[Bro] Regarding feature extraction from TCPDUMP file
Vern Paxson
vern at icir.org
Wed Jan 4 09:50:02 PST 2012
> I am Rishikesh Sahay. I am working on the intrusion Detection system. I
> would like to extract the 41 features based on the DARPA 1999 data set like
> KDD Cup 1999 data set.
Note, it is very well recognized in the intrusion detection research
community that the DARPA dataset (and even more so the KDD Cup dataset
dervied from it) is useless for assessing detection algorithms. In some
ways, it's worse than useless because it's an "attractive nuisance", i.e.,
it's tempting to use it because of its ready availability. So you really
should refrain from trying to base any sort of meaningful research on it.
Vern
More information about the Bro
mailing list