Introduction to intrusion detection data set

KDDCup 99

• Download url ：http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html

NSL-KDD

• Download url ：https://www.unb.ca/cic/datasets/nsl.html

UNSW-NB 15

• Put the official website first ：https://research.unsw.edu.au/projects/unsw-nb15-dataset
• Download address ：https://cloudstor.aarnet.edu.au/plus/index.php/s/2DhnLGDdEECo4ys

Time ：

• Did not find , But no later than 2015 year

background ：

• UNSW-NB 15 The original network packets of the data set were generated by the network wide Laboratory of the Australian network security center IXIA PerfectStorm Tool created , It can be used to generate mixed data of modern normal activity and synthetic contemporary attack behavior . Use TCPDUMP Tool capture 100 GB The original flow （ for example ,PCAP file ）.

The file is introduced

• contain 2540044 Data records .
• UNSW-NB15_1.csv：700000 strip
• UNSW-NB15_2.csv：700000 strip
• UNSW-NB15_3.csv：700000 strip
• UNSW-NB15_4.csv：440044 strip
• UNSW-NB15_GT.csv： Mark the table correctly (ground truth table)
• UNSW-NB15_LIST_EVENTS.csv： List of events (the list of event file)
• a part of training and testing set：
  • UNSW_NB15_training-set.csv：175341 strip
  • UNSW_NB15_testing-set.csv：82332 strip

Feature introduction

• Reference resources ：https://mathpretty.com/11062.html#UNSW-NB15%E6%80%BB%E4%BD%93%E4%BB%8B%E7%BB%8D
• common 49 Features

Label Introduction

• ditto

Extended information

• The official website consists of references to the dataset .
• Github Summary of this dataset on ：https://github.com/topics/unsw-nb15
• Do a good job in data processing ( Did data preprocessing )：https://github.com/InitRoot/UNSW_NB15
• Use SVM and Naive Bayes Come on UNSW-NB15 To deal with ：https://github.com/Nir-J/ML-Projects

Kyoto

• Put the official website first ：http://www.takakura.com/Kyoto_data/
• Download address ：

Time ：

background ：

The file is introduced

Feature introduction

Label Introduction

Extended information

WSN-DS

• Put the official website first ：
• Download address ：

Time ：

background ：

The file is introduced

Feature introduction

Label Introduction

Extended information

CICIDS 2017

• Put the official website first ：https://www.unb.ca/cic/datasets/ids-2017.html
• Download address ：

Time ：

background ：

The file is introduced

Feature introduction

Label Introduction

Extended information

CIDDS

• Put the official website first ：https://www.hs-coburg.de/index.php?id=927
• Download address ：

Time ：

background ：

The file is introduced

Feature introduction

Label Introduction

Extended information

Dataset set

• Reference resources https://blog.csdn.net/Naristilia/article/details/103900130
• From the data set compiled by the Canadian Institute of network security ：https://www.unb.ca/cic/datasets/index.html
• Data mining and network security resource network ：http://users.cis.fiu.edu/~lpeng/
  • [ Intrusion detection ] DARPA Intrusion detection data set
  • [ Intrusion detection ] KDD Cup 99 Data sets
  • [ Intrusion detection ] NSL-KDD Data sets
  • [ Hacker attack data set ] Honeynet Data sets （ The data set includes data from 2000 year 4 Month to 2011 year 2 month , Cumulative 11 Months Snort Alarm data , About every month 60-3000 multiple Snort Alarm records , Its network consists of 8 individual IP Address through ISDN Connect to ISP）
  • [ Log data ] Challenge 2013 Data sets （ Provides a two-week running log of the internal network of a fictitious multinational company , Log types include 3 Kind of , Network traffic Netflow Log data and Big Brother Network health and status data , Logs include ： First of all 、 Two week Netflow and Big Brother journal , Intrusion prevention system log data for the second week , Through log analysis, we can find out the anomalies in the network , The network contains about hosts and servers 1100 platform , The number of original logs is close to 10 GB, Number of records exceeds 9000 Line ten thousand ）
  • Malware data set
• Vizsec：https://vizsec.org/data/
• At home 360Netlab：http://blog.netlab.360.com/tag/ddos/