attack_dataset_for_classification_and_response_analysis

We developed a security monitoring framework that begins with collecting raw data from the monitored host system using Windows Management Instrumentation (WMI). For every running process, the system gathers detailed metrics including CPU and memory usage, threads, handlers, disk I\/O operations, and network activity. Key CPU metrics such as PercentCpuUsage and PercentProcessorTime are instrumental in detecting CPU-intensive attacks like DoS\/DDoS. Memory-related indicators\u2014such as rss, vms, and PrivatePageCount\u2014help reveal exploitations like shellcode execution or unauthorized code injection. Additionally, I\/O and TCP connection metrics\u2014such as ReadTransferCount, WriteTransferCount, TcpBytesSent, and TcpBytesReceived\u2014can indicate suspicious activities like data exfiltration or unauthorized file modifications. Kernel-level metrics such as QuotaPagedPoolUsage and PoolNonpagedBytes further enrich the monitoring capability.