MAWILab

Data set: 2013/10/16






Traffic Trace: 2013/10/16

Info: http://mawi.wide.ad.jp/mawi/samplepoint-F/2013/201310161400.html
tcpdump file: http://mawi.wide.ad.jp/mawi/samplepoint-F/2013/201310161400.dump.gz

Anomalous Traffic:

"Anomalous" and "Suspicious" labels (admd file): 20131016_anomalous_suspicious.xml
"Anomalous" and "Suspicious" labels (csv file): 20131016_anomalous_suspicious.csv

Overview of the anomalies:

Number of anomalies: 146
Proportion of anomalies in terms of occurrence:


Breakdown of the anomalies:

TaxonomyHeuristicLabelDetectors
network_scan_ACKHTTP trafficsuspicious Hough
network_scan_ACKHTTP trafficsuspicious Hough
network_scan_ACKHTTP trafficsuspicious Hough
network_scan_SYN_tSYN attacksuspicious Hough
network_scan_SYN_tSYN attacksuspicious Hough
network_scan_SYN_t_139_445SYN attacksuspicious Hough
network_scan_SYN_tSYN attacksuspicious Hough
network_scan_SYN_t_139_445SYN attacksuspicious Hough
network_scan_SYN_tSYN attacksuspicious Hough
point_to_point_port_scan_UDPOthersuspicious Hough, Gamma
network_scan_UDP_UDP_responseOthersuspicious Gamma, KL
network_scan_UDP_UDP_responseOthersuspicious Gamma
network_scan_TCP_ICMP_du_responsePing floodsuspicious Hough, KL
point_to_point_denial_of_service_SYNSYN attacksuspicious KL, PCA
distributed_denial_of_service_SYNSYN attacksuspicious PCA
point_to_point_port_scan_UDPOthersuspicious PCA
network_scan_SYN_tSYN attackanomalous Hough, KL
network_scan_ACKHTTP trafficanomalous Hough, Gamma, KL, PCA
network_scan_ACKHTTPS trafficanomalous Hough, PCA
network_scan_ACKHTTPS trafficanomalous PCA
network_scan_UDP_UDP_responseOtheranomalous Hough, Gamma, KL, PCA
network_scan_SYN_tSYN attackanomalous Hough, KL, PCA
network_scan_ACKHTTPS trafficanomalous Hough, PCA
network_scan_TCP_RST_ACK_responseRST attackanomalous Hough, PCA
network_scan_SYN_tSYN attackanomalous Hough, Gamma, PCA
small_alpha_flowHTTP trafficsuspicious Hough
alpha_flowHTTPS trafficsuspicious Hough
point_to_multipoint_HTTPHTTPS trafficsuspicious Hough
small_alpha_flowHTTP trafficsuspicious Hough
alpha_flow_HTTPHTTP trafficsuspicious Hough
alpha_flow_HTTPHTTP trafficsuspicious Hough
alpha_flowHTTPS trafficsuspicious Hough
alpha_flowHTTPS trafficsuspicious Hough
small_alpha_flowHTTP trafficsuspicious Hough
point_to_multipoint_low_activity_HTTPHTTP trafficsuspicious Hough
alpha_flowHTTPS trafficsuspicious Hough
alpha_flowHTTPS trafficsuspicious Hough
point_to_multipoint_low_activity_HTTPHTTP trafficsuspicious Hough
small_alpha_flowHTTPS trafficsuspicious Hough
alpha_flowOthersuspicious Hough
multipoint_to_point_HTTPHTTP trafficsuspicious Hough
multipoint_to_point_low_activityOthersuspicious Hough
multipoint_to_point_low_activity_HTTPHTTP trafficsuspicious Hough, PCA
point_to_multipoint_low_activityHTTPS trafficsuspicious Hough
alpha_flowHTTPS trafficsuspicious Hough
multipoint_to_point_low_activityOthersuspicious Hough
alpha_flowHTTPS trafficsuspicious Hough, Gamma
alpha_flowOthersuspicious Hough
alpha_flow_HTTPHTTP trafficsuspicious Hough
multipoint_to_point_low_activityOthersuspicious Hough
multipoint_to_point_low_activityHTTPS trafficsuspicious Hough
alpha_flowOthersuspicious Hough, KL
small_alpha_flowHTTP trafficsuspicious Hough, Gamma, PCA
alpha_flowHTTPS trafficsuspicious Hough, Gamma
multipoint_to_point_low_activity_HTTPHTTP trafficsuspicious Gamma
small_alpha_flowHTTPS trafficsuspicious Gamma
multipoint_to_point_low_activity_HTTPHTTP trafficsuspicious Gamma
multipoint_to_point_low_activity_HTTPHTTP trafficsuspicious Gamma
multipoint_to_point_low_activity_HTTPHTTP trafficsuspicious Gamma
multipoint_to_point_low_activityHTTPS trafficsuspicious Gamma
multipoint_to_point_low_activity_HTTPHTTP trafficsuspicious Gamma
multipoint_to_point_low_activityHTTPS trafficsuspicious Gamma
micro_alpha_flowOthersuspicious Gamma
multipoint_to_point_low_activityOthersuspicious Gamma
multipoint_to_point_low_activityRST attacksuspicious Gamma
multipoint_to_point_low_activityRST attacksuspicious Gamma
small_alpha_flowHTTP trafficsuspicious Gamma
small_alpha_flowHTTP trafficsuspicious Gamma
multipoint_to_point_low_activityHTTPS trafficsuspicious Gamma
multipoint_to_point_low_activityHTTPS trafficsuspicious Gamma
multipoint_to_point_low_activityHTTPS trafficsuspicious Gamma
multipoint_to_multipointHTTPS trafficsuspicious Hough, KL
multipoint_to_point_HTTPHTTP trafficsuspicious Hough, KL
point_to_multipoint_low_activityOthersuspicious Hough, Gamma, KL
point_to_multipointOthersuspicious Gamma, KL
multipoint_to_multipointOthersuspicious Hough, Gamma, KL
point_to_multipointHTTPS trafficsuspicious Hough, Gamma, PCA
point_to_multipoint_low_activityHTTPS trafficsuspicious PCA
point_to_multipoint_low_activityHTTPS trafficsuspicious PCA
point_to_multipoint_low_activityHTTPS trafficsuspicious Hough, PCA
point_to_multipoint_low_activity_HTTPHTTP trafficsuspicious PCA
point_to_multipoint_low_activity_HTTPHTTP trafficsuspicious PCA
ipv4_gre_tunnelOthersuspicious PCA
point_to_pointHTTPS trafficsuspicious PCA
alpha_flowHTTPS trafficsuspicious Hough, PCA
multipoint_to_multipointHTTPS trafficsuspicious Gamma, PCA
multipoint_to_point_low_activity_HTTPHTTP trafficsuspicious PCA
multipoint_to_point_HTTPHTTP trafficsuspicious PCA
multipoint_to_point_low_activity_HTTPHTTP trafficsuspicious PCA
micro_alpha_flowHTTPS trafficsuspicious Hough, PCA
multipoint_to_point_HTTPHTTP trafficsuspicious PCA
alpha_flow_HTTPHTTP trafficanomalous Hough
point_to_multipoint_low_activityOtheranomalous Hough
multipoint_to_multipointHTTP trafficanomalous Hough, Gamma
alpha_flow_HTTPHTTP trafficanomalous Gamma, PCA
alpha_flowHTTPS trafficanomalous Gamma, PCA
alpha_flowOtheranomalous Hough, KL
point_to_multipointHTTPS trafficanomalous Hough, Gamma, KL, PCA
multipoint_to_multipointOtheranomalous Gamma, KL
multipoint_to_pointOtheranomalous Gamma, KL
multipoint_to_point_HTTPHTTP trafficanomalous Gamma, PCA
multipoint_to_point_HTTPHTTP trafficanomalous Gamma, PCA
multipoint_to_multipointHTTP trafficanomalous Gamma, PCA
multipoint_to_point_HTTPHTTP trafficanomalous Gamma, KL, PCA
multipoint_to_point_low_activityOtheranomalous Gamma, KL, PCA
point_to_multipoint_low_activity_HTTPHTTP trafficanomalous Gamma, PCA
multipoint_to_multipointHTTP trafficanomalous Hough, Gamma, KL, PCA
point_to_multipointHTTPS trafficanomalous Hough, PCA
point_to_multipointHTTPS trafficanomalous Hough, PCA
small_alpha_flowHTTP trafficanomalous PCA
multipoint_to_pointHTTPS trafficanomalous Hough, Gamma, KL, PCA
multipoint_to_multipointHTTPS trafficanomalous KL, PCA
point_to_multipoint_low_activity_HTTPHTTP trafficanomalous PCA
multipoint_to_point_HTTPHTTP trafficanomalous Gamma, KL, PCA
multipoint_to_pointHTTPS trafficanomalous Gamma, PCA
alpha_flowHTTPS trafficanomalous PCA
multipoint_to_point_HTTPHTTP trafficanomalous Gamma, KL, PCA
multipoint_to_multipointHTTP trafficanomalous Gamma, KL, PCA
multipoint_to_multipointHTTPS trafficanomalous Gamma, KL, PCA
alpha_flow_HTTPHTTP trafficanomalous PCA
multipoint_to_point_low_activity_HTTPHTTP trafficanomalous PCA
multipoint_to_point_low_activityHTTPS trafficanomalous PCA
multipoint_to_multipointHTTP trafficanomalous PCA
multipoint_to_point_HTTPHTTP trafficanomalous Gamma, KL, PCA
multipoint_to_point_HTTPHTTP trafficanomalous PCA
multipoint_to_point_HTTPHTTP trafficanomalous PCA
multipoint_to_pointOtheranomalous PCA
emptyUnknownsuspicious Hough
emptyUnknownsuspicious Hough
emptyUnknownsuspicious Hough
emptyUnknownsuspicious Hough
emptyUnknownsuspicious Hough
emptyUnknownsuspicious Hough
emptyUnknownsuspicious Hough
emptyUnknownsuspicious Hough
emptyUnknownsuspicious Hough
emptyUnknownsuspicious Hough
emptyUnknownsuspicious Hough
emptyUnknownsuspicious Hough
emptyUnknownsuspicious Hough
emptyUnknownsuspicious Hough
emptyUnknownsuspicious Hough
emptyUnknownsuspicious Hough
emptyUnknownsuspicious Hough
emptyUnknownsuspicious Gamma
emptyUnknownanomalous Gamma
TaxonomyHeuristicLabelDetectors

Other:

"Notice" labels (admd file): 20131016_notice.xml
"Notice" labels (csv file): 20131016_notice.csv