Download: weird Zip File
| Number of Instances: | 65983 | Security Area: | Network Protocols |
|---|---|---|---|
| Number of Attributes: | 10 | Date Donated: | 2012 |
| Missing Values? | - | Associated ML Tasks: | Network Analysis |
Mike Sconzo
Security Repository
Secrepo.com
This script provides a default set of actions to take for “weird activity” events generated from Bro’s event engine. Weird activity is defined as unusual or exceptional activity that can indicate malformed connections, traffic that doesn’t conform to a particular protocol, malfunctioning or misconfigured hardware, or even an attacker attempting to avoid/confuse a sensor. Without context, it’s hard to judge whether a particular category of weird activity is interesting, but this script provides a starting point for the user.
| Data Type | Count | Unique Values | Missing Values | |
|---|---|---|---|---|
| ts | float64 | 65983 | 44044 | 0 |
| uid | object | 65526 | 51651 | 457 |
| id.orig_h | object | 65526 | 221 | 457 |
| id.orig_p | float64 | 65526 | 25772 | 457 |
| id.resp_h | object | 65526 | 279 | 457 |
| id.resp_p | float64 | 65526 | 183 | 457 |
| name | object | 65983 | 50 | 0 |
| addl | object | 865 | 125 | 65118 |
| notice | object | 65983 | 1 | 0 |
| peer | object | 65983 | 1 | 0 |
Bro Logs http://gauss.ececs.uc.edu/Courses/c6055/pdf/bro_log_vars.pdf
Intrusion Detection Through Relationship Analysis https://www.sans.org/reading-room/whitepapers/detection/intrusion-detection-relationship-analysis-37358