MAWILab

Data set: 2007/01/11






Traffic Trace: 2007/01/11

Info: http://mawi.wide.ad.jp/mawi/samplepoint-F/2007/200701111400.html
tcpdump file: http://mawi.wide.ad.jp/mawi/samplepoint-F/2007/200701111400.dump.gz

Anomalous Traffic:

"Anomalous" and "Suspicious" labels (admd file): 20070111_anomalous_suspicious.xml
"Anomalous" and "Suspicious" labels (csv file): 20070111_anomalous_suspicious.csv

Overview of the anomalies:

Number of anomalies: 170
Proportion of anomalies in terms of occurrence:


Breakdown of the anomalies:

TaxonomyHeuristicLabelDetectors
network_scan_ACKUnknownsuspicious Hough
network_scan_ACKUnknownsuspicious Hough
network_scan_ACKUnknownsuspicious Hough
network_scan_SYN_tSYN attacksuspicious Hough, PCA
network_scan_UDP_UDP_responseUnknownsuspicious Hough
network_scan_ACKUnknownsuspicious Hough
network_scan_UDP_UDP_responseUnknownsuspicious Hough
network_scan_UDP_UDP_responseUnknownsuspicious Hough
network_scan_ACKHTTP trafficsuspicious Hough, Gamma
network_scan_ACKOthersuspicious Gamma, PCA
network_scan_UDPNetbios attacksuspicious Hough, KL
network_scan_UDP_UDP_responseOtheranomalous Hough, Gamma, KL
network_scan_ACKHTTP trafficanomalous Gamma, PCA
network_scan_ACKHTTP trafficanomalous Gamma, PCA
network_scan_ACKHTTP trafficanomalous Gamma, PCA
network_scan_UDP_UDP_responseUnknownanomalous KL
network_scan_UDP_UDP_responseUnknownanomalous KL
network_scan_UDP_UDP_responseUnknownanomalous KL
network_scan_ACKHTTP trafficanomalous Gamma, PCA
point_to_multipoint_HTTPUnknownsuspicious Hough
alpha_flowHTTPS trafficsuspicious Hough
point_to_multipointUnknownsuspicious Hough
small_alpha_flowUnknownsuspicious Hough
alpha_flowUnknownsuspicious Hough
alpha_flowUnknownsuspicious Hough
alpha_flow_HTTPUnknownsuspicious Hough
point_to_multipoint_low_activity_HTTPUnknownsuspicious Hough
point_to_multipoint_low_activityUnknownsuspicious Hough
small_alpha_flowUnknownsuspicious Hough
point_to_multipoint_low_activityUnknownsuspicious Hough
alpha_flow_HTTPUnknownsuspicious Hough
multipoint_to_point_HTTPUnknownsuspicious Hough
ipv4_gre_tunnelUnknownsuspicious Hough
multipoint_to_point_low_activity_HTTPUnknownsuspicious Hough
small_alpha_flowUnknownsuspicious Hough
point_to_multipointUnknownsuspicious Hough
micro_alpha_flowUnknownsuspicious Hough
alpha_flowUnknownsuspicious Hough
point_to_multipointUnknownsuspicious Hough
alpha_flow_HTTPUnknownsuspicious Hough
multipoint_to_point_HTTPUnknownsuspicious Hough
multipoint_to_point_HTTPUnknownsuspicious Hough
multipoint_to_point_low_activity_HTTPUnknownsuspicious Hough
small_alpha_flowUnknownsuspicious Hough
multipoint_to_point_HTTPHTTP trafficsuspicious Gamma, PCA
multipoint_to_pointOthersuspicious Gamma
point_to_pointOthersuspicious Gamma
point_to_multipointFTP trafficsuspicious Gamma
multipoint_to_point_low_activity_HTTPHTTP trafficsuspicious Gamma
small_alpha_flowHTTP trafficsuspicious Gamma
multipoint_to_point_low_activityHTTPS trafficsuspicious Gamma
point_to_multipoint_low_activityOthersuspicious Gamma
micro_alpha_flowHTTP trafficsuspicious Gamma
small_alpha_flowOthersuspicious Gamma
micro_alpha_flowHTTP trafficsuspicious Gamma
micro_alpha_flowOthersuspicious Gamma
micro_alpha_flowUnknownsuspicious Gamma
point_to_multipoint_low_activitySYN attacksuspicious Gamma
micro_alpha_flowHTTP trafficsuspicious Gamma
micro_alpha_flowFTP trafficsuspicious Gamma
micro_alpha_flowUnknownsuspicious Gamma
micro_alpha_flowUnknownsuspicious Gamma
micro_alpha_flowUnknownsuspicious Gamma
small_alpha_flowHTTP trafficsuspicious Gamma
multipoint_to_point_low_activity_HTTPHTTP trafficsuspicious Gamma
micro_alpha_flowHTTP trafficsuspicious Gamma
multipoint_to_point_low_activityUnknownsuspicious Gamma
point_to_multipoint_low_activityOthersuspicious Gamma
micro_alpha_flowOthersuspicious Gamma
point_to_multipoint_low_activity_HTTPHTTP trafficsuspicious Gamma
multipoint_to_point_low_activityOthersuspicious Gamma
micro_alpha_flowUnknownsuspicious Gamma
micro_alpha_flowUnknownsuspicious Gamma
point_to_multipoint_low_activity_HTTPHTTP trafficsuspicious Gamma
micro_alpha_flowUnknownsuspicious Gamma
micro_alpha_flowUnknownsuspicious Gamma
micro_alpha_flowUnknownsuspicious Gamma
point_to_multipoint_HTTPHTTP trafficsuspicious PCA
point_to_multipoint_low_activity_HTTPHTTP trafficsuspicious PCA
point_to_multipoint_low_activityHTTPS trafficsuspicious PCA
multipoint_to_multipointHTTP trafficsuspicious Gamma, PCA
point_to_multipoint_low_activityHTTPS trafficsuspicious PCA
point_to_multipoint_low_activity_HTTPHTTP trafficsuspicious PCA
point_to_multipointOthersuspicious Gamma, PCA
multipoint_to_point_low_activity_HTTPUnknownsuspicious PCA
multipoint_to_point_HTTPHTTP trafficsuspicious Gamma, PCA
multipoint_to_point_low_activity_HTTPHTTP trafficsuspicious PCA
multipoint_to_multipointHTTP trafficsuspicious Gamma, PCA
multipoint_to_point_HTTPHTTP trafficsuspicious Gamma, PCA
small_alpha_flowOthersuspicious PCA
multipoint_to_point_HTTPHTTP trafficsuspicious Gamma, PCA
multipoint_to_point_HTTPHTTP trafficsuspicious PCA
multipoint_to_point_low_activity_HTTPHTTP trafficsuspicious Hough, Gamma, PCA
point_to_multipoint_low_activityOthersuspicious PCA
multipoint_to_point_low_activityOthersuspicious PCA
multipoint_to_point_HTTPHTTP trafficsuspicious PCA
multipoint_to_point_low_activity_HTTPHTTP trafficsuspicious PCA
micro_alpha_flowHTTP trafficsuspicious PCA
small_alpha_flowHTTP trafficsuspicious PCA
micro_alpha_flowHTTP trafficsuspicious Gamma, PCA
point_to_multipoint_low_activity_HTTPHTTP trafficanomalous Gamma, PCA
multipoint_to_point_HTTPHTTP trafficanomalous Hough, Gamma, PCA
point_to_multipoint_low_activityOtheranomalous Hough, Gamma, PCA
multipoint_to_multipointHTTP trafficanomalous Gamma, PCA
point_to_multipoint_low_activity_HTTPHTTP trafficanomalous Gamma, PCA
multipoint_to_pointFTP trafficanomalous Gamma, PCA
small_alpha_flowHTTP trafficanomalous Gamma, PCA
alpha_flow_HTTPHTTP trafficanomalous Gamma, PCA
multipoint_to_point_HTTPHTTP trafficanomalous Gamma, PCA
point_to_multipointSYN attackanomalous KL
multipoint_to_pointUnknownanomalous KL
multipoint_to_multipointHTTP trafficanomalous Gamma, PCA
multipoint_to_multipointHTTP trafficanomalous Gamma, PCA
multipoint_to_point_low_activity_HTTPHTTP trafficanomalous Gamma, PCA
point_to_multipoint_low_activity_HTTPHTTP trafficanomalous PCA
multipoint_to_point_low_activity_HTTPHTTP trafficanomalous PCA
multipoint_to_point_low_activity_HTTPHTTP trafficanomalous PCA
emptyUnknownsuspicious Hough
emptyUnknownsuspicious Hough
emptyUnknownsuspicious Hough
emptyUnknownsuspicious Hough
emptyUnknownsuspicious Hough
emptyUnknownsuspicious Hough
emptyUnknownsuspicious Hough
emptyUnknownsuspicious Hough
emptyUnknownsuspicious Hough
emptyUnknownsuspicious Hough
emptyUnknownsuspicious Hough
emptyUnknownsuspicious Hough
emptyUnknownsuspicious Hough
emptyUnknownsuspicious Hough
emptyUnknownsuspicious Hough
emptyUnknownsuspicious Hough
emptyUnknownsuspicious Hough
emptyUnknownsuspicious Hough
emptyUnknownsuspicious Hough
emptyUnknownsuspicious Hough
emptyUnknownsuspicious Hough
emptyUnknownsuspicious Hough
emptyUnknownsuspicious Hough
emptyUnknownsuspicious Hough
emptyUnknownsuspicious Hough
emptyUnknownsuspicious Hough
emptyUnknownsuspicious Hough
emptyUnknownsuspicious Hough
emptyUnknownsuspicious Hough
emptyUnknownsuspicious Hough
emptyUnknownsuspicious Hough
emptyUnknownsuspicious Hough
emptyUnknownsuspicious Hough
emptyUnknownsuspicious Hough
emptyUnknownsuspicious Hough
emptyUnknownsuspicious Hough
emptyUnknownsuspicious Hough
emptyUnknownsuspicious Hough
emptyUnknownsuspicious Hough
emptyUnknownsuspicious Hough
emptyUnknownsuspicious Hough
emptyUnknownsuspicious Hough
emptyUnknownsuspicious Hough
emptyUnknownsuspicious Hough
emptyUnknownsuspicious Hough
emptyUnknownsuspicious Gamma
emptyUnknownsuspicious PCA
emptyUnknownsuspicious PCA
emptyUnknownsuspicious PCA
emptyUnknownsuspicious PCA
emptyUnknownsuspicious PCA
emptyUnknownsuspicious PCA
emptyUnknownanomalous KL
TaxonomyHeuristicLabelDetectors

Other:

"Notice" labels (admd file): 20070111_notice.xml
"Notice" labels (csv file): 20070111_notice.csv