Border Gateway Protocol routing records from Reseaux IP Europeens (RIPE) and BCNET
收藏Mendeley Data2024-03-27 更新2024-06-28 收录
下载链接:
https://ieee-dataport.org/open-access/border-gateway-protocol-routing-records-reseaux-ip-europeens-ripe-and-bcnet
下载链接
链接失效反馈官方服务:
资源简介:
Three well-known Border Gateway Anomalies (BGP) anomalies Slammer, Nimda, and Code Red I occurred in January 2003, September 2001, and July 2001, respectively. The Reseaux IP Europeens (RIPE) BGP update messages are publicly available from the Network Coordination Centre (NCC)and contain Slammer, Nimda, Code Red I, and regular data: https://www.ripe.net/analyse/. Regular data are also collected from BCNET: http://www.bc.net/.Slammer infected Microsoft SQL servers through a small piece of code that generated IP addresses at random. The number of infected machines doubled approximately every 9 seconds. Nimda exploited vulnerabilities in the Microsoft Internet Information Services (IIS) web servers for Internet Explorer 5. The worm propagated by sending an infected attachment that was automatically downloaded once the email was viewed. The Code Red I worm attacked Microsoft IIS web servers by replicating itself through IIS server weaknesses Unlike the Slammer worm, Code Red I searched for vulnerable servers to infect. The rate of infection was doubling every 37 minutes. 37 features are extracted from BGP update messages that originated from AS 513 (route collector rrc 04). The data collected during periods of Internet anomalies include: five-day period for Slammer and Code Red I (the day of the attack as well as two days prior and two days after the attack); seven-day period for Nimda (two and a half days of the attack as well as two and a half days prior and two days after the attack). Note that there are 31 missing data points in the Nimda dataset. http://www.sfu.ca/~ljilja/cnl/projects/BGP_datasets/index.html
三起知名的边界网关协议(Border Gateway Protocol,BGP)异常事件分别为Slammer、Nimda与Code Red I,其爆发时间依次为2003年1月、2001年9月及2001年7月。欧洲IP网络(Reseaux IP Europeens,RIPE)的BGP更新报文可从其网络协调中心(Network Coordination Centre,NCC)公开获取,该数据集涵盖Slammer、Nimda、Code Red I相关流量与正常流量,公开地址为https://www.ripe.net/analyse/。正常流量还可从BCNET获取,地址为http://www.bc.net/。Slammer蠕虫通过一段随机生成IP地址的小型代码感染Microsoft SQL服务器,受感染主机数量约每9秒翻倍一次。Nimda蠕虫利用适用于Internet Explorer 5的Microsoft互联网信息服务(Internet Information Services,IIS)Web服务器漏洞进行传播,该蠕虫通过发送感染附件实现扩散,收件人查看邮件后会自动下载该附件。Code Red I蠕虫则通过利用IIS服务器的漏洞实现自我复制,以此攻击Microsoft IIS Web服务器。与Slammer蠕虫不同,Code Red I会主动搜索存在漏洞的服务器进行感染,其感染速率约每37分钟翻倍一次。研究人员从自治系统(Autonomous System,AS)513(路由采集器rrc 04)生成的BGP更新报文中提取了37项特征。针对互联网异常事件期间的采集数据时段设置如下:Slammer与Code Red I事件的数据采集周期为5天(包含攻击当日、攻击前后各2天);Nimda事件的数据采集周期为7天(包含攻击时段2.5天、攻击前后各2.5天)。需注意,Nimda数据集中共存在31条缺失数据。该数据集的公开获取地址为http://www.sfu.ca/~ljilja/cnl/projects/BGP_datasets/index.html。
创建时间:
2023-06-28



