CIDD Architecture
CIDD has two parts of audit data: The first one is a collection of Unix Solaris audits and their corresponding TCP dump data: The second part includes Windows NT audits and their corresponding TCP dump data. As any intrusion dataset, CIDD consists of training and testing data for both parts 1 and 2. In training data of part 1, CIDD has 7 weeks (35 days) of Unix Solaris audits and TCP dump data with labeled attacks which can be used to train any IDS with a set of attack signatures.
The
following Figure show the CIDD Audit Training Data
The following Figure show the CIDD Audit Testing Data
The
following Figure show the CIDD Audit Training Data
