Figure 2 shows the ISCX 2012 test bed network that contains 21 interconnected Windows workstations.
Our experiment was focused on the specific host server addresses DARPA (172.016.114.050) and ISCX (192.168.5.122).
The detection performance of the proposed unified approach when applied to both the DARPA 1999 and the ISCX 2012 datasets is presented in this section.
1) Execution of Snort intrusion detection system on all the ISCX dataset traffic traces.
3) Mapping between these packets and their flows in the ISCX dataset since it is a flow based labeled dataset.
4) Labeling of the different alerts based on the ISCX labeled flows.
The statistics of selected ISCX 2012 data subset are depicted in Table 2.
Other simulation parameters are tuned automatically by AMGA2 for KDD cup 1999 dataset and the ISCX 2012 dataset are presented in Tables 4 and 5, respectively.
For ISCX 2012 dataset, the results of the proposed technique are improved up to 118% in DR and 24% in FPR approximately over NB and its ensemble using bagging technique.
Finally, in e-marketplaces and ISCXs
run by a third party, the network effect is the key.
To evaluate our proposed model, we prepared two different large datasets of Information Security Center of Excellence (ISCX IDS 2012) , and DARPA 1999/MIT Lincoln laboratories IDS .
The first experiment used the ISCX datasets 2012 , which were collected under the sponsorship of Information Security Centre of Excellence (ISCX).