UWF-ZeekData22
The complete set of files are in Pcap and parquet format, available at: https://datasets.uwf.edu/data/. This dataset consists of Zeek data files labelled using the MITRE ATT&CK Framework. The files in csv format are a subset of the files in parquet format, mainly made available for people who do not have access to "Big Data" technologies.
Details about the CSV files:
Due to the fact that Excel's display limit is 1 million rows, the CSV file has only 1 million rows of data. Other details:
The data is of the period: Feb 10, 2022, hour 3 to hour 5, hour 9 and hour 14. Each hour was made a separate csv file that has a benign/attack ratio of roughly 80/20. Only the Reconnaissance and Discovery tactics that were kept.
Due to Excel's row limitations, as well as a very low number of other tactics, other tactics besides Reconnaissance and Discovery were not included.
This document contains:
*Disclaimer* The Labeled PCAPs are in a custom binary format, not traditional PCAP format. This is because security onion uses Stenographer and Stenographer uses AF-PACKET for its packet acquisition. You will need to view them using stenoread or use a Query Language.
Related web pages: https://docs.securityonion.net/en/latest/stenographer.html
If you use any of this material or data, please cite our work:
Bagui, S. S., Mink, D., Bagui, S. C., Sung, D. H., Mahmud, F. (2024). Graphical Representation of UWF-ZeekData22 Using Memgraph. Electronics, 13(6), 1015. https://doi.org/10.3390/electronics13061015
Bagui, S. S., Mink, D., Bagui, S. C., Madhyala, P., Uppal, N., McElroy, T., Plenkers, R., Elam, M., Prayaga, S. (2023). Introducing the UWF-ZeekDataFall22 Dataset to Classify Attack Tactics from Zeek Conn Logs Using Spark’s Machine Learning in a Big Data Framework, Electronics: Special Issue: Security and Privacy Issues and Challenges in Big Data Era, 2023, 12, 5039. https://doi.org/10.3390/electronics12245039
Bagui, S.S., Mink, D., Bagui, S.C., Ghosh, T., Plenkers, R., McElroy, T., Dulaney, S. and Shabanali, S. (2023). Introducing UWF-ZeekData22: A Comprehensive Network Traffic Dataset Based on the MITRE ATT&CK Framework. Data, 2023, 8, 18. https://doi.org/10.3390/data8010018
Bagui, S., Mink, D., Bagui, S., Ghosh, T., McElroy, T., Paredes, E., Khasnavis, N., Plenkers, R. (2022). Detecting Reconnaissance and Discovery Tactics from the MITRE ATT&CK Framework in Zeek Conn Logs Using Spark’s Machine Learning in the Big Data Framework, Sensors, 22, 7999. https://doi.org/10.3390/s22207999
Bagui, S.S., Mink, D., Bagui, S.C., Subramaniam, S., Wallace, D. (2023). Resampling Imbalanced Network Intrusion Datasets To Identify Rare Attacks, Future Internet, 15, 130. https://doi.org/10.3390/fi15040130
Bagui, S. S., Mink, D., Bagui, S. C., Plain, M., Hill, J., Elam, M. (2023). Using a Graph Engine to Visualize the Reconnaissance Tactic of the MITRE ATT&CK Framework from UWF-ZeekData22, Future Internet, 15, 236. https://doi.org/10.3390/fi15070236
For any questions about these files, please email:
Dr. Sikha Bagui at bagui@uwf.edu
Dr. Dustin Mink at dmink@uwf.edu
Dr. Subhash Bagui at sbagui@uwf.edu
Members of this Cyber Analytics Research Group (CAR) (past and present):
Dr. Sikha Bagui, Dr. Dustin Mink, Dr. Subhash Bagui, Thomas Thibaut, Molly Ferguson, Andrew Palmer, Marshall Elam,
Jiya Huang, Stephan Dulaney, Nitisha Khanavis, Esteban Paredes,
Tom McElroy, Ricky Salinas, Sajida Shabanali, Pooja Madhalya, Neha Uppal, Daniel Wallace,
Sakthi Subramaniam, Jadarius Hill, Michael Plain, Emily Summers; Mohammed Alquraishi,
Farooq Mahmud.