PAM13 dataset (Reputation Block Lists) (06/20/2012 to 06/26/2012)

This dataset was used to analyze the impact of network reputation on Merit's traffic (related publication is "Jing Zhang et al., Characterization of Blacklists and Tainted Network Traffic" (PAM'13)). Using NetFlow collected at Merit from June 20, 2012 to June 26, 2012, and based on 12 commonly used reputation blacklists (that cover spam, phishing/malware and active attacks), we treated Netflow traffic as "tainted" if one or both of the source and destination IPs are listed by the Reputation Black Lists (RBLs). Each directory includes the traffic (anonymized) tainted by the corresponding RBL (as indicated by the directory name). *all* directory contains tainted traffic by the union of all the blacklists. The NetFlow is aggregated by hour. The blacklists used are: brbl cbl dshield hphosts phisht sbl surbl uce wpbl

本数据集用于分析网络信誉对Merit流量的影响，相关学术文献为《Jing Zhang等：黑名单与受污染网络流量特征分析》（PAM'13）。本次研究使用了2012年6月20日至6月26日期间于Merit处采集的NetFlow流量，并基于12种覆盖垃圾邮件、网络钓鱼/恶意软件及主动攻击场景的常用信誉黑名单，将源IP、目的IP任一或两者被信誉黑名单（Reputation Black Lists, RBLs）收录的NetFlow流量标记为“受污染流量”。每个目录均存储对应黑名单（以目录名标识）标记的匿名受污染流量。*all*目录则存储所有黑名单联合覆盖的受污染流量。所有NetFlow流量均按小时聚合。本次使用的黑名单包括：brbl、cbl、dshield、hphosts、phisht、sbl、surbl、uce、wpbl。