[Bro] suggestion request
Oğuz Yarımtepe
oguzyarimtepe at gmail.com
Mon Sep 30 01:59:39 PDT 2013
Hi,
For the ones dealing with machine learning KDD Cup 99 dataset is used
widely for testing the algorithm proposed. (
http://kdd.ics.uci.edu/databases/kddcup99/task.html)
The data set is created with some features defined at Table 1, Table 2 and
Table 3. Now i would like to test my algorithm with the real data so i will
collect traffic and convert it to KDD Cup 99 format. I am searching a
method.
How can i gather or calculate the properties at Table2? The properties are
number of ``hot'' indicators: meaning hidden directory creation
number of failed login attempts
1 if successfully logged in; 0 otherwise
number of ``compromised''continuous
1 if root shell is obtained; 0 otherwise
1 if ``su root'' command attempted; 0 otherwise
number of ``root'' accesses
number of file creation operations
number of shell prompts
number of operations on access control files
number of outbound commands in an ftp session
So it seems payload analysis is required? Anybody who had experience with
such thing or any suggestion? I will be listening a mirrored port and
saving the traffic data to db. Can Bro Time Machine help me on this issue?
Cheers.
--
Oğuz Yarımtepe
http://about.me/oguzy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20130930/9138dab3/attachment.html
More information about the Bro
mailing list