MM-TBM evaluation datasets

Citation Author(s):
Georgios
Ioannou
Panos
Louvieris
Natalie
Clewley
Submitted by:
Georgios Ioannou
Last updated:
Tue, 05/17/2022 - 22:17
DOI:
10.21227/8dt8-gx46
Data Format:
.zip
Research Article Link:
A Markov Multi-Phase Transferable Belief Model for Cyber Situational Awareness
License:
Creative Commons Attribution
355 Views
Categories:
Security
Keywords:
Information fusion, computer network defence, cyber situational awareness, multi-phase attack
0
0 ratings - Please login to submit your rating.
ACCESS DATASET CITE SHARE/EMBED

Abstract 

These datasets were generated in a computer network environment where eXfiltration Advanced Persistent Threats were launched against a number of high-value targets.

It is the alert log of the Security Onion SIEM which aggregates alerts from network and host-based intrusion detection systems that are securing the network environment.

Background traffic and attack clutter (noise) are also injected in the network alongside the cyber attacks. In order to confuse the algorithm, clutter attacks generate similar evidence to that of the cyber attack that relatess to the ground truth.

 

Instructions: 

To use the dataset, first convert the columns 4 and 5 from decimal to IP format.

The dataset is unlabelled. To test the dataset with MM-TBM you have to assign a set of belief assignments to each packet with relevance to a specific Alert frame of discernment. 

Dataset Files

LOGIN TO ACCESS DATASET FILES

Documentation

AttachmentSize
File Readme file425 bytes

QUESTIONS?