MAWILab

Home Data set Documentation Contribution Contact

2007

2008

2009

2010

2011

2012

2013

2015

2017

2019

2022

2024

Jan

Feb

Mar

Apr

May

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Traffic Trace: 2013/02/10

Info: http://mawi.wide.ad.jp/mawi/samplepoint-F/2013/201302101400.html
tcpdump file: http://mawi.wide.ad.jp/mawi/samplepoint-F/2013/201302101400.dump.gz

Anomalous Traffic:

"Anomalous" and "Suspicious" labels (admd file): 20130210_anomalous_suspicious.xml
"Anomalous" and "Suspicious" labels (csv file): 20130210_anomalous_suspicious.csv

Overview of the anomalies:

Number of anomalies: 131
Proportion of anomalies in terms of occurrence:

Breakdown of the anomalies:

Taxonomy	Heuristic	Label	Detectors
network_scan_SYN_t	SYN attack	suspicious	Hough
network_scan_SYN_t	SYN attack	suspicious	Hough
network_scan_UDP_UDP_response	Other	suspicious	Hough, Gamma
network_scan_UDP_UDP_response	Other	suspicious	KL
network_scan_UDP_UDP_response	Other	suspicious	KL
distributed_denial_of_service_SYN	SYN attack	suspicious	KL
network_scan_UDP_UDP_response	Other	suspicious	KL
network_scan_UDP_UDP_response	Other	suspicious	KL
network_scan_UDP_UDP_response	Other	suspicious	KL
network_scan_ACK	HTTP traffic	suspicious	Hough, Gamma, PCA
network_scan_ACK	HTTP traffic	suspicious	PCA
network_scan_UDP_UDP_response	Other	suspicious	PCA
network_scan_ACK	HTTP traffic	anomalous	Hough, Gamma
network_scan_ACK	HTTP traffic	anomalous	Hough
network_scan_SYN_t	SYN attack	anomalous	Hough, KL
network_scan_ACK	HTTP traffic	anomalous	Hough, PCA
network_scan_SYN_t	SYN attack	anomalous	Hough
network_scan_SYN_t	SYN attack	anomalous	Hough, KL
network_scan_SYN_t	SYN attack	anomalous	Hough, Gamma
network_scan_SYN_t	SYN attack	anomalous	Hough
network_scan_TCP_RST_ACK_response	RST attack	anomalous	Hough, Gamma, PCA
network_scan_SYN_t	SYN attack	anomalous	Hough, Gamma, PCA
network_scan_ACK	HTTP traffic	anomalous	Gamma, PCA
network_scan_UDP	Other	anomalous	Hough, KL
network_scan_SYN_t	SYN attack	anomalous	Hough, Gamma, KL, PCA
network_scan_TCP_ICMP_du_response	Ping flood	anomalous	Hough, Gamma, KL, PCA
network_scan_UDP_UDP_response	Other	anomalous	KL
network_scan_UDP_UDP_response	Other	anomalous	KL
point_to_point_denial_of_service_SYN	SYN attack	anomalous	KL
point_to_point_port_scan_UDP	Other	anomalous	Hough, KL, PCA
point_to_point_denial_of_service_SYN	SYN attack	anomalous	Hough, KL
network_scan_UDP_UDP_response	Other	anomalous	KL, PCA
network_scan_UDP_UDP_response	Other	anomalous	KL
network_scan_ACK	HTTP traffic	anomalous	Hough, Gamma, KL, PCA
alpha_flow	Other	suspicious	Hough, PCA
small_alpha_flow	Other	suspicious	Hough
small_alpha_flow	HTTP traffic	suspicious	Hough
alpha_flow	HTTPS traffic	suspicious	Hough
alpha_flow_HTTP	HTTP traffic	suspicious	Hough
alpha_flow_HTTP	HTTP traffic	suspicious	Hough
small_alpha_flow	HTTPS traffic	suspicious	Hough
point_to_multipoint_low_activity_HTTP	HTTP traffic	suspicious	Hough
small_alpha_flow	HTTP traffic	suspicious	Hough
multipoint_to_point_low_activity	Other	suspicious	Hough
small_alpha_flow	HTTP traffic	suspicious	Hough
alpha_flow_HTTP	HTTP traffic	suspicious	Hough, KL
alpha_flow	SSH traffic	suspicious	Hough
point_to_multipoint	SYN attack	suspicious	Hough
multipoint_to_point_HTTP	HTTP traffic	suspicious	Hough, Gamma
alpha_flow_HTTP	HTTP traffic	suspicious	Hough, Gamma
small_alpha_flow	HTTP traffic	suspicious	Gamma
small_alpha_flow	HTTP traffic	suspicious	Gamma
multipoint_to_point_low_activity_HTTP	HTTP traffic	suspicious	KL
icmp_error	Ping flood	suspicious	KL
multipoint_to_point	Other	suspicious	KL
alpha_flow	HTTPS traffic	suspicious	KL
multipoint_to_point	Other	suspicious	KL
multipoint_to_multipoint	RST attack	suspicious	KL
small_alpha_flow	Other	suspicious	KL
multipoint_to_point_low_activity	Other	suspicious	KL
alpha_flow_HTTP	HTTP traffic	suspicious	KL
point_to_multipoint_low_activity	HTTPS traffic	suspicious	Hough, PCA
multipoint_to_multipoint	HTTP traffic	suspicious	PCA
point_to_multipoint_HTTP	HTTP traffic	suspicious	Hough, PCA
point_to_multipoint_low_activity	Other	suspicious	PCA
multipoint_to_point_HTTP	HTTP traffic	suspicious	PCA
alpha_flow_HTTP	HTTP traffic	suspicious	PCA
alpha_flow_HTTP	HTTP traffic	suspicious	PCA
alpha_flow_HTTP	HTTP traffic	suspicious	PCA
multipoint_to_point_HTTP	HTTP traffic	suspicious	PCA
multipoint_to_multipoint	HTTP traffic	suspicious	Gamma, PCA
multipoint_to_point_HTTP	HTTP traffic	suspicious	PCA
small_alpha_flow	HTTP traffic	suspicious	PCA
alpha_flow_HTTP	HTTP traffic	suspicious	PCA
small_alpha_flow	HTTP traffic	anomalous	Hough
multipoint_to_multipoint	HTTP traffic	anomalous	Hough, PCA
point_to_multipoint	Other	anomalous	Hough, PCA
point_to_multipoint_HTTP	SYN attack	anomalous	Hough, Gamma, PCA
point_to_multipoint_low_activity	Other	anomalous	Hough
small_alpha_flow	HTTP traffic	anomalous	Hough
point_to_multipoint_low_activity_HTTP	HTTP traffic	anomalous	Hough, KL, PCA
small_alpha_flow	HTTP traffic	anomalous	Hough
point_to_multipoint	SYN attack	anomalous	Hough
point_to_multipoint	RST attack	anomalous	Hough
point_to_multipoint_HTTP	SYN attack	anomalous	Hough
point_to_multipoint_HTTP	HTTP attack	anomalous	Hough, Gamma, KL
multipoint_to_point_HTTP	HTTP traffic	anomalous	Hough
alpha_flow	Other	anomalous	Hough, Gamma
multipoint_to_point_HTTP	HTTP traffic	anomalous	Gamma
multipoint_to_point_low_activity_HTTP	HTTP traffic	anomalous	Hough, Gamma, PCA
multipoint_to_point_HTTP	HTTP traffic	anomalous	Gamma, PCA
alpha_flow	HTTPS traffic	anomalous	Hough, KL
multipoint_to_point	Other	anomalous	Hough, KL
icmp_error	Ping flood	anomalous	KL
heavy_hitter	HTTP traffic	anomalous	Hough, KL
icmp_error	Ping flood	anomalous	KL
multipoint_to_point_HTTP	HTTP traffic	anomalous	KL
multipoint_to_point_HTTP	HTTP traffic	anomalous	Hough, Gamma, KL
multipoint_to_point_low_activity_HTTP	HTTP traffic	anomalous	KL
multipoint_to_point_low_activity	Other	anomalous	KL
point_to_multipoint_low_activity_HTTP	HTTP traffic	anomalous	Gamma, PCA
point_to_multipoint_low_activity	Other	anomalous	Gamma, PCA
multipoint_to_point_HTTP	HTTP traffic	anomalous	Gamma, KL, PCA
point_to_multipoint_low_activity_HTTP	HTTP attack	anomalous	Hough, Gamma, KL, PCA
multipoint_to_point_HTTP	HTTP traffic	anomalous	Gamma, KL, PCA
multipoint_to_point_HTTP	HTTP traffic	anomalous	Gamma, KL, PCA
multipoint_to_point_HTTP	HTTP traffic	anomalous	Hough, Gamma, KL, PCA
multipoint_to_point_low_activity_HTTP	HTTP attack	anomalous	Hough, Gamma, KL, PCA
multipoint_to_point_low_activity	Other	anomalous	Hough, Gamma, PCA
multipoint_to_point_HTTP	HTTP traffic	anomalous	PCA
multipoint_to_point_HTTP	HTTP traffic	anomalous	Hough, Gamma, PCA
multipoint_to_multipoint	HTTP traffic	anomalous	Gamma, KL, PCA
ipv4_ipv6_tunnel	Other	anomalous	PCA
multipoint_to_point_low_activity_HTTP	HTTP traffic	anomalous	PCA
alpha_flow	HTTPS traffic	anomalous	Gamma, KL, PCA
multipoint_to_point_HTTP	HTTP traffic	anomalous	PCA
alpha_flow_HTTP	HTTP traffic	anomalous	PCA
alpha_flow_HTTP	HTTP traffic	anomalous	PCA
multipoint_to_point_HTTP	HTTP traffic	anomalous	Hough, Gamma, PCA
empty	Unknown	suspicious	Hough
empty	Unknown	suspicious	Hough
empty	Unknown	suspicious	Hough
empty	Unknown	suspicious	Hough
empty	Unknown	suspicious	Hough
empty	Unknown	suspicious	Hough
empty	Unknown	suspicious	Hough
empty	Unknown	suspicious	Hough
empty	Unknown	suspicious	Gamma
empty	Unknown	suspicious	Gamma
empty	Unknown	suspicious	Gamma
empty	Unknown	suspicious	Gamma
Taxonomy	Heuristic	Label	Detectors

Other:

"Notice" labels (admd file): 20130210_notice.xml
"Notice" labels (csv file): 20130210_notice.csv