From d5f99207e1dee3a91ae2e37265d3f2775b27e868 Mon Sep 17 00:00:00 2001 From: Philipp Boenninghausen Date: Wed, 17 Apr 2024 15:15:32 +0200 Subject: [PATCH] Update csv file --- assets/data/datasets.csv | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/assets/data/datasets.csv b/assets/data/datasets.csv index 86fff82..08a3120 100644 --- a/assets/data/datasets.csv +++ b/assets/data/datasets.csv @@ -1,6 +1,6 @@ Name;Network Attacks;Host Attacks;Start Year;End Year;Setting;OS Type;Network Data Source;Network Data Labeled;Host Data Source;Host Data Labeled;Attack Categories;Benign Activity;Packed Size in MB;Unpacked Size in MB ADFA-LD;No;Yes;2013;2013;Single OS;Linux;-;-;Sequences of Syscall Numbers;Yes;Password Bruteforce , Social Engineering , Web-Based Attacks , Remote Exploits;Unspecified normal operation;2.0;17.0; -ADFA-WD;No;Yes;2014;2014;Single OS;Windows;-;-;DLL calls, XML logs from Procmon;Yes, as in SAA only contains attack data;Stealthy Shellcode;_n/a_;403.0;13600.0; +ADFA-WD;No;Yes;2014;2014;Single OS;Windows;-;-;DLL calls, XML logs from Procmon;Yes, as in SAA only contains attack data;Stealthy Shellcode;n/a;403.0;13600.0; AIT Alert Dataset;Yes;Yes;2023;2023;Enterprise IT;Linux;Suricata, Wazuh and AMiner alerts;Yes;Wazuh and AMiner alerts;Yes;Reconnaissance, Privilege Escalation, Data Exfiltration, Web-based Attacks, Remote Command Execution;Yes, models complex behavior;96.0;2900.0; AIT Log Dataset;Yes;Yes;2023;2023;Enterprise IT;Linux;VPN, DNS, pcaps, Suricata;Yes;Apache, auth, audit, syslogs, and more;Yes;Reconnaissance, Privilege Escalation, Data Exfiltration, Web-based Attacks, Remote Command Execution;Yes, models complex behavior;130000.0;206000.0; ASNM Datasets;Yes;No;2009;2018;Miscellaneous;Windows, Linux;Custom extension of network flows;Yes;-;-;Remote Buffer Overflows, Obfuscated Network Attacks;Yes, but not further detailed;21.0;95000.0; @@ -10,7 +10,7 @@ CIC DoS;Yes;No;2017;2017;Enterprise IT;Linux;Unknown;Presumably;-;-;Application- CIC-DDoS2019;Yes;No;2019;2019;Enterprise IT;Windows, Linux;pcaps, NetFlows;Flows are labeled;Windows event logs, Ubuntu event logs;No;Various DDoS attacks;Yes, models complex behavior;24400.0;; CIC-IDS2017;Yes;No;2017;2017;Enterprise IT;Windows, Linux;pcaps, derived features;Yes;-;-;Brute Force FTP/SSH, DoS & DDoS, Web Attacks, Botnets;Yes, models complex behavior;48400.0;50000.0; CIDD;No;No;2012;2012;Military IT;Unix;PARSE_ERROR;PARSE_ERROR;PARSE_ERROR;PARSE_ERROR;PARSE_ERROR;PARSE_ERROR;;22000.0; -CLUE-LDS;No;No;2022;2022;Subsystem;Undisclosed;-;-;Events generated from usage of storage solution hBox;No, data generated in production -> no known attacks;_n/a_;Real users;640.0;14900.0; +CLUE-LDS;No;No;2022;2022;Subsystem;Undisclosed;-;-;Events generated from usage of storage solution hBox;No, data generated in production -> no known attacks;n/a;Real users;640.0;14900.0; Comprehensive, Multi-Source Cyber-Security Events;Yes;Yes;2015;2015;Enterprise IT;Windows, Linux;NetFlows, DNS lookups;No;Auth events, Process events;Yes, for auth events;Authentication with stolen credentials;Real users;12000.0;; CSE-CIC-IDS2018;Yes;No;2018;2018;Enterprise IT;Windows, Linux, MacOS;pcaps, NetFlows;Yes, NetFlows are labeled;Ubuntu event logs, Windows event logs;No;Bruteforce, Heartbleed, Botnet, DoS/DDoS, Web-Based, Infiltration from Inside;Yes, models complex behavior;220000.0;; CTU 13;Yes;No;2011;2011;Enterprise IT;Windows, Undisclosed;pcaps, NetFlows;Yes, NetFlows are labeled;-;-;Various Botnet activity, (Neris, Rbot, Virut, Menti, Sogou, Murlo, NSIS.ay);Yes, as in real background traffic;;697000.0; @@ -18,11 +18,11 @@ DAPT 2020;Yes;No;2020;2020;Enterprise IT;Undisclosed;NetFlows, DNS;Yes, Netflows DARPA'98 Intrusion Detection Program;Yes;No;1998;1998;Military IT;Unix;tcpdumps;Ground truth provided;bsm audits, file system dumps;No;DoS, Remote to Local, User to Root, Surveillance/Probing;Scripts for traffic generation, actual humans for performing complex tasks;5000.0;; DARPA TC3;No;Yes;2018;2018;Undisclosed;Undisclosed;-;-;Custom event logs;Ground truth provided;Backdoor, Loader Drakon APT, Port Scans, Process Elevation, Process Injection;Yes, but not specified;115000.0;; DARPA TC5;No;Yes;2019;2019;Undisclosed;Undisclosed;-;-;Custom event logs;Ground truth provided;All MITRE tactics;Yes, but not specified;;; -EVTX to MITRE ATT&CK;No;Yes;2022;2022;Single OS;Windows;-;-;Windows evtx files;Yes, in the sense that everything is malicious;Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, C2, Impact;_n/a_;1000.0;1000.0; +EVTX to MITRE ATT&CK;No;Yes;2022;2022;Single OS;Windows;-;-;Windows evtx files;Yes, in the sense that everything is malicious;Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, C2, Impact;n/a;1000.0;1000.0; gureKDDCup;Yes;No;2008;2008;Military IT;Unix;Connection records with payload;Yes;-;-;DoS, Remote to Local, User to Root, Surveillance/Probing;Scripts for traffic generation, actual humans for performing complex tasks;10000.0;; ISCX Intrusion Detection Evaluation;Yes;No;2012;2012;Enterprise IT;Windows, Linux;pcaps;Yes;-;-;Infiltration from Inside, DoS/DDoS, Brute Force;Dedicated profiles generating traffic on various protocols/services;84000.0;87000.0; KDD Cup 1999;Yes;No;1999;1999;Military IT;Unix;Connection records;Yes;-;-;DoS, Remote to Local, User to Root, Surveillance/Probing;Scripts for traffic generation, actual humans for performing complex tasks;18.0;743.0; -Kyoto Honeypot;Yes;No;2006;2015;Miscellaneous;Windows, Unix, MacOS;Features extracted from network traffic;Yes;-;-;_n/a_ (it's a honeypot);Automated normal traffic generation;20000.0;; +Kyoto Honeypot;Yes;No;2006;2015;Miscellaneous;Windows, Unix, MacOS;Features extracted from network traffic;Yes;-;-;n/a (it's a honeypot);Automated normal traffic generation;20000.0;; LID-DS 2019;No;Yes;2019;2019;Single OS;Linux;-;-;Syscalls with parameter information;Ground truth provided;Various CVEs;Yes;13000.0;; NF-UQ-NIDS;Yes;No;2021;2021;Miscellaneous;Windows, Linux, MacOS;Custom NetFlows;Yes;-;-;DoS / DDoS, Reconnaissance, Injection, Infiltration, Backdoor, Botnet, Shellcode, MITM, Worms, Ransomware, Exploits;Yes;2000.0;14800.0; NGIDS-DS;Yes;Yes;2018;2018;Enterprise IT;Linux;pcaps;Ground truth provided;Features derived from host events;Yes;DDoS, Shellcode, Worms, Reconnaissance, Exploits, Generic;Yes, using IXIA PerfectStorm;941.0;13400.0; @@ -33,9 +33,9 @@ OTFR Security Datasets - APT 29;Yes;Yes;2020;2020;Enterprise IT;Windows, Linux;p OTFR Security Datasets - Atomic;Yes;Yes;2019;2022;Single OS;Windows, Linux, Cloud;pcaps, AWS CloudTrail;Yes, in the sense that only attack traffic is provided;Windows events, linux auditd;Yes, in the sense that only attack events are provided;Most of MITRE's Att&ck matrix;No;125.0;; OTFR Security Datasets - Log4Shell;Yes;Yes;2021;2021;Single OS;Linux;pcaps;No, seems to be implied;Sysmon for Linux;No, seems to be implied;Log4j / Log4Shell;No;1.0;1.0; OTFR Security Datasets - LSASS Campaign;Yes;Yes;2023;2023;Single OS;Windows;pcaps, Zeek logs;No;Windows events;No;Resource Development, Execution, Discovery, Privilege Escalation, Defense Evasion, Credential Access, Exfiltration;No;423.0;1000.0; -OTFR Security Datasets - SimuLand Golden SAML;No;Yes;2021;2021;Enterprise IT;Windows;-;-;Events from AAD, MS Defender, Office and Windows;Yes, in the sense that everything is malicious;Impersonation, Data Extraction;_n/a_;;1.0; +OTFR Security Datasets - SimuLand Golden SAML;No;Yes;2021;2021;Enterprise IT;Windows;-;-;Events from AAD, MS Defender, Office and Windows;Yes, in the sense that everything is malicious;Impersonation, Data Extraction;n/a;;1.0; PWNJUTSU;Yes;Yes;2022;2022;Miscellaneous;Windows, Linux;pcaps, various logs (DNS, ssh, http, ssl, etc.);No;Sysmon, auditd, Windows events, various logs (auth, Apache);No;Discovery, Lateral Movement, Credential Access, Privilege Escalation;n/a;82000.0;; -Skopik 2014;No;Yes;2014;2014;Enterprise IT;Linux;-;-;Syslogs;No;_n/a_;Yes, following a complex model;;; +Skopik 2014;No;Yes;2014;2014;Enterprise IT;Linux;-;-;Syslogs;No;n/a;Yes, following a complex model;;; SOCBED Example Dataset;Yes;Yes;2021;2021;Enterprise IT;Windows, Linux;Traffic via packetbeat;No (but I labeled a separate run manually);Various system logs;No (but I labeled a separate run manually);Diverse;Yes;78.0;1300.0; TUIDS;Yes;No;2012;2012;Enterprise IT;Undisclosed;pcaps, NetFlows;Features are labeled;-;-;DoS;Presumably, but not detailed;;; Twente 2009;Yes;No;2009;2009;Single OS;Linux;NetFlows;Yes;-;-;Diverse;No;303.0;1900.0;