Open hungdino opened 3 years ago
Hi Wei Ting,
Thanks.
Hi, Khoi
BTW I found that ATT&CK is using the term 'Exploit Public-Facing Application' instead of 'Exploit Public Application' now. I simply adjusted that and added some comments for possible further labeling (not suitable for current 3-stages framework though) in a Pull Request.
Thanks!
@buihuukhoi Hi Khoi, I squashed the commits as you asked and opened another Pull Request for that. Besides this, Professors (mainly Professor Lin, but also Professor Huang) want to ask you opinion towards refining labeling of attacks. Wether to
I listed out some ideas about the mentioned 2 approaches.
Approach 1: Relating Codes: Reproduction Module(Attack) Data Collection Module Data Storage Labeling Module Pros: Thorough and make CREME flexible to be able to launch attacks in multi-stages. Cons: Complicated, covering most part of CREME makes it difficult to adjust
Approach 2: Relating Codes: Data Collection Module Data Storage Feature Extracting Module Labeling Module Pros: Left Reproduction Module(Attack) untouched Cons: Feature Extracting Module would need more adjustment to fit into this solution
Are you ok with talking by Skype at 17/10 10 AM? If yes, please send me your Skype ID by email. Thanks
Soory for the late reply, I have a lecture every Sunday morning, maybe Saturday morning or Sunday afternoon? My Skype contact: https://join.skype.com/invite/bYIc4BAXgJ5G
Hi Khoi,
I am undergraduate student, Wei Ting. I am trying to enhance labeling for CREME recently. In CREME_backend_execution/classes/CREME.py, I found that you updated labels of each scenario 12 days ago. (Commit: [fix bugs] update tactic, technique, subtechnique for attack scenario…) I am wondering that
Best Regards, Wei Ting
I attach def process_data_mirai as example here.
labels = [1, 1, 1] # only for syslog tactic_names = ['Initial Access', 'Command and Control', 'Impact'] technique_names = ['Valid Accounts', 'Non-Application Layer Protocol', 'Network Denial of Service'] sub_technique_names = ['Local Accounts', 'Non-Application Layer Protocol', 'Direct Network Flood']