A scheme for building a dataset for intrusion detection systems

One of the main challenges in developing a network-based intrusion detection system is collecting data for training the system. Although, some datasets such as KDD Cup 1999 have been collected and are in public, these datasets are out of date and unreliable for building a system in reality. In this paper, we propose a scheme for building online an intrusion detection dataset. The scheme allows us to collect the raw data from a controlled environment and then process to have 16 features (traffic and content features) with full labels. The collected dataset is called LUT13. We then applied two well-known machine learning techniques: Artificial Neural Network (ANN) and Fuzzy C-Means (FCM) to train the system based on this dataset. The system, after trained on LUT13, was tested on the real environment and compared with the system constructed based on KDD Cup 1999. The results show that our dataset helps the system achieves higher detection rate compared to KDD Cup 1999.