| 2007 | 2008 | 2009 | 2010 | 2011 | 2012 | 2015 | 2017 | 2019 | 2022 | 2024 |
| Jan | Feb | Mar | Apr | May | Jun | Jul | Aug | Sep | Oct | Nov | Dec |
Traffic Trace: 2008/01/09
Info: http://mawi.wide.ad.jp/mawi/samplepoint-F/2008/200801091400.htmltcpdump file: http://mawi.wide.ad.jp/mawi/samplepoint-F/2008/200801091400.dump.gz
Anomalous Traffic:
"Anomalous" and "Suspicious" labels (admd file): 20080109_anomalous_suspicious.xml"Anomalous" and "Suspicious" labels (csv file): 20080109_anomalous_suspicious.csv
Overview of the anomalies:
Number of anomalies: 290
Proportion of anomalies in terms of occurrence:
Breakdown of the anomalies:
| Taxonomy | Heuristic | Label | Detectors |
|---|---|---|---|
| network_scan_SYN_t | SYN attack | anomalous | Hough, KL |
| network_scan_UDP | Other | anomalous | Hough |
| network_scan_ACK | HTTP traffic | anomalous | Hough |
| network_scan_SYN_t | SYN attack | anomalous | Hough, KL |
| network_scan_SYN_t_139_445 | SYN attack | anomalous | Hough |
| network_scan_SYN_t | SYN attack | anomalous | Hough, Gamma, KL |
| network_scan_UDP | Other | anomalous | Hough |
| network_scan_SYN_t_139_445 | SYN attack | anomalous | Hough |
| small_network_scan_SYN_t | SYN attack | anomalous | Hough |
| network_scan_SYN_t_139_445 | SYN attack | anomalous | Hough |
| network_scan_SYN_t_139_445 | SYN attack | anomalous | Hough |
| network_scan_SYN_t_139_445 | SYN attack | anomalous | Hough |
| network_scan_SYN_t_139_445 | SYN attack | anomalous | Hough |
| network_scan_UDP | Netbios attack | anomalous | Hough |
| network_scan_TCP_ICMP_du_response | Ping flood | anomalous | Hough |
| small_point_to_point_denial_of_service_SYN | SYN attack | anomalous | Gamma |
| network_scan_ICMP_ecrq | Ping flood | anomalous | Gamma, KL |
| network_scan_ACK | HTTP traffic | anomalous | Gamma |
| network_scan_ACK | HTTP traffic | anomalous | Hough, Gamma, KL |
| network_scan_ACK | HTTP traffic | anomalous | Gamma |
| network_scan_ACK | HTTP traffic | anomalous | Hough, Gamma |
| network_scan_ACK | HTTP traffic | anomalous | Hough, Gamma, KL |
| network_scan_ACK | HTTP traffic | anomalous | Hough, Gamma |
| network_scan_ACK | HTTP traffic | anomalous | Hough, Gamma, KL |
| network_scan_UDP | Other | anomalous | KL |
| small_network_scan_SYN_t | SYN attack | anomalous | KL |
| network_scan_ACK | HTTP traffic | anomalous | Hough, Gamma, KL |
| network_scan_ACK | HTTP traffic | anomalous | Gamma, KL |
| network_scan_UDP | Other | anomalous | KL |
| network_scan_UDP | Other | anomalous | KL |
| network_scan_ACK | HTTP traffic | anomalous | KL |
| network_scan_ACK | HTTP traffic | anomalous | KL |
| network_scan_ACK | HTTP traffic | anomalous | Hough, Gamma, KL |
| network_scan_UDP | Other | anomalous | KL |
| network_scan_UDP | Other | anomalous | Gamma, KL |
| network_scan_UDP | Other | anomalous | Hough, Gamma, KL |
| network_scan_ACK | HTTP traffic | anomalous | Hough, Gamma, KL |
| network_scan_UDP | Other | anomalous | KL |
| network_scan_UDP | Other | anomalous | KL |
| network_scan_UDP | Other | anomalous | KL |
| network_scan_UDP_UDP_response | Other | anomalous | Gamma, KL |
| network_scan_UDP | Other | anomalous | KL |
| network_scan_UDP | Other | anomalous | KL |
| network_scan_UDP | Other | anomalous | KL |
| network_scan_UDP | Other | anomalous | KL |
| network_scan_UDP | Other | anomalous | KL |
| network_scan_UDP | Other | anomalous | KL |
| network_scan_UDP | Other | anomalous | KL |
| network_scan_ACK | HTTP traffic | suspicious | Hough |
| network_scan_ACK | HTTP traffic | suspicious | Hough |
| network_scan_ACK | HTTP traffic | suspicious | Hough |
| network_scan_ACK | HTTP traffic | suspicious | Hough |
| network_scan_UDP | Netbios attack | suspicious | Hough |
| network_scan_UDP | Netbios attack | suspicious | Hough |
| network_scan_UDP | Netbios attack | suspicious | Hough |
| network_scan_SYN_t_139_445 | SYN attack | suspicious | Hough |
| network_scan_ICMP_ecrq | Ping flood | suspicious | Hough |
| network_scan_ACK | HTTP traffic | suspicious | Hough |
| network_scan_ACK | HTTP traffic | suspicious | Hough, Gamma |
| network_scan_ACK | HTTP traffic | suspicious | Gamma |
| network_scan_ACK | HTTP traffic | suspicious | Hough, Gamma |
| network_scan_UDP | Other | suspicious | Gamma |
| small_point_to_point_denial_of_service_SYN | SYN attack | suspicious | Gamma |
| network_scan_UDP | Other | suspicious | KL |
| network_scan_UDP | Other | suspicious | KL |
| network_scan_ACK | HTTP traffic | suspicious | Gamma, KL |
| network_scan_UDP | Other | suspicious | Gamma, KL |
| point_to_multipoint_low_activity_HTTP | HTTP traffic | anomalous | Hough, Gamma |
| alpha_flow_HTTP | HTTP traffic | anomalous | Hough |
| point_to_multipoint_low_activity_HTTP | HTTP traffic | anomalous | Hough |
| small_alpha_flow | HTTP traffic | anomalous | Hough |
| alpha_flow_HTTP | HTTP traffic | anomalous | Hough, Gamma |
| point_to_multipoint_low_activity_HTTP | HTTP traffic | anomalous | Hough |
| alpha_flow_HTTP | HTTP traffic | anomalous | Hough |
| point_to_multipoint_low_activity | Other | anomalous | Hough |
| alpha_flow_HTTP | HTTP traffic | anomalous | Hough |
| multipoint_to_point_HTTP | HTTP traffic | anomalous | Hough, Gamma |
| alpha_flow_HTTP | HTTP traffic | anomalous | Hough |
| small_alpha_flow | HTTP traffic | anomalous | Hough |
| alpha_flow_HTTP | HTTP traffic | anomalous | Hough, Gamma |
| small_alpha_flow | HTTP traffic | anomalous | Hough |
| alpha_flow_HTTP | HTTP traffic | anomalous | Hough |
| alpha_flow_HTTP | HTTP traffic | anomalous | Hough |
| alpha_flow_HTTP | HTTP traffic | anomalous | Hough |
| small_alpha_flow | HTTP traffic | anomalous | Hough |
| multipoint_to_point_low_activity | Other | anomalous | Hough |
| multipoint_to_point_low_activity_HTTP | HTTP traffic | anomalous | Hough |
| small_alpha_flow | HTTPS traffic | anomalous | Hough |
| micro_alpha_flow | HTTPS traffic | anomalous | Hough |
| multipoint_to_point_HTTP | HTTP traffic | anomalous | Hough |
| alpha_flow_HTTP | HTTP traffic | anomalous | Hough, Gamma |
| point_to_multipoint_HTTP | HTTP traffic | anomalous | Hough, Gamma |
| multipoint_to_point_HTTP | HTTP traffic | anomalous | Hough, Gamma |
| multipoint_to_point_low_activity_HTTP | HTTP traffic | anomalous | Hough, Gamma |
| multipoint_to_point_low_activity_HTTP | HTTP traffic | anomalous | Gamma |
| point_to_multipoint | Other | anomalous | Gamma, KL |
| multipoint_to_point_HTTP | HTTP traffic | anomalous | Hough, Gamma |
| multipoint_to_multipoint | Other | anomalous | Hough, Gamma, KL |
| multipoint_to_point_low_activity_HTTP | HTTP traffic | anomalous | Gamma |
| multipoint_to_multipoint | Other | anomalous | Gamma |
| multipoint_to_point | SYN attack | anomalous | Gamma |
| multipoint_to_point_HTTP | HTTP traffic | anomalous | Gamma |
| heavy_hitter | HTTP traffic | anomalous | Hough, Gamma, KL |
| point_to_multipoint | Other | anomalous | Hough, Gamma, KL |
| point_to_multipoint | Other | anomalous | Gamma, KL |
| multipoint_to_multipoint | Other | anomalous | Hough, Gamma, KL |
| point_to_multipoint | Other | anomalous | Gamma, KL |
| point_to_multipoint | Other | anomalous | Gamma, KL |
| point_to_multipoint_low_activity | Other | anomalous | KL |
| point_to_multipoint_low_activity | Other | anomalous | KL |
| point_to_multipoint_low_activity | Other | anomalous | KL |
| point_to_multipoint_low_activity | Other | anomalous | KL |
| point_to_multipoint_low_activity | Other | anomalous | KL |
| point_to_multipoint_low_activity | Other | anomalous | KL |
| point_to_multipoint_low_activity | Other | anomalous | KL |
| point_to_multipoint_low_activity | Other | anomalous | KL |
| point_to_multipoint_low_activity | Other | anomalous | KL |
| point_to_multipoint_low_activity | Other | anomalous | KL |
| point_to_multipoint_low_activity | Other | anomalous | KL |
| point_to_multipoint_low_activity | Other | anomalous | KL |
| point_to_multipoint_low_activity | Other | anomalous | KL |
| point_to_multipoint_low_activity | Other | anomalous | KL |
| point_to_multipoint_low_activity | Other | anomalous | KL |
| multipoint_to_multipoint | HTTP traffic | anomalous | KL |
| multipoint_to_multipoint | Other | anomalous | Hough, Gamma, KL |
| point_to_point | HTTP traffic | anomalous | Hough, KL |
| point_to_point | HTTP traffic | anomalous | KL |
| alpha_flow_HTTP | HTTP traffic | anomalous | KL |
| alpha_flow | Other | anomalous | KL |
| point_to_multipoint | Other | anomalous | KL |
| alpha_flow | Other | anomalous | KL |
| alpha_flow_HTTP | HTTP traffic | anomalous | KL |
| heavy_hitter | HTTP traffic | anomalous | KL |
| point_to_multipoint_low_activity | Other | anomalous | KL |
| point_to_multipoint_low_activity | Other | anomalous | KL |
| point_to_multipoint_low_activity | Other | anomalous | KL |
| point_to_multipoint_low_activity | Other | anomalous | KL |
| alpha_flow | Other | anomalous | KL |
| multipoint_to_point_HTTP | HTTP traffic | anomalous | Gamma, KL |
| multipoint_to_point_low_activity | Other | anomalous | Gamma, KL |
| point_to_multipoint | SYN attack | anomalous | KL |
| alpha_flow | Other | anomalous | KL |
| point_to_multipoint | Other | anomalous | Hough, Gamma, KL |
| small_alpha_flow | HTTPS traffic | suspicious | Hough |
| point_to_multipoint_low_activity_HTTP | HTTP traffic | suspicious | Hough |
| alpha_flow | Other | suspicious | Hough |
| point_to_multipoint_low_activity | Other | suspicious | Hough |
| point_to_multipoint_low_activity_HTTP | HTTP traffic | suspicious | Hough |
| alpha_flow_HTTP | HTTP traffic | suspicious | Hough |
| alpha_flow_HTTP | HTTP traffic | suspicious | Hough |
| alpha_flow_HTTP | HTTP traffic | suspicious | Hough |
| alpha_flow_HTTP | HTTP traffic | suspicious | Hough |
| alpha_flow_HTTP | HTTP traffic | suspicious | Hough |
| point_to_multipoint_low_activity_HTTP | HTTP traffic | suspicious | Hough |
| small_alpha_flow | HTTP traffic | suspicious | Hough |
| point_to_multipoint_low_activity_HTTP | HTTP traffic | suspicious | Hough |
| point_to_multipoint_low_activity_HTTP | HTTP traffic | suspicious | Hough |
| point_to_multipoint_low_activity_HTTP | HTTP traffic | suspicious | Hough |
| alpha_flow_HTTP | HTTP traffic | suspicious | Hough |
| point_to_multipoint_low_activity_HTTP | HTTP traffic | suspicious | Hough |
| point_to_multipoint_low_activity_HTTP | HTTP traffic | suspicious | Hough |
| point_to_multipoint_low_activity_HTTP | HTTP traffic | suspicious | Hough |
| point_to_multipoint_low_activity_HTTP | HTTP traffic | suspicious | Hough |
| point_to_multipoint_low_activity_HTTP | HTTP traffic | suspicious | Hough |
| alpha_flow | Other | suspicious | Hough |
| point_to_multipoint_low_activity | Other | suspicious | Hough |
| point_to_multipoint_low_activity_HTTP | HTTP traffic | suspicious | Hough |
| alpha_flow_HTTP | HTTP traffic | suspicious | Hough |
| alpha_flow_HTTP | HTTP traffic | suspicious | Hough |
| alpha_flow_HTTP | HTTP traffic | suspicious | Hough |
| point_to_multipoint_low_activity_HTTP | HTTP traffic | suspicious | Hough |
| alpha_flow_HTTP | HTTP traffic | suspicious | Hough |
| alpha_flow_HTTP | HTTP traffic | suspicious | Hough |
| point_to_multipoint_low_activity_HTTP | HTTP traffic | suspicious | Hough |
| alpha_flow_HTTP | HTTP traffic | suspicious | Hough |
| alpha_flow_HTTP | HTTP traffic | suspicious | Hough |
| point_to_multipoint_low_activity_HTTP | HTTP traffic | suspicious | Hough |
| point_to_multipoint_low_activity_HTTP | HTTP traffic | suspicious | Hough |
| alpha_flow_HTTP | HTTP traffic | suspicious | Hough |
| point_to_multipoint_low_activity_HTTP | HTTP traffic | suspicious | Hough |
| alpha_flow_HTTP | HTTP traffic | suspicious | Hough |
| point_to_multipoint_low_activity_HTTP | HTTP traffic | suspicious | Hough |
| alpha_flow_HTTP | HTTP traffic | suspicious | Hough |
| alpha_flow_HTTP | HTTP traffic | suspicious | Hough |
| point_to_multipoint_low_activity_HTTP | HTTP traffic | suspicious | Hough |
| alpha_flow_HTTP | HTTP traffic | suspicious | Hough |
| point_to_multipoint_low_activity_HTTP | HTTP traffic | suspicious | Hough |
| point_to_multipoint_low_activity_HTTP | HTTP traffic | suspicious | Hough |
| alpha_flow_HTTP | HTTP traffic | suspicious | Hough |
| point_to_multipoint_low_activity_HTTP | HTTP traffic | suspicious | Hough |
| point_to_multipoint_low_activity | Other | suspicious | Hough |
| small_alpha_flow | HTTP traffic | suspicious | Hough |
| point_to_multipoint_low_activity_HTTP | HTTP traffic | suspicious | Hough |
| alpha_flow | Other | suspicious | Hough |
| small_alpha_flow | HTTP traffic | suspicious | Hough |
| point_to_multipoint | Other | suspicious | Hough |
| multipoint_to_point_low_activity_HTTP | HTTP traffic | suspicious | Hough |
| multipoint_to_point_low_activity_HTTP | HTTP traffic | suspicious | Hough |
| multipoint_to_point_low_activity_HTTP | HTTP traffic | suspicious | Hough |
| multipoint_to_point_low_activity_HTTP | HTTP traffic | suspicious | Hough |
| multipoint_to_multipoint | HTTP traffic | suspicious | Hough |
| alpha_flow_HTTP | HTTP traffic | suspicious | Hough |
| multipoint_to_point_low_activity_HTTP | HTTP traffic | suspicious | Hough |
| point_to_multipoint_low_activity_HTTP | HTTP traffic | suspicious | Hough |
| point_to_multipoint_low_activity_HTTP | HTTP traffic | suspicious | Hough |
| small_alpha_flow | HTTPS traffic | suspicious | Hough |
| small_alpha_flow | HTTPS traffic | suspicious | Hough |
| point_to_multipoint_HTTP | HTTP traffic | suspicious | Hough |
| multipoint_to_point_HTTP | HTTP traffic | suspicious | Hough |
| multipoint_to_multipoint | HTTP traffic | suspicious | Hough |
| multipoint_to_point | HTTPS traffic | suspicious | Hough |
| multipoint_to_point_low_activity_HTTP | HTTP traffic | suspicious | Hough |
| multipoint_to_point_low_activity_HTTP | HTTP traffic | suspicious | Hough |
| point_to_multipoint | Other | suspicious | Hough |
| point_to_multipoint_low_activity_HTTP | HTTP traffic | suspicious | Hough |
| alpha_flow_HTTP | HTTP traffic | suspicious | Hough |
| multipoint_to_point_HTTP | HTTP traffic | suspicious | Hough |
| alpha_flow_HTTP | HTTP traffic | suspicious | Hough, Gamma |
| alpha_flow_HTTP | HTTP traffic | suspicious | Hough, Gamma |
| alpha_flow_HTTP | HTTP traffic | suspicious | Hough, Gamma |
| point_to_multipoint_low_activity_HTTP | HTTP traffic | suspicious | Hough, Gamma |
| multipoint_to_point_low_activity_HTTP | HTTP traffic | suspicious | Hough, Gamma |
| multipoint_to_multipoint | HTTP traffic | suspicious | Hough, Gamma |
| multipoint_to_point | FTP traffic | suspicious | Hough, Gamma |
| small_alpha_flow | HTTP traffic | suspicious | Gamma |
| icmp_error | Ping flood | suspicious | Gamma |
| small_alpha_flow | HTTP traffic | suspicious | Gamma |
| multipoint_to_point_low_activity | HTTPS traffic | suspicious | Gamma |
| small_alpha_flow | HTTP traffic | suspicious | Gamma |
| small_alpha_flow | HTTP traffic | suspicious | Gamma |
| multipoint_to_point_low_activity_HTTP | HTTP traffic | suspicious | Gamma |
| point_to_multipoint_low_activity | Other | suspicious | Gamma |
| multipoint_to_point_HTTP | HTTP traffic | suspicious | Hough, Gamma |
| small_alpha_flow | Other | suspicious | Gamma |
| multipoint_to_point_low_activity_HTTP | HTTP traffic | suspicious | Gamma |
| small_alpha_flow | HTTP traffic | suspicious | Gamma |
| small_alpha_flow | HTTP traffic | suspicious | Gamma |
| point_to_point | HTTP traffic | suspicious | Gamma |
| point_to_multipoint_low_activity_HTTP | HTTP traffic | suspicious | Gamma |
| alpha_flow_HTTP | HTTP traffic | suspicious | Hough, Gamma |
| point_to_point | HTTP traffic | suspicious | Gamma |
| multipoint_to_point_low_activity_HTTP | HTTP traffic | suspicious | Gamma |
| small_alpha_flow | HTTP traffic | suspicious | Gamma |
| point_to_multipoint_low_activity | Other | suspicious | Gamma |
| multipoint_to_multipoint | Other | suspicious | Hough, Gamma |
| alpha_flow | Other | suspicious | Gamma |
| point_to_multipoint_low_activity_HTTP | HTTP traffic | suspicious | Gamma |
| multipoint_to_point_low_activity_HTTP | Other | suspicious | Gamma |
| multipoint_to_point_HTTP | HTTP traffic | suspicious | Gamma |
| multipoint_to_multipoint | HTTP traffic | suspicious | Gamma |
| multipoint_to_point_low_activity_HTTP | HTTP traffic | suspicious | Gamma |
| multipoint_to_point_low_activity_HTTP | HTTP traffic | suspicious | Gamma |
| multipoint_to_point_low_activity_HTTP | HTTP traffic | suspicious | Gamma |
| small_alpha_flow | HTTP traffic | suspicious | Gamma |
| small_alpha_flow | HTTP traffic | suspicious | Gamma |
| alpha_flow | Other | suspicious | Gamma |
| small_alpha_flow | HTTP traffic | suspicious | Gamma |
| micro_alpha_flow | Other | suspicious | Gamma |
| small_alpha_flow | HTTP traffic | suspicious | Gamma |
| small_alpha_flow | HTTP traffic | suspicious | Gamma |
| multipoint_to_multipoint | HTTPS traffic | suspicious | Gamma |
| multipoint_to_point_low_activity_HTTP | HTTP traffic | suspicious | Gamma |
| multipoint_to_point_low_activity_HTTP | HTTP traffic | suspicious | Gamma |
| alpha_flow_HTTP | HTTP traffic | suspicious | Gamma |
| small_alpha_flow | Other | suspicious | Gamma |
| small_alpha_flow | Other | suspicious | Gamma |
| alpha_flow_HTTP | HTTP traffic | suspicious | Gamma |
| small_alpha_flow | HTTP traffic | suspicious | Gamma |
| multipoint_to_point_low_activity_HTTP | HTTP traffic | suspicious | Gamma |
| small_alpha_flow | HTTP traffic | suspicious | Gamma |
| small_alpha_flow | HTTP traffic | suspicious | Gamma |
| small_alpha_flow | Other | suspicious | Gamma |
| multipoint_to_multipoint | HTTP traffic | suspicious | Gamma |
| small_alpha_flow | Other | suspicious | Gamma |
| small_alpha_flow | HTTPS traffic | suspicious | Gamma |
| point_to_point | HTTP traffic | suspicious | Gamma |
| multipoint_to_point_low_activity_HTTP | HTTP traffic | suspicious | Gamma |
| micro_alpha_flow | Other | suspicious | Gamma |
| small_alpha_flow | HTTP traffic | suspicious | Gamma |
| small_alpha_flow | HTTP traffic | suspicious | Gamma |
| multipoint_to_point_low_activity_HTTP | HTTP traffic | suspicious | Gamma |
| small_alpha_flow | HTTP traffic | suspicious | Hough, Gamma |
| small_alpha_flow | HTTP traffic | suspicious | Gamma |
| multipoint_to_point_low_activity_HTTP | HTTP traffic | suspicious | Gamma, KL |
| alpha_flow | HTTPS traffic | suspicious | Gamma, KL |
| multipoint_to_point_HTTP | HTTP traffic | suspicious | KL |
| empty | Unknown | anomalous | Hough, Gamma, KL |
| empty | Unknown | suspicious | Hough |
| empty | Unknown | suspicious | Hough |
| empty | Unknown | suspicious | Hough |
| Taxonomy | Heuristic | Label | Detectors |
Other:
"Notice" labels (admd file): 20080109_notice.xml"Notice" labels (csv file): 20080109_notice.csv