ASNM Datasets: A Collection of Network Traffic Data for Testing of Adversarial Classifiers and Network Intrusion Detectors
ASNM datasets include records consisting of many features, that express various properties and characteristics of TCP communications. These features are called Advanced Security Network Metrics (ASNM) and were designed with the intention to discern legitimate and malicious connections (especially intrusions). ASNM features are extracted from tcpdump traces and do not perform deep packet inspection during their computation. ASNM datasets can be used for machine learning-based Network Behavioral Anomaly Detection or analysis of network traffic characteristics based on the labels indicating the presence and/or type of malicious/legitimate communication.
ASNM datasets were created one by one during our long-term research. The following listing contains references to descriptions of particular datasets with their download locations:
- ASNM-NPBO Dataset - contains non-payload-based obfuscation techniques applied onto malicious and some of legitimate traffic. It was created in 2015.
- ASNM-TUN Dataset - contains tunneling obfuscation techniques applied to malicious traffic. It was created in 2014.
- ASNM-CDX-2009 Dataset - contains ASNM features extracted from tcpdumps of CDX 2009 dataset. It misses few newer ASNM features. It was created in 2013.