The Significant Features of the UNSW-NB15 and the KDD99 Data Sets for Network Intrusion Detection Systems
2015 4th International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS) (2015)
Nov. 5, 2015 to Nov. 5, 2015
Because of the increase flow of network traffic and its significance to the provision of ubiquitous services, cyberattacks attempt to compromise the security principles of confidentiality, integrity and availability. A Network Intrusion Detection System (NIDS) monitors and detects cyber-attack patterns over networking environments. Network packets consist of a wide variety of features which negatively affects detection of anomalies. These features include some irrelevant or redundant features which reduce the efficiency of detecting attacks, and increase False Alarm Rate (FAR). In this paper, the feature characteristics of the UNSW-NB15 and KDD99 datasets are examined, and the features of the UNSW-NB15 are replicated to the KDD99 data set to measure their effeciency. We apply An Association Rule Mining algorithm as feature selection to generate the strongest features from the two data sets. Some existing classifiers are utilised to evaluate the complexity in terms of accuracy and FAR. The experimental results show that, the original KDD99 attributes are less efficient than the replicated UNSW-NB15 attributes of the KDD99 data set. However, comparing the two data sets, the accuracy of the KDD99 dataset is better than the UNSW-NB 15 dataset, and the FAR of the KDD99 dataset is lower the UNSWNB 15 dataset.
Feature extraction, Training, Testing, Data mining, Complexity theory, Security, Computers
N. Moustafa and J. Slay, "The Significant Features of the UNSW-NB15 and the KDD99 Data Sets for Network Intrusion Detection Systems," 2015 4th International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS), Kyoto, Japan, 2015, pp. 25-31.