Re: Intrusion Detection Evaluation Datasets

["\"Zow\" Terry Brugger" <zow () acm org>]

> Apart from the Darpa datasets and KDD datasets, are there other
> publicly available
> datasets?
> Are these datasets useful for evaluating a new IDS system or even a
> new detection
> technique?

Short answer: no.

> For evaluating a new technique or methodology using a dataset, especially when
> presenting the results to a conference, the validity of the dataset is critical.
> How does one solve this problem, if not for the limited number of
> standard datasets available?

No one has any good answers for this. I find it rather disconcerting
that people are still even working on advanced (non-signature based)
IDS, yet no one seems to be willing to put in the effort to address
the data problem. I have some further discussion about the problem and
what researchers could possibly do about it on my research page:
http://www.bruggerink.com/~zow/GradSchool/ . There's a fair amount of
personal narrative there -- you might want to scroll down the page to
the link to the technical report I put out on running Snort on the
DARPA data and start reading from there.

As anyone who reads that page might gather, this is an area I'm quite
interested in, and I'd be happy to discuss any ideas anyone might have
on how to address this problem.

Cheers,
Terry