MAWILab

Data set: 2021/08/22






Traffic Trace: 2021/08/22

Info: http://mawi.wide.ad.jp/mawi/samplepoint-F/2021/202108221400.html
tcpdump file: http://mawi.wide.ad.jp/mawi/samplepoint-F/2021/202108221400.pcap.gz

Anomalous Traffic:

"Anomalous" and "Suspicious" labels (admd file): 20210822_anomalous_suspicious.xml
"Anomalous" and "Suspicious" labels (csv file): 20210822_anomalous_suspicious.csv

Overview of the anomalies:

Number of anomalies: 171
Proportion of anomalies in terms of occurrence:


Breakdown of the anomalies:

TaxonomyHeuristicLabelDetectors
network_scan_SYNSYN attacksuspicious Hough
network_scan_SYNSYN attacksuspicious Hough
network_scan_SYNSYN attacksuspicious Hough
network_scan_SYNSYN attacksuspicious Hough
network_scan_SYN_139_445SYN attacksuspicious Hough
network_scan_SYNSYN attacksuspicious Hough
network_scan_SYNSYN attacksuspicious Hough
network_scan_UDP_UDP_responseOthersuspicious KL
distributed_denial_of_service_SYNSYN attacksuspicious KL
distributed_denial_of_service_SYNSYN attacksuspicious KL
distributed_denial_of_service_SYNSYN attacksuspicious KL
port_scan_SYNSYN attacksuspicious KL
network_scan_ICMP_ecrq_ICMP_ecrp_responsePing floodsuspicious KL
network_scan_UDP_UDP_responseOthersuspicious KL
distributed_denial_of_service_SYNSYN attacksuspicious KL
port_scan_SYNSYN attacksuspicious KL
network_scan_ICMP_ecrq_ICMP_ecrp_responsePing floodsuspicious KL
network_scan_UDP_UDP_responseOthersuspicious KL
small_network_scan_SYNSYN attacksuspicious PCA
network_scan_UDP_otherOtheranomalous Hough
network_scan_SYNSYN attackanomalous Hough
network_scan_SYNSYN attackanomalous Hough
network_scan_SYNSYN attackanomalous Hough
network_scan_UDP_otherOtheranomalous Hough
small_network_scan_SYNSYN attackanomalous Hough
network_scan_SYNSYN attackanomalous Hough
network_scan_SYN_139_445SYN attackanomalous Hough
network_scan_SYNSYN attackanomalous Hough
network_scan_SYNSYN attackanomalous Hough
network_scan_SYNSYN attackanomalous Hough
network_scan_UDP_otherOtheranomalous Hough
network_scan_SYNSYN attackanomalous Hough
network_scan_SYNSYN attackanomalous Hough
network_scan_SYNSYN attackanomalous Hough
network_scan_SYN_139_445SYN attackanomalous Hough
network_scan_SYNSYN attackanomalous Hough, Gamma, KL, PCA
network_scan_SYNSYN attackanomalous Hough, PCA
network_scan_SYNSYN attackanomalous Hough
network_scan_UDP_otherOtheranomalous Hough
network_scan_UDP_otherOtheranomalous Hough
network_scan_UDP_otherOtheranomalous Hough
distributed_network_scan_SYNSYN attackanomalous Hough, Gamma, KL, PCA
network_scan_UDP_otherOtheranomalous Hough
network_scan_ICMP_ecrq_ICMP_ecrp_du_rm_te_responsePing floodanomalous Gamma, KL, PCA
network_scan_UDP_UDP_responseOtheranomalous KL
network_scan_ICMP_ecrq_ICMP_ecrp_responsePing floodanomalous KL
network_scan_ICMP_ecrq_ICMP_ecrp_responsePing floodanomalous KL
port_scan_SYNSYN attackanomalous KL
distributed_denial_of_service_UDPOtheranomalous Gamma, KL, PCA
port_scan_SYNSYN attackanomalous KL
network_scan_ICMP_ecrq_ICMP_ecrp_responsePing floodanomalous KL
port_scan_SYNSYN attackanomalous KL
port_scan_SYNSYN attackanomalous KL
network_scan_ICMP_ecrq_ICMP_ecrp_responsePing floodanomalous KL
network_scan_ICMP_ecrq_ICMP_ecrp_responsePing floodanomalous KL
port_scan_SYNSYN attackanomalous Hough, PCA
network_scan_SYNSYN attackanomalous Hough
network_scan_ICMP_ecrq_ICMP_ecrp_responsePing floodanomalous Gamma, KL, PCA
alpha_flowOthersuspicious Hough
alpha_flowHTTPS trafficsuspicious Hough
alpha_flowHTTPS trafficsuspicious Hough
alpha_flowOthersuspicious Hough
alpha_flowOthersuspicious Hough
heavy_hitterRST attacksuspicious Hough
point_to_multipointSSH trafficsuspicious Hough
point_to_multipointSYN attacksuspicious Hough, Gamma, PCA
multipoint_to_pointSYN attacksuspicious Hough
multipoint_to_multipointSYN attacksuspicious Hough, Gamma
point_to_multipointOthersuspicious Gamma
small_alpha_flowOthersuspicious Gamma
multipoint_to_pointPing floodsuspicious Gamma
icmp_errorPing floodsuspicious Gamma
multipoint_to_multipointHTTPS trafficsuspicious Gamma
multipoint_to_pointOthersuspicious Gamma
multipoint_to_pointSYN attacksuspicious Gamma
small_alpha_flowHTTPS trafficsuspicious Gamma
multipoint_to_pointPing floodsuspicious Gamma
multipoint_to_pointSYN attacksuspicious KL
multipoint_to_point_HTTPPing floodsuspicious KL
alpha_flowOthersuspicious KL
multipoint_to_point_low_activityOthersuspicious KL
multipoint_to_pointSYN attacksuspicious KL
multipoint_to_point_low_activityRST attacksuspicious KL
heavy_hitterRST attacksuspicious Gamma, KL
multipoint_to_point_low_activityOthersuspicious KL
multipoint_to_pointRST attacksuspicious KL
alpha_flowOthersuspicious KL
multipoint_to_pointHTTPS trafficsuspicious KL
multipoint_to_point_low_activityOthersuspicious KL
multipoint_to_point_low_activityOthersuspicious KL
multipoint_to_pointHTTPS trafficsuspicious Gamma, PCA
heavy_hitterRST attacksuspicious Gamma, PCA
alpha_flowHTTPS trafficsuspicious PCA
alpha_flowHTTPS trafficsuspicious PCA
point_to_multipoint_low_activityOthersuspicious PCA
point_to_multipoint_low_activityOthersuspicious PCA
point_to_multipointHTTPS trafficsuspicious PCA
point_to_pointRST attacksuspicious PCA
multipoint_to_point_low_activityOthersuspicious PCA
alpha_flow_HTTPHTTP trafficsuspicious PCA
alpha_flowHTTPS trafficanomalous Hough, PCA
alpha_flowOtheranomalous Hough
ipv4_gre_tunnelOtheranomalous Hough, Gamma, PCA
point_to_multipointFIN attackanomalous Hough, PCA
point_to_multipointRST attackanomalous Hough, PCA
point_to_multipointSYN attackanomalous Hough
point_to_multipointOtheranomalous Hough
point_to_multipointOtheranomalous Hough
multipoint_to_pointSYN attackanomalous Hough
multipoint_to_pointHTTPS trafficanomalous Gamma, PCA
multipoint_to_point_low_activityHTTPS trafficanomalous Gamma, PCA
point_to_multipointHTTPS trafficanomalous Hough, Gamma, PCA
multipoint_to_pointHTTPS trafficanomalous Gamma, PCA
point_to_multipointHTTPS trafficanomalous Hough, Gamma, KL, PCA
multipoint_to_multipointOtheranomalous Hough, Gamma, KL, PCA
point_to_multipointSYN attackanomalous Hough, Gamma, KL, PCA
multipoint_to_point_low_activityOtheranomalous Hough, KL, PCA
alpha_flowOtheranomalous KL
alpha_flowOtheranomalous KL
point_to_multipoint_low_activityHTTPS trafficanomalous Hough, KL, PCA
multipoint_to_pointSYN attackanomalous KL
multipoint_to_pointSYN attackanomalous KL
multipoint_to_multipointRST attackanomalous Hough, Gamma, KL, PCA
alpha_flowOtheranomalous KL
multipoint_to_pointHTTPS trafficanomalous KL
small_alpha_flowOtheranomalous KL
multipoint_to_pointOtheranomalous KL
small_alpha_flowOtheranomalous KL
multipoint_to_pointSYN attackanomalous KL
multipoint_to_pointSYN attackanomalous KL
alpha_flowOtheranomalous Hough, KL, PCA
heavy_hitterRST attackanomalous KL
alpha_flowOtheranomalous Hough, PCA
alpha_flowOtheranomalous Gamma, KL, PCA
micro_alpha_flowOtheranomalous Hough, PCA
point_to_multipointHTTPS trafficanomalous PCA
multipoint_to_multipointOtheranomalous Hough, Gamma, PCA
point_to_multipointHTTPS trafficanomalous Gamma, PCA
multipoint_to_pointHTTPS trafficanomalous PCA
multipoint_to_point_low_activityHTTPS trafficanomalous Gamma, PCA
alpha_flowHTTPS trafficanomalous Gamma, PCA
multipoint_to_pointHTTPS trafficanomalous PCA
multipoint_to_point_low_activity_HTTPHTTP trafficanomalous Gamma, PCA
multipoint_to_point_low_activityRST attackanomalous Gamma, KL, PCA
multipoint_to_pointHTTPS trafficanomalous PCA
multipoint_to_pointHTTPS trafficanomalous KL, PCA
alpha_flowHTTPS trafficanomalous Hough, PCA
multipoint_to_point_low_activityNetbios attackanomalous KL, PCA
multipoint_to_point_low_activityOtheranomalous KL, PCA
multipoint_to_pointHTTPS trafficanomalous Gamma, PCA
multipoint_to_multipointHTTPS trafficanomalous Gamma, PCA
point_to_multipoint_low_activityHTTPS attackanomalous PCA
point_to_pointOtheranomalous KL, PCA
multipoint_to_multipointHTTPS trafficanomalous Hough, Gamma, PCA
point_to_multipointHTTPS trafficanomalous Gamma, PCA
alpha_flowOtheranomalous PCA
point_to_pointHTTP trafficanomalous PCA
alpha_flowHTTPS trafficanomalous PCA
multipoint_to_pointHTTPS trafficanomalous PCA
multipoint_to_pointHTTPS trafficanomalous Gamma, PCA
multipoint_to_pointSSH trafficanomalous PCA
point_to_multipointSYN attackanomalous Gamma, KL, PCA
multipoint_to_multipointHTTP trafficanomalous Hough, Gamma, KL, PCA
emptyUnknownsuspicious Gamma
emptyUnknownsuspicious Gamma
emptyUnknownanomalous Hough, Gamma, KL, PCA
emptyUnknownanomalous Hough, Gamma, KL, PCA
emptyOtheranomalous Hough
emptyUnknownanomalous Gamma
emptyUnknownanomalous Gamma
emptyUnknownanomalous Hough, Gamma, PCA
TaxonomyHeuristicLabelDetectors

Other:

"Notice" labels (admd file): 20210822_notice.xml
"Notice" labels (csv file): 20210822_notice.csv