A detailed analysis of the KDD CUP 99 data set, Mahbod Tavallaee, Ebrahim Bagheri, Wei Lu, Ali A. Ghorbani. Proceedings of the Second IEEE international conference on Computational intelligence for security and defense applications(2009)


During the last decade, anomaly detection has attracted the attention of many researchers to overcome the weakness of signature-based IDSs in detecting novel attacks, and KDDCUP'99 is the mostly widely used data set for the evaluation of these systems. Having conducted a statistical analysis on this data set, we found two important issues which highly affects the performance of evaluated systems, and results in a very poor evaluation of anomaly detection approaches. To solve these issues, we have proposed a new data set, NSL-KDD, which consists of selected records of the complete KDD data set and does not suffer from any of mentioned shortcomings.