# A Survey of Network-based Intrusion Detection Data Sets

**Authors:** Markus Ring, Sarah Wunderlich, Deniz Scheuring, Dieter Landes, and Andreas Hotho

arXiv: 1903.02460 · 2019-07-09

## TL;DR

This survey reviews existing network intrusion detection data sets, analyzing their properties, suitability, and peculiarities to guide researchers in selecting or creating appropriate data for evaluation.

## Contribution

It provides a structured assessment framework with 15 properties across five categories, offering a comprehensive overview and recommendations for network intrusion detection data sets.

## Key findings

- Identified key properties for data set evaluation
- Highlighted differences and suitability of various data sets
- Provided guidelines for selecting and creating data sets

## Abstract

Labeled data sets are necessary to train and evaluate anomaly-based network intrusion detection systems. This work provides a focused literature survey of data sets for network-based intrusion detection and describes the underlying packet- and flow-based network data in detail. The paper identifies 15 different properties to assess the suitability of individual data sets for specific evaluation scenarios. These properties cover a wide range of criteria and are grouped into five categories such as data volume or recording environment for offering a structured search. Based on these properties, a comprehensive overview of existing data sets is given. This overview also highlights the peculiarities of each data set. Furthermore, this work briefly touches upon other sources for network-based data such as traffic generators and traffic repositories. Finally, we discuss our observations and provide some recommendations for the use and creation of network-based data sets.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1903.02460/full.md

## Figures

5 figures with captions in the complete paper: https://tomesphere.com/paper/1903.02460/full.md

## References

97 references — full list in the complete paper: https://tomesphere.com/paper/1903.02460/full.md

---
Source: https://tomesphere.com/paper/1903.02460