WEIRD

Download: weird Zip File

Abstract

Number of Instances:	9583	Security Area:	Network Protocols
Number of Attributes:	10	Date Donated:	2012
Missing Values?	-	Associated ML Tasks:	Network Analysis

Source

Mike Sconzo

Security Repository

Secrepo.com

Dataset Information

This script provides a default set of actions to take for “weird activity” events generated from Bro’s event engine. Weird activity is defined as unusual or exceptional activity that can indicate malformed connections, traffic that doesn’t conform to a particular protocol, malfunctioning or misconfigured hardware, or even an attacker attempting to avoid/confuse a sensor. Without context, it’s hard to judge whether a particular category of weird activity is interesting, but this script provides a starting point for the user.

Attribute Information

	Data Type	Count	Unique Values	Missing Values
ts	float64	9583	9521	0
uid	object	7891	7690	1692
id.orig_h	object	7891	129	1692
id.orig_p	float64	7891	377	1692
id.resp_h	object	7891	624	1692
id.resp_p	float64	7891	13	1692
name	object	9583	23	0
addl	object	7	1	9576
notice	object	9583	1	0
peer	object	9583	1	0

Relevant Papers

Bro Logs http://gauss.ececs.uc.edu/Courses/c6055/pdf/bro_log_vars.pdf

Neise, Patrick. "Intrusion Detection Through Relationship Analysis". Oct 2016 https://www.sans.org/reading-room/whitepapers/detection/intrusion-detection-relationship-analysis-37352

Frances Bernadette C. De Ocampo, Trisha Mari L. Del Castillo, Miguel Alberto N. Gomez. "AUTOMATED SIGNATURE CREATOR FOR A SIGNATURE BASED INTRUSION DETECTION SYSTEM WITH NETWORK ATTACK DETECTION CAPABILITIES". 2013 http://sdiwc.net/digital-library/automated-signature-creator-for-a-signature-based-intrusion-detection-system-with-network-attack-detection-capabilities-pancakes.html

Associate Data Science Notebook