SSENet-2011: A Network Intrusion Detection System dataset and its comparison with KDD CUP 99 dataset

Abstract

In recent years the attack vectors in the network world have increased many fold with the increased usage of Internet and with the exponential growth of various applications. Network Intrusion Detection System (NIDS) is one of the most sought after system by security experts in safeguarding the network from both external and internal attacks. NIDS works mainly in two modes: Online and Offline. Online or real-time NIDS, such as Snort, Bro, etc., examines the packet structure to find intrusions, if any, and alerts the administrator. On the other hand, offline NIDS logs the packets flowing to and from the network, constructs features based on connections, and creates a dataset. Such NIDS datasets are used in research purposes for applying data mining, machine learning, evolutionary algorithms, etc., to detect attacks. KDD CUP 99 is one such widely used popular IDS dataset. KDD CUP 99 dataset is obsolete because many of the attacks performed to create the dataset do not exist now. Moreover, the features constructed do not pertain to network activities. It is a mixture of host based as well as network based features. So, the need for a new dataset, conforming to the present network activities and attack vectors, is inevitable. This motivated us to come out with a NIDS dataset, SSENet-2011 dataset, in this paper. SSENet-2011 dataset was constructed using Tstat tool. A real time experiment was performed, the network packets were captured, features were constructed, and the dataset was created. The created SSENet-2011 dataset was compared with the KDD CUP 99 dataset. From the experiments it is evident that a closed and secluded network such as SSENet and Tstat tool help researchers in developing and analyzing a new dataset which reflects the changing scenario of network activities.