kdd cup data et and argus
Oğuz Yarımtepe
oguzyarimtepe at gmail.com
Sun Sep 29 08:29:36 EDT 2013
Hi,
For the ones dealing with machine learning KDD Cup 99 dataset is used
widely for testing the algorithm proposed. (
http://kdd.ics.uci.edu/databases/kddcup99/task.html)
The data set is created with some featured defined at Table 1, Table 2 and
Table 3. Now i would like to test my algorithm with the real data so i will
collect traffic and convert it to KDD Cup 99 format. Table 1 properties are
seemed to be gathered via Argus. Table 3 also seems also.
How can i gather or calculate the properties at Table2? The properties are
number of ``hot'' indicators: I am not sure what hot is here.
number of failed login attempts
1 if successfully logged in; 0 otherwise
number of ``compromised''continuous
1 if root shell is obtained; 0 otherwise
1 if ``su root'' command attempted; 0 otherwise
number of ``root'' accesses
number of file creation operations
number of shell prompts
number of operations on access control files
number of outbound commands in an ftp session
So it seems payload analysis is required? Anybody who had experience with
such thing or any suggestion? I will be listening a mirrored port and
saving the traffic data to db.
Cheers.
--
Oğuz Yarımtepe
http://about.me/oguzy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20130929/3e2db6dc/attachment.html>
More information about the argus
mailing list