IDS mailing list archives
Re: IDS data sets
From: Stefano Zanero <zanero () elet polimi it>
Date: Mon, 21 Feb 2005 16:11:31 +0100
Hallo Salim,
I am a newbie to the forum. I am looking for some pointers as far as techniques/tools used in analyzing IDS data published by MIT & DARPA(http://www.ll.mit.edu/IST/ideval/).
The data are intended for IDS evaluation, thus you can analyze them with any IDS / Network traffic analysis tool (as far as the TCPDump logs are concerned) or with a BSM auditing tool for the rest of them.
My attempts thus far have resulted incrashing of my windows system.
Well, what operation doesn't crash a windows system nowadays :)Seriously: those datasets are HUGE. I advise you to use stable, simple utilities to analyze them. And lots of RAM would help, also.
The data available is five years old and Ihave some doubts about the validity of any results obtained from the data
There is an awfully good critique of that dataset in J. McHugh, "Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory", ACM Transactions on Information and System Security (TISSEC), Volume 3, Issue 4 (November 2000)
http://portal.acm.org/citation.cfm?id=382923 -- Cordiali saluti, Stefano Zanero Dottorando di Ricerca / Ph.D. Student Politecnico di Milano - Dip. Elettronica e Informazione Via Ponzio, 34/5 I-20133 Milano - ITALY Tel. +39 02 2399-4010/3660 Fax. +39 02 2399-3411 E-mail: zanero () elet polimi it Web: www.elet.polimi.it/upload/zanero -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly?Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------
Current thread:
- IDS data sets Zafar, Salim (Feb 20)
- Re: IDS data sets Stefano Zanero (Feb 22)