hi patrick:
I have used the KDD'99 dataset. all the 10% type datasets are the 10% of
the whole data. testdata is full data for testing your algo.
corrected_labels data set is the 10% data with labels. if you dont have any
label data then how can you measure the accuracy of your also.
reagarding the script, i have not used that, but I used my own calculation.
mainly, you have to provide results in terms of ROC, which is a plot
between false positives and detection rate. you can always calculate FP and
DR for the data, you are using as follows;
FP= # normal, classified as abnormal/total # of normal
DR= # abnormal, classified as abnormal/total # abnormal
At 06:03 PM 7/16/2005, trantichphuoc@yahoo.com wrote:
Hi all,
I am a newbie in Network Security. I have looked at a webiste about KDD 99
(http://www-cse.ucsd.edu/users/elkan/clresults.html ) and I found this
very interesting.
I would like to try the dataset and use some data mining tools to mine
this. However, I am having few problems.
1. The data I downoaded from
(http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html)
kddcup.data.gz The full data set (18M; 743M Uncompressed) -> I need the
output (classified as normal or an intrusion) so that a supervised
learnign can be done. This file is too big so I cant even open it to see
if it contains the output.
kddcup.data_10_percent.gz A 10% subset. (2.1M; 75M Uncompressed) -> is
this 10% extracted from the above whole data?
kddcup.newtestdata_10_percent_unlabeled.gz (1.4M; 45M Uncompressed) -> is
that true the test data is not extracted from the training data (743 Mb) ?
kddcup.testdata.unlabeled.gz (11.2M; 430M Uncompressed) -> is this test
data the same with above test? and how different?
kddcup.testdata.unlabeled_10_percent.gz (1.4M;45M Uncompressed)
corrected.gz Test data with corrected labels.
I see so many test sets and have no clue which one to use.
2. What tool would you recommend me to use to mine these data?
3. How can I run the scoring script in
http://www-cse.ucsd.edu/users/elkan/awkscript.html
I dont know how to evaluate my model after I finish training. Do I have to
send my model to the commeetee in order to have it evaluated, or I just run
the script by myself. What I really want to evaluate my model is the way
described in http://www-cse.ucsd.edu/users/elkan/clresults.html
Could anyone please give me some advices about this?
Thanks
Have a nice day
Patrick Tran
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
Sanjay Rawat
Senior Software Engineer
INTOTO Software (India) Private Limited
Uma Plaza, Above HSBC Bank, Nagarjuna Hills
PunjaGutta,Hyderabad 500082 | India
Office: + 91 40 23358927/28 Extn 423
Website : www.intoto.com
Homepage: http://sanjay-rawat.tripod.com
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
