This paper presents a detailed analysis of the KDDCUP99 dataset, which is widely used for evaluating intrusion detection systems (IDSs). The authors identify two major issues with the dataset that significantly affect the performance of evaluated systems and lead to poor evaluation of anomaly detection approaches. These issues are the high number of redundant records and the uneven distribution of attack types, which cause learning algorithms to be biased towards frequent records and result in unreliable evaluation results. To address these problems, the authors propose a new dataset called NSL-KDD, which consists of selected records from the complete KDD dataset and does not suffer from the mentioned shortcomings. The NSL-KDD dataset has a more balanced distribution of attack types and a reasonable number of records, making it more suitable for evaluating IDSs. The authors also provide a detailed description of the KDDCUP99 dataset, including its features and the types of attacks it contains. They discuss the inherent problems of the KDDCUP99 dataset, such as the synthetic nature of the data and the lack of exact definitions of attacks. The authors also analyze the difficulty level of the records in the KDD dataset and show that many records can be correctly classified by multiple machine learning algorithms, leading to high accuracy rates. However, this makes the evaluation of IDSs based on accuracy and detection rate unreliable. The authors propose a solution to these issues by creating a new dataset that includes only records that are not easily classified by existing machine learning algorithms. This new dataset is more challenging and provides a more accurate evaluation of IDSs. The authors also compare the performance of different machine learning algorithms on the original and new datasets, showing that the new dataset provides more reliable results. The paper concludes that the NSL-KDD dataset is a more suitable benchmark for evaluating IDSs and that it can help researchers compare different intrusion detection methods.This paper presents a detailed analysis of the KDDCUP99 dataset, which is widely used for evaluating intrusion detection systems (IDSs). The authors identify two major issues with the dataset that significantly affect the performance of evaluated systems and lead to poor evaluation of anomaly detection approaches. These issues are the high number of redundant records and the uneven distribution of attack types, which cause learning algorithms to be biased towards frequent records and result in unreliable evaluation results. To address these problems, the authors propose a new dataset called NSL-KDD, which consists of selected records from the complete KDD dataset and does not suffer from the mentioned shortcomings. The NSL-KDD dataset has a more balanced distribution of attack types and a reasonable number of records, making it more suitable for evaluating IDSs. The authors also provide a detailed description of the KDDCUP99 dataset, including its features and the types of attacks it contains. They discuss the inherent problems of the KDDCUP99 dataset, such as the synthetic nature of the data and the lack of exact definitions of attacks. The authors also analyze the difficulty level of the records in the KDD dataset and show that many records can be correctly classified by multiple machine learning algorithms, leading to high accuracy rates. However, this makes the evaluation of IDSs based on accuracy and detection rate unreliable. The authors propose a solution to these issues by creating a new dataset that includes only records that are not easily classified by existing machine learning algorithms. This new dataset is more challenging and provides a more accurate evaluation of IDSs. The authors also compare the performance of different machine learning algorithms on the original and new datasets, showing that the new dataset provides more reliable results. The paper concludes that the NSL-KDD dataset is a more suitable benchmark for evaluating IDSs and that it can help researchers compare different intrusion detection methods.