IDS mailing list archives

Re: Intrusion Detection Evaluation Datasets

From: Sam Gorton <sam.gorton () gmail com>
Date: Thu, 12 Mar 2009 22:47:58 -0400

 On Thu, Mar 12, 2009 at 08:40:04AM -0700, Zow Terry Brugger wrote:


I see a lot of people saying (correctly) that advanced (non-signature
based) NIDS can't be researched until we have good evaluation
datasets, and I see a lot of people ignoring them and doing it anyway.
Is anyone (else) actually working on fixing the data problem?


There's been some progress, but it's unfortunately not public.  The
DHS PREDICT project (www.predict.org) includes various captured data
sets, including about 200 gig of artificial data sets we generated to
support a research project. PREDICT data's only available to
researchers based in the US who meet the program requirements.

There's no good answer right now to the problem of having a good
shared dataset, but I think that 'bad data' is a worse answer than 'no
data'. When the data does have problems, if the problems are clearly
labeled then hopefully researchers won't try to build systems around
artifacts.

--
Sam Gorton                   |   Skaion Corporation
sgorton () skaion com   |   www.skaion.com

Current thread:

Re: Intrusion Detection Evaluation Datasets, (continued)
- - - Re: Intrusion Detection Evaluation Datasets Martin Roesch (Mar 19)
    - Re: Intrusion Detection Evaluation Datasets Damiano Bolzoni (Mar 19)
    - Re: Intrusion Detection Evaluation Datasets Jim Sansing (Ritasa LLC) (Mar 19)
    - Re: Intrusion Detection Evaluation Datasets Martin Roesch (Mar 19)
    - Re: Intrusion Detection Evaluation Datasets Ravi Chunduru (Mar 19)
    - Re: Intrusion Detection Evaluation Datasets Seth Hall (Mar 19)
    - Re: Intrusion Detection Evaluation Datasets Stefano Zanero (Mar 19)
    - Re: Intrusion Detection Evaluation Datasets Ravi Chunduru (Mar 20)
    - Re: Intrusion Detection Evaluation Datasets Damiano Bolzoni (Mar 18)
    - Re: Intrusion Detection Evaluation Datasets Seth Hall (Mar 16)
- Re: Intrusion Detection Evaluation Datasets Sam Gorton (Mar 13)
  - Re: Intrusion Detection Evaluation Datasets Raffael Marty (Mar 13)
  - Exploit-based signature is dead, or not? tanyoo10 (Mar 16)
    - Re: Exploit-based signature is dead, or not? Sergio 'shadown' Alvarez (Mar 16)
    - Re: Exploit-based signature is dead, or not? Jackie Lai (Mar 17)
    - Re: Re: Exploit-based signature is dead, or not? tanyoo10 (Mar 17)
    - RE: Exploit-based signature is dead, or not? Addepalli Srini-B22160 (Mar 17)
    - Re: Exploit-based signature is dead, or not? Joel Esler (Mar 30)
  - Re: Exploit-based signature is dead, or not? tanyoo10 (Mar 18)
- Re: Re: Intrusion Detection Evaluation Datasets zubair . shafiq (Mar 13)