MAWILab

Home Data set Documentation Contribution Contact

2007

2008

2009

2010

2011

2012

2013

2014

2015

2016

2017

2018

2019

2020

2021

2022

2023

2024

Jan

Feb

Mar

Apr

May

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Traffic Trace: 2023/05/27

Info: http://mawi.wide.ad.jp/mawi/samplepoint-F/2023/202305271400.html
tcpdump file: http://mawi.wide.ad.jp/mawi/samplepoint-F/2023/202305271400.pcap.gz

Anomalous Traffic:

"Anomalous" and "Suspicious" labels (admd file): 20230527_anomalous_suspicious.xml
"Anomalous" and "Suspicious" labels (csv file): 20230527_anomalous_suspicious.csv

Overview of the anomalies:

Number of anomalies: 267
Proportion of anomalies in terms of occurrence:

Breakdown of the anomalies:

Taxonomy	Heuristic	Label	Detectors
network_scan_SYN	SYN attack	anomalous	Hough
network_scan_SYN	SYN attack	anomalous	Hough
network_scan_ICMP_ecrq	Ping flood	anomalous	Hough
distributed_denial_of_service_SYN	SYN attack	anomalous	Hough, KL
distributed_denial_of_service_SYN	SYN attack	anomalous	Hough, KL, PCA
network_scan_ICMP_ecrq	Ping flood	anomalous	Hough
network_scan_ICMP_ecrq	Ping flood	anomalous	Hough, PCA
network_scan_UDP_other	Other	anomalous	Hough
network_scan_SYN	SYN attack	anomalous	Hough
network_scan_SYN_139_445	SYN attack	anomalous	Hough
network_scan_SYN	SYN attack	anomalous	Hough, KL, PCA
network_scan_SYN	SYN attack	anomalous	Hough
network_scan_SYN	SYN attack	anomalous	Hough
network_scan_SYN	SYN attack	anomalous	Hough
network_scan_SYN	SYN attack	anomalous	Hough
network_scan_SYN	SYN attack	anomalous	Hough
network_scan_SYN_139_445	SYN attack	anomalous	Hough
network_scan_SYN	SYN attack	anomalous	Hough
network_scan_SYN_139_445	SYN attack	anomalous	Hough
network_scan_SYN_139_445	SYN attack	anomalous	Hough
network_scan_SYN_139_445	SYN attack	anomalous	Hough
network_scan_SYN	SYN attack	anomalous	Hough
network_scan_UDP_other	Other	anomalous	Hough
network_scan_SYN	SYN attack	anomalous	Hough
network_scan_SYN_139_445	SYN attack	anomalous	Hough
network_scan_UDP_other	Other	anomalous	Hough
network_scan_SYN	SYN attack	anomalous	Hough
network_scan_SYN	SYN attack	anomalous	Hough
network_scan_SYN	SYN attack	anomalous	Hough, PCA
small_network_scan_SYN	SYN attack	anomalous	Hough
network_scan_SYN_139_445	SYN attack	anomalous	Hough
network_scan_SYN	SYN attack	anomalous	Hough, KL
network_scan_SYN	SYN attack	anomalous	Hough
network_scan_SYN_139_445	SYN attack	anomalous	Hough
network_scan_SYN	SYN attack	anomalous	Hough, Gamma
network_scan_UDP_other	Other	anomalous	Hough
network_scan_UDP_other	Other	anomalous	Hough
network_scan_UDP_other	Other	anomalous	Hough
network_scan_SYN	SYN attack	anomalous	Hough
network_scan_UDP_other	Other	anomalous	Hough
network_scan_SYN	SYN attack	anomalous	Hough
network_scan_SYN	SYN attack	anomalous	Hough
network_scan_UDP_other	Other	anomalous	Hough
small_network_scan_SYN	SYN attack	anomalous	Gamma
small_network_scan_SYN	SYN attack	anomalous	Gamma
network_scan_SYN	SYN attack	anomalous	Gamma
network_scan_SYN	SYN attack	anomalous	Hough, KL, PCA
network_scan_SYN	SYN attack	anomalous	Hough, PCA
network_scan_UDP_UDP_response	Other	anomalous	Hough, Gamma, KL
distributed_denial_of_service_SYN	SYN attack	anomalous	Hough, KL, PCA
network_scan_SYN	SYN attack	anomalous	Hough, Gamma, KL, PCA
network_scan_SYN	SYN attack	anomalous	Hough, Gamma, PCA
network_scan_SYN	SYN attack	anomalous	Hough, Gamma, KL, PCA
network_scan_SYN	SYN attack	anomalous	Gamma, KL, PCA
network_scan_ICMP_ecrq_ICMP_ecrp_response	Ping flood	anomalous	Gamma, KL, PCA
network_scan_ICMP_ecrq	Ping flood	anomalous	PCA
network_scan_ICMP_ecrq_ICMP_ecrp_response	Ping flood	anomalous	Gamma, KL, PCA
network_scan_ICMP_ecrq_ICMP_ecrp_response	Ping flood	anomalous	PCA
network_scan_UDP_UDP_response	Other	anomalous	Hough, Gamma, PCA
network_scan_ICMP_ecrq	Ping flood	suspicious	Hough
network_scan_ICMP_ecrq	Ping flood	suspicious	Hough
network_scan_ICMP_ecrq	Ping flood	suspicious	Hough
network_scan_ICMP_ecrq	Ping flood	suspicious	Hough
network_scan_ICMP_ecrq	Ping flood	suspicious	Hough
network_scan_ICMP_ecrq	Ping flood	suspicious	Hough
network_scan_ICMP_ecrq	Ping flood	suspicious	Hough
network_scan_ICMP_ecrq	Ping flood	suspicious	Hough
network_scan_SYN	SYN attack	suspicious	Hough
network_scan_SYN	SYN attack	suspicious	Gamma, KL, PCA
network_scan_ICMP_ecrq_ICMP_ecrp_response	Ping flood	suspicious	Hough, Gamma
small_network_scan_SYN	SYN attack	suspicious	Gamma
small_network_scan_SYN	SYN attack	suspicious	Gamma
network_scan_ICMP_ecrq_ICMP_ecrp_response	Ping flood	suspicious	Gamma
small_network_scan_SYN	SYN attack	suspicious	Gamma
port_scan_SYN	SYN attack	suspicious	KL
network_scan_ICMP_ecrq_ICMP_ecrp_response	Ping flood	suspicious	KL
network_scan_UDP_UDP_response	Other	suspicious	KL
network_scan_UDP_UDP_response	Other	suspicious	KL
network_scan_SYN	SYN attack	suspicious	KL
network_scan_ICMP_ecrq_ICMP_ecrp_response	Ping flood	suspicious	KL
network_scan_SYN	SYN attack	suspicious	KL
network_scan_ICMP_ecrq_ICMP_ecrp_response	Ping flood	suspicious	KL
network_scan_ICMP_ecrq_ICMP_ecrp_response	Ping flood	suspicious	KL
network_scan_ICMP_ecrq_ICMP_ecrp_response	Ping flood	suspicious	KL
network_scan_ICMP_ecrq_ICMP_ecrp_response	Ping flood	suspicious	KL
network_scan_ICMP_ecrq_ICMP_ecrp_response	Ping flood	suspicious	KL
network_scan_ICMP_ecrq_ICMP_ecrp_response	Ping flood	suspicious	KL
network_scan_ICMP_ecrq_ICMP_ecrp_response	Ping flood	suspicious	KL
network_scan_ICMP_ecrq_ICMP_ecrp_response	Ping flood	suspicious	KL
network_scan_ICMP_ecrq_ICMP_ecrp_response	Ping flood	suspicious	KL
network_scan_ICMP_ecrq_ICMP_ecrp_response	Ping flood	suspicious	KL
network_scan_ICMP_ecrq_ICMP_ecrp_response	Ping flood	suspicious	KL
network_scan_ICMP_ecrq_ICMP_ecrp_response	Ping flood	suspicious	KL
network_scan_ICMP_ecrq_ICMP_ecrp_response	Ping flood	suspicious	KL
network_scan_ICMP_ecrq_ICMP_ecrp_response	Ping flood	suspicious	KL
network_scan_ICMP_ecrq_ICMP_ecrp_response	Ping flood	suspicious	KL
network_scan_ICMP_ecrq_ICMP_ecrp_response	Ping flood	suspicious	KL
network_scan_ICMP_ecrq_ICMP_ecrp_response	Ping flood	suspicious	KL
network_scan_SYN	SYN attack	suspicious	KL
network_scan_SYN	SYN attack	suspicious	KL
network_scan_UDP_UDP_response	Other	suspicious	KL
network_scan_ICMP_ecrq_ICMP_ecrp_du_rm_te_response	Ping flood	suspicious	Hough, Gamma, PCA
network_scan_ICMP_ecrq_ICMP_ecrp_response	Ping flood	suspicious	KL, PCA
network_scan_ICMP_ecrq_ICMP_ecrp_response	Ping flood	suspicious	KL, PCA
network_scan_ICMP_ecrq_ICMP_ecrp_response	Ping flood	suspicious	KL, PCA
small_network_scan_SYN	SYN attack	suspicious	PCA
reflection_attack_UDP	HTTPS traffic	suspicious	PCA
network_scan_SYN	SYN attack	suspicious	Gamma, PCA
network_scan_SYN	SYN attack	suspicious	PCA
network_scan_ICMP_ecrq_ICMP_ecrp_response	Ping flood	suspicious	Gamma, PCA
multipoint_to_point	HTTPS traffic	anomalous	Hough, PCA
alpha_flow	HTTPS traffic	anomalous	Hough
alpha_flow	HTTPS traffic	anomalous	Hough
alpha_flow	HTTPS traffic	anomalous	Hough
alpha_flow	HTTPS traffic	anomalous	Hough
multipoint_to_point	HTTPS traffic	anomalous	Hough, Gamma, PCA
ipv4_gre_tunnel	Other	anomalous	Hough, Gamma, PCA
point_to_multipoint_low_activity	Other	anomalous	Hough, KL, PCA
point_to_multipoint	FIN attack	anomalous	Hough
point_to_multipoint	SYN attack	anomalous	Hough
point_to_multipoint	SYN attack	anomalous	Hough
multipoint_to_point	SYN attack	anomalous	Hough
multipoint_to_point	RST attack	anomalous	Hough
multipoint_to_point	Other	anomalous	Hough, Gamma, PCA
multipoint_to_point	Other	anomalous	Hough, Gamma, KL, PCA
multipoint_to_point	HTTPS traffic	anomalous	Gamma, PCA
point_to_multipoint	SYN attack	anomalous	Gamma
multipoint_to_point	HTTPS traffic	anomalous	Gamma
icmp_error	Ping flood	anomalous	Gamma
icmp_error	Ping flood	anomalous	Gamma
icmp_error	Ping flood	anomalous	Gamma
small_alpha_flow	HTTPS traffic	anomalous	Gamma
multipoint_to_multipoint	HTTPS traffic	anomalous	Gamma, PCA
multipoint_to_point	HTTPS traffic	anomalous	Gamma, PCA
point_to_multipoint_HTTP	SYN attack	anomalous	Hough, Gamma, PCA
multipoint_to_multipoint	SYN attack	anomalous	Hough, Gamma, KL, PCA
multipoint_to_point	HTTPS traffic	anomalous	Gamma, PCA
ipv4_gre_tunnel	Other	anomalous	Hough, Gamma, PCA
multipoint_to_point	HTTPS traffic	anomalous	Gamma, PCA
multipoint_to_multipoint	HTTPS traffic	anomalous	Hough, Gamma, PCA
multipoint_to_multipoint	SYN attack	anomalous	Hough, Gamma, PCA
multipoint_to_point_HTTP	HTTP traffic	anomalous	PCA
multipoint_to_point	Other	anomalous	Gamma, PCA
point_to_multipoint	Other	anomalous	Hough, Gamma, PCA
point_to_multipoint	Other	anomalous	Hough, PCA
multipoint_to_multipoint	HTTPS traffic	anomalous	Gamma, PCA
multipoint_to_point	HTTPS traffic	anomalous	PCA
alpha_flow	HTTPS traffic	anomalous	PCA
multipoint_to_multipoint	HTTPS traffic	anomalous	Hough, Gamma, PCA
multipoint_to_multipoint	HTTPS traffic	anomalous	Hough, Gamma, PCA
multipoint_to_point	HTTPS traffic	anomalous	Hough, Gamma, PCA
multipoint_to_point	HTTPS traffic	anomalous	Gamma, PCA
point_to_multipoint	Other	anomalous	Gamma, PCA
alpha_flow	Other	anomalous	PCA
multipoint_to_multipoint	HTTPS traffic	anomalous	Hough, Gamma, PCA
multipoint_to_multipoint	HTTPS traffic	anomalous	Hough, Gamma, PCA
multipoint_to_multipoint	HTTPS traffic	anomalous	PCA
multipoint_to_point	HTTPS traffic	anomalous	Hough, Gamma, PCA
multipoint_to_point	HTTPS traffic	anomalous	PCA
multipoint_to_point	HTTPS traffic	anomalous	PCA
multipoint_to_point	HTTPS traffic	anomalous	Gamma, PCA
multipoint_to_point	HTTPS traffic	anomalous	Gamma, PCA
multipoint_to_multipoint	HTTP traffic	anomalous	Gamma, PCA
multipoint_to_point	HTTPS traffic	anomalous	PCA
point_to_multipoint	HTTPS traffic	anomalous	Hough, Gamma, PCA
multipoint_to_multipoint	SYN attack	anomalous	Gamma, PCA
point_to_multipoint	Other	anomalous	Hough, Gamma, KL, PCA
alpha_flow	HTTPS traffic	suspicious	Hough
alpha_flow	Other	suspicious	Hough
small_alpha_flow	HTTPS traffic	suspicious	Hough
small_alpha_flow	HTTPS traffic	suspicious	Hough
alpha_flow	Other	suspicious	Hough
small_alpha_flow	HTTPS traffic	suspicious	Hough
alpha_flow	HTTPS traffic	suspicious	Hough
alpha_flow	Other	suspicious	Hough
alpha_flow	Other	suspicious	Hough
alpha_flow	Other	suspicious	Hough
small_alpha_flow	HTTPS traffic	suspicious	Hough
alpha_flow	Other	suspicious	Hough
small_alpha_flow	HTTPS traffic	suspicious	Hough
alpha_flow	HTTPS traffic	suspicious	Hough
alpha_flow	Other	suspicious	Hough
alpha_flow	HTTPS traffic	suspicious	Hough
alpha_flow	HTTPS traffic	suspicious	Hough
alpha_flow	Other	suspicious	Hough
alpha_flow	HTTPS traffic	suspicious	Hough
alpha_flow	HTTPS traffic	suspicious	Hough
micro_alpha_flow	HTTPS traffic	suspicious	Hough
alpha_flow	Other	suspicious	Hough
small_alpha_flow	HTTPS traffic	suspicious	Hough
micro_alpha_flow	HTTPS traffic	suspicious	Hough
alpha_flow	HTTPS traffic	suspicious	Hough
small_alpha_flow	HTTPS traffic	suspicious	Hough
alpha_flow_HTTP	HTTP traffic	suspicious	Hough
alpha_flow	HTTPS traffic	suspicious	Hough
multipoint_to_point	HTTPS traffic	suspicious	Hough
multipoint_to_point_low_activity	Other	suspicious	Hough
point_to_multipoint	SYN attack	suspicious	Hough
multipoint_to_point	SSH attack	suspicious	Hough
point_to_point	Other	suspicious	Hough, Gamma
multipoint_to_point_low_activity	Other	suspicious	Gamma
multipoint_to_point_HTTP	Ping flood	suspicious	Gamma
multipoint_to_point	Other	suspicious	Gamma
multipoint_to_point	Ping flood	suspicious	Gamma
small_alpha_flow	SSH traffic	suspicious	Gamma
micro_alpha_flow	HTTPS traffic	suspicious	Gamma
multipoint_to_point	Ping flood	suspicious	Gamma
multipoint_to_point_HTTP	HTTP traffic	suspicious	Gamma
point_to_multipoint_low_activity	SYN attack	suspicious	Gamma
icmp_error	Ping flood	suspicious	Gamma
multipoint_to_point	Other	suspicious	Gamma
multipoint_to_point	SYN attack	suspicious	Gamma
point_to_multipoint	SYN attack	suspicious	Gamma
small_alpha_flow	Other	suspicious	KL
point_to_multipoint	HTTPS traffic	suspicious	PCA
multipoint_to_point	HTTPS traffic	suspicious	Gamma, PCA
multipoint_to_point	HTTPS traffic	suspicious	Hough, PCA
point_to_multipoint_HTTP	HTTP traffic	suspicious	PCA
point_to_multipoint_low_activity	HTTPS traffic	suspicious	PCA
point_to_multipoint_low_activity_HTTP	HTTP traffic	suspicious	PCA
multipoint_to_point	HTTPS traffic	suspicious	PCA
alpha_flow	HTTPS traffic	suspicious	PCA
point_to_multipoint_HTTP	HTTP traffic	suspicious	PCA
small_alpha_flow	HTTPS traffic	suspicious	PCA
point_to_point	SYN attack	suspicious	PCA
multipoint_to_multipoint	HTTP traffic	suspicious	Gamma, PCA
point_to_multipoint	Other	suspicious	Gamma, PCA
icmp_error	Ping flood	suspicious	PCA
multipoint_to_point	HTTPS traffic	suspicious	PCA
multipoint_to_point	HTTPS traffic	suspicious	PCA
multipoint_to_point	HTTPS traffic	suspicious	PCA
icmp_error	Ping flood	suspicious	PCA
multipoint_to_point	HTTPS traffic	suspicious	PCA
icmp_error	Ping flood	suspicious	PCA
multipoint_to_point	HTTPS traffic	suspicious	PCA
multipoint_to_point	HTTPS traffic	suspicious	PCA
multipoint_to_point	HTTPS traffic	suspicious	PCA
multipoint_to_point_HTTP	HTTP traffic	suspicious	PCA
icmp_error	Ping flood	suspicious	PCA
icmp_error	Ping flood	suspicious	PCA
icmp_error	Ping flood	suspicious	PCA
icmp_error	Ping flood	suspicious	PCA
small_alpha_flow	HTTPS traffic	suspicious	PCA
multipoint_to_multipoint	Other	suspicious	Gamma, PCA
multipoint_to_point	Other	suspicious	PCA
point_to_multipoint	SYN attack	suspicious	Gamma, PCA
multipoint_to_point	Other	suspicious	PCA
multipoint_to_point	Other	suspicious	PCA
multipoint_to_point	Other	suspicious	PCA
multipoint_to_point	Other	suspicious	PCA
multipoint_to_point	Other	suspicious	PCA
multipoint_to_point	SMB attack	suspicious	PCA
multipoint_to_point_low_activity	Other	suspicious	PCA
multipoint_to_point	Other	suspicious	PCA
multipoint_to_point_low_activity	HTTPS traffic	suspicious	PCA
heavy_hitter	HTTPS traffic	suspicious	PCA
alpha_flow	HTTPS traffic	suspicious	PCA
empty	Unknown	anomalous	Hough, Gamma, KL, PCA
empty	Unknown	anomalous	Gamma
empty	Unknown	anomalous	Gamma
empty	Unknown	anomalous	Gamma, KL, PCA
empty	Unknown	anomalous	Gamma, PCA
empty	Unknown	suspicious	Hough
empty	Unknown	suspicious	Hough
empty	Unknown	suspicious	Gamma, KL
empty	Unknown	suspicious	Gamma
empty	Unknown	suspicious	Gamma
Taxonomy	Heuristic	Label	Detectors

Other:

"Notice" labels (admd file): 20230527_notice.xml
"Notice" labels (csv file): 20230527_notice.csv