The 1999 DARPA off-line intrusion detection evaluation
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
ACM Transactions on Information and System Security (TISSEC)
An Active Splitter Architecture for Intrusion Detection and Prevention
IEEE Transactions on Dependable and Secure Computing
NetADHICT: a tool for understanding network traffic
LISA'07 Proceedings of the 21st conference on Large Installation System Administration Conference
Detecting, validating and characterizing computer infections in the wild
Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference
A methodological overview on anomaly detection
DataTraffic Monitoring and Analysis
Hi-index | 0.00 |
The 1999 DARPA/Lincoln Laboratory IDS Evaluation Data has been widely used in the intrusion detection and networking community, even though it is known to have a number of artifacts. Here we show that many of these artifacts, including the lack of damaged or unusual background packets and uniform host distribution, can be easily extracted using NetADHICT, a tool we developed for understanding networks. In addition, using NetADHICT we were able to identify extreme temporal variation in the data, a characteristic that was not identified in past analyses. These results illustrate the utility of NetADHICT in characterizing network traces for experimental purposes.