A Detailed Analysis of Benchmark Datasets for Network Intrusion Detection System
Mossa Ghurab
Department of Computer Science, Faculty of Computer & IT (FCIT), Sana'a University, Yemen.
Ghaleb Gaphari
Department of Computer Science, Faculty of Computer & IT (FCIT), Sana'a University, Yemen.
Faisal Alshami
Software College Northeastern University, Shenyang 110819, China.
Reem Alshamy *
Department of Computer Science, Faculty of Computer & IT (FCIT), Sana'a University, Yemen.
Suad Othman
Department of Computer Science, Faculty of Computer & IT (FCIT), Sana'a University, Yemen.
*Author to whom correspondence should be addressed.
Abstract
The enormous increase in the use of the Internet in daily life has provided an opportunity for the intruder attempt to compromise the security principles of availability, confidentiality, and integrity. As a result, organizations are working to increase the level of security by using attack detection techniques such as Network Intrusion Detection System (NIDS), which monitors and analyzes network flow and attacks detection. There are a lot of researches proposed to develop the NIDS and depend on the dataset for the evaluation. Datasets allow evaluating the ability in detecting intrusion behavior. This paper introduces a detailed analysis of benchmark and recent datasets for NIDS. Specifically, we describe eight well-known datasets that include: KDD99, NSL-KDD, KYOTO 2006+, ISCX2012, UNSW-NB 15, CIDDS-001, CICIDS2017, and CSE-CIC-IDS2018. For each dataset, we provide a detailed analysis of its instances, features, classes, and the nature of the features. The main objective of this paper is to offer overviews of the datasets are available for the NIDS and what each dataset is comprised of. Furthermore, some recommendations were made to use network-based datasets.
Keywords: KDD99, NSL-KDD, KYOTO 2006 , ISCX2012, UNSW-NB 15, CIDDS-001, CICIDS2017, CSE-CIC-IDS2018