Re: MIT-DARPA dataset question

[Damiano Bolzoni <damiano.bolzoni () libero it>]

faisal99 () inf its-sby edu wrote:
> Hi all,
> is anybody know where to find labels for the testing data of MIT-DARPA
> dataset?

DARPA 1999 data set is not carefully labeled: in order to know how may
attacks had been idenfied by your IDS, you had to submit your results
directly to them (from
http://www.ll.mit.edu/IST/ideval/docs/1999/schedule.html: "Sites
participating in off-line evaluation send evaluation results back to
Lincoln Lab."). Then you received a report, but it didn't contain
informations about individual attacks discovered. You always got an
overall score.

> I've read the site, and read that the testing data is not labeled?
> so where i can find the complete testing data?
> or may be i miss something on the documentation pages??

Using your own experience, you could manually label attacks in each test
day: I did it in this way, and I think that it's the only possible way.
You could get here
http://www.ll.mit.edu/IST/ideval/docs/1999/detections_1999.html a very
simple list of attacks contained in the 2nd week, but there aren't
references to network packets, only few information.

Hope this helps!

Damiano Bolzoni


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------