MAWILab

Data set: 2014/07/28






Traffic Trace: 2014/07/28

Info: http://mawi.wide.ad.jp/mawi/samplepoint-F/2014/201407281400.html
tcpdump file: http://mawi.wide.ad.jp/mawi/samplepoint-F/2014/201407281400.dump.gz

Anomalous Traffic:

"Anomalous" and "Suspicious" labels (admd file): 20140728_anomalous_suspicious.xml
"Anomalous" and "Suspicious" labels (csv file): 20140728_anomalous_suspicious.csv

Overview of the anomalies:

Number of anomalies: 137
Proportion of anomalies in terms of occurrence:


Breakdown of the anomalies:

TaxonomyHeuristicLabelDetectors
network_scan_ACKHTTPS trafficsuspicious Hough
small_network_scan_SYN_tSYN attacksuspicious Hough
network_scan_UDPOthersuspicious Hough
small_network_scan_SYN_tSYN attacksuspicious Hough
network_scan_SYN_tSYN attacksuspicious Hough
network_scan_SYN_tSYN attacksuspicious Hough
network_scan_SYN_tSYN attacksuspicious Hough
network_scan_SYN_tSYN attacksuspicious Hough
network_scan_SYN_tSYN attacksuspicious Hough
network_scan_TCP_RST_ACK_responseRST attacksuspicious Hough
network_scan_TCP_ICMP_du_responsePing floodsuspicious Hough
small_network_scan_SYN_tSYN attacksuspicious Hough
small_network_scan_SYN_tSYN attacksuspicious Hough
small_network_scan_SYN_tSYN attacksuspicious Hough
network_scan_UDP_UDP_responseOthersuspicious Hough
network_scan_UDPOthersuspicious Gamma
network_scan_UDPOthersuspicious Gamma
network_scan_UDPOthersuspicious Gamma
distributed_denial_of_service_SYN_ACK_responseSYN attacksuspicious KL
distributed_denial_of_service_SYN_ACK_responseSYN attacksuspicious KL
distributed_denial_of_service_SYN_ACK_responseSYN attacksuspicious KL
distributed_denial_of_service_SYN_ACK_responseSYN attacksuspicious KL
network_scan_ACKHTTP trafficsuspicious Gamma, PCA
network_scan_UDP_UDP_responseOthersuspicious Gamma, PCA
small_network_scan_SYN_tSYN attacksuspicious Gamma
network_scan_ACKHTTP trafficsuspicious Hough, Gamma, PCA
network_scan_ACKHTTP trafficsuspicious Hough, Gamma, PCA
network_scan_ACKOthersuspicious PCA
network_scan_ACKOthersuspicious Hough, PCA
network_scan_UDP_UDP_responseOthersuspicious PCA
network_scan_UDP_UDP_responseOthersuspicious PCA
network_scan_UDP_UDP_responseOthersuspicious PCA
network_scan_UDP_UDP_responseOthersuspicious PCA
network_scan_TCP_ICMP_du_responsePing floodsuspicious PCA
network_scan_SYN_tSYN attackanomalous Hough, Gamma, PCA
network_scan_SYN_tSYN attackanomalous Hough, KL, PCA
network_scan_SYN_tSYN attackanomalous Hough
network_scan_TCP_ICMP_du_responsePing floodanomalous Hough
network_scan_SYN_tSYN attackanomalous Hough
network_scan_SYN_tSYN attackanomalous Hough
network_scan_SYN_tSYN attackanomalous Hough, PCA
network_scan_SYN_tSYN attackanomalous Hough, Gamma, PCA
distributed_denial_of_service_SYNSYN attackanomalous Hough, Gamma, KL, PCA
network_scan_SYN_tSYN attackanomalous KL, PCA
network_scan_SYN_tSYN attackanomalous Hough, Gamma, PCA
network_scan_ACKHTTP trafficanomalous Gamma, PCA
network_scan_SYN_tSYN attackanomalous Hough, Gamma, PCA
network_scan_ACKOtheranomalous Hough, Gamma, KL, PCA
network_scan_SYN_tSYN attackanomalous Hough, Gamma, KL, PCA
network_scan_SYN_tSYN attackanomalous Hough, Gamma, KL, PCA
alpha_flowOthersuspicious Hough
alpha_flow_HTTPHTTP trafficsuspicious Hough
alpha_flowOthersuspicious Gamma
point_to_multipoint_low_activityOthersuspicious Gamma
small_alpha_flowOthersuspicious Gamma
small_alpha_flowHTTP trafficsuspicious Gamma, PCA
alpha_flow_HTTPHTTP trafficsuspicious Gamma, PCA
icmp_errorPing floodsuspicious Gamma, PCA
alpha_flow_HTTPHTTP trafficsuspicious Gamma
point_to_multipoint_low_activityHTTPS trafficsuspicious Gamma
small_alpha_flowHTTP trafficsuspicious Gamma
multipoint_to_pointOthersuspicious Gamma, PCA
alpha_flow_HTTPHTTP trafficsuspicious Gamma
point_to_multipoint_low_activityHTTPS trafficsuspicious Gamma
small_alpha_flowHTTPS trafficsuspicious Gamma
multipoint_to_multipointHTTP trafficsuspicious Gamma, PCA
icmp_errorPing floodsuspicious Gamma
point_to_multipoint_low_activity_HTTPHTTP trafficsuspicious Gamma
point_to_multipoint_low_activity_HTTPHTTP trafficsuspicious Gamma
point_to_multipoint_low_activity_HTTPHTTP trafficsuspicious Gamma
small_alpha_flowHTTP trafficsuspicious Gamma
small_alpha_flowHTTPS trafficsuspicious Gamma
multipoint_to_multipointHTTPS trafficsuspicious Gamma
point_to_multipoint_low_activity_HTTPHTTP trafficsuspicious Gamma
small_alpha_flowHTTP trafficsuspicious Gamma
icmp_errorPing floodsuspicious Gamma
point_to_multipoint_low_activityOthersuspicious Gamma
heavy_hitterOthersuspicious Gamma
multipoint_to_point_low_activity_HTTPHTTP trafficsuspicious PCA
multipoint_to_point_HTTPHTTP trafficsuspicious PCA
alpha_flowHTTPS trafficsuspicious Hough, Gamma, PCA
point_to_multipoint_low_activity_HTTPHTTP trafficsuspicious Gamma, PCA
point_to_multipoint_low_activityOthersuspicious PCA
multipoint_to_pointHTTPS trafficsuspicious Gamma, PCA
point_to_multipointHTTPS trafficsuspicious PCA
alpha_flow_HTTPHTTP trafficsuspicious PCA
multipoint_to_point_HTTPHTTP trafficsuspicious Gamma, PCA
alpha_flow_HTTPHTTP trafficsuspicious PCA
multipoint_to_pointOthersuspicious Gamma, PCA
multipoint_to_pointOthersuspicious PCA
small_alpha_flowHTTP trafficsuspicious PCA
multipoint_to_point_low_activity_HTTPHTTP trafficsuspicious PCA
multipoint_to_point_low_activityOthersuspicious PCA
small_alpha_flowHTTP trafficsuspicious Gamma
multipoint_to_multipointHTTPS trafficsuspicious Gamma, PCA
multipoint_to_point_low_activityOthersuspicious PCA
multipoint_to_point_low_activity_HTTPHTTP trafficsuspicious PCA
alpha_flowOthersuspicious PCA
alpha_flow_HTTPHTTP trafficanomalous Hough, Gamma, PCA
alpha_flow_HTTPHTTP trafficanomalous Hough, PCA
ipv4_gre_tunnelOtheranomalous Hough, Gamma, PCA
multipoint_to_point_HTTPOtheranomalous Hough, Gamma, KL
multipoint_to_multipointHTTP trafficanomalous Hough, Gamma, PCA
alpha_flow_HTTPHTTP trafficanomalous Hough, Gamma, PCA
multipoint_to_point_HTTPHTTP trafficanomalous Hough, Gamma, PCA
small_alpha_flowHTTP trafficanomalous Gamma, PCA
multipoint_to_point_HTTPHTTP trafficanomalous Hough, Gamma, KL, PCA
micro_alpha_flowHTTP trafficanomalous Gamma, PCA
point_to_multipoint_HTTPHTTP trafficanomalous PCA
multipoint_to_multipointHTTP trafficanomalous Hough, Gamma, PCA
multipoint_to_pointHTTPS trafficanomalous Hough, Gamma, PCA
multipoint_to_multipointHTTP trafficanomalous Gamma, PCA
multipoint_to_point_low_activityOtheranomalous Gamma, PCA
multipoint_to_multipointHTTP trafficanomalous Gamma, PCA
multipoint_to_multipointHTTP trafficanomalous PCA
point_to_multipointHTTPS trafficanomalous Hough, Gamma, PCA
multipoint_to_pointHTTPS trafficanomalous PCA
multipoint_to_multipointHTTPS trafficanomalous Hough, Gamma, PCA
multipoint_to_pointHTTPS trafficanomalous Hough, Gamma, PCA
multipoint_to_multipointHTTP trafficanomalous Hough, Gamma, PCA
alpha_flow_HTTPHTTP trafficanomalous Hough, PCA
emptyUnknownsuspicious Hough
emptyUnknownsuspicious Hough
emptyUnknownsuspicious Hough
emptyUnknownsuspicious Hough
emptyUnknownsuspicious Hough
emptyUnknownsuspicious Hough
emptyUnknownsuspicious Hough
emptyUnknownsuspicious Hough
emptyUnknownsuspicious Hough
emptyUnknownsuspicious Hough
emptyUnknownsuspicious Hough
emptyUnknownsuspicious Hough
emptyUnknownsuspicious Hough
emptyUnknownsuspicious Gamma
emptyUnknownsuspicious Gamma
emptyUnknownanomalous Gamma
TaxonomyHeuristicLabelDetectors

Other:

"Notice" labels (admd file): 20140728_notice.xml
"Notice" labels (csv file): 20140728_notice.csv