Husák Martin, Žádník Martin, Bartoš Václav, Sokol Pavol
Institute of Computer Science, Masaryk University, Czech Republic.
CESNET, Czech Republic.
Data Brief. 2020 Nov 17;33:106530. doi: 10.1016/j.dib.2020.106530. eCollection 2020 Dec.
The dataset contains intrusion detection alerts obtained via an alert sharing platform (SABU) for one week. A plethora of heterogeneous intrusion detection systems deployed across several organizations contributed to the sharing platform. The alerts are stored in the intrusion Detection Extensible Alert (IDEA) format and categorized using the eCSIRT.net Incident Taxonomy. Dataset can be used in several areas of cybersecurity research for the analysis of intrusion detection alerts including temporal and spatial correlations, reputation scoring, attack scenario reconstruction, and attack projection. The network identifiers (e.g., IP addresses, hostnames) are anonymized. However, the list of interesting features (e.g., presence on blacklists, geolocation) of such entities at the time of data collection is provided.
该数据集包含通过警报共享平台(SABU)获取的一周内的入侵检测警报。多个组织部署的大量异构入侵检测系统为该共享平台提供了数据。警报以入侵检测可扩展警报(IDEA)格式存储,并使用eCSIRT.net事件分类法进行分类。该数据集可用于网络安全研究的多个领域,用于分析入侵检测警报,包括时间和空间相关性、声誉评分、攻击场景重建和攻击预测。网络标识符(如IP地址、主机名)已进行匿名处理。不过,提供了数据收集时此类实体的有趣特征列表(如在黑名单上的情况、地理位置)。
