Papers
Topics
Authors
Recent
Search
2000 character limit reached

NSL-KDD Dataset Benchmark

Updated 6 July 2026
  • NSL-KDD is a benchmark dataset that refines KDD’99 by removing duplicates and reducing bias for more realistic intrusion detection evaluation.
  • It is organized into standard partitions—KDDTrain+, KDDTest+, and the challenging KDDTest-21—supporting both binary and multiclass attack classification studies.
  • Its controlled design and feature schema facilitate rigorous methodological comparisons, though its synthetic nature and class imbalance spur recommendations for complementary modern datasets.

NSL-KDD is a benchmark dataset for network intrusion detection that was introduced as a cleaned, de-biased successor to KDD’99. It preserves the KDD connection-level feature design and attack taxonomy while removing duplicate records and re-sampling examples to reduce the performance inflation caused by frequent repetitions. In the literature it is used for both binary intrusion detection and multiclass attack classification, typically on the canonical KDDTrain+ and KDDTest+ partitions and, in many studies, the harder KDDTest-21 subset (Albayati et al., 2015, Sapre et al., 2019, Ngueajio et al., 2022).

1. Origin, rationale, and relation to KDD’99

NSL-KDD is consistently described as a refined version of the KDD’99 intrusion-detection benchmark. The underlying lineage traces to the DARPA 1998 evaluation program: nine weeks of raw TCP-dump data from a simulated Air Force LAN were labeled as “normal” or “attack,” and the resulting corpus was later used to construct KDD’99. NSL-KDD was introduced by Tavallaee et al. in 2009 to correct biases in KDD’99, remove duplicate records, and provide a more balanced and representative training and testing set for intrusion-detection research (Albayati et al., 2015).

The redesign addressed a specific pathology of KDD’99: exact duplicates and very frequent records made memorization unduly effective. One study summarizes KDD’99 as containing roughly 4.9 million training records with about 78% redundancy, whereas NSL-KDD removes duplicate and redundant records so that classifiers are neither over-fit nor over-tested on repeated examples (Rababah et al., 2020). Another quantifies the reduction on the KDDCup99 10% training subset: 494,021 records in the original subset versus 125,973 in NSL-KDD, implying removal of 368,048 duplicate and “easy-to-classify” records, or approximately 74% of that subset (Sapre et al., 2019).

This redesign had methodological consequences. A comparative study reports that classifiers trained on NSL-KDD were on average 20.18% less accurate than classifiers trained on KDDCup99, attributing the gap to KDDCup99’s redundancy bias (Sapre et al., 2019). That result is often interpreted as evidence that NSL-KDD is not “easier,” but more stringent.

2. Dataset partitions, labels, and attack inventories

The standard NSL-KDD organization revolves around KDDTrain+ and KDDTest+, with KDDTest-21 used in many studies as a difficult subset stressing generalization to harder or novel attacks. The stable split sizes reported across the supplied literature are summarized below.

Split Records Characterization
KDDTrain+ 125,973 Standard training split
KDDTest+ 22,544 Standard test split
KDDTest-21 11,850 Hard test subset

In binary form, KDDTrain+ contains 67,343 normal and 58,630 attack records, while one summary of KDDTest+ reports 9,711 normal and 12,833 attack records; KDDTest-21 is reported as 2,152 normal and 9,698 attack records, with 32.8% novel attacks (Wu et al., 2019). In the five-class formulation, the high-level labels are Normal, DoS, Probe, R2L, and U2R. A commonly reported training distribution is Normal 67,343, DoS 45,927, Probe 11,656, R2L 995, and U2R 52 (Sapre et al., 2019, Vasquez, 2 Dec 2025).

NSL-KDD is also used to study generalization beyond the attack types present in training. One transfer-learning study states that KDDTrain+ contains 22 distinct attack categories, while KDDTest+ contains all of those plus 17 additional categories; those extra 17 are treated as the novel attacks emphasized by KDDTest-21 (Wu et al., 2019). A later multiclass study instead describes the five macro-classes as grouping 40 subtypes of attack (Vasquez, 2 Dec 2025). Across these descriptions, the stable point is the same: NSL-KDD preserves a coarse five-class taxonomy while supporting finer-grained attack inventories whose train/test overlap is intentionally imperfect.

3. Feature schema and preprocessing conventions

Across the cited studies, NSL-KDD is described either as 41 traffic features plus a label or as 42 attributes when the class field or a meta field is counted (Rababah et al., 2020, Wilkinson et al., 11 Sep 2025). The predictors are usually grouped into basic connection features, content features, and traffic-based features. One common enumeration is 9 basic, 10 content, and 22 traffic-based attributes (Albayati et al., 2015). Another describes 9 basic, 19 traffic, and 13 content features (Tauscher et al., 2021). The three categorical fields that appear consistently are protocol_type, service, and flag; the remaining fields are treated as numeric or Boolean depending on the preprocessing scheme (Albayati et al., 2015, Baptiste et al., 23 Feb 2026).

There is no single canonical preprocessing pipeline. Some studies one-hot encode the three categorical variables and rescale numeric variables to obtain 122 numerical dimensions; one 2025 multiclass study applies One-Hot Encoding to protocol_type, service, and flag, producing 122 dimensions, and uses min-max normalization over Train+ with the same transform applied to Test+ (Vasquez, 2 Dec 2025). A transfer-learning study merges NSL-KDD with UNSW-NB15 feature conventions, one-hot encodes categorical fields, standardizes all features to zero mean and unit variance, and obtains a 113-dimensional numerical vector reshaped to (batch_size, 113, 1) for 1D convolution (Wu et al., 2019). Other works use LabelCount encoding for the categorical fields with z-score standardization (Tauscher et al., 2021), Weka’s internal nominal handling without explicit one-hot expansion (Rababah et al., 2020), or L2 normalization after one-hot encoding (Sapre et al., 2019).

Some papers also drop the difficulty field before modeling (Vasquez, 2 Dec 2025, Baptiste et al., 23 Feb 2026). Hyperdimensional-computing studies diverge further by avoiding conventional real-valued normalization and instead quantizing each feature into bins before binding it to a high-dimensional hypervector (Ghajari et al., 4 Mar 2025, Ghajari et al., 4 Mar 2025). A plausible implication is that published NSL-KDD results are materially preprocessing-dependent, even when the nominal train/test split is identical.

4. Evaluation protocols and characteristic benchmark behavior

NSL-KDD supports several evaluation regimes: binary normal-versus-attack detection, direct five-class prediction, hierarchical pipelines in which binary detection precedes attack-type classification, one-class anomaly detection trained on normal traffic only, and attack-family-specific studies such as DoS-only screening (Tauscher et al., 2021, Wilborne, 2022, Baptiste et al., 23 Feb 2026). The most common metrics are accuracy, precision, recall, F1F_1, and false positive rate. In multiclass notation, one study defines

Accuracy=iTPiN,Precisioni=TPiTPi+FPi,Recalli=TPiTPi+FNi,\mathrm{Accuracy} = \frac{\sum_i TP_i}{N}, \qquad \mathrm{Precision}_i = \frac{TP_i}{TP_i + FP_i}, \qquad \mathrm{Recall}_i = \frac{TP_i}{TP_i + FN_i},

and

F1i=2PrecisioniRecalliPrecisioni+Recalli,F1_i = 2 \cdot \frac{\mathrm{Precision}_i \cdot \mathrm{Recall}_i}{\mathrm{Precision}_i + \mathrm{Recall}_i},

while binary studies additionally report

FPR=FPFP+TN.\mathrm{FPR} = \frac{FP}{FP + TN}.

These definitions recur with only notational variation across the corpus (Vasquez, 2 Dec 2025, Ngueajio et al., 2022).

A characteristic property of NSL-KDD is that apparently strong detection rates can coexist with unfavorable false-positive behavior, especially on the hard split. In a two-stage transfer-learning ConvNet, the baseline ConvNet on KDDTest+ achieved DR 78.35, ACC 84.62, and FPR 7.11, whereas the transfer-learning variant achieved DR 93.86, ACC 87.30, and FPR 21.38. On KDDTest-21, the same comparison was DR 54.36, ACC 59.92, FPR 15.06 for the baseline versus DR 99.82, ACC 81.94, FPR 98.65 for the transfer-learning model (Wu et al., 2019). The paper attributes the FPR inflation to attack-heavy test distributions and to the dataset’s skew, and explicitly warns against interpreting high detection rates in isolation.

Other studies use NSL-KDD to emphasize different methodological points. A Weka stacking model combining Decision Tree and Random Forest reported TP rate 0.852, FP rate 0.134, Precision 0.862, Recall 0.852, and F-measure 0.852 on NSL-KDD (Rababah et al., 2020). A hierarchical system found that an autoencoder outperformed several supervised baselines in the binary stage with 87.5% accuracy and F1=0.8848F_1 = 0.8848, while SVM-SMOTE raised macro-F1F_1 in the four-class stage from 0.6089 to 0.7020 and U2R F1F_1 from 0.2075 to 0.5741 (Tauscher et al., 2021). These results illustrate why NSL-KDD is frequently used not merely as a scoreboard, but as a controlled environment for studying class imbalance, novelty, and hierarchical decision design.

5. Strengths, limitations, and recurring misconceptions

The principal strength of NSL-KDD is methodological: by removing duplicates and reducing the dominance of very frequent records, it yields more conservative and more comparable performance estimates than KDD’99 (Rababah et al., 2020, Sapre et al., 2019). Its fixed train/test split, manageable size, and stable feature schema have made it a de-facto academic benchmark for intrusion-detection research (Ngueajio et al., 2022, Akter et al., 2024).

Its limitations are equally well documented. Multiple papers describe NSL-KDD as synthetic, unevenly distributed, and outdated. One study notes that it “lacks public network data” and does not fully capture diversified traffic patterns, encryption, and application-level subtleties; another is more specific, stating that it includes no SSL/TLS flows, no modern botnet-style command-and-control, and limited payload inspection (Rababah et al., 2020). Later work adds that it does not include modern attacks such as APTs and that its static structure cannot capture contemporary traffic variation (Vasquez, 2 Dec 2025, Ngueajio et al., 2022).

Class imbalance remains a central difficulty. In the standard five-class training split, R2L and U2R are minority classes by a wide margin, with 995 and 52 examples respectively (Sapre et al., 2019, Vasquez, 2 Dec 2025). Several papers identify these classes as the main source of weak recall and unstable multiclass performance, motivating oversampling, cost-sensitive learning, or two-stage designs (Tauscher et al., 2021, Vasquez, 2 Dec 2025). Another recurrent misconception concerns the benign class: it is often treated as a single homogeneous category, yet an unsupervised study clustered the 77,054 benign records into 3 stable HDBSCAN clusters, with proportions 61.2%, 31.5%, and 7.3%, plus approximately 2% noise (Wilkinson et al., 11 Sep 2025). However, splitting benign traffic into three labels did not improve a Random Forest classifier’s overall accuracy, which remained 72.1% before clustering, after clustering, and after re-joining predictions (Wilkinson et al., 11 Sep 2025). This indicates that benign heterogeneity is real, but explicit benign relabeling does not automatically translate into better intrusion classification.

6. Benchmark role in contemporary research

NSL-KDD remains a common substrate for comparing classical ML, deep learning, spiking models, hyperdimensional computing, and unsupervised anomaly detection. Reported uses range from information-gain feature filtering and stacked ensembles in Weka (Rababah et al., 2020), to transfer learning across UNSW-NB15 and NSL-KDD (Wu et al., 2019), to hierarchical autoencoder-plus-DNN systems with SVM-SMOTE (Tauscher et al., 2021), to GRU-CNN hybrids, spiking neural networks, and β\beta-VAEs (Akter et al., 2024, Zhou et al., 2020, Baptiste et al., 23 Feb 2026).

The reported headline numbers span a wide range because the tasks differ. A hyperdimensional-computing anomaly detector reported 91.55% accuracy on KDDTrain+, 86.21% on KDDTest+, and 81.75% on KDDTest-21 (Ghajari et al., 4 Mar 2025). A multiclass HDC classifier reported 99.54% overall accuracy (Ghajari et al., 4 Mar 2025). A spiking neural network with resampled 312-dimensional encoding reported 0.9931 for accuracy, F1F_1, precision, and recall on KDDTest+ (Zhou et al., 2020). SCGNet reported 99.76% binary detection accuracy and 98.92% multiclass accuracy on NSL-KDD (Akter et al., 2024). In unsupervised form, a β\beta-VAE achieved best binary AUROC of 97.90% for latent-space distance scoring and 96.78% for reconstruction-error scoring (Baptiste et al., 23 Feb 2026). Data augmentation studies have also used NSL-KDD to investigate minority-class synthesis: one GAN-based pipeline reported XGBoost accuracy rising from 99.53% to 99.78%, with the rare nmap class recall increasing from 0.7480 to 0.9906 (Santoso et al., 2023).

The persistence of NSL-KDD in recent work does not imply that it is sufficient as a standalone proxy for operational deployment. The recurrent recommendation across the supplied literature is to complement it with more recent datasets such as UNSW-NB15, CICIDS2017, or CSE-CIC-IDS2018, and to use class-balancing, cost-sensitive, or deep representation-learning methods when the objective is robust detection of minority or previously unseen attacks (Rababah et al., 2020, Akter et al., 2024, Vasquez, 2 Dec 2025). This suggests that NSL-KDD is most valuable as a controlled benchmark for methodological comparison, ablation, and reproducibility, rather than as a complete model of present-day network traffic.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (15)

Topic to Video (Beta)

No one has generated a video about this topic yet.

Whiteboard

No one has generated a whiteboard explanation for this topic yet.

Follow Topic

Get notified by email when new papers are published related to NSL-KDD Dataset.