In recent years, the demand for computer networks has grown rapidly, thus allowing for higher risk of novel attack incidents. Traditional network intrusion detection systems (IDSs) usually have difficulties detecting these attacks because they need to adapt to more advanced or challenging technologies of novel attacks, yet updating them can be computationally expensive and complicated. Therefore, an adaptive IDS is crucial to keep computer networks protected. In addition, consistent update of IDS datasets is essential due to the advancement in network technology and attack strategies. Updating the IDS datasets would allow for the testing of the proposed IDSs on datasets that are relevant to the recent attacks. Moreover, the connection between processing raw network data and creating an adaptive IDS has not been sufficiently studied in this domain. Therefore, this study presents an adaptive IDS and a new real-world network dataset called the UKM-IDS20. The proposed IDS employs the homogeneous ensemble method to create a model that can be periodically updated to detect novel attacks. The update procedure includes training new classifiers and adding them to the base ensemble model. Since this procedure requires further data, a simple data acquisition methodology is used for processing raw network traffic data. This process involves three stages; packet capturing, packet integration, and feature extraction. The collected data from the tests of this study is then used to create the UKM-IDS20 dataset. The created dataset contains 46 features and covers four types of attacks, namely ARP poisoning, DoS, Scans, and Exploits. The complexity of the UKM-IDS20 is compared to the KDD99 and UNSW-NB15 datasets from two aspects. First, an analysis of the features and classes is demonstrated using the rough-set theory. Second, a dynamic artificial neural network is used to test and compare the three datasets mentioned above. The results show a higher complexity and relevancy of the features in the introduced dataset. The UKM-IDS20 dataset is publicly available and can be accessed by all researchers. This study is anticipated to provide enough information to help cybersecurity academics to generate effective IDSs and up-to-date datasets.

近年来，对计算机网络的需求迅速增长，从而增加了新攻击事件的风险。传统的网络入侵检测系统 (IDS) 通常难以检测到这些攻击，因为它们需要适应更先进或更具挑战性的新型攻击技术，但更新它们的计算成本高昂且复杂。因此，自适应 IDS 对保护计算机网络至关重要。此外，由于网络技术和攻击策略的进步，IDS 数据集的持续更新至关重要。更新 IDS 数据集将允许在与最近的攻击相关的数据集上测试提议的 IDS。此外，在该领域还没有充分研究处理原始网络数据和创建自适应 IDS 之间的联系。因此，本研究提出了一个自适应 IDS 和一个名为 UKM-IDS20 的新现实网络数据集。所提出的 IDS 采用同构集成方法来创建一个模型，该模型可以定期更新以检测新的攻击。更新过程包括训练新的分类器并将它们添加到基础集成模型中。由于此过程需要更多数据，因此使用简单的数据采集方法来处理原始网络流量数据。这个过程包括三个阶段；数据包捕获、数据包集成和特征提取。从本研究的测试中收集的数据然后用于创建 UKM-IDS20 数据集。创建的数据集包含 46 个特征，涵盖四种攻击类型，即 ARP 中毒、DoS、扫描和漏洞利用。UKM-IDS20的复杂度从两个方面与KDD99和UNSW-NB15数据集进行比较。首先，使用粗糙集理论演示了对特征和类的分析。其次，使用动态人工神经网络来测试和比较上述三个数据集。结果表明引入的数据集中的特征具有更高的复杂性和相关性。UKM-IDS20 数据集是公开可用的，所有研究人员都可以访问。预计这项研究将提供足够的信息，以帮助网络安全学者生成有效的 IDS 和最新数据集。结果表明引入的数据集中的特征具有更高的复杂性和相关性。UKM-IDS20 数据集是公开可用的，所有研究人员都可以访问。预计这项研究将提供足够的信息，以帮助网络安全学者生成有效的 IDS 和最新数据集。结果表明引入的数据集中的特征具有更高的复杂性和相关性。UKM-IDS20 数据集是公开可用的，所有研究人员都可以访问。预计这项研究将提供足够的信息，以帮助网络安全学者生成有效的 IDS 和最新数据集。