Focus on IDS
CDX dataset and labeling Sep 23 2009 04:11AM
snort user (snort user gmail com)
The CDX dataset is available at http://www.itoc.usma.edu/research/dataset/
The paper describing the generation of labeled dataset is available
here: http://www.usenix.org/event/cset09/tech/full_papers/sangster.pdf

As a user of this dataset, how do I get labeling information.
The detailed network diagram is also available at
http://www.itoc.usma.edu/research/dataset/logs/CDX_2009_Network_USMA.pdf

Attack labeling based on ip address: [?]
The IP addresses of the Red Team (the bad guys) is known ahead of
time. But the red team also
generates benign traffic. In addition, after taking over some of the
good machines, red team
can use those ip addresses to attack.

Unless the user digs deep and analyze the traffic in detail is it
possible to know
which sessions/packets are good / bad?
Otherwise what does labeled data mean?

Thanks for any clarification -

-----------------------------------------------------------------
Securing Your Online Data Transfer with SSL.
A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL certificate on your web server, you can securely collect sensitive information online, and increase business by giving your customers confidence that their transactions are safe.
http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a
17f194

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus