A Network Data Abstraction Method for Data Set Verification

Network data sets are often used for evaluating the performance of intrusion detection systems and intrusion prevention systems[1]. The KDD CUP 99’ data set, which was modeled after MIT Lincoln laboratory network data has been a popular network data set used for evaluation network intrusion detection algorithm and system. However, many points at issues have been discovered concerning the modeling method of the KDD CUP 99’ data. This paper proposed both a measure to compare the similarities between two data groups and an optimization method to efficiently modeled data sets with the proposed measure. Then, both similarities between KDD CUP 99’ and MIT Lincoln laboratory data that between our composed data set from the MIT Lincoln laboratory data and MIT Lincoln laboratory are compared quantitatively.

[1]  Biswanath Mukherjee,et al.  A Methodology for Testing Intrusion Detection Systems , 1996, IEEE Trans. Software Eng..

[2]  Eric Miller,et al.  Testing and evaluating computer intrusion detection systems , 1999, CACM.

[3]  Salvatore J. Stolfo,et al.  Mining in a data-flow environment: experience in network intrusion detection , 1999, KDD '99.

[4]  Robert K. Cunningham,et al.  Improving Intrusion Detection Performance using Keyword Selection and Neural Networks , 2000, Recent Advances in Intrusion Detection.

[5]  Charles Elkan,et al.  Results of the KDD'99 classifier learning , 2000, SKDD.

[6]  Wenke Lee,et al.  A Data Mining Framework for Constructing Features and Models for Intrusion Detection Systems , 1999 .

[7]  Richard P. Lippmann,et al.  1999 DARPA Intrusion Detection Evaluation: Design and Procedures , 2001 .

[8]  Salvatore J. Stolfo,et al.  A data mining framework for building intrusion detection models , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[9]  Greg Shipley,et al.  ISS RealSecure pushes past newer IDS players , 1999 .

[10]  Steven Cheung,et al.  The threat from the net [Internet security] , 1997 .

[11]  Kristopher Kendall,et al.  A Database of Computer Attacks for the Evaluation of Intrusion Detection Systems , 1999 .

[12]  Edward G. Amoroso Intrusion Detection , 1999 .

[13]  Richard Lippmann,et al.  The 1999 DARPA off-line intrusion detection evaluation , 2000, Comput. Networks.

[14]  Itzhak Levin,et al.  KDD-99 classifier learning contest LLSoft's results overview , 2000, SKDD.

[15]  William L. Fithen,et al.  State of the Practice of Intrusion Detection Technologies , 2000 .

[16]  Nello Cristianini,et al.  An Introduction to Support Vector Machines and Other Kernel-based Learning Methods , 2000 .