ABSTRACT
In this chapter we introduce the readers to network anomaly detection approaches, their architectures, components and other important details. We also identify issues that stand out in each of these architectures and analyze their capabilities and limitations. Intrusion datasets play a very important role in the evaluation of any intrusion detection system. Therefore, in this chapter we introduce the reader to some well-known benchmark intrusion datasets and their characteristics. Furthermore, the chapter also describes the authors’ hands-on experience in generating their own dataset based on the various types of packet and flow features corresponding to the transport layer protocol.
