dataset of intrusion detection for apache log

Question

FOUND ON : HoneyNet Project. in scan31 and scan34

PHPIDS have a filter rules to detect attack pattern in web access log file.

I want to ask how do I know that PHPIDS can detect the attack (xss, sqli, any attack they told that they can detect) in apache log access file. ( not from using it. )

What dataset PHPIDS uses to confirm that their filter rules can detect.

I really want that dataset to know that my detecting program can detect the attack.

(Dataset here means Apache log file that contains many attack pattern and I know how many attack pattern it has in a log file). If my program can detect all attack patterns in that dataset, it means my program works!

Can I have a link of website where I can download a dataset of attack on webaccess attack (apache log)?

I found some dataset of DARPA. Do they have a dataset about web access log?

Answer 1

Yes the Darpa 1999 IDS dataset has web access logs which you could inspect. It contains apache httpd access logs as well as error logs.

Answer 2

VELOS Dataset contains many different types of attacks that can be detected by your program. It definitely includes webaccess attacks. The traffic is mainly in multiple pcap files and tcpdump text files. Also, it's true that you can check also DARPA datasets (1998-2000).