Abstract: Intelligent intrusion detection systems can only be built if there is availability of an effective data set. A data set with a sizable amount of quality data which mimics the real time can only help to train and test an intrusion detection system. The NSL-KDD data set is a refined version of its predecessor KDD’99 data set. In this paper the NSL-KDD data set is analysed and used to study the effectiveness of the various classification algorithms in detecting the anomalies in the network traffic patterns. We have also analysed the relationship of the protocols available in the commonly used network protocol stack with the attacks used by intruders to generate anomalous network traffic. The analysis is done using classification algorithms available in the data mining tool WEKA. The study has exposed many facts about the bonding between the protocols and network attacks.
Keywords: Intrusion Detection System, NSL-KDD dataset, Anomaly, Protocol.