[prev in list] [next in list] [prev in thread] [next in thread] 

List:       focus-ids
Subject:    CDX dataset and labeling
From:       snort user <snort.user () gmail ! com>
Date:       2009-09-23 4:11:59
Message-ID: 5eb26e340909222111l692a704cwedc0fa3d15d90d9 () mail ! gmail ! com
[Download RAW message or body]

The CDX dataset is available at http://www.itoc.usma.edu/research/dataset/
The paper describing the generation of labeled dataset is available
here: http://www.usenix.org/event/cset09/tech/full_papers/sangster.pdf

As a user of this dataset, how do I get labeling information.
The detailed network diagram is also available at
http://www.itoc.usma.edu/research/dataset/logs/CDX_2009_Network_USMA.pdf

Attack labeling based on ip address: [?]
The IP addresses of the Red Team (the bad guys) is known ahead of
time. But the red team also
generates benign traffic. In addition, after taking over some of the
good machines, red team
can use those ip addresses to attack.

Unless the user digs deep and analyze the traffic in detail is it
possible to know
which sessions/packets are good / bad?
Otherwise what does labeled data mean?

Thanks for any clarification -

-----------------------------------------------------------------
Securing Your Online Data Transfer with SSL.
A guide to understanding SSL certificates, how they operate and their application. By \
making use of an SSL certificate on your web server, you can securely collect \
sensitive information online, and increase business by giving your customers \
confidence that their transactions are safe. \
http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a17f194


[prev in list] [next in list] [prev in thread] [next in thread]