Abstract | ||
---|---|---|
Labeled data sets are necessary to train and evaluate anomaly-based network intrusion detection systems. This work provides a focused literature survey of data sets for network-based intrusion detection and describes the underlying packet- and flow-based network data in detail. The paper identifies 15 different properties to assess the suitability of individual data sets for specific evaluation scenarios. These properties cover a wide range of criteria and are grouped into five categories such as data volume or recording environment for offering a structured search. Based on these properties, a comprehensive overview of existing data sets is given. This overview also highlights the peculiarities of each data set. Furthermore, this work briefly touches upon other sources for network-based data such as traffic generators and data repositories. Finally, we discuss our observations and provide some recommendations for the use and the creation of network-based data sets. |
Year | DOI | Venue |
---|---|---|
2019 | 10.1016/j.cose.2019.06.005 | Computers & Security |
Keywords | Field | DocType |
Intrusion detection,IDS,NIDS,Data sets,Evaluation,Data mining | Data mining,Network intrusion detection,Data set,Computer science,Computer security,Network packet,Network data,Labeled data,Intrusion detection system | Journal |
Volume | ISSN | Citations |
86 | 0167-4048 | 23 |
PageRank | References | Authors |
0.95 | 0 | 5 |
Name | Order | Citations | PageRank |
---|---|---|---|
Markus Ring | 1 | 34 | 3.16 |
Sarah Wunderlich | 2 | 23 | 2.31 |
Deniz Scheuring | 3 | 23 | 0.95 |
Dieter Landes | 4 | 159 | 28.78 |
Andreas Hotho | 5 | 3232 | 210.84 |