KDD 1999 generation faults: a review and analysis

Amjad M. Al Tobi, Ishbel Duncan

Research output: Contribution to journalArticlepeer-review


DARPA 1998 was one of the first Intrusion Detection datasets that was made publicly available. The KDD 1999 dataset was derived from DARPA 1998 to be used by researchers in developing machine learning (ML), classification and clustering algorithms with a security focus. DARPA 1998 has been criticised in literature due to raised concerns of problems in the dataset. Many researchers have accused KDD 1999 of having similar concerns but insufficient published evidence has been found. In this paper, we review the KDD 1999 generation process and present new proofs of existing inconsistencies in KDD 1999. We then present the process used to link some of the KDD 1999 (TELNET) records back to their origins in DARPA 1998 and discuss the interesting results and findings of this experiment.
Original languageEnglish
Pages (from-to)164-200
Number of pages37
JournalJournal of Cyber Security Technology
Issue number3-4
Early online date21 Sept 2018
Publication statusPublished - 2018


  • DARPA 1998 dataset
  • KDD Cup 1999 dataset
  • KDD review
  • KDD generation process
  • KDD generation faults


Dive into the research topics of 'KDD 1999 generation faults: a review and analysis'. Together they form a unique fingerprint.

Cite this