DARPA 2000 dataset

This study used DARPA 2000 dataset since it has been widely used by researchers in the field. The type of NIDSs used to replay the dataset is signature –based RealSecure Version 6.0 (Internet Security System, 2000). This data are downloaded from Ning (2002). It contains four separated files which represent two types of simulated scenarios (Scenario One and Scenario Two) of Distributed Denial of Services (DDoS) network attack on two different networks. Haines (2000) mentioned that attacks in Scenario Two were stealthier than Scenario One. They contain thousand of event logs or network packets that have been reported from the Demilitarized Zone (DMZ) and Inside Networks.

本研究选用DARPA 2000数据集（DARPA 2000 dataset），因该数据集已被网络安全领域研究者广泛应用。本次实验采用的重放该数据集的网络入侵检测系统（Network Intrusion Detection Systems, NIDS）为基于签名规则的RealSecure 6.0版本（Internet Security System，2000年）。该数据集源自Ning（2002）的公开下载资源，包含四个独立文件，分别对应两种模拟场景——场景一与场景二，两种场景均针对两个不同网络开展了分布式拒绝服务（Distributed Denial of Services, DDoS）网络攻击实验。Haines（2000）指出，场景二中的攻击相较于场景一更具隐蔽性。上述文件包含数千条事件日志与网络数据包，数据采集自非军事区（Demilitarized Zone, DMZ）与内部网络。