The evaluation of Network Anomaly Detection Systems: Statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set
Top Cited Papers
- 11 January 2016
- journal article
- research article
- Published by Taylor & Francis Ltd in Information Security Journal: A Global Perspective
- Vol. 25 (1-3), 18-31
- https://doi.org/10.1080/19393555.2015.1125974
Abstract
Over the last three decades, Network Intrusion Detection Systems (NIDSs), particularly, Anomaly Detection Systems (ADSs), have become more significant in detecting novel attacks than Signature Detection Systems (SDSs). Evaluating NIDSs using the existing benchmark data sets of KDD99 and NSLKDD does not reflect satisfactory results, due to three major issues: (1) their lack of modern low footprint attack styles, (2) their lack of modern normal traffic scenarios, and (3) a different distribution of training and testing sets. To address these issues, the UNSW-NB15 data set has recently been generated. This data set has nine types of the modern attacks fashions and new patterns of normal traffic, and it contains 49 attributes that comprise the flow based between hosts and the network packets inspection to discriminate between the observations, either normal or abnormal. In this paper, we demonstrate the complexity of the UNSW-NB15 data set in three aspects. First, the statistical analysis of the observations and the attributes are explained. Second, the examination of feature correlations is provided. Third, five existing classifiers are used to evaluate the complexity in terms of accuracy and false alarm rates (FARs) and then, the results are compared with the KDD99 data set. The experimental results show that UNSW-NB15 is more complex than KDD99 and is considered as a new benchmark data set for evaluating NIDSs.Keywords
Funding Information
- School of Engineering and information technology, University of New South Wales (5025758)
This publication has 17 references indexed in Scilit:
- Continuous Features Discretization for Anomaly Intrusion Detectors GenerationAdvances in Intelligent Systems and Computing, 2013
- Network Anomaly Detection: Methods, Systems and ToolsIEEE Communications Surveys & Tutorials, 2013
- Anomaly-based network intrusion detection: Techniques, systems and challengesComputers & Security, 2009
- A framework for monitoring classifiers’ performance: when and why failure occurs?Knowledge and Information Systems, 2008
- Learning from DataPublished by Wiley ,2006
- Score normalization in multimodal biometric systemsPattern Recognition, 2005
- A multivariate Kolmogorov-Smirnov test of goodness of fitStatistics & Probability Letters, 1997
- Statistics notes: Calculating correlation coefficients with repeated observations: Part 2--correlation between subjectsBMJ, 1995
- An Intrusion-Detection ModelIEEE Transactions on Software Engineering, 1987
- Measures of multivariate skewness and kurtosis with applicationsBiometrika, 1970