SSH Username Enumeration Attack Detection Dataset
收藏Zenodo2021-10-12 更新2026-05-25 收录
下载链接:
https://zenodo.org/record/5564662
下载链接
链接失效反馈官方服务:
资源简介:
The dataset is collected from a closed-environment network using network monitoring tools installed in the data collection point. The dataset generation was achieved through the use of common vulnerabilities and exposures (CVE) with the identification number CVE-2018-15473 retrieved from the public exploits database and pcap file of normal traffic obtained from public training repository. A total of 36,273 instances were collected with two classes <em>“username enumeration attack”</em> and “<em>non-username enumeration</em>”. We chose the terms <em>“username enumeration attack”</em> and “<em>non-username enumeration</em>” instead of the traditional <em>“attack”</em> and <em>“normal”</em> label notations since <em>“</em>normal<em>”</em> traffic data could contain attacks other than username enumeration attack. The username enumeration attack corresponds to the attack traffic while non-username enumeration traffic corresponds to the normal traffic. This traffic reflects different services including emails, DNS, HTTP, web, few to mention. Several data preprocessing techniques were carried out including categorical encoding. Both label encoding and one hot encoding techniques were used to transform categorical feature values into numerical feature values. Hence, two types of datasets were generated.
本数据集通过部署于数据采集节点的网络监控工具,在封闭环境网络中采集所得。数据集生成环节中,我们从公开漏洞利用数据库获取了标识为CVE-2018-15473的通用漏洞与披露(Common Vulnerabilities and Exposures, CVE)样本,并从公开训练仓库中获取正常流量的pcap文件。本次采集共获得36273条数据样本,分为两类:<em>"用户名枚举攻击"</em>与<em>"非用户名枚举"</em>。相较于传统的"攻击"与"正常"标签命名方式,我们选用<em>"用户名枚举攻击"</em>与<em>"非用户名枚举"</em>作为分类标签,原因在于<em>"正常"</em>流量数据中可能包含用户名枚举攻击之外的其他攻击行为。其中,用户名枚举攻击对应攻击流量,非用户名枚举流量对应正常流量。该流量涵盖邮件、域名系统(Domain Name System, DNS)、超文本传输协议(HyperText Transfer Protocol, HTTP)、Web服务等多种类型,不一而足。本数据集已完成多项数据预处理操作,其中包含类别特征编码环节:我们分别采用标签编码与独热编码两种方式,将类别型特征值转换为数值型特征值,最终生成两类数据集。
提供机构:
Zenodo创建时间:
2021-10-12



