PANDAcap SSH Honeypot Dataset
收藏Mendeley Data2024-06-25 更新2024-06-27 收录
下载链接:
https://zenodo.org/record/3759652
下载链接
链接失效反馈官方服务:
资源简介:
This is a dataset of 63 PANDA traces, collected using the PANDAcap framework. The dataset aims to offer a starting point for the analysis of ssh brute force attacks. The traces were collected through the course of approximately 3 days from 21 to 23 February 2020. A VM was configured using PANDAcap so that it accepts all passwords for user root. When an ssh session starts for the user, PANDA is signaled by the recctrl plugin to start recording for 30'. You can read more details about the experimental setup and an overview of the dataset EuroSec 2020 publication: Manolis Stamatogiannakis, Herbert Bos, and Paul Groth. PANDAcap: A Framework for Streamlining Collection of Full-System Traces. In Proceedings of the 13th European Workshop on Systems Security, EuroSec '20, Heraklion, Greece, April 2020. doi: 10.1145/3380786.3391396, preprint: vusec.net The dataset is split in 3 zip files/directories: rr: Contains the 63 PANDA traces of the dataset. The traces are in the upcoming RRArchive format. Note that PANDA support for the format is still wip at the time of writing (April 2020). If you need to downgrade to the traditional PANDA trace format, you can use the snippet in foo. qcow: Contains the QCOW base image (ubuntu16-planb.qcow2) used to create the dataset, as well as the disk deltas for the 63 traces. These can be mounted to inspect the contents of the filesystem before and after each session. and disk deltas for the 63 traces. Quick instructions on how to mount and inspect a QCOW image can be found below. pcap: Contains the pcap network traces for the sessions in the PANDA traces. These have been extracted using the PANDA network plugin. We decided to also include them in the dataset as standalone files for convenience. Additionally, we provide the PANDA linux kernel profile ubuntu16-planb-kernelinfo.conf, which can be used to analyze the traces using the PANDA osi_linux plugin. Additional information: To convert RRArchive traces to the traditional PANDA format, run the following snippet inside the rr directory: for f in *.tar.gz; do
tar -zxvf "$f" --exclude=PANDArr --xform='s%/%-%' --xform='s%-metadata%%'
rm -f "$f"
done If you wish to reuse the VM image in your project, it is available as a standalone download through academictorrents.com, along with more detailed information on its contents. If you wish to download individual samples rather than the whole dataset, you can use the dataset torrent file available through academictorrents.com. Unlike this Zenodo deposit, the files in the torrent have not been zipped. A better formatted (and possibly more up-to-date) version of this information can be found here.
本数据集包含63条PANDA轨迹(PANDA trace),采用PANDAcap框架采集完成,旨在为SSH暴力破解攻击分析提供初始研究基准。本次数据采集周期为2020年2月21日至23日,共计约3天。
我们通过PANDAcap配置了一台虚拟机,使其允许root用户使用任意密码完成登录。当该用户发起SSH会话时,recctrl插件(recctrl plugin)会向PANDA发送信号,启动30分钟的轨迹录制。
有关实验设置细节与数据集整体概览的更多内容,可参阅2020年EuroSec会议发表的论文:Manolis Stamatogiannakis、Herbert Bos与Paul Groth所著《PANDAcap:简化全系统轨迹采集的框架》,收录于第13届欧洲系统安全研讨会(EuroSec '20)论文集,希腊伊拉克利翁,2020年4月。DOI: 10.1145/3380786.3391396,预印本可访问vusec.net。
本数据集分为3个压缩包/目录:
1. rr目录:存储本数据集全部63条PANDA轨迹,轨迹采用拟正式推出的RRArchive格式(RRArchive format)。请注意,截至2020年4月本文撰写时,PANDA对该格式的支持仍处于开发阶段(wip,即work in progress)。若需降级至传统PANDA轨迹格式,可使用foo目录下的代码片段完成转换。
2. qcow目录:包含用于构建本数据集的QCOW基础镜像(ubuntu16-planb.qcow2),以及63条轨迹对应的磁盘增量文件。挂载该镜像即可查看每次会话前后的文件系统内容。有关挂载与检查QCOW镜像的快速指南可参阅下文。
3. pcap目录:存储对应PANDA轨迹中各会话的网络PCAP轨迹文件,此类文件通过PANDA网络插件提取得到。为便于使用,我们将其作为独立文件纳入数据集。此外,我们还提供了PANDA Linux内核配置文件ubuntu16-planb-kernelinfo.conf,可配合PANDA的osi_linux插件(osi_linux plugin)完成轨迹分析。
### 附加说明
1. 格式转换:若需将RRArchive格式轨迹转换为传统PANDA格式,请在rr目录中执行如下命令:
for f in *.tar.gz; do
tar -zxvf "$f" --exclude=PANDArr --xform='s%/%-%' --xform='s%-metadata%%'
rm -f "$f"
done
2. 虚拟机镜像与资源获取:若需在项目中复用该虚拟机镜像,可通过academictorrents.com获取其独立下载版本,同时可获得更详细的镜像内容说明。若仅需下载部分样本而非完整数据集,可通过academictorrents.com提供的数据集种子文件获取。与本Zenodo存档不同,种子分发的文件未经过压缩。
3. 本说明的更规范排版版本(或包含更新内容的版本)可在此处查阅。
创建时间:
2023-06-28
搜集汇总
数据集介绍

背景与挑战
背景概述
该数据集包含63个PANDA追踪文件,专门用于分析SSH暴力攻击,数据收集于2020年2月21日至23日,通过配置虚拟机接受所有root用户密码来记录SSH会话。数据集分为rr、qcow和pcap三部分,分别提供追踪文件、虚拟机镜像和网络数据,支持安全研究和攻击行为分析。
以上内容由遇见数据集搜集并总结生成



