Question about attack related uuid

[cmh14]

Hello, sir. Thanks for your paper and open-source codes which provide great help. Here are still some doubts I want to ask. In the appendix G of your paper, you have introduced a labeling methodology. I am quite curious about how it was implemented, especially the determining of the uuid associated with the attack. I want to label new scenes in DARPA-TC groundtruth pdf. Would you mind sharing the code of this application. Waiting for your reply. 

[Jimmyokok]

In this paper, we tried the labeling methodology in Appendix G with manual labour (simply manually examine attack-relevant log files, search for attack entity names and examine other entities related to them) and it worked. However this approach is extremely effort-consuming, necessitating the construction of a uuid-to-entity-name mapping before labeling. We have a quite primitive parser capable of doing this and we are happy to send you a copy if you could leave your email.

[cmh14]

Thank you sir, my email address is malwaretraffic@163.com. I have followed a similar procedure to label attack-related entities, but just in the dataset of cadets I get 5655477 entities related to attack. I think this number is too big and needs some cutting operations.