摘要
为了更好评价各种入侵检测算法的性能,指出了入侵检测数据集应当具备的特点。分析了两种有影响的入侵检测数据集:MITLL入侵检测数据集和由此整理形成的KDDCUP99入侵检测数据集的特点及构成,重点分析了KDDCUP99训练数据集和测试数据集的各攻击类型及详细分布、数据集中每条连接的特征分类及其各个特征的含义,并对数据集的使用进行了说明。最后,对KDD CUP数据集存在的问题及相应改进措施给出了建议。
To evaluate the performance of the various intrusion detection algorithms effectively, the necessary features of intrusion detection dataset are presented. The structures and features of two important intrusion detection datasets are analyzed including MIT Lincoln Labs intrusion detection dataset and KDD CUP99 intrusion detection dataset formed based on the former. All kinds of attack types and their detailed distribution, feature classes of each connection, the meaning of each feature, which are included in KDD CUP99 training dataset and testing dataset, are detailedly analyzed, and the usage of the KDD CUP99 dataset is also explained. Finally, the existing problem and improving direction for KDD CUP99 dataset are pointed out.
出处
《计算机工程与设计》
CSCD
北大核心
2010年第22期4809-4812,4816,共5页
Computer Engineering and Design
基金
国家自然科学基金项目(60773102)
关键词
入侵检测算法
训练数据集
测试数据集
攻击类型
特征
intrusion detection algorithms
training dataset
testing dataset
attack types
features
