Serial Number: 11
Year: 2009
Kind of Traffic: Simulated
Publicly Available: Yes
Count of Records: 6.5TB
Features Count:
No. of citations: 192
Attack Type: DoS, malware, scans, etc
Download Links: https://impactcybertrust.org/dataset_view?idDataset=742
Abstract: The DARPA 2009 intrusion detection data set was developed at the MIT Lincoln Lab using simulated traffic to simulate traffic between a /16 subnet (172.28.0.0/16) and the Internet. This data set covers a 10-day period between November 3rd and November 12th, 2009. It includes simulated SMTP, DNS and HTTP background data. The data set includes a variety of security events and types of attack. This includes denial-of-service attacks and worms that have been parameterized to exhibit different propagation characteristics. The dataset consists of approximately 7000 pcap files totalling approximately 6.5TB in size. Each pcap file is just under 1000MB in size. Depending on the traffic rate, each file typically covers one to two minutes of time. The dataset was analysed using various tools. The main tools used were tcpdump and Argus. The data in the pcap files is aggregated into per day flows for analysis. That was accomplished with the argus tool. A number of Argus tools were used to analyse and generate statistics about the dataset. The DARPA dataset includes four kinds of attacks: probing, (U2R) user-to-root, (DOS) denial of service, and (R2L) remote-to-local. The DARPA dataset has labelled and unlabelled records.