Papers
Topics
Authors
Recent
Search
2000 character limit reached

UNSW-NB15 Intrusion Detection Benchmark

Updated 5 July 2026
  • UNSW-NB15 is a network intrusion detection benchmark featuring contemporary attack coverage, multi-modal data representations, and standardized supervised splits.
  • It supports varied experimental formulations—including binary and multiclass tasks—with reported accuracies often exceeding 95% under controlled preprocessing and feature-selection protocols.
  • The dataset is a versatile resource for studies on transfer learning, continual adaptation, and alert prioritization, despite challenges such as class imbalance and feature redundancy.

UNSW-NB15 is a network intrusion detection benchmark introduced as a modern alternative to older datasets such as KDD Cup 99 and NSL-KDD. In the literature, it appears both as a large packet-capture-derived corpus and as a standardized released split for supervised learning, and it supports binary intrusion detection, multiclass attack recognition, feature-selection studies, representation learning, transfer experiments, online adaptation, and even alert-prioritisation and analyst-assistance formulations. Across these uses, UNSW-NB15 is valued for contemporary attack coverage and public availability, but it is also repeatedly examined for class imbalance, class overlap, feature redundancy, and dataset-specific artifacts that can distort reported performance (Divekar et al., 2018, Umar et al., 2020, Hossain et al., 6 May 2026).

1. Provenance and construction

UNSW-NB15 is described as a 2015 dataset from the Australian Centre for Cyber Security, with traffic generated in the ACCS Cyber Range using IXIA PerfectStorm and captured with tcpdump. Feature extraction is reported as using Argus, Bro-IDS or Zeek, and twelve additional algorithms, yielding 49 features from the packet captures. One benchmark-oriented account further describes the broader corpus as collected over two days in sessions of 16 and 15 hours, using 45 unique IP addresses over 3 networks (Sarhan et al., 2020, Umar et al., 2020, Divekar et al., 2018).

The full corpus is reported as 2,540,044 flows, with 2,218,761 benign flows and 321,283 attack flows, and a CSV footprint of about 0.55 GB for the original released table. Several papers also refer to roughly 100 GB of packet captures as the underlying source material. This positioning is central to how the dataset is framed: it is meant to be more contemporary than KDD-family benchmarks and to reflect a richer attack surface than earlier anomaly-detection corpora (Sarhan et al., 2020, Divekar et al., 2018).

A recurrent justification for adopting UNSW-NB15 is its role as a replacement benchmark. One comparative study explicitly presents it as a modern substitute for KDD-99, emphasizing newer attack generation, greater stationarity between train and test, more uniform class distribution than KDD-99, and the absence of redundant records in the released benchmark form (Divekar et al., 2018).

2. Released forms, labels, and experimental task formulations

Recent papers do not all use the same realization of UNSW-NB15. They variously use the full packet-capture-derived corpus, the official released split, cleaned aggregates after preprocessing, or converted variants such as NetFlow and image or text encodings. The resulting record counts therefore differ across studies.

Reported realization Reported size Notes
Full original corpus 2,540,044 flows Packet-capture-derived corpus
Official released split 175,341 train / 82,332 test Most common supervised split
Cleaned aggregate 257,673 records Reported after preprocessing and cleaning
NF-UNSW-NB15 1,623,118 flows NetFlow-derived variant

The official split is widely used for benchmark work. In that split, the training set contains 175,341 records and the test set 82,332. Class counts reported for the training split include 56,000 Normal, 40,000 Generic, 33,393 Exploits, 18,184 Fuzzers, 12,264 DoS, 10,491 Reconnaissance, 2,000 Analysis, 1,746 Backdoor, 1,133 Shell Code, and 130 Worms; the test split contains 37,000 Normal, 18,871 Generic, 11,132 Exploits, 6,062 Fuzzers, 4,089 DoS, 3,496 Reconnaissance, 677 Analysis, 583 Backdoor, 378 Shell Code, and 44 Worms (Divekar et al., 2018).

The label space is usually described as one normal class plus nine attack categories. One paper lists these attack categories as Backdoor, DoS, Generic, Reconnaissance, Analysis, Fuzzers, Exploit, Shellcode, and Worms, while several others use the pluralized forms Backdoors and Exploits; the operational class set is the same. The released data also expose both a multiclass attack-category field and a binary attack indicator, which is why UNSW-NB15 supports both binary and multiclass formulations (Umar et al., 2020, Jouhari et al., 2024).

Task formulation varies sharply across studies. Some works use binary normal-versus-attack detection only, explicitly dropping attack_cat and retaining the binary label (Umar et al., 2020, Hossain et al., 6 May 2026). Others perform 10-class multiclass classification with Normal plus the nine attack families (Jouhari et al., 2024, Silivery et al., 2023). Some reduce the task further: one feature-selection study removes Analysis, Backdoor, Shellcode, and Worms and reports results on a 6-class subset of Normal, Generic, Exploits, Fuzzers, DoS, and Reconnaissance (Yin et al., 2022). Another paper reinterprets identical feature vectors with conflicting labels as multi-label phenomena, merges duplicate vectors, and reports 57 distinct observed label sets with label cardinality 1.689 (Xie et al., 2023).

3. Preprocessing conventions and derived representations

There is no single canonical preprocessing pipeline for UNSW-NB15 in the later literature. Common operations include removal of identifiers or infrastructure-specific fields, encoding of nominal variables, numerical scaling, and task-specific feature filtering. One binary generalisation study replaces infinite values with NaN, removes rows with missing values, drops duplicates, label-encodes categorical variables such as protocol type, and applies Min–Max normalization (Hossain et al., 6 May 2026). A wrapper-based IDS study removes id and attack_cat in its binary setting, performs feature selection on training data only to avoid information leakage, then applies Min–Max normalization and one-hot encoding (Umar et al., 2020). A visual-analysis paper removes record start and end times plus source and destination addresses and ports, label-encodes the nominal variables, compares several scaling methods, and selects Min–Max scaling as the most visually separative option (Zoghi et al., 2021).

The effective feature dimensionality therefore depends on the study. Several papers using the released split treat the predictive space as 42 features after auxiliary-field removal (Yin et al., 2022). One IoT-oriented CNN-BiLSTM study describes the split as having 44 features, with the last two used as labels (Jouhari et al., 2024). A byte-level flow-to-image paper states that standard preprocessing excludes 7 non-traffic fields, leaving 42 features partitioned into 37 continuous and 5 categorical variables before encoding each flow into a fixed 32×3232 \times 32 RGB image (Mu et al., 6 May 2026).

UNSW-NB15 has also been transformed into alternative modalities. NF-UNSW-NB15 is derived from the original pcaps using nProbe and NetFlow v9. That variant reports 12 extracted NetFlow fields, of which 8 are used for classification after removing identifiers, and it contains 1,623,118 flows with 72,406 attack flows and 1,550,712 benign flows (Sarhan et al., 2020). Other work converts the tabular flows to prompt-ready text strings for zero- or few-shot LLM evaluation, using the official split, the binary label, and balanced test subsets of size 200, 1000, and 2000 (Rehman et al., 18 Oct 2025).

4. Feature structure, redundancy, and dataset artifacts

A substantial part of the literature treats UNSW-NB15 as a feature-analysis object rather than merely a benchmark table. One cross-dataset study reports a correlation heatmap on UNSW-NB15 and interprets it as showing partially redundant traffic-flow information. It notes positive correlations among sbytes, dbytes, spkts, and dpkts; among smean, dmean, sload, and dload; and among ct_src_ltm, ct_dst_ltm, and ct_dst_src_ltm, while also stating that the dataset does not show extreme correlation across the entire feature set (Hossain et al., 6 May 2026).

Feature-selection studies repeatedly find that relatively small subsets can retain much of the benchmark performance. A wrapper-based decision-tree selector reduces the predictive space to 19 features and reports that these preserve nearly the same attack-detection capability as the full feature set while often reducing model-building time (Umar et al., 2020). A hybrid filter-wrapper study reduces the input from 42 to 23 features for an MLP and improves reported multiclass accuracy from 82.25% to 84.24% on its reduced 6-class formulation (Yin et al., 2022). A χ2\chi^2-based deep model keeps the top 20 ranked features, with swin, dwin, and sttl at the top of the reported ranking (Jouhari et al., 2024).

At the same time, several papers warn that some highly predictive features may reflect artifacts rather than deployable signal. A dedicated feature-analysis study on original UNSW-NB15 reports that the top-ranked features under chi-square, information gain, and correlation are dominated by the TTL-related variables sttl, dttl, and ct_state_ttl, and that maximum AUC can be reached with a single such feature. The authors argue that these fields behave like hidden labels and explicitly recommend removing them for reliable evaluation (Sarhan et al., 2021). A NetFlow conversion paper makes a related point by dropping sttl, dttl, and ct_state_ttl from the original feature set because they are extremely correlated with labels (Sarhan et al., 2020).

Another line of critique concerns geometry and label ambiguity. A visual-analysis study identifies two major structural problems in UNSW-NB15: class imbalance and class overlap, using PCA, t-SNE, and K-means distance maps to show overlap between attack classes and Normal traffic (Zoghi et al., 2021). A separate multi-label reinterpretation study goes further and claims that exact duplicate feature vectors can appear with different labels; after merging such duplicates, it reports 57 observed label subsets and argues that single-label evaluation may understate the dataset’s intrinsic overlap structure (Xie et al., 2023). This suggests that reported classifier performance can depend as much on label protocol as on model class.

5. Within-dataset benchmarking and reported performance

Within-dataset results on UNSW-NB15 span a wide range because evaluation protocols differ. In conventional same-dataset binary testing on a cleaned 257,673-record version, Random Forest reaches 0.9508 accuracy, 0.9621 precision, 0.9607 recall, and 0.9614 F1, outperforming Logistic Regression and Naive Bayes in that study (Hossain et al., 6 May 2026). On the official binary split, a decision-tree-wrapper plus Random Forest pipeline reports 86.41% accuracy, 97.95% detection rate, and 27.73% false alert rate with 19 selected features (Umar et al., 2020). In older baseline benchmarking, Random Forest achieves weighted F1 77 on 10-class multiclass UNSW-NB15 and 88.5 weighted F1 in the binary version, with Decision Tree close behind (Divekar et al., 2018).

Deep models often report higher same-dataset scores, again under heterogeneous protocols. A lightweight χ2\chi^2-selected CNN-BiLSTM reports 97.90% binary accuracy and 97.09% multiclass accuracy on the official split with 20 selected features (Jouhari et al., 2024). A staged DCGAN plus ResNet-50 feature extractor plus ASO-tuned AlexNet reports 99.37% multiclass accuracy, 99.31 precision, 99.34 recall, and 99.33 F1 on a 70/30 split, although implementation details are only partial (Silivery et al., 2023). A pipeline based on random oversampling, clustering-based stacking feature embedding, and PCA reports 99.59% binary accuracy and 99.95% multiclass accuracy with Random Forest and Extra Trees, but that paper also leaves ambiguities about splitting and preprocessing order (Talukder et al., 2024).

Representation changes can alter the benchmark dramatically. In the byte-level flow-to-image study, the same model families gain substantially when trained on 32×3232 \times 32 RGB encodings rather than 1D flow vectors; for UNSW-NB15, image-based models raise binary accuracy to about 96.3–96.7% and five-class multiclass accuracy up to 95.3% under the best image-based ResNeXt-50 configuration (Mu et al., 6 May 2026). By contrast, prompt-only LLM evaluation on balanced UNSW-NB15 test subsets remains clearly weaker and less stable: a 7B instruction-tuned model with flags reaches macro-F1 near 0.78 on 200 flows, while a 3B model with few-shot prompting and calibration attains F1 near 0.68 on 1000 examples (Rehman et al., 18 Oct 2025).

These numbers are not directly interchangeable. Some papers use the official split, others random 70/30 splits, others deterministic subset extraction, online streams, reduced class sets, or transformed modalities. This suggests that UNSW-NB15 is less a single benchmark point than a family of related evaluation protocols.

6. Generalisation, transfer, and expanding uses

A major recent use of UNSW-NB15 is to test whether high within-dataset scores survive domain shift. In a direct comparison with TON_IoT, same-dataset Random Forest reaches 95.08% accuracy on UNSW-NB15, but when trained on UNSW-NB15 and tested on TON_IoT it drops to 38.07%; the authors attribute the degradation to restriction to seven shared features, feature-distribution mismatch, and differences in traffic generation environment and attack behavior (Hossain et al., 6 May 2026). This is one of the clearest demonstrations that strong UNSW-NB15 holdout performance does not by itself establish cross-environment robustness.

UNSW-NB15 has also become a source domain for transferable representation learning. A self-supervised contrastive-learning study pretrains an encoder on unlabeled UNSW-NB15, freezes it, and reports 94.19% accuracy on the in-domain smaller pack while also using the pretrained encoder for downstream transfer to CIC-IDS2017, CIDDS-001, and BoT-IoT (Lotfi et al., 2022). In continual learning, QCL-IDS turns UNSW-NB15 into a three-stage binary stream—Normal versus Recon, then DoS, then Malware—and reports mean Attack-F1 0.941 with forgetting 0.005 under its best gradient-anchor configuration (Zhu et al., 29 Jan 2026).

More operational reinterpretations are now common. ContextBuddy uses 47 UNSW-NB15 features after removing IP addresses, converts records into alert-investigation episodes, and reports a 9% F1 improvement for simulated analyst teaming on UNSW (Singh et al., 11 Jun 2025). A learning-to-defer framework re-labels UNSW-NB15 alerts into five CVSS-style severity levels—critical, high, medium, low, and normal—and reports critical-alert prioritisation accuracy of 0.977 for its adaptive human-feedback model (Jalalvand et al., 23 Jun 2025). An online IDS replication-and-improvement study uses UNSW-NB15 as its sole benchmark and shows that pseudo-label filtering, mixup, and lightweight autoencoders improve the reproduced AOC-IDS baseline, while an offline XGBoost-BalSamp model reaches 95.45% accuracy (Afzaal et al., 24 May 2026).

Taken together, these uses show that UNSW-NB15 now functions as more than a static tabular IDS benchmark. It is a reusable substrate for transfer learning, continual learning, online adaptation, alert prioritisation, contextual investigation support, and prompt-based reasoning. A plausible implication is that its long-term value lies less in any single headline score than in its role as a controlled, publicly shared reference point for studying how intrusion-detection methods behave under changing representations, task definitions, and deployment assumptions.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (18)

Topic to Video (Beta)

No one has generated a video about this topic yet.

Whiteboard

No one has generated a whiteboard explanation for this topic yet.

Follow Topic

Get notified by email when new papers are published related to UNSW-NB15.