LANDER:Insider Threat Data Corpus-20160601 From Predict Jump to navigation Jump to search The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead. README version: 8432, last modified: 2018-02-13. This file describes the trace dataset "Insider_Threat_Data_Corpus-20160601" provided by the LANDER project. The most recent version of this file can be found on-line at https://wiki.isi.edu/predict/index.php?title=LANDER:Insider_Threat_Data_Corpus-20160601. [ ] Contents • 1 LANDER Metadata • 2 Dataset Contents • 3 Dataset Generation • 4 Citation • 5 Results Using This Dataset • 6 User Annotations LANDER Metadata (https://wiki.isi.edu/predict/index.php?title=LANDER:Insider_Threat_Data_Corpus-20160601/landermeta) ┌─────────────────────────┬───────────────────────────────────────────────────────────────────────────────────────────┐ │dataSetName │Insider_Threat_Data_Corpus-20160601 │ ├─────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────┤ │status │usc-web-and-predict │ ├─────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────┤ │shortDesc │Synthesized traffic presenting twelve potential insider threat scenarios, six true and six │ │ │false positives. │ ├─────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────┤ │longDesc │The Insider Threat Data Corpus consists of twelve (12) scenarios. Six (6) of this scenarios│ │ │include specific activities to support an enterprise insider goals. The other six(6) are │ │ │"false positives" scenarios, where the activities are similar to an insider, but the │ │ │actors' goals are not that of an insider. Each scenario can be characterized by the primary│ │ │threat type posed in the scenario, its temporal distribution, the trigger for threat, and │ │ │the party carrying out the attack. │ ├─────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────┤ │datasetClass │Unrestricted │ ├─────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────┤ │commercialAllowed │true │ ├─────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────┤ │requestReviewRequired │true │ ├─────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────┤ │productReviewRequired │false │ ├─────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────┤ │ongoingMeasurement │false │ ├─────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────┤ │submissionMethod │Upload │ ├─────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────┤ │collectionStartDate │2016-06-01 │ ├─────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────┤ │collectionStartTime │00:00:00 │ ├─────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────┤ │collectionEndDate │2016-06-30 │ ├─────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────┤ │collectionEndTime │00:00:00 │ ├─────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────┤ │availabilityStartDate │2018-03-01 │ ├─────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────┤ │availabilityStartTime │00:00:00 │ ├─────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────┤ │availabilityEndDate │2030-01-01 │ ├─────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────┤ │availabilityEndTime │00:00:00 │ ├─────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────┤ │anonymization │none │ ├─────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────┤ │archivingAllowed │false │ ├─────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────┤ │keywords │category:synthetically-generated-data, subcategory:experimental-data, insider threat, │ │ │malicious insider, synthetic data, false positive, enterprise network │ ├─────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────┤ │format │pcap │ ├─────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────┤ │access │https │ ├─────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────┤ │hostName │USC-LANDER │ ├─────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────┤ │providerName │USC │ ├─────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────┤ │groupingId │ │ ├─────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────┤ │groupingSummaryFlag │false │ ├─────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────┤ │retrievalInstructions │download │ ├─────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────┤ │byteSize │5637070127104 │ ├─────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────┤ │expirationDays │365 │ ├─────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────┤ │uncompressedSize │13869675065320 │ ├─────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────┤ │impactDoi │10.23721/114/1354745 │ ├─────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────┤ │useAgreement │dua-ni-160816 │ ├─────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────┤ │irbRequired │false │ ├─────────────────────────┼───────────────────────────────────────────────────────────────────────────────────────────┤ │privateAccessInstructions│See http://www.isi.edu/ant/traces/index.html#getting_datasets for information on obtaining │ │ │this dataset. │ │ │See https://wiki.isi.edu/predict/index.php?title=LANDER:Insider_Threat_Data_Corpus-20160601│ │ │for details on this dataset. │ └─────────────────────────┴───────────────────────────────────────────────────────────────────────────────────────────┘ Dataset Contents The dataset is organized into 12 directories that correspond to the twelve scenarios in the dataset description. The data files in each directory are of various formats including json, pcap, log, and netflow. Insider_Threat_Data_Corpus-20160601.README.txt      Copy of this README Describes all scenarios' background and activities, the model Insider_Threat_Detection_Corpus.pdf      instantiated on the cyber range, organization of the measurement data collected, and a correlation key between the scenario events and the data collected. Documentation_and_Analysis_Software/      Documentation and data analysis tools Colluding_IP_Theft_FP/      Scenario Employee_Retaliation/      Scenario Employee_Retaliation_FP/      Scenario Financial_Fraud/      Scenario Financial_Fraud_FP/      Scenario Lazy_Boy/      Scenario Lazy_Boy_FP/      Scenario Single_Actor_IP_Theft/      Scenario Single_Actor_IP_Theft_FP/      Scenario Spiteful_Exit/      Scenario Spiteful_Exit_FP/      Scenario Dataset Generation DHS's Cyber Service Division (CSD) has partnered with Massachusetts Institute of Technology - Lincoln Labs (MIT-LL) to enhance their Lincoln Adaptable Real-time Information Assurance Testbed (i.e., LARIAT cyber training, test, and evaluation range) to be capable of emulating realistic insider threat activities, such as malware installation or mail-based coordination, in addition to their nominal 'daily' activities. These insider threat activities are specified as rare, scripted actions for a small percentage of the users within the cyber range's modeled enterprise. To create the data corpus, the LARIAT cyber range was instrumented for 1-2 weeks while the 50+ modeled users login / logout, browse an emulated Internet, send/reply mail, use Sharepoint and social networking services, as well as perform insider threat actions. Citation If you use this trace to conduct additional research, please cite it as: Insider Threat Data Corpus, IMPACT ID: USC-LANDER/Insider_Threat_Data_Corpus-20160601/rev8432 . Traces taken 2016-06-01 to 2016-06-30. Provided by the USC/LANDER project (http://www.isi.edu/ant/lander). Results Using This Dataset No results yet. User Annotations Suggestion: Edit the annotations at https://wiki.isi.edu/predict/index.php?title=LANDERNOTES:Insider_Threat_Data_Corpus-20160601&action=edit Currently no annotations. Retrieved from "https://wiki.isi.edu/predict/index.php?title=LANDER:Insider_Threat_Data_Corpus-20160601&oldid=8432" Categories: • LANDER • LANDER:Datasets • LANDER:Datasets:PCH • Datasets Navigation menu Personal tools • Wikiexport • Talk • Preferences • Watchlist • Contributions • Log out Namespaces • LANDER • Discussion [ ] English Views • Read • Edit • View history • Watch [ ] More • Move _____________________ [ Search ] [ Go ] Navigation • Main page • Providers • Datasets • Results • Categories • Recent changes • Random page • Help Tools • What links here • Related changes • Upload file • Special pages • Permanent link • Page information • This page was last edited on 13 February 2018, at 16:32. • Content is available under Attribution-Share Alike 3.0 Unported unless otherwise noted. • Privacy policy • About Predict • Disclaimers • Attribution-Share Alike 3.0 Unported • Powered by MediaWiki