DARPA Datasets

1998 DARPA Intrusion Detection Evaluation Data Set

1998 DARPA Intrusion Detection Evaluation Data Set Overview

There were two parts to the 1998 DARPA Intrusion Detection Evaluation: an off-line evaluation and a real-time evaluation.

Intrusion detection systems were tested in the off-line evaluation using network traffic and audit logs collected on a simulation network. The systems processed this data in batch mode and attempted to identify attack sessions in the midst of normal activities.

Intrusion detection systems were delivered to AFRL for the real-time evaluation. These systems were inserted into the AFRL network testbed and attempted to identify attack sessions in the midst of normal activities, in realtime.

Intrusion detection systems were tested as part of the off-line evaluation, the real-time evaluation or both.

Sample Data

A sample of the network traffic and audit logs that were used for evaluating systems. These data were first made available in February 1998.

Read Me

Sample Dataset

Source: MIT Lincoln Laboratory