Difference between revisions of "SSH datasets"
From SimpleWiki
Jump to navigationJump to search (Started working on dataset description) |
(Started working on flow data anonymization subsection) |
||
| Line 29: | Line 29: | ||
# '''Filtering''': Only SSH data has been selected, i.e., the following [http://nfdump.sf.net nfdump] filter has been used: ''port 22 and proto tcp''. | # '''Filtering''': Only SSH data has been selected, i.e., the following [http://nfdump.sf.net nfdump] filter has been used: ''port 22 and proto tcp''. | ||
| − | # '''Anonymization''': | + | # '''Anonymization''': [http://nfdump.sf.net nfanon] has been used for anonymizing the flow data in a [http://www.caida.org/projects/predict/anonymization/ prefix-preserving] manner. More precisely, nfanon relies on the [http://www.cc.gatech.edu/computing/Telecomm/projects/cryptopan/ CryptoPAn] (Cryptography-based Prefix-preserving Anonymization) module. |
=== Log files === | === Log files === | ||
== Scripts == | == Scripts == | ||
Revision as of 08:22, 3 August 2014
This page provides access to the materials accompanying the following publication:
SSH Compromise Detection using NetFlow/IPFIX
Rick Hofstede, Luuk Hendriks, Anna Sperotto, Aiko Pras. In: ACM Computer Communication Review, 2014.
More information regarding this publication can be found here. Any usage of materials provided on this page should reference this publication.
Contents
Datasets
| Name | File Size | Hosts |
|---|---|---|
| Flow data | x GB | 333 |
| Log files | x GB | 333 |
Some results derived from these data can be found in here.
Flow data
The flow data has been exported by a Cisco Catalyst 6500 with SUP2T supervisor module (PFC4, MSFC 5), and collected using nfcapd. Neither packet sampling nor flow sampling have been applied. The following post-processing operations have however been performed:
- Filtering: Only SSH data has been selected, i.e., the following nfdump filter has been used: port 22 and proto tcp.
- Anonymization: nfanon has been used for anonymizing the flow data in a prefix-preserving manner. More precisely, nfanon relies on the CryptoPAn (Cryptography-based Prefix-preserving Anonymization) module.
