementing algorithms to find anomalies on IDS datasets. I thought it would be a good idea to explorer different tools and datasets to broaden my knowledge on the domain.
Dear Tshambula
There are some data set such as KDD has been used extensively by the researcher the similar work has been done its hard to find the novel work. I would suggest to consider a specific attack scenario and then focus on the detecting intrusion by applying your desired method. you may create this scenario based on simulation Or through a testbed. For further details go through my papers on intrusion detection and response full text on RG profile.
Dr Adnan Nadeem
- Badges
- Science topic
- Similar topics
- Biological Science
- Bioecology
- Systems Ecology
- Landscape Ecology
- Connectivity