基于KDD改进的网络入侵检测数据集

NSL-KDD 数据集是基于 KDD Cup 1999 改进的网络入侵检测数据集，旨在解决原始数据集中的冗余和不平衡问题。该数据集包含约 125,973 条训练记录和 22,544 条测试记录，分为四个主要文件：KDDTrain+（完整训练集）、KDDTrain+_20Percent（训练集的 20% 子集）、KDDTest+（完整测试集）和 KDDTest-21（仅包含 21 种攻击类型的高难度测试集）。数据集中包含五类流量：正常流量（Normal）、探测攻击（Probe）、拒绝服务攻击（DoS）、用户到根攻击（U2R）和远程到本地攻击（R2L）。数据集采用标准 KDD 格式，包含训练集、测试集和攻击类型说明文件（attack_types.txt）。NSL-KDD 数据集完全共享，主要用于测试流量异常检测模型的性能，适用于网络安全领域的研究和实验。该数据集于 2023 年 6 月在浙江大学网络空间安全实验室进行了测试使用

NSL-KDD dataset is an improved network intrusion detection dataset based on KDD Cup 1999, which aims to address the redundancy and imbalance problems in the original dataset. It contains approximately 125,973 training records and 22,544 test records, and is divided into four main files: KDDTrain+ (full training set), KDDTrain+_20Percent (20% subset of the training set), KDDTest+ (full test set), and KDDTest-21 (a high-difficulty test set only containing 21 types of attacks). The dataset includes five categories of traffic: Normal traffic, Probe attacks, Denial of Service (DoS) attacks, User-to-Root (U2R) attacks, and Remote-to-Local (R2L) attacks. It adopts the standard KDD format, and consists of the training set, test set, and an attack type description file (attack_types.txt). The NSL-KDD dataset is fully shared, mainly used to test the performance of traffic anomaly detection models, and is suitable for research and experiments in the field of cybersecurity. This dataset was tested and utilized in June 2023 at the Cyberspace Security Laboratory of Zhejiang University.