Serial Number: 25
Year: 2013
Kind of Traffic: Real
Publicly Available: Yes
Count of Records: 2.4GB flows
Features Count:
No. of citations: 88
Attack Type: SSH attacks
Download Links: Not Available
Abstract: For detecting SSH attacks, Hofstede et al proposes SSHCure tool. Two data sets (each for one month) were collected from a university of Twente’s campus network to assess their work in November and December 2013 and January and February 2014 respectively. The network has routable /16 IPV4 address block from which 25k addresses are actively used. The resulting data sets are accessible to the public and contain only SSH traffic. The authors gave additional log files based on host that could be used to determine whether or not SSH login attempts were successful, instead of labelling flow-based network traffic directly. The number of honeypots, servers, workstations and attacks in dataset1 are 13, 0, 0, 632 and in dataset2 are 0, 76, 4, 10716.