MM-TBM evaluation datasets
These datasets were generated in a computer network environment where eXfiltration Advanced Persistent Threats were launched against a number of high-value targets.
It is the alert log of the Security Onion SIEM which aggregates alerts from network and host-based intrusion detection systems that are securing the network environment.
Background traffic and attack clutter (noise) are also injected in the network alongside the cyber attacks. In order to confuse the algorithm, clutter attacks generate similar evidence to that of the cyber attack that relatess to the ground truth.
To use the dataset, first convert the columns 4 and 5 from decimal to IP format.
The dataset is unlabelled. To test the dataset with MM-TBM you have to assign a set of belief assignments to each packet with relevance to a specific Alert frame of discernment.