computer network defence

This work intend to identify characteristics in network traffic that are able to distinguish the normal network behavior from denial of service attacks. One way to classify anomalous traffic is the data analysis of the packets header. This dataset contains labeled examples of normal traffic (23.088 instances), TCP Flood attacks (14.988 instances), UDP Flood (6.894 instances), HTTP Flood (347 instances) and HTTP Slow (183 instances) distributed in 73 numeric variables.

These datasets were generated in a computer network environment where eXfiltration Advanced Persistent Threats were launched against a number of high-value targets.

It is the alert log of the Security Onion SIEM which aggregates alerts from network and host-based intrusion detection systems that are securing the network environment.