The use of the logs (such as Snort) is as close to labeling as we have right now. We have begun the process of labeling the dataset, but aren't at a point to release a "labeled" product.
OK, I guess it was Richard's post at Taosecurity that made me think that the data was completely labeled. Thanks for your work. I am looking forward to the labeled product.
All these pcaps and then some are now fully indexed for contextual search and extract at http://www.pcapr.net/forensics. We call this Collaborative Network Forensics.
The Snort log file is from the border router for the West Point network. Most alerts triggered are from attacks launched from the NSA Red Cell...but there may be a few from other academies IF and ONLY IF the NSA compromised a machine on another academy's network and launched the attack from there. There was no inter-academy attacks.
Sorry I am new to this site I am have trouble in knowing how to open or view these data set in which viewer i should open it. System gets hanged when I tries to open in notepad; Should I open it in linux? Please help me out....
Could Someone please just say how to view the dataset.... in which viewer..... Please.... I am an M.Tech Student.... I am asking this for doing some project related with IDS...... Someone Please help me out.... Please
Hi,
ReplyDeleteI have been looking on the datasets but I really don't understand in what sense they are labeled. Is it the Snort log that is the labeling?
The use of the logs (such as Snort) is as close to labeling as we have right now. We have begun the process of labeling the dataset, but aren't at a point to release a "labeled" product.
ReplyDeleteOK, I guess it was Richard's post at Taosecurity that made me think that the data was completely labeled. Thanks for your work. I am looking forward to the labeled product.
ReplyDeleteThis dataset is a perfect candidate for bittorrent. Any plans for that?
ReplyDeleteI'll look into it and post something this afternoon or tomorrow.
ReplyDeleteAll these pcaps and then some are now fully indexed for contextual search and extract at
ReplyDeletehttp://www.pcapr.net/forensics. We call this Collaborative Network Forensics.
The Snort Intrusion Detection Log file is for Data Capture from National Security Agency (NSA), or Data Capture Outside West Point Network Border?
ReplyDeleteThe Snort log file is from the border router for the West Point network. Most alerts triggered are from attacks launched from the NSA Red Cell...but there may be a few from other academies IF and ONLY IF the NSA compromised a machine on another academy's network and launched the attack from there. There was no inter-academy attacks.
ReplyDeleteHas anyone else experienced MD5 checksum mismatches with the datasets?
ReplyDeleteI am downloading the dumps using Orbit Downloader and checksummed them with MD5ContextMenu.
Unluckily I dont have any other Linux/BSD box to double check.
Should I fetch the sets again or the post in the website contains wrong checksums (I assume this is not the case)?
Thanks a lot for this datasets, luckily we can all move forward and stop using the decade old Darpa sets.
After a quick and dirty test I can it seems pausing and resuming the download alters the checksum. I am redownloading the sets, sorry for the noise!
ReplyDeleteSorry I am new to this site I am have trouble in knowing how to open or view these data set in which viewer i should open it. System gets hanged when I tries to open in notepad; Should I open it in linux? Please help me out....
ReplyDeleteCould Someone please just say how to view the dataset.... in which viewer..... Please.... I am an M.Tech Student.... I am asking this for doing some project related with IDS...... Someone Please help me out.... Please
ReplyDeleteWireshark.
ReplyDeleteThankyou verymuch I will try
ReplyDelete