零日漏洞利用行为分析系统数据集

数据集根目录下分2个子目录，“01-攻击行为检测规则数据子集”和“02-攻击检测模型训练数据子集”。“01-攻击行为检测规则数据子集”主要为检测攻击行为的规则文件，该数据集是通过Snort.org、emergingthreats.net、suricata.io等公开渠道获取检测规则，并在此基础上进行整理、优化得到的数据集。该数据集的规则涵盖针对SQL注入攻击、缓冲区溢出攻击、通用漏洞利用攻击、Exploit Kit攻击、ActiveX控件漏洞利用、Shellcode注入与执行、跨站脚本攻击、CSRF攻击、命令注入攻击、恶意软件传播、加密货币挖矿、蠕虫传播、僵尸网络命令与控制、浏览器攻击、网络钓鱼、广告软件与潜在有害程序、端口扫描与探测、漏洞扫描行为、RPC远程过程调用攻击、DNS攻击、FTP协议攻击、SMTP邮件协议攻击、POP3/IMAP协议攻击、Telnet协议攻击、SNMP协议攻击、NetBIOS/SMB攻击、VoIP协议攻击、拒绝服务攻击（DoS/DDoS）、ICMP协议攻击、SCADA系统攻击等30余种常见网络攻击行为的检测规则。“02-攻击检测模型训练数据子集”源自UNSW-NB15数据集，该数据集是由澳大利亚新南威尔士大学（UNSW）网络安全实验室于2015年发布的现代网络入侵检测基准数据集。该数据集旨在解决传统数据集（如KDD99）特征过时、攻击场景单一等问题，通过模拟真实网络环境中的混合流量，为入侵检测系统的研究与评估提供更贴近现实的测试数据。该数据集包含正常流量和多种攻击流量，利用该数据集训练出的模型可以检测端口扫描、网络测绘、垃圾邮件、HTML渗透、后面攻击、拒绝服务攻击、漏洞利用、模糊测试、Shellcode、蠕虫、密码分析等10余种攻击行为。数据集种的数据共包含49个特征。

There are two subdirectories under the root directory of this dataset: "01-Attack Behavior Detection Rule Data Subset" and "02-Attack Detection Model Training Data Subset". The "01-Attack Behavior Detection Rule Data Subset" mainly consists of rule files for detecting attack behaviors. This dataset is compiled and optimized based on detection rules obtained from public sources including Snort.org, emergingthreats.net, suricata.io and other platforms. The rules in this dataset cover detection rules for more than 30 types of common network attack behaviors, including SQL injection attacks, buffer overflow attacks, generic vulnerability exploitation attacks, Exploit Kit attacks, ActiveX control vulnerability exploitation, Shellcode injection and execution, cross-site scripting (XSS) attacks, cross-site request forgery (CSRF) attacks, command injection attacks, malware propagation, cryptocurrency mining, worm propagation, botnet command and control (C2) attacks, browser attacks, phishing, adware and potentially unwanted programs (PUPs), port scanning and probing, vulnerability scanning behaviors, RPC (Remote Procedure Call) attacks, DNS attacks, FTP protocol attacks, SMTP email protocol attacks, POP3/IMAP protocol attacks, Telnet protocol attacks, SNMP protocol attacks, NetBIOS/SMB attacks, VoIP protocol attacks, denial-of-service (DoS/DDoS) attacks, ICMP protocol attacks, and SCADA system attacks. The "02-Attack Detection Model Training Data Subset" is derived from the UNSW-NB15 dataset, which is a modern network intrusion detection benchmark dataset released in 2015 by the Cybersecurity Laboratory of the University of New South Wales (UNSW), Australia. This dataset aims to address the issues of outdated features and single attack scenarios in traditional datasets (such as KDD99). By simulating mixed traffic in real-world network environments, it provides more realistic test data for the research and evaluation of intrusion detection systems. This dataset contains both normal traffic and various types of attack traffic. Models trained using this dataset can detect more than 10 types of attack behaviors, including port scanning, network mapping, spam emails, HTML infiltration, backdoor attacks, denial-of-service attacks, vulnerability exploitation, fuzz testing, Shellcode, worms, and cryptanalysis. The data in this dataset contains a total of 49 features.