论文信息 - Analysis of Three Intrusion Detection System Benchmark Datasets Using Machine Learning Algorithms

Analysis of Three Intrusion Detection System Benchmark Datasets Using Machine Learning Algorithms

In this paper, we employed two machine learning algorithms – namely, a clustering and a neural network algorithm – to analyze the network traffic recorded from three sources. Of the three sources, two of the traffic sources were synthetic, which means the traffic was generated in a controlled environment for intrusion detection benchmarking. The main objective of the analysis is to determine the differences between synthetic and real-world traffic, however the analysis methodology detailed in this paper can be employed for general network analysis purposes. Moreover the framework, which we employed to generate one of the two synthetic traffic sources, is briefly discussed.

A. Nur Zincir-Heywood | Hilmi Günes Kayacik

[1] John McHugh,et al. Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory , 2000, TSEC.

[2] A.N. Zincir-Heywood,et al. On the capability of an SOM based intrusion detection system , 2003, Proceedings of the International Joint Conference on Neural Networks, 2003..

[3] J. MacQueen. Some methods for classification and analysis of multivariate observations , 1967 .

[4] Andrew Odlyzko,et al. Internet traffic growth: sources and implications , 2003, SPIE ITCom.

[5] D. Vere-Jones. Markov Chains , 1972, Nature.

[6] A. Nur Zincir-Heywood,et al. Generating representative traffic for intrusion detection system benchmarking , 2005, 3rd Annual Communication Networks and Services Research Conference (CNSR'05).

[7] Beat Kleiner,et al. Graphical Methods for Data Analysis , 1983 .

[8] John M. Chambers,et al. Graphical Methods for Data Analysis , 1983 .

[9] Philip K. Chan,et al. An Analysis of the 1999 DARPA/Lincoln Laboratory Evaluation Data for Network Anomaly Detection , 2003, RAID.