{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,10]],"date-time":"2026-03-10T15:42:51Z","timestamp":1773157371721,"version":"3.50.1"},"reference-count":22,"publisher":"MDPI AG","issue":"3","license":[{"start":{"date-parts":[[2016,7,5]],"date-time":"2016-07-05T00:00:00Z","timestamp":1467676800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Future Internet"],"abstract":"<jats:p>The Windows Operating System (OS) is the most popular desktop OS in the world, as it has the majority market share of both servers and personal computing necessities. However, as its default signature-based security measures are ineffectual for detecting zero-day and stealth attacks, it needs an intelligent Host-based Intrusion Detection System (HIDS). Unfortunately, a comprehensive data set that reflects the modern Windows OS\u2019s normal and attack surfaces is not publicly available. To fill this gap, in this paper two open data sets generated by the cyber security department of the Australian Defence Force Academy (ADFA) are introduced, namely: Australian Defence Force Academy Windows Data Set (ADFA-WD); and Australian Defence Force Academy Windows Data Set with a Stealth Attacks Addendum (ADFA-WD: SAA). Statistical analysis results based on these data sets show that, due to the low foot prints of modern attacks and high similarity of normal and attacked data, both these data sets are complex, and highly intelligent Host based Anomaly Detection Systems (HADS) design will be required.<\/jats:p>","DOI":"10.3390\/fi8030029","type":"journal-article","created":{"date-parts":[[2016,7,5]],"date-time":"2016-07-05T10:06:19Z","timestamp":1467713179000},"page":"29","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":52,"title":["Windows Based Data Sets for Evaluation of Robustness of Host Based Intrusion Detection Systems (IDS) to Zero-Day and Stealth Attacks"],"prefix":"10.3390","volume":"8","author":[{"given":"Waqas","family":"Haider","sequence":"first","affiliation":[{"name":"School of Engineering and Information Technology, Australian Defence Force Academy, University of New South Wales, Canberra 2052, Australia"}]},{"given":"Gideon","family":"Creech","sequence":"additional","affiliation":[{"name":"School of Engineering and Information Technology, Australian Defence Force Academy, University of New South Wales, Canberra 2052, Australia"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8899-4032","authenticated-orcid":false,"given":"Yi","family":"Xie","sequence":"additional","affiliation":[{"name":"School of Data and Computer Science, Sun Yat-Sen University, Guangzhou 510006, China"}]},{"given":"Jiankun","family":"Hu","sequence":"additional","affiliation":[{"name":"School of Engineering and Information Technology, Australian Defence Force Academy, University of New South Wales, Canberra 2052, Australia"}]}],"member":"1968","published-online":{"date-parts":[[2016,7,5]]},"reference":[{"key":"ref_1","unstructured":"Hu, J. (2010). Handbook of Information and Communication Security, Springer."},{"key":"ref_2","first-page":"9","article-title":"Application firewalls in a defence-in-depth design","volume":"9","author":"Paul","year":"1983","journal-title":"Netw. Secur."},{"key":"ref_3","unstructured":"Creech, G. (2014). Developing a high-accuracy cross platform host-based intrusion detection system capable of reliably detecting zero-day attacks. [Ph.D. Thesis, University of New South Wales]."},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Creech, G., and Hu, J. (2013, January 7\u201310). Generation of a new ids test dataset: Time to retire the kdd collection. Proceedings of the 2013 IEEE Wireless Communications and Networking Conference (WCNC), Shanghai, China.","DOI":"10.1109\/WCNC.2013.6555301"},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"807","DOI":"10.1109\/TC.2013.13","article-title":"A semantic approach to host-based intrusion detection systems using contiguous and discontiguous system call patterns","volume":"4","author":"Creech","year":"2014","journal-title":"IEEE Trans. Comput."},{"key":"ref_6","unstructured":"Information Systems Security, Assurance, and Privacy. Available online:http:\/\/aisel.aisnet.org\/amcis2014\/ISSecurity\/GeneralPresentations\/12."},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Osanaiye, O., Cai, H., Choo, K.K.R., Dehghantanha, A., Xu, Z., and Dlodlo, M. (2016). Ensemble-based multi-filter feature selection method for DDoS detection in cloud computing. EURASIP J. Wirel. Commun. Netw., 1.","DOI":"10.1186\/s13638-016-0623-3"},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"147","DOI":"10.1016\/j.jnca.2016.01.001","article-title":"Distributed Denial of Service (DDoS) Resilience in Cloud: Review and Conceptual Cloud DDoS Mitigation Framework","volume":"67","author":"Osanaiye","year":"2016","journal-title":"J. Netw. Comput. Appl."},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Walls, J., and Choo, K.K.R. (2015, January 20\u201322). A Review of Free Cloud-Based Anti-Malware Apps for Android. Proceedings of the IEEE Trustcom\/BigDataSE\/ISPA, Helsinki, Finland.","DOI":"10.1109\/Trustcom.2015.482"},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"74","DOI":"10.1016\/j.cose.2014.10.016","article-title":"Exfiltrating data from Android devices","volume":"48","author":"Do","year":"2016","journal-title":"Comput. Secur."},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Dorazio, C.J., Choo, K.K.R., and Yang, L.T. (2016). Data Exfiltration from Internet of Things Devices: iOS Devices as Case Studies. IEEE J. Internet Things.","DOI":"10.1109\/JIOT.2016.2569094"},{"key":"ref_12","unstructured":"Windows based IDS data sets. Available online:https:\/\/www.unsw.adfa.edu.au\/school-of-engineering-and-information-technology \/professor-jiankun-hu."},{"key":"ref_13","unstructured":"Smith, C.L. (2003, January 14\u201316). Understanding concepts in the defence in depth strategy. Proceedings of the IEEE 37th Annual 2003 International Carnahan Conference on Security Technology, Taipei, Taiwan."},{"key":"ref_14","unstructured":"Common Vulnerabilities and Exposures. Available online:http:\/\/cve.mitre.org\/data\/refs\/refmap\/source-ISS.html."},{"key":"ref_15","unstructured":"Xie, M., Hu, J., Yu, X., and Chang, E. (2014). Network and System Security, Springer."},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Haider, W., Hu, J., and Xie, M. (2015, January 15\u201317). Towards reliable data feature retrieval and decision engine in host-based anomaly detection systems. Proceedings of the 2015 IEEE 10th Conference on Industrial Electronics and Applications (ICIEA), Auckland, New Zealand.","DOI":"10.1109\/ICIEA.2015.7334166"},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Haider, W., Hu, J., Yu, X., and Xie, Y. (2015, January 3\u20135). Integer Data Zero-Watermark Assisted System Calls Abstraction and Normalization for Host Based Anomaly Detection Systems. Proceedings of the 2015 IEEE 2nd International Conference on Cyber Security and Cloud Computing (CSCloud), New York, NY, USA.","DOI":"10.1109\/CSCloud.2015.11"},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"783","DOI":"10.1016\/S0893-6080(99)00032-5","article-title":"Improving support vector machine classifiers by modifying kernel functions","volume":"12","author":"Amari","year":"1999","journal-title":"Neural Netw."},{"key":"ref_19","unstructured":"Quinlan, J.R. (2014). C4. 5: Programs for Machine Learning, Elsevier."},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"513","DOI":"10.1109\/TSMCB.2011.2168604","article-title":"Extreme learning machine for regression and multiclass classification","volume":"42","author":"Huang","year":"2012","journal-title":"IEEE Trans. Syst. Man Cybern. B Cybern."},{"key":"ref_21","doi-asserted-by":"crossref","first-page":"2617","DOI":"10.1016\/j.cor.2004.03.019","article-title":"Application of svm and ann for intrusion detection","volume":"32","author":"Chen","year":"2005","journal-title":"Comput. Oper. Res."},{"key":"ref_22","doi-asserted-by":"crossref","first-page":"197","DOI":"10.1007\/BF00994016","article-title":"Learning Bayesian networks: The combination of knowledge and statistical data","volume":"20","author":"Heckerman","year":"1995","journal-title":"Mach. Learn."}],"container-title":["Future Internet"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1999-5903\/8\/3\/29\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T19:25:26Z","timestamp":1760210726000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1999-5903\/8\/3\/29"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016,7,5]]},"references-count":22,"journal-issue":{"issue":"3","published-online":{"date-parts":[[2016,9]]}},"alternative-id":["fi8030029"],"URL":"https:\/\/doi.org\/10.3390\/fi8030029","relation":{},"ISSN":["1999-5903"],"issn-type":[{"value":"1999-5903","type":"electronic"}],"subject":[],"published":{"date-parts":[[2016,7,5]]}}}