Thomas, Ciza and Sharma, Vishwas and Balakrishnan, N (2008) Usefulness of DARPA dataset for intrusion detection system evaluation. In: Conference on Data Mining, Intrusion Detection, Information Assurance and Data Networks Security 2008, MAR 17-18, 2008, Orlando.
darpa.pdf - Accepted Version
The MIT Lincoln Laboratory IDS evaluation methodology is a practical solution in terms of evaluating the performance of Intrusion Detection Systems, which has contributed tremendously to the research progress in that field. The DARPA IDS evaluation dataset has been criticized and considered by many as a very outdated dataset, unable to accommodate the latest trend in attacks. Then naturally the question arises as to whether the detection systems have improved beyond detecting these old level of attacks. If not, is it worth thinking of this dataset as obsolete? The paper presented here tries to provide supporting facts for the use of the DARPA IDS evaluation dataset. The two commonly used signature-based IDSs, Snort and Cisco IDS, and two anomaly detectors, the PHAD and the ALAD, are made use of for this evaluation purpose and the results support the usefulness of DARPA dataset for IDS evaluation.
|Item Type:||Conference Paper|
|Additional Information:||Copyright of this article belongs to The International Society for Optical Engineering..|
|Keywords:||Intrusion Detection Systems (IDS);DARPA dataset.|
|Department/Centre:||Division of Information Sciences > Supercomputer Education & Research Centre|
|Date Deposited:||12 Apr 2010 08:37|
|Last Modified:||16 Dec 2010 08:41|
Actions (login required)