Select Language

AI社区

公开数据集

Kitsune网络攻击数据集数据集

Kitsune网络攻击数据集数据集

17.7G
881 浏览
1 喜欢
7 次下载
0 条讨论
Computer Classification

Data Set Information:==== Overview ====The are 9 network capture datasets in total, listed below. Viol. is the security......

数据结构 ? 17.7G

    Data Structure ?

    * 以上分析是由系统提取分析形成的结果,具体实际数据为准。

    README.md

    Data Set Information:

    ==== Overview ====
    The are 9 network capture datasets in total, listed below. Viol. is the security violation (Confidentiality, Integrity, and Authenticity).


    Attack Type Attack Name Tool Viol. Description: The attacker
    Recon.
      -1 OS Scan Nmap C scans the network for hosts, and their operating systems, to reveal possible vulnerabilities.
      -2 Fuzzing SFuzz C searches for vulnerabilities in the camera's web servers by sending random commands to their cgis.
    Man in the Middle
      -3 Video Injection Video Jack C,I injects a recorded video clip into a live video stream.
      -4 ARP MitM Ettercap C intercepts all LAN traffic via an ARP poisoning attack.
      -5 Active Wiretap R.PI 3B C intercepts all LAN traffic via active wiretap (network bridge) covertly installed on an exposed cable.
    Denial of Service
      -6 SSDP Flood Saddam A overloads the DVR by causing cameras to spam the server with UPnP advertisements.
      -7 SYN DoS Hping3 A disables a camera's video stream by overloading its web server.
      -8 SSL Reneg. THC A disables a camera's video stream by sending many SSL renegotiation packets to the camera.
    Botnet Malware
      -9 Mirai Telnet C,I infects IoT with the Mirai malware by exploiting default credentials, and then scans for new vulnerable victims network.

    -For more details on the attacks themselves, please refer to our paper.

    ==== Data Organization ====
    For each attack (network capture) above we provide (1) a csv of the features used in our paper where each row is a network packet, (2) the corresponding labels [benign, malicious], and (3) the original network capture in truncated pcap format.

    -Each attack dataset is located in a separate directory
    -Each directory contains three files:


    Attribute Information:

    === The features in the csv files ===
    Each row in the csv is a packet captured (chronologically). More a deep explanation, please see our paper.
    In general, each row (feature vector) are recent (temporal) statistics which describes the context of the packet's channel and its communicating parties:

    Whenever a packet arrives, we extract a behavioral snapshot of the hosts and protocols which communicated the given packet. The snapshot consists of 115 traffic statistics capturing a small temporal window into: (1) the packet's sender in general, and (2) the traffic between the packet's sender and receiver.

    Specifically, the statistics summarize all of the traffic...
    ...originating from this packet's source MAC and IP address (denoted SrcMAC-IP).
    ...originating from this packet's source IP (denoted SrcIP).
    ...sent between this packet's source and destination IPs (denoted Channel).
    ...sent between this packet's source and destination TCP/UDP Socket (denoted Socket).

    A total of 23 features (capturing the above) can be extracted from a single time window ?? (see Table II). The FE extracts the same set of features from a total of five time damped windows of approximately: 100ms, 500ms, 1.5sec, 10sec, and 1min into the past (?? = 5, 3, 1, 0.1, 0.01), thus totaling 115 features.

    We note that not every packet applies to every channel type (e.g., there is no socket if the packet does not contain a TCP or UDP datagram). In these cases, these features are zeroed. Thus, the final feature vector ~x, which the FE passes to the
    FM, is always a member of R^n, where n = 115.

    The feature extraction code (pcap to csv) is available at: [Web link]


    Relevant Papers:

    [Web link]
    [Web link]


    Citation Request:

    If you use this dataset, please cite:
    Yisroel Mirsky, Tomer Doitshman, Yuval Elovici, and Asaf Shabtai, 'Kitsune: An Ensemble of Autoencoders for online Network Intrusion Detection', Network and Distributed System Security Symposium 2018 (NDSS'18)


    Creators:
    Yisroel Mirsky, Tomer Doitshman, Yuval Elovici, and Asaf Shabtai.
    Ben-Gurion University of the Negev, Department of Information Systems Engineering

    Donor:
    Yisroel Mirsky
    yisroel




    ×

    帕依提提提温馨提示

    该数据集正在整理中,为您准备了其他渠道,请您使用

    注:部分数据正在处理中,未能直接提供下载,还请大家理解和支持。
    暂无相关内容。
    暂无相关内容。
    • 分享你的想法
    去分享你的想法~~

    全部内容

      欢迎交流分享
      开始分享您的观点和意见,和大家一起交流分享.
    所需积分:15 去赚积分?
    • 881浏览
    • 7下载
    • 1点赞
    • 收藏
    • 分享