IDS mailing list archives

Previous By Date Next
Previous By Thread Next

CDX dataset and labeling

From: snort user <snort.user () gmail com>
Date: Wed, 23 Sep 2009 00:11:59 -0400
The CDX dataset is available at http://www.itoc.usma.edu/research/dataset/
The paper describing the generation of labeled dataset is available
here: http://www.usenix.org/event/cset09/tech/full_papers/sangster.pdf

As a user of this dataset, how do I get labeling information.
The detailed network diagram is also available at
http://www.itoc.usma.edu/research/dataset/logs/CDX_2009_Network_USMA.pdf

Attack labeling based on ip address: [?]
The IP addresses of the Red Team (the bad guys) is known ahead of
time. But the red team also
generates benign traffic. In addition, after taking over some of the
good machines, red team
can use those ip addresses to attack.

Unless the user digs deep and analyze the traffic in detail is it
possible to know
which sessions/packets are good / bad?
Otherwise what does labeled data mean?

Thanks for any clarification -

-----------------------------------------------------------------
Securing Your Online Data Transfer with SSL.
A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL certificate 
on your web server, you can securely collect sensitive information online, and increase business by giving your 
customers confidence that their transactions are safe.
http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a17f194
Previous By Date Next
Previous By Thread Next

Current thread: