Border Gateway Protocol (BGP) routing records from Route Views

Three well-known Border Gateway Anomalies (BGP) anomalies: WannaCrypt, Moscow blackout, and Slammer, occurred in May 2017, May 2005, and January 2003, respectively. The Route Views BGP update messages are publicly available from the University of Oregon Route Views Project and contain: WannaCrypt, Moscow blackout, and Slammer: http://www.routeviews.org/routeviews/. - WannaCrypt (WannaCry) is a cryptoworm ransomware that works by gaining administrative privileges and employs the EternalBlue exploit and DoublePulsar backdoor in systems running Microsoft Windows 7. - The Chagino substation of the Moscow energy ring experienced a transformer failure on May 24, 2005 at 20:57 (MSK). The event caused a complete shutdown of the substation and a blackout that affected all customer until 16:00 (MSK) of May 26, 2005. During the blackout, the Internet traffic exchange point MSK-IX was disconnected from 11:00 to 17:00 (MSK). Note that there are 205 missing data points in the Moscow blackout dataset. - Slammer infected Microsoft SQL servers through a small piece of code that generated IP addresses at random. The number of infected machines doubled approximately every 9 seconds. Note that there are 12 missing data points in the Slammer dataset. 37 features are extracted from BGP update messages that originated from route collector route-views2. The data collected during periods of Internet anomalies include: - eight-day period for WannaCrypt (four days of the attack as well as two days prior and two days after the attack); - five-day period for Moscow blackout and Slammer (the day of the attack as well as two days prior and two days after the attack). http://www.sfu.ca/~ljilja/cnl/projects/BGP_datasets/index.html

三项著名的边界网关协议（BGP）异常事件，即 WannaCrypt、莫斯科停电和 Slammer，分别发生于 2017 年 5 月、2005 年 5 月和 2003 年 1 月。俄勒冈大学路由视图项目公开提供的路由视图 BGP 更新消息包含：WannaCrypt、莫斯科停电和 Slammer：http://www.routeviews.org/routeviews/。WannaCrypt（WannaCry）是一种加密勒索软件，通过获取系统管理员权限，在运行 Microsoft Windows 7 的系统中使用永恒之蓝漏洞和 DoublePulsar 后门进行攻击。莫斯科能源环的 Chagino 变电站于 2005 年 5 月 24 日 20:57（莫斯科时间）发生变压器故障。该事件导致变电站完全关闭，并于 2005 年 5 月 26 日 16:00（莫斯科时间）恢复供电，期间造成对所有客户的停电。在停电期间，互联网交换点 MSK-IX 从 11:00 到 17:00（莫斯科时间）与互联网断开连接。请注意，莫斯科停电数据集中有 205 个数据点缺失。Slammer 通过一小段生成随机 IP 地址的代码感染了 Microsoft SQL 服务器。感染机器的数量大约每 9 秒翻倍一次。请注意，Slammer 数据集中有 12 个数据点缺失。从路由收集器 route-views2 发起的 BGP 更新消息中提取了 37 个特征。在互联网异常期间收集的数据包括：WannaCrypt 的八天周期（攻击的四天以及攻击前后的两天）；莫斯科停电和 Slammer 的五天周期（攻击当天以及攻击前后的两天）。http://www.sfu.ca/~ljilja/cnl/projects/BGP_datasets/index.html