search

tklab-tud / ID2T

Official ID2T repository. ID2T creates labeled IT network datasets that contain user defined synthetic attacks.
MIT License
56 stars 22 forks source link

Label files with multiple attacks are wrong #92

Open pepper-jk opened 5 years ago

pepper-jk commented 5 years ago

First attack in original label file:

<attack>
    <name>DDoSAttack</name>
    <note></note>
    <seed>301519677020500263716745499112853019373</seed>
    <injected_packets>268</injected_packets>
    <timestamp_start>
        <timestamp>1522558811.107838</timestamp>
        <timestamp_hr>2018-04-01 05:00:11.107838</timestamp_hr>
    </timestamp_start>
    <timestamp_end>
        <timestamp>1522558820.82536</timestamp>
        <timestamp_hr>2018-04-01 05:00:20.825360</timestamp_hr>
    </timestamp_end>
    <parameters>
        <inject.at-timestamp user_specified="False">1522558811.107838</inject.at-timestamp>
        <ip.src user_specified="False">['4.115.112.132', '16.216.136.189', '61.203.93.215']</ip.src>
        <mac.src user_specified="False">['3c:50:94:e5:96:b5', 'd0:75:31:87:e0:53', '14:67:9a:9c:34:3f']</mac.src>
        <port.src user_specified="False">51388</port.src>
        <packets.per-second user_specified="True">500.0</packets.per-second>
        <attack.duration user_specified="True">10</attack.duration>
        <ip.dst user_specified="False">54.158.146.175</ip.dst>
        <mac.dst user_specified="True">66:66:66:66:66:66</mac.dst>
        <victim.buffer user_specified="False">4187</victim.buffer>
        <bandwidth.max user_specified="True">5.12</bandwidth.max>
        <bandwidth.min.local user_specified="False">0.0</bandwidth.min.local>
        <bandwidth.min.public user_specified="False">0.0</bandwidth.min.public>
        <latency.max user_specified="False">0.0</latency.max>
        <attackers.count user_specified="True">1</attackers.count>
    </parameters>
</attack>

First attack in the newly created label file:

<attack>
    <name>DDoSAttack</name>
    <note></note>
    <seed>{&lt;Parameter.INJECT_AT_TIMESTAMP: 'inject.at-timestamp'&gt;: ValuePair(value=1522558811.107838, user_specified=False), &lt;Parameter.PORT_SOURCE: 'port.src'&gt;: ValuePair(value=51388, user_specified=False), &lt;Parameter.PACKETS_PER_SECOND: 'packets.per-second'&gt;: ValuePair(value=500.0, user_specified=True), &lt;Parameter.ATTACK_DURATION: 'attack.duration'&gt;: ValuePair(value=10, user_specified=True), &lt;Parameter.IP_DESTINATION: 'ip.dst'&gt;: ValuePair(value='54.158.146.175', user_specified=False), &lt;Parameter.MAC_DESTINATION: 'mac.dst'&gt;: ValuePair(value='66:66:66:66:66:66', user_specified=True), &lt;Parameter.VICTIM_BUFFER: 'victim.buffer'&gt;: ValuePair(value=4187, user_specified=False), &lt;Parameter.BANDWIDTH_MAX: 'bandwidth.max'&gt;: ValuePair(value=5.12, user_specified=True), &lt;Parameter.BANDWIDTH_MIN_LOCAL: 'bandwidth.min.local'&gt;: ValuePair(value=0.0, user_specified=False), &lt;Parameter.BANDWIDTH_MIN_PUBLIC: 'bandwidth.min.public'&gt;: ValuePair(value=0.0, user_specified=False), &lt;Parameter.LATENCY_MAX: 'latency.max'&gt;: ValuePair(value=0.0, user_specified=False), &lt;Parameter.NUMBER_ATTACKERS: 'attackers.count'&gt;: ValuePair(value=1, user_specified=True)}</seed>
    <injected_packets>301519677020500263716745499112853019373</injected_packets>
    <timestamp_start>
        <timestamp>1522558811.107838</timestamp>
        <timestamp_hr>2018-04-01 05:00:11.107838</timestamp_hr>
    </timestamp_start>
    <timestamp_end>
        <timestamp>1522558820.82536</timestamp>
        <timestamp_hr>2018-04-01 05:00:20.825360</timestamp_hr>
    </timestamp_end>
    <parameters/>
</attack>