Research Of IDS Evaluation Data Set And Assessment Method

Intrusion detection technology is one of the key technologies to maintain network security,and is an indispensable component and support of the security system.Intrusion detection system(IDS)evaluation of data sets is the main means to evaluate intrusion detection technology.The evaluation of intrusion detection technology can not only find its own shortcomings,but also can find the direction of research.And then transfer the focus of the work to the breakthrough of key technology,which is of great significance for the development of the intrusion detection technology.In this paper,the background of the IDS evaluation data set is discussed,and then its generation technology and its domestic and foreign research status are discussed in detail.Although many achievements have been made in this field,many data sets have been popularized and applied,but there are still many shortcomings.These problems affect the evaluation results of intrusion detection technology.Based on the deep analysis and research of the related technologies of data sets,a statistical analysis method is proposed to determine the performance of data sets.This method can examine the performance of the data set by analyzing the background,equilibrium analysis and correlation analysis of the data set.Subsequently,the UNSW-NB15 data set is analyzed by this method.The analysis results show that the dataset has the characteristics of balance,and the data correlation is good,so that it can better meet the current assessment needs.The ROC curve is the main method of intrusion detection and evaluation.However,the traditional detection rate and false positive rate calculation method simply focus on detecting or misreporting data,without considering the difference among attack types.In view of the existing problems in the current evaluation method,and in order to achieve the differential processing between the attack data and normal data and all kinds of attack data,this paper proposes a weight based ROC computing method.In this method,the detection of single class attacks can be observed by modifying the weight value,which makes the evaluation of the detection algorithm more in-depth and meticulous.In addition,we can evaluate the detection algorithm from multiple angles,which increases the breadth of the evaluation.The experimental results show that the method is effective and feasible,and the evaluation of the detection algorithm is more comprehensive and deeper.