Download: conn Zip File
| Number of Instances: | 188654 | Security Area: | Network Protocols |
|---|---|---|---|
| Number of Attributes: | 20 | Date Donated: | 2012 |
| Missing Values? | - | Associated ML Tasks: | Network Analysis |
Mike Sconzo
Security Repository
Secrepo.com
This script manages the tracking/logging of general information regarding TCP, UDP, and ICMP traffic. For UDP and ICMP, “connections” are to be interpreted using flow semantics (sequence of packets from a source host/port to a destination host/port). Further, ICMP “ports” are to be interpreted as the source port meaning the ICMP message type and the destination port being the ICMP message code.
| Data Type | Count | Unique Values | Missing Values | |
|---|---|---|---|---|
| ts | float64 | 188654 | 188654 | 0 |
| uid | object | 188654 | 188654 | 0 |
| id.orig_h | object | 188654 | 707 | 0 |
| id.orig_p | int64 | 188654 | 3994 | 0 |
| id.resp_h | object | 188654 | 30197 | 0 |
| id.resp_p | int64 | 188654 | 349 | 0 |
| proto | object | 188654 | 3 | 0 |
| service | object | 131479 | 5 | 57175 |
| duration | float64 | 164928 | 153900 | 23726 |
| orig_bytes | float64 | 164928 | 7345 | 23726 |
| resp_bytes | float64 | 164928 | 33301 | 23726 |
| conn_state | object | 188654 | 13 | 0 |
| local_orig | float64 | 0 | 0 | 188654 |
| missed_bytes | int64 | 188654 | 93 | 0 |
| history | object | 187654 | 243 | 1000 |
| orig_pkts | int64 | 188654 | 945 | 0 |
| orig_ip_bytes | int64 | 188654 | 11336 | 0 |
| resp_pkts | int64 | 188654 | 1257 | 0 |
| resp_ip_bytes | int64 | 188654 | 35372 | 0 |
| tunnel_parents | object | 188654 | 1 | 0 |
Bro Logs http://gauss.ececs.uc.edu/Courses/c6055/pdf/bro_log_vars.pdf
Neise, Patrick. "Intrusion Detection Through Relationship Analysis". Oct 2016 https://www.sans.org/reading-room/whitepapers/detection/intrusion-detection-relationship-analysis-37352
Frances Bernadette C. De Ocampo, Trisha Mari L. Del Castillo, Miguel Alberto N. Gomez. "AUTOMATED SIGNATURE CREATOR FOR A SIGNATURE BASED INTRUSION DETECTION SYSTEM WITH NETWORK ATTACK DETECTION CAPABILITIES". 2013 http://sdiwc.net/digital-library/automated-signature-creator-for-a-signature-based-intrusion-detection-system-with-network-attack-detection-capabilities-pancakes.html