MIT Darpa Dataset,

From: Wilmar SULAIMAN (
Date: 09/19/05

  • Next message: Ramon Kagan: "Re: Tippingpoint"
    Date: Mon, 19 Sep 2005 19:09:59 +1000 (EST)

    Dear all,

    I was wondering how normally people test their machine learning
    algorithims in MIT darpa dataset?

    I asked this question because I found that :
    1) There is a time gap between the published list of attack to the
    dataset. For instance APACHE2 attack, the published list of attack say the
    attack was start on 00:00:40 (not the fake time), normally I see the
    attack within +-10 seconds of the published list of attack (this is by
    looking directly on the payload)

    2) Many of U2R attack are in port 23. For instance the attacker executes
    the command : $./exploit
    In the real dataset especially for per packet model, it will get
    translated to many packets i.e
    1st packet contains "$"
    2st packet contains "."
    3rd packet contains "/"
    4th packet contains "e"

    If the IDS identified say the 4th packet as anomalous , is it justifiable
    to say that the IDS detects the particular attack?


    Wilmar Sulaiman

    Test Your IDS

    Is your IDS deployed correctly?
    Find out quickly and easily by testing it
    with real-world attacks from CORE IMPACT.
    Go to
    to learn more.

  • Next message: Ramon Kagan: "Re: Tippingpoint"

    Relevant Pages