2009/3/4 snort user <[email protected]>: > Greetings to everyone. > > I have some questions regarding Intrusion detection evaluation datasets - > > Apart from the Darpa datasets and KDD datasets, are there other > publicly available > datasets? > Are these datasets useful for evaluating a new IDS system or even a > new detection > technique?
Not the KDD '99 data set that I've played with - was categorised by various things, but had no actual payloads if I remember correctly. IMHO, the only way to evaluate an IDS is to plug it into your network - no one else is going to share sensitive traffic of that kind, even if they do it'll be different and the sheer volume of a continuous 100Mbs+ data feed is going to make such an exercise impractical. Also, I have a degree in machine learning and I know how hard it is to ensure that one data set (training data) is representative of your actual problem (test data). Find a friendly sysadmin and offer to trade: test your IDS in exchange for supplying them with any useful information you might discover. Sorry to be difficult :) cheers, Jamie PS: Not being anti-IDS. At my first security gig, I plugged snort into my 100Mbs core switch - very enlightening, and I would not be without an IDS sensor in any security role. -- Jamie Riden / [email protected] / [email protected] http://www.ukhoneynet.org/members/jamie/
