Analysis of three intrusion detection system benchmark datasets using machine learning algorithms

Authors:
H. Güneş Kayacık;Nur Zincir-Heywood
Affiliations:
Faculty of Computer Science, Dalhousie University, Halifax, Nova Scotia, Canada;Faculty of Computer Science, Dalhousie University, Halifax, Nova Scotia, Canada
Venue:
ISI'05 Proceedings of the 2005 IEEE international conference on Intelligence and Security Informatics
Year:
2005

Citing 2
Cited 2

Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory

ACM Transactions on Information and System Security (TISSEC)
Generating Representative Traffic for Intrusion Detection System Benchmarking

CNSR '05 Proceedings of the 3rd Annual Communication Networks and Services Research Conference

Intrusion detection based on "hybrid" propagation in Bayesian Networks

ISI'09 Proceedings of the 2009 IEEE international conference on Intelligence and security informatics
Similarity-based classification using specific features in network intrusion detection

AsiaCSN '08 Proceedings of the Fifth IASTED International Conference on Communication Systems and Networks

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this paper, we employed two machine learning algorithms – namely, a clustering and a neural network algorithm – to analyze the network traffic recorded from three sources. Of the three sources, two of the traffic sources were synthetic, which means the traffic was generated in a controlled environment for intrusion detection benchmarking. The main objective of the analysis is to determine the differences between synthetic and real-world traffic, however the analysis methodology detailed in this paper can be employed for general network analysis purposes. Moreover the framework, which we employed to generate one of the two synthetic traffic sources, is briefly discussed.