http://kdd.ics.uci.edu/databases/kddcup99/(下载地址，目录包含文件如下)

  Data files:

  kddcup.names      A list of features.

  kddcup.data.gz      The full data set (18M; 743M Uncompressed)

  kddcup.data_10_percent.gz    A 10% subset. (2.1M; 75M Uncompressed)

  kddcup.newtestdata_10_percent_unlabeled.gz  (1.4M; 45M Uncompressed)

  kddcup.testdata.unlabeled.gz    (11.2M; 430M Uncompressed)

  kddcup.testdata.unlabeled_10_percent.gz  (1.4M;45M Uncompressed)

  corrected.gz      Test data with corrected labels.

  training_attack_types     A list of intrusion types.

 

   这些数据全部采用tcpdump的格式，每条记录包含34个数值型字段和7个非数值型字段，并带有正常,probe, DOS, R2L,U2L五种类标签。根据各个字段的含义不同，大致可分为三种：
1) Basic features of individual connections. 网络连接总体信息相关的特征。eg: protocol,duration ,  service and so on;
2) Traffic features of individual connections. 网络连接流量相关的统计信息，如在同一时间间隔内相同服务请求数，同一时间间隔内来自同一时间主机连接数等。
3) Content features of individual connections. 网络连接数据内容信息相关的特征，如超级用户权限尝试数root access attempts 等。

 

(1) protocol type: 1-icmp; 2-tcp; 3-udp; 4-others.
(2) service: domain-u 1;  ecr_i 2;  eco-i 3;  finger 4;  ftp-data 5;  

ftp 6;  http 7;  hostnames 8; imap4  9;   login 10;  mtp 11;  

netstat 12;  other 13;  private 14;  smtp 15;  systat 16;  telnet 17; time 18; uucp 19;   其他服务 20;
(3) flag: 1-REJ; 2-RSTO; 3-RSTR; 4-S0; 5-S3; 6-SF; 7-SH; 8-OTHERS;
(4)其他数据归一化处理：x∈[xmin,xmax], t=(x-xmin)/(xmax-xmin) ∈[0,1].