1998 DARPA Intrusion Detection Evaluation Data Set

1998 DARPA Intrusion Detection Evaluation Data Set Overview

There were two parts to the 1998 DARPA Intrusion Detection Evaluation: an off-line evaluation and a real-time evaluation.

Intrusion detection systems were tested in the off-line evaluation using network traffic and audit logs collected on a simulation network. The systems processed this data in batch mode and attempted to identify attack sessions in the midst of normal activities.

Intrusion detection systems were delivered to AFRL for the real-time evaluation. These systems were inserted into the AFRL network testbed and attempted to identify attack sessions in the midst of normal activities, in realtime.

Intrusion detection systems were tested as part of the off-line evaluation, the real-time evaluation or both.

Sample Data

A sample of the network traffic and audit logs that were used for evaluating systems. These data were first made available in February 1998.

Four-Hour Subset of Training Data

A somewhat larger sample of training data. These data were first made available in May 1998.

Training Data

Seven weeks of network-based attacks in the midst of normal background data. Listings of attacks and anomalies are available on the Documentation page.

Testing Data

Two weeks of network-based attacks in the midst of normal background data.

 

top of page