This study used DARPA 2000 dataset
since it has been widely used by researchers in the field. The type of NIDSs used to
replay the dataset is signature –based RealSecure Version 6.0 (Internet Security System, 2000).
This data are downloaded from Ning (2002). It contains four separated files
which represent two types of simulated scenarios (Scenario One and Scenario
Two) of Distributed Denial of Services (DDoS) network attack on two different
networks. Haines (2000) mentioned that attacks in Scenario Two were stealthier
than Scenario One. They contain thousand of event logs or network packets that
have been reported from the Demilitarized Zone (DMZ) and Inside Networks.