A survey of network-based intrusion detection data sets

Labeled data sets are necessary to train and evaluate anomaly-based network intrusion detection systems. This work provides a focused literature survey of data sets for network-based intrusion detection and describes the underlying packet- and flow-based network data in detail. The paper identifies...

Full description

Saved in:
Bibliographic Details
Published in:Computers & security 2019-09, Vol.86, p.147-167
Main Authors: Ring, Markus, Wunderlich, Sarah, Scheuring, Deniz, Landes, Dieter, Hotho, Andreas
Format: Article
Language:English
Subjects:
Data mining
Datasets
Evaluation
IDS
Intrusion detection
Intrusion detection systems
Literature reviews
NIDS
Properties (attributes)
Recording
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Labeled data sets are necessary to train and evaluate anomaly-based network intrusion detection systems. This work provides a focused literature survey of data sets for network-based intrusion detection and describes the underlying packet- and flow-based network data in detail. The paper identifies 15 different properties to assess the suitability of individual data sets for specific evaluation scenarios. These properties cover a wide range of criteria and are grouped into five categories such as data volume or recording environment for offering a structured search. Based on these properties, a comprehensive overview of existing data sets is given. This overview also highlights the peculiarities of each data set. Furthermore, this work briefly touches upon other sources for network-based data such as traffic generators and data repositories. Finally, we discuss our observations and provide some recommendations for the use and the creation of network-based data sets.
ISSN:0167-4048
1872-6208
DOI:10.1016/j.cose.2019.06.005