Download: weird Zip File
Number of Instances: | 12873 | Security Area: | Network Protocols |
---|---|---|---|
Number of Attributes: | 10 | Date Donated: | 2012 |
Missing Values? | - | Associated ML Tasks: | Network Analysis |
Mike Sconzo
Security Repository
Secrepo.com
This script provides a default set of actions to take for “weird activity” events generated from Bro’s event engine. Weird activity is defined as unusual or exceptional activity that can indicate malformed connections, traffic that doesn’t conform to a particular protocol, malfunctioning or misconfigured hardware, or even an attacker attempting to avoid/confuse a sensor. Without context, it’s hard to judge whether a particular category of weird activity is interesting, but this script provides a starting point for the user.
Data Type | Count | Unique Values | Missing Values | |
---|---|---|---|---|
ts | float64 | 12873 | 12795 | 0 |
uid | object | 10491 | 10193 | 2382 |
id.orig_h | object | 10491 | 133 | 2382 |
id.orig_p | float64 | 10491 | 656 | 2382 |
id.resp_h | object | 10491 | 1019 | 2382 |
id.resp_p | float64 | 10491 | 18 | 2382 |
name | object | 12873 | 30 | 0 |
addl | object | 3 | 2 | 12870 |
notice | object | 12873 | 1 | 0 |
peer | object | 12873 | 1 | 0 |
Bro Logs http://gauss.ececs.uc.edu/Courses/c6055/pdf/bro_log_vars.pdf
Neise, Patrick. "Intrusion Detection Through Relationship Analysis". Oct 2016 https://www.sans.org/reading-room/whitepapers/detection/intrusion-detection-relationship-analysis-37352
Frances Bernadette C. De Ocampo, Trisha Mari L. Del Castillo, Miguel Alberto N. Gomez. "AUTOMATED SIGNATURE CREATOR FOR A SIGNATURE BASED INTRUSION DETECTION SYSTEM WITH NETWORK ATTACK DETECTION CAPABILITIES". 2013 http://sdiwc.net/digital-library/automated-signature-creator-for-a-signature-based-intrusion-detection-system-with-network-attack-detection-capabilities-pancakes.html