IDS mailing list archives
Re: Intrusion Detection Evaluation Datasets
From: Sam Gorton <sam.gorton () gmail com>
Date: Thu, 12 Mar 2009 22:47:58 -0400
On Thu, Mar 12, 2009 at 08:40:04AM -0700, Zow Terry Brugger wrote:
I see a lot of people saying (correctly) that advanced (non-signature based) NIDS can't be researched until we have good evaluation datasets, and I see a lot of people ignoring them and doing it anyway. Is anyone (else) actually working on fixing the data problem?
There's been some progress, but it's unfortunately not public. The DHS PREDICT project (www.predict.org) includes various captured data sets, including about 200 gig of artificial data sets we generated to support a research project. PREDICT data's only available to researchers based in the US who meet the program requirements. There's no good answer right now to the problem of having a good shared dataset, but I think that 'bad data' is a worse answer than 'no data'. When the data does have problems, if the problems are clearly labeled then hopefully researchers won't try to build systems around artifacts. -- Sam Gorton | Skaion Corporation sgorton () skaion com | www.skaion.com
Current thread:
- Re: Intrusion Detection Evaluation Datasets, (continued)
- Re: Intrusion Detection Evaluation Datasets Martin Roesch (Mar 19)
- Re: Intrusion Detection Evaluation Datasets Damiano Bolzoni (Mar 19)
- Re: Intrusion Detection Evaluation Datasets Jim Sansing (Ritasa LLC) (Mar 19)
- Re: Intrusion Detection Evaluation Datasets Martin Roesch (Mar 19)
- Re: Intrusion Detection Evaluation Datasets Ravi Chunduru (Mar 19)
- Re: Intrusion Detection Evaluation Datasets Seth Hall (Mar 19)
- Re: Intrusion Detection Evaluation Datasets Stefano Zanero (Mar 19)
- Re: Intrusion Detection Evaluation Datasets Ravi Chunduru (Mar 20)
- Re: Intrusion Detection Evaluation Datasets Damiano Bolzoni (Mar 18)
- Re: Intrusion Detection Evaluation Datasets Seth Hall (Mar 16)
- Re: Intrusion Detection Evaluation Datasets Raffael Marty (Mar 13)
- Exploit-based signature is dead, or not? tanyoo10 (Mar 16)
- Re: Exploit-based signature is dead, or not? Sergio 'shadown' Alvarez (Mar 16)
- Re: Exploit-based signature is dead, or not? Jackie Lai (Mar 17)
- Re: Re: Exploit-based signature is dead, or not? tanyoo10 (Mar 17)
- RE: Exploit-based signature is dead, or not? Addepalli Srini-B22160 (Mar 17)
- Re: Exploit-based signature is dead, or not? Joel Esler (Mar 30)