LANDER:DARPA 2009 DDoS attack-20091105 From Predict Jump to navigation Jump to search The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead. README version: 4383, last modified: 2014-12-9. This file describes the trace dataset "DARPA_2009_DDoS_attack-20091105" provided by the LANDER project. The most recent version of this file can be found on-line at https://wiki.isi.edu/predict/index.php?title=LANDER:DARPA_2009_DDoS_attack-20091105. [ ] Contents • 1 LANDER Metadata • 2 Dataset Contents • 3 Dataset Generation • 4 Citation • 5 Results Using This Dataset • 6 User Annotations LANDER Metadata (https://wiki.isi.edu/predict/index.php?title=LANDER:DARPA_2009_DDoS_attack-20091105/landermeta) ┌─────────────────────────┬───────────────────────────────────────────────────────────────────────────────────────┐ │dataSetName │DARPA_2009_DDoS_attack-20091105 │ ├─────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────┤ │status │usc-web-and-predict │ ├─────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────┤ │shortDesc │A SYN flood DDoS attack │ ├─────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────┤ │longDesc │Traffic contains a SYN flood DDoS attack on one target (IP address 172.28.4.7) and │ │ │background traffic. The DDoS traffic comes from about 100 different IPs. Some IPs │ │ │contribute significantly to the attack (e.g., IPs: 19.202.221.71, 19.202.221.72, and │ │ │19.202.221.73), while the contribution of some other sources is stealthier. │ ├─────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────┤ │datasetClass │Quasi-Restricted │ ├─────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────┤ │commercialAllowed │true │ ├─────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────┤ │requestReviewRequired │true │ ├─────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────┤ │productReviewRequired │false │ ├─────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────┤ │ongoingMeasurement │false │ ├─────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────┤ │submissionMethod │Upload │ ├─────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────┤ │collectionStartDate │2009-11-05 │ ├─────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────┤ │collectionStartTime │12:48:00 │ ├─────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────┤ │collectionEndDate │2009-11-05 │ ├─────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────┤ │collectionEndTime │12:54:00 │ ├─────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────┤ │availabilityStartDate │2017-05-24 │ ├─────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────┤ │availabilityStartTime │00:00:00 │ ├─────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────┤ │availabilityEndDate │2030-01-01 │ ├─────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────┤ │availabilityEndTime │00:00:00 │ ├─────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────┤ │anonymization │none │ ├─────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────┤ │archivingAllowed │false │ ├─────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────┤ │keywords │category:synthetically-generated-data, subcategory:experimental-data, DDoS, SYN flood │ │ │DDoS attack, Synthetically generated traffic │ ├─────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────┤ │format │pcap │ ├─────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────┤ │access │https │ ├─────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────┤ │hostName │USC-LANDER │ ├─────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────┤ │providerName │USC │ ├─────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────┤ │groupingId │ │ ├─────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────┤ │groupingSummaryFlag │false │ ├─────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────┤ │retrievalInstructions │download │ ├─────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────┤ │byteSize │1085276160 │ ├─────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────┤ │expirationDays │14 │ ├─────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────┤ │uncompressedSize │3000003494 │ ├─────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────┤ │impactDoi │10.23721/109/1358116 │ ├─────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────┤ │useAgreement │dua-ni-160816 │ ├─────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────┤ │irbRequired │false │ ├─────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────┤ │privateAccessInstructions│See http://www.isi.edu/ant/traces/index.html#getting_datasets for information on │ │ │obtaining this dataset. │ │ │See https://wiki.isi.edu/predict/index.php?title=LANDER:DARPA_2009_DDoS_attack-20091105│ │ │for details on this dataset. │ └─────────────────────────┴───────────────────────────────────────────────────────────────────────────────────────┘ Dataset Contents DARPA_2009_DDoS_attack-20091105.README.txt      copy of this README Data/     mypcap_20091105*.pcap.gz Three compressed pcap files     .sha1sum SHA-1 checksum The file ".sha1sum" contains SHA1 checksums of individual compressed files. The integrity of the distribution thus can be checked by independently calculating SHA1 sums of files and comparing them with those listed in the file. If you have the sha1sum utility installed on your system, you can do that by executing: sha1sum --check .sha1sum This needs to be done before the files are uncompressed. Dataset Generation This dataset is part of the 2009 DARPA Scalable Network Monitoring (SNM) Program Traffic. The dataset is created with synthesized traffic to emulate traffic between a /16 subent (172.28.0.0/16) and the Internet. Citation If you use this trace to conduct additional research, please cite it as: DARPA Scalable Network Monitoring (SNM) Program Traffic, IMPACT ID: USC-LANDER/DARPA_2009_DDoS_attack-20091105/rev4383 . Traces taken 2009-11-05 to 2009-11-05. Provided by the USC/LANDER project (http://www.isi.edu/ant/lander). Results Using This Dataset Traces similar to this one have been used the following previously published work: • Manaf Gharaibeh, and Christos Papadopoulos. DARPA 2009 Intrusion Detection Dataset. Technical Report, Colorado State University, August 2014. http://www.darpa2009.netsec.colostate.edu/ User Annotations Suggestion: Edit the annotations at https://wiki.isi.edu/predict/index.php?title=LANDERNOTES:DARPA_2009_DDoS_attack-20091105&action=edit Hi I am just wondering if anyone can provide me with the actual time of attack for this dataset with the victim's IP address being 172.28.4.6, so that I can verify my results? Thank you so much. Yours Sincerely Nicolette Retrieved from "https://wiki.isi.edu/predict/index.php?title=LANDER:DARPA_2009_DDoS_attack-20091105&oldid=4383" Categories: • Datasets • LANDER • LANDER:Datasets Navigation menu Personal tools • Wikiexport • Talk • Preferences • Watchlist • Contributions • Log out Namespaces • LANDER • Discussion [ ] English Views • Read • Edit • View history • Watch [ ] More • Move _____________________ [ Search ] [ Go ] Navigation • Main page • Providers • Datasets • Results • Categories • Recent changes • Random page • Help Tools • What links here • Related changes • Upload file • Special pages • Permanent link • Page information • This page was last edited on 9 December 2014, at 04:03. • Content is available under Attribution-Share Alike 3.0 Unported unless otherwise noted. • Privacy policy • About Predict • Disclaimers • Attribution-Share Alike 3.0 Unported • Powered by MediaWiki