%0 Conference Paper %1 ringsurvey %A Ring, Markus %A Wunderlich, Sarah %A Scheuring, Deniz %A Landes, Dieter %A Hotho, Andreas %B Computers and Security %D 2019 %K mr %P 147-167 %T A survey of network-based intrusion detection data sets. In Computers and Security 86, 2019, 147-167, DOI: %U https://arxiv.org/pdf/1903.02460.pdf %V 86 %X Labeled data sets are necessary to train and evaluateanomaly-based network intrusion detection systems. This workprovides a focused literature survey of data sets for network-based intrusion detection and describes the underlying packet-and flow-based network data in detail. The paper identifies 15different properties to assess the suitability of individual data setsfor specific evaluation scenarios. These properties cover a widerange of criteria and are grouped into five categories such asdata volume or recording environment for offering a structuredsearch. Based on these properties, a comprehensive overview ofexisting data sets is given. This overview also highlights thepeculiarities of each data set. Furthermore, this work brieflytouches upon other sources for network-based data such astraffic generators and data repositories. Finally, we discuss ourobservations and provide some recommendations for the use andthe creation of network-based data sets.

@inproceedings{ringsurvey, abstract = {Labeled data sets are necessary to train and evaluateanomaly-based network intrusion detection systems. This workprovides a focused literature survey of data sets for network-based intrusion detection and describes the underlying packet-and flow-based network data in detail. The paper identifies 15different properties to assess the suitability of individual data setsfor specific evaluation scenarios. These properties cover a widerange of criteria and are grouped into five categories such asdata volume or recording environment for offering a structuredsearch. Based on these properties, a comprehensive overview ofexisting data sets is given. This overview also highlights thepeculiarities of each data set. Furthermore, this work brieflytouches upon other sources for network-based data such astraffic generators and data repositories. Finally, we discuss ourobservations and provide some recommendations for the use andthe creation of network-based data sets.}, added-at = {2020-01-16T16:00:03.000+0100}, author = {Ring, Markus and Wunderlich, Sarah and Scheuring, Deniz and Landes, Dieter and Hotho, Andreas}, biburl = {https://www.bibsonomy.org/bibtex/2d3dcaa160ae7fb1c80e119359b7e67c8/baywiss1}, booktitle = {Computers and Security}, interhash = {ad7a1762074a60430169da786703480d}, intrahash = {d3dcaa160ae7fb1c80e119359b7e67c8}, keywords = {mr}, pages = {147-167}, timestamp = {2020-01-16T16:00:39.000+0100}, title = {A survey of network-based intrusion detection data sets. In Computers and Security 86, 2019, 147-167, DOI:}, url = {https://arxiv.org/pdf/1903.02460.pdf}, volume = 86, year = 2019 }