Share Email Print

Proceedings Paper

Usefulness of DARPA dataset for intrusion detection system evaluation
Author(s): Ciza Thomas; Vishwas Sharma; N. Balakrishnan
Format Member Price Non-Member Price
PDF $14.40 $18.00
cover GOOD NEWS! Your organization subscribes to the SPIE Digital Library. You may be able to download this paper for free. Check Access

Paper Abstract

The MIT Lincoln Laboratory IDS evaluation methodology is a practical solution in terms of evaluating the performance of Intrusion Detection Systems, which has contributed tremendously to the research progress in that field. The DARPA IDS evaluation dataset has been criticized and considered by many as a very outdated dataset, unable to accommodate the latest trend in attacks. Then naturally the question arises as to whether the detection systems have improved beyond detecting these old level of attacks. If not, is it worth thinking of this dataset as obsolete? The paper presented here tries to provide supporting facts for the use of the DARPA IDS evaluation dataset. The two commonly used signature-based IDSs, Snort and Cisco IDS, and two anomaly detectors, the PHAD and the ALAD, are made use of for this evaluation purpose and the results support the usefulness of DARPA dataset for IDS evaluation.

Paper Details

Date Published: 17 March 2008
PDF: 8 pages
Proc. SPIE 6973, Data Mining, Intrusion Detection, Information Assurance, and Data Networks Security 2008, 69730G (17 March 2008); doi: 10.1117/12.777341
Show Author Affiliations
Ciza Thomas, Indian Institute of Science (India)
Vishwas Sharma, Indian Institute of Science (India)
N. Balakrishnan, Indian Institute of Science (India)

Published in SPIE Proceedings Vol. 6973:
Data Mining, Intrusion Detection, Information Assurance, and Data Networks Security 2008
William J. Tolone; William Ribarsky, Editor(s)

© SPIE. Terms of Use
Back to Top