DARPA Intrusion Detection Data Sets

Data Sets Overview

The Cyber Systems and Technology Group (formerly the DARPA Intrusion Detection Evaluation Group) of MIT Lincoln Laboratory, under Defense Advanced Research Projects Agency (DARPA ITO) and Air Force Research Laboratory (AFRL/SNHS) sponsorship, has collected and distributed the first standard corpora for evaluation of computer network intrusion detection systems. We have also coordinated, with the Air Force Research Laboratory, the first formal, repeatable, and statistically significant evaluations of intrusion detection systems. Such evaluation efforts have been carried out in 1998 and 1999.

These evaluations measured probability of detection and probability of false alarm for each system under test. These evaluations contributed significantly to the intrusion detection research field by providing direction for research efforts and an objective calibration of the technical state of the art. They are of interest to all researchers working on the general problem of workstation and network intrusion detection. The evaluation was designed to be simple, to focus on core technology issues, and to encourage the widest possible participation by eliminating security and privacy concerns, and by providing data types that were used commonly by the majority of intrusion detection systems.


Off-line data sets are available to provide researchers with extensive examples of attacks and background traffic.

Two data sets are the result of the DARPA Intrusion Detection Evaluations.

  • 1998 DARPA Intrusion Detection Evaluation Data Sets
  • 1999 DARPA Intrusion Detection Evaluation Data Sets

Three additional data sets are the result of experiments run in 2000 to address specific scenarios.

  • 2000 DARPA Intrusion Detection Scenario-Specific Data Sets
top of page