MAWILab

Data set: 2023/05/03






Traffic Trace: 2023/05/03

Info: http://mawi.wide.ad.jp/mawi/samplepoint-F/2023/202305031400.html
tcpdump file: http://mawi.wide.ad.jp/mawi/samplepoint-F/2023/202305031400.pcap.gz

Anomalous Traffic:

"Anomalous" and "Suspicious" labels (admd file): 20230503_anomalous_suspicious.xml
"Anomalous" and "Suspicious" labels (csv file): 20230503_anomalous_suspicious.csv

Overview of the anomalies:

Number of anomalies: 127
Proportion of anomalies in terms of occurrence:


Breakdown of the anomalies:

TaxonomyHeuristicLabelDetectors
small_network_scan_SYNSYN attacksuspicious Hough, Gamma
network_scan_UDP_otherOthersuspicious Hough, PCA
network_scan_ICMP_ecrqPing floodsuspicious Hough
network_scan_ICMP_ecrqPing floodsuspicious Hough
network_scan_ICMP_ecrqPing floodsuspicious Hough
network_scan_ICMP_ecrqPing floodsuspicious Hough
network_scan_ICMP_ecrqPing floodsuspicious Hough
network_scan_UDP_otherOthersuspicious Hough
network_scan_SYN_139_445SYN attacksuspicious Hough
small_network_scan_SYNSYN attacksuspicious Hough
network_scan_SYNSYN attacksuspicious Hough
network_scan_SYN_139_445SYN attacksuspicious Hough
network_scan_SYNSYN attacksuspicious Hough
network_scan_SYNSYN attacksuspicious Hough
network_scan_SYN_139_445SYN attacksuspicious Hough
network_scan_SYNSYN attacksuspicious Hough
network_scan_SYN_139_445SYN attacksuspicious Hough
small_network_scan_SYNSYN attacksuspicious Hough
network_scan_SYNSYN attacksuspicious Hough
network_scan_SYNSYN attacksuspicious Hough
network_scan_SYN_139_445SYN attacksuspicious Hough
network_scan_SYNSYN attacksuspicious Hough
network_scan_SYN_139_445SYN attacksuspicious Hough, Gamma
network_scan_SYN_139_445SYN attacksuspicious Hough
network_scan_SYNSYN attacksuspicious Hough, PCA
network_scan_SYN_139_445SYN attacksuspicious Hough
network_scan_SYN_139_445SYN attacksuspicious Hough
network_scan_SYNSYN attacksuspicious Hough
network_scan_SYNSYN attacksuspicious Hough
small_network_scan_SYNSYN attacksuspicious Hough
network_scan_SYNSYN attacksuspicious Hough
network_scan_SYNSYN attacksuspicious Hough
network_scan_SYNSYN attacksuspicious Hough
network_scan_SYNSYN attacksuspicious Hough
network_scan_SYNSYN attacksuspicious Hough
network_scan_SYNSYN attacksuspicious Hough
network_scan_UDP_otherOthersuspicious Hough
network_scan_UDP_otherOthersuspicious Hough
network_scan_SYN_139_445SYN attacksuspicious Hough
network_scan_SYNSYN attacksuspicious Hough
network_scan_SYNSYN attacksuspicious Hough
network_scan_SYNSYN attacksuspicious KL
network_scan_SYNSYN attacksuspicious KL
network_scan_ICMP_ecrq_ICMP_ecrp_du_rm_te_responsePing floodsuspicious KL
distributed_denial_of_service_SYNSYN attacksuspicious KL
network_scan_UDP_UDP_responseOthersuspicious KL, PCA
point_to_point_denial_of_service_SYNSYN attacksuspicious KL, PCA
network_scan_ICMP_ecrq_ICMP_ecrp_responsePing floodsuspicious PCA
network_scan_UDP_UDP_responseOthersuspicious Gamma, PCA
reflection_attack_UDPHTTPS trafficsuspicious Hough, Gamma, PCA
network_scan_ICMP_ecrq_ICMP_ecrp_responsePing floodsuspicious PCA
network_scan_ICMP_ecrq_ICMP_ecrp_responsePing floodsuspicious Gamma, PCA
distributed_denial_of_service_SYNSYN attacksuspicious PCA
network_scan_SYNSYN attackanomalous Hough, Gamma, PCA
distributed_denial_of_service_SYNSYN attackanomalous Hough, Gamma, KL
network_scan_SYNSYN attackanomalous Hough, Gamma, KL, PCA
point_to_point_denial_of_service_SYNSYN attackanomalous Hough, Gamma, KL, PCA
network_scan_SYNSYN attackanomalous Hough, Gamma, KL, PCA
network_scan_SYNSYN attackanomalous Gamma, KL, PCA
point_to_point_port_scan_UDPOtheranomalous Gamma, PCA
alpha_flowHTTPS trafficsuspicious Hough
multipoint_to_multipointOthersuspicious Hough, Gamma, PCA
point_to_multipointSYN attacksuspicious Hough
multipoint_to_multipointSYN attacksuspicious Hough, PCA
point_to_multipointSSH trafficsuspicious Hough
point_to_multipointSYN attacksuspicious Hough
point_to_multipointOthersuspicious Hough
point_to_multipointSYN attacksuspicious Hough
point_to_multipointSMB attacksuspicious Hough
multipoint_to_multipointSYN attacksuspicious Hough, Gamma, PCA
multipoint_to_multipointSYN attacksuspicious Gamma, KL
multipoint_to_pointHTTPS trafficsuspicious PCA
multipoint_to_pointHTTPS trafficsuspicious PCA
point_to_multipointHTTPS trafficsuspicious Hough, PCA
multipoint_to_multipointHTTPS trafficsuspicious PCA
alpha_flowHTTPS trafficsuspicious PCA
icmp_errorPing floodsuspicious PCA
small_alpha_flowHTTP trafficsuspicious Hough, Gamma, PCA
multipoint_to_multipointHTTPS trafficsuspicious Hough, Gamma, PCA
multipoint_to_point_low_activity_HTTPHTTP trafficsuspicious PCA
multipoint_to_pointHTTPS trafficsuspicious PCA
multipoint_to_multipointHTTPS trafficsuspicious Gamma, PCA
multipoint_to_multipointSYN attacksuspicious Gamma, PCA
multipoint_to_pointHTTPS trafficsuspicious PCA
icmp_errorPing floodsuspicious PCA
multipoint_to_multipointHTTPS trafficsuspicious Gamma, PCA
multipoint_to_multipointHTTPS trafficsuspicious Gamma, PCA
icmp_errorPing floodsuspicious PCA
icmp_errorPing floodsuspicious PCA
multipoint_to_pointHTTPS trafficsuspicious PCA
icmp_errorPing floodsuspicious PCA
icmp_errorPing floodsuspicious PCA
multipoint_to_point_low_activityHTTPS trafficsuspicious PCA
multipoint_to_multipointHTTP trafficsuspicious PCA
multipoint_to_pointHTTPS trafficsuspicious PCA
multipoint_to_multipointHTTPS trafficsuspicious Gamma, PCA
multipoint_to_multipointHTTP trafficsuspicious Hough, Gamma, PCA
multipoint_to_pointOthersuspicious Hough, PCA
multipoint_to_pointOthersuspicious PCA
multipoint_to_multipointHTTPS trafficsuspicious Hough, PCA
multipoint_to_multipointHTTPS trafficsuspicious Hough, PCA
multipoint_to_multipointHTTPS trafficsuspicious Gamma, PCA
alpha_flowOtheranomalous Hough, Gamma, PCA
alpha_flowOtheranomalous Hough, KL
ipv4_gre_tunnelOtheranomalous Hough, Gamma, PCA
multipoint_to_pointHTTPS trafficanomalous Hough, Gamma, PCA
point_to_multipointOtheranomalous Hough, Gamma, PCA
multipoint_to_multipointHTTPS trafficanomalous Gamma, PCA
multipoint_to_pointOtheranomalous Hough, Gamma, KL, PCA
multipoint_to_multipointOtheranomalous Hough, Gamma, PCA
point_to_multipointSYN attackanomalous Gamma, PCA
multipoint_to_point_low_activityOtheranomalous Hough, Gamma, KL, PCA
point_to_multipointSYN attackanomalous Gamma, KL, PCA
multipoint_to_multipointHTTPS trafficanomalous Gamma, PCA
multipoint_to_multipointHTTPS trafficanomalous Gamma, KL, PCA
multipoint_to_point_low_activity_HTTPHTTP trafficanomalous Hough, Gamma, PCA
point_to_multipointSYN attackanomalous Hough, Gamma, KL, PCA
multipoint_to_multipointHTTPS trafficanomalous Gamma, PCA
multipoint_to_pointRST attackanomalous Hough, Gamma, KL, PCA
emptyUnknownsuspicious Gamma
emptyUnknownsuspicious Hough, Gamma, PCA
emptyUnknownsuspicious Gamma, PCA
emptyUnknownsuspicious Gamma, PCA
emptyUnknownsuspicious Gamma, PCA
emptyUnknownsuspicious Gamma, PCA
emptyUnknownanomalous Gamma, KL, PCA
emptyUnknownanomalous Gamma, KL, PCA
TaxonomyHeuristicLabelDetectors

Other:

"Notice" labels (admd file): 20230503_notice.xml
"Notice" labels (csv file): 20230503_notice.csv