Skip to content

Commit

Permalink
Update csv file
Browse files Browse the repository at this point in the history
  • Loading branch information
Philipp Boenninghausen committed Apr 17, 2024
1 parent aec848f commit d5f9920
Showing 1 changed file with 6 additions and 6 deletions.
12 changes: 6 additions & 6 deletions assets/data/datasets.csv
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
Name;Network Attacks;Host Attacks;Start Year;End Year;Setting;OS Type;Network Data Source;Network Data Labeled;Host Data Source;Host Data Labeled;Attack Categories;Benign Activity;Packed Size in MB;Unpacked Size in MB
ADFA-LD;No;Yes;2013;2013;Single OS;Linux;-;-;Sequences of Syscall Numbers;Yes;Password Bruteforce , Social Engineering , Web-Based Attacks , Remote Exploits;Unspecified normal operation;2.0;17.0;
ADFA-WD;No;Yes;2014;2014;Single OS;Windows;-;-;DLL calls, XML logs from Procmon;Yes, as in SAA only contains attack data;Stealthy Shellcode;_n/a_;403.0;13600.0;
ADFA-WD;No;Yes;2014;2014;Single OS;Windows;-;-;DLL calls, XML logs from Procmon;Yes, as in SAA only contains attack data;Stealthy Shellcode;n/a;403.0;13600.0;
AIT Alert Dataset;Yes;Yes;2023;2023;Enterprise IT;Linux;Suricata, Wazuh and AMiner alerts;Yes;Wazuh and AMiner alerts;Yes;Reconnaissance, Privilege Escalation, Data Exfiltration, Web-based Attacks, Remote Command Execution;Yes, models complex behavior;96.0;2900.0;
AIT Log Dataset;Yes;Yes;2023;2023;Enterprise IT;Linux;VPN, DNS, pcaps, Suricata;Yes;Apache, auth, audit, syslogs, and more;Yes;Reconnaissance, Privilege Escalation, Data Exfiltration, Web-based Attacks, Remote Command Execution;Yes, models complex behavior;130000.0;206000.0;
ASNM Datasets;Yes;No;2009;2018;Miscellaneous;Windows, Linux;Custom extension of network flows;Yes;-;-;Remote Buffer Overflows, Obfuscated Network Attacks;Yes, but not further detailed;21.0;95000.0;
Expand All @@ -10,19 +10,19 @@ CIC DoS;Yes;No;2017;2017;Enterprise IT;Linux;Unknown;Presumably;-;-;Application-
CIC-DDoS2019;Yes;No;2019;2019;Enterprise IT;Windows, Linux;pcaps, NetFlows;Flows are labeled;Windows event logs, Ubuntu event logs;No;Various DDoS attacks;Yes, models complex behavior;24400.0;;
CIC-IDS2017;Yes;No;2017;2017;Enterprise IT;Windows, Linux;pcaps, derived features;Yes;-;-;Brute Force FTP/SSH, DoS & DDoS, Web Attacks, Botnets;Yes, models complex behavior;48400.0;50000.0;
CIDD;No;No;2012;2012;Military IT;Unix;PARSE_ERROR;PARSE_ERROR;PARSE_ERROR;PARSE_ERROR;PARSE_ERROR;PARSE_ERROR;;22000.0;
CLUE-LDS;No;No;2022;2022;Subsystem;Undisclosed;-;-;Events generated from usage of storage solution hBox;No, data generated in production -> no known attacks;_n/a_;Real users;640.0;14900.0;
CLUE-LDS;No;No;2022;2022;Subsystem;Undisclosed;-;-;Events generated from usage of storage solution hBox;No, data generated in production -> no known attacks;n/a;Real users;640.0;14900.0;
Comprehensive, Multi-Source Cyber-Security Events;Yes;Yes;2015;2015;Enterprise IT;Windows, Linux;NetFlows, DNS lookups;No;Auth events, Process events;Yes, for auth events;Authentication with stolen credentials;Real users;12000.0;;
CSE-CIC-IDS2018;Yes;No;2018;2018;Enterprise IT;Windows, Linux, MacOS;pcaps, NetFlows;Yes, NetFlows are labeled;Ubuntu event logs, Windows event logs;No;Bruteforce, Heartbleed, Botnet, DoS/DDoS, Web-Based, Infiltration from Inside;Yes, models complex behavior;220000.0;;
CTU 13;Yes;No;2011;2011;Enterprise IT;Windows, Undisclosed;pcaps, NetFlows;Yes, NetFlows are labeled;-;-;Various Botnet activity, (Neris, Rbot, Virut, Menti, Sogou, Murlo, NSIS.ay);Yes, as in real background traffic;;697000.0;
DAPT 2020;Yes;No;2020;2020;Enterprise IT;Undisclosed;NetFlows, DNS;Yes, Netflows are labeled;Syslog, auditd, apache, auth, various services;No;Reconnaissance, Persistence, Lateral Movement, Exfiltration;Benign traffic generated by students (?);460.0;;
DARPA'98 Intrusion Detection Program;Yes;No;1998;1998;Military IT;Unix;tcpdumps;Ground truth provided;bsm audits, file system dumps;No;DoS, Remote to Local, User to Root, Surveillance/Probing;Scripts for traffic generation, actual humans for performing complex tasks;5000.0;;
DARPA TC3;No;Yes;2018;2018;Undisclosed;Undisclosed;-;-;Custom event logs;Ground truth provided;Backdoor, Loader Drakon APT, Port Scans, Process Elevation, Process Injection;Yes, but not specified;115000.0;;
DARPA TC5;No;Yes;2019;2019;Undisclosed;Undisclosed;-;-;Custom event logs;Ground truth provided;All MITRE tactics;Yes, but not specified;;;
EVTX to MITRE ATT&CK;No;Yes;2022;2022;Single OS;Windows;-;-;Windows evtx files;Yes, in the sense that everything is malicious;Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, C2, Impact;_n/a_;1000.0;1000.0;
EVTX to MITRE ATT&CK;No;Yes;2022;2022;Single OS;Windows;-;-;Windows evtx files;Yes, in the sense that everything is malicious;Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, C2, Impact;n/a;1000.0;1000.0;
gureKDDCup;Yes;No;2008;2008;Military IT;Unix;Connection records with payload;Yes;-;-;DoS, Remote to Local, User to Root, Surveillance/Probing;Scripts for traffic generation, actual humans for performing complex tasks;10000.0;;
ISCX Intrusion Detection Evaluation;Yes;No;2012;2012;Enterprise IT;Windows, Linux;pcaps;Yes;-;-;Infiltration from Inside, DoS/DDoS, Brute Force;Dedicated profiles generating traffic on various protocols/services;84000.0;87000.0;
KDD Cup 1999;Yes;No;1999;1999;Military IT;Unix;Connection records;Yes;-;-;DoS, Remote to Local, User to Root, Surveillance/Probing;Scripts for traffic generation, actual humans for performing complex tasks;18.0;743.0;
Kyoto Honeypot;Yes;No;2006;2015;Miscellaneous;Windows, Unix, MacOS;Features extracted from network traffic;Yes;-;-;_n/a_ (it's a honeypot);Automated normal traffic generation;20000.0;;
Kyoto Honeypot;Yes;No;2006;2015;Miscellaneous;Windows, Unix, MacOS;Features extracted from network traffic;Yes;-;-;n/a (it's a honeypot);Automated normal traffic generation;20000.0;;
LID-DS 2019;No;Yes;2019;2019;Single OS;Linux;-;-;Syscalls with parameter information;Ground truth provided;Various CVEs;Yes;13000.0;;
NF-UQ-NIDS;Yes;No;2021;2021;Miscellaneous;Windows, Linux, MacOS;Custom NetFlows;Yes;-;-;DoS / DDoS, Reconnaissance, Injection, Infiltration, Backdoor, Botnet, Shellcode, MITM, Worms, Ransomware, Exploits;Yes;2000.0;14800.0;
NGIDS-DS;Yes;Yes;2018;2018;Enterprise IT;Linux;pcaps;Ground truth provided;Features derived from host events;Yes;DDoS, Shellcode, Worms, Reconnaissance, Exploits, Generic;Yes, using IXIA PerfectStorm;941.0;13400.0;
Expand All @@ -33,9 +33,9 @@ OTFR Security Datasets - APT 29;Yes;Yes;2020;2020;Enterprise IT;Windows, Linux;p
OTFR Security Datasets - Atomic;Yes;Yes;2019;2022;Single OS;Windows, Linux, Cloud;pcaps, AWS CloudTrail;Yes, in the sense that only attack traffic is provided;Windows events, linux auditd;Yes, in the sense that only attack events are provided;Most of MITRE's Att&ck matrix;No;125.0;;
OTFR Security Datasets - Log4Shell;Yes;Yes;2021;2021;Single OS;Linux;pcaps;No, seems to be implied;Sysmon for Linux;No, seems to be implied;Log4j / Log4Shell;No;1.0;1.0;
OTFR Security Datasets - LSASS Campaign;Yes;Yes;2023;2023;Single OS;Windows;pcaps, Zeek logs;No;Windows events;No;Resource Development, Execution, Discovery, Privilege Escalation, Defense Evasion, Credential Access, Exfiltration;No;423.0;1000.0;
OTFR Security Datasets - SimuLand Golden SAML;No;Yes;2021;2021;Enterprise IT;Windows;-;-;Events from AAD, MS Defender, Office and Windows;Yes, in the sense that everything is malicious;Impersonation, Data Extraction;_n/a_;;1.0;
OTFR Security Datasets - SimuLand Golden SAML;No;Yes;2021;2021;Enterprise IT;Windows;-;-;Events from AAD, MS Defender, Office and Windows;Yes, in the sense that everything is malicious;Impersonation, Data Extraction;n/a;;1.0;
PWNJUTSU;Yes;Yes;2022;2022;Miscellaneous;Windows, Linux;pcaps, various logs (DNS, ssh, http, ssl, etc.);No;Sysmon, auditd, Windows events, various logs (auth, Apache);No;Discovery, Lateral Movement, Credential Access, Privilege Escalation;n/a;82000.0;;
Skopik 2014;No;Yes;2014;2014;Enterprise IT;Linux;-;-;Syslogs;No;_n/a_;Yes, following a complex model;;;
Skopik 2014;No;Yes;2014;2014;Enterprise IT;Linux;-;-;Syslogs;No;n/a;Yes, following a complex model;;;
SOCBED Example Dataset;Yes;Yes;2021;2021;Enterprise IT;Windows, Linux;Traffic via packetbeat;No (but I labeled a separate run manually);Various system logs;No (but I labeled a separate run manually);Diverse;Yes;78.0;1300.0;
TUIDS;Yes;No;2012;2012;Enterprise IT;Undisclosed;pcaps, NetFlows;Features are labeled;-;-;DoS;Presumably, but not detailed;;;
Twente 2009;Yes;No;2009;2009;Single OS;Linux;NetFlows;Yes;-;-;Diverse;No;303.0;1900.0;
Expand Down

0 comments on commit d5f9920

Please sign in to comment.