Title :
Analysis of the 1999 DARPA/Lincoln Laboratory IDS evaluation data with NetADHICT
Author :
Brown, Carson ; Cowperthwaite, Alex ; Hijazi, Abdulrahman ; Somayaji, Anil
Author_Institution :
Carleton Comput. Security Lab., Carleton Univ., Ottawa, ON, Canada
Abstract :
The 1999 DARPA/Lincoln Laboratory IDS evaluation data has been widely used in the intrusion detection and networking community, even though it is known to have a number of artifacts. Here we show that many of these artifacts, including the lack of damaged or unusual background packets and uniform host distribution, can be easily extracted using NetADHICT, a tool we developed for understanding networks. In addition, using NetADHICT we were able to identify extreme temporal variation in the data, a characteristic that was not identified in past analyses. These results illustrate the utility of NetADHICT in characterizing network traces for experimental purposes.
Keywords :
data analysis; security of data; DARPA/Lincoln Laboratory IDS evaluation data analysis; NetADHICT; intrusion detection; networking community; Computational modeling; Data visualization; Intrusion detection; Laboratories; Military computing; Production; Protocols; Telecommunication traffic; Testing; Traffic control;
Conference_Titel :
Computational Intelligence for Security and Defense Applications, 2009. CISDA 2009. IEEE Symposium on
Conference_Location :
Ottawa, ON
Print_ISBN :
978-1-4244-3763-4
Electronic_ISBN :
978-1-4244-3764-1
DOI :
10.1109/CISDA.2009.5356522
