A Labeled Data Set For Flow-based Intrusion Detection

Anna Sperotto, Ramin Sadre, Frank van Vliet, Aiko Pras

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    120 Citations (Scopus)
    599 Downloads (Pure)


    Flow-based intrusion detection has recently become a promising security mechanism in high speed networks (1-10 Gbps). Despite the richness in contributions in this field, benchmarking of flow-based IDS is still an open issue. In this paper, we propose the first publicly available, labeled data set for flow-based intrusion detection. The data set aims to be realistic, i.e., representative of real traffic and complete from a labeling perspective. Our goal is to provide such enriched data set for tuning, training and evaluating ID systems. Our setup is based on a honeypot running widely deployed services and directly connected to the Internet, ensuring attack-exposure. The final data set consists of 14.2M flows and more than 98% of them has been labeled.
    Original languageEnglish
    Title of host publicationIP Operations and Management
    Subtitle of host publication9th IEEE International Workshop, IPOM 2009, Venice, Italy, October 29-30, 2009. Proceedings
    EditorsGiorgio Nunzi, Caterina Scoglio, Xing Li
    Place of PublicationBerlin
    Number of pages12
    ISBN (Electronic)978-3-642-04968-2
    ISBN (Print)978-3-642-04967-5
    Publication statusPublished - 21 Oct 2009
    Event9th IEEE International Workshop on IP Operations and Management, IPOM 2009 - Venice, Italy
    Duration: 29 Oct 200930 Oct 2009
    Conference number: 9

    Publication series

    NameLecture Notes in Computer Science
    ISSN (Print)0302-9743
    ISSN (Electronic)1611-3349


    Workshop9th IEEE International Workshop on IP Operations and Management, IPOM 2009
    Abbreviated titleIPOM


    Dive into the research topics of 'A Labeled Data Set For Flow-based Intrusion Detection'. Together they form a unique fingerprint.

    Cite this