This page contains links to download some of the data referenced in our papers in RAID 2010: the 13th International Symposium on Recent Advances in Intrusion Detection and the Computer Networks journal. Please feel free to use this data in your experiments. If you do publish a paper using this material, we only ask that you send us a note and include a citation to our work in your paper.
Signature sets. The following are the signature sets that we used in our experiments. The HTTP/1503 signature set was also used in prior work on XFAs by Smith, Estan and Jha [Oakland08].
HTTP and FTP traffic traces. We are unable to release the HTTP and FTP traces that we used for the experiments in the RAID'10 paper because of privacy concerns. However, please note that we have also conducted experiments using publicly available traces from the DARPA intrusion detection evaluation data set. These results are reported in our Computer Networks journal article and should serve as a basis for comparison against our own implementation.
Code. We have also packaged the source code used for the implementation of 1-stride NFA-OBDDs. It is available here.