Dataset Open Access

PANDAcap SSH Honeypot Dataset

Manolis Stamatogiannakis; Herbert Bos; Paul Groth


DCAT Export

<?xml version='1.0' encoding='utf-8'?>
<rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:adms="http://www.w3.org/ns/adms#" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:dct="http://purl.org/dc/terms/" xmlns:dctype="http://purl.org/dc/dcmitype/" xmlns:dcat="http://www.w3.org/ns/dcat#" xmlns:duv="http://www.w3.org/ns/duv#" xmlns:foaf="http://xmlns.com/foaf/0.1/" xmlns:frapo="http://purl.org/cerif/frapo/" xmlns:geo="http://www.w3.org/2003/01/geo/wgs84_pos#" xmlns:gsp="http://www.opengis.net/ont/geosparql#" xmlns:locn="http://www.w3.org/ns/locn#" xmlns:org="http://www.w3.org/ns/org#" xmlns:owl="http://www.w3.org/2002/07/owl#" xmlns:prov="http://www.w3.org/ns/prov#" xmlns:rdfs="http://www.w3.org/2000/01/rdf-schema#" xmlns:schema="http://schema.org/" xmlns:skos="http://www.w3.org/2004/02/skos/core#" xmlns:vcard="http://www.w3.org/2006/vcard/ns#" xmlns:wdrs="http://www.w3.org/2007/05/powder-s#">
  <rdf:Description rdf:about="https://doi.org/10.5281/zenodo.3759652">
    <rdf:type rdf:resource="http://www.w3.org/ns/dcat#Dataset"/>
    <dct:type rdf:resource="http://purl.org/dc/dcmitype/Dataset"/>
    <dct:identifier rdf:datatype="http://www.w3.org/2001/XMLSchema#anyURI">https://doi.org/10.5281/zenodo.3759652</dct:identifier>
    <foaf:page rdf:resource="https://doi.org/10.5281/zenodo.3759652"/>
    <dct:creator>
      <rdf:Description rdf:about="http://orcid.org/0000-0002-5527-8726">
        <rdf:type rdf:resource="http://xmlns.com/foaf/0.1/Agent"/>
        <dct:identifier rdf:datatype="http://www.w3.org/2001/XMLSchema#string">0000-0002-5527-8726</dct:identifier>
        <foaf:name>Manolis Stamatogiannakis</foaf:name>
        <org:memberOf>
          <foaf:Organization>
            <foaf:name>Vrije Universiteit Amsterdam</foaf:name>
          </foaf:Organization>
        </org:memberOf>
      </rdf:Description>
    </dct:creator>
    <dct:creator>
      <rdf:Description rdf:about="http://orcid.org/0000-0001-6179-1510">
        <rdf:type rdf:resource="http://xmlns.com/foaf/0.1/Agent"/>
        <dct:identifier rdf:datatype="http://www.w3.org/2001/XMLSchema#string">0000-0001-6179-1510</dct:identifier>
        <foaf:name>Herbert Bos</foaf:name>
        <org:memberOf>
          <foaf:Organization>
            <foaf:name>Vrije Universiteit Amsterdam</foaf:name>
          </foaf:Organization>
        </org:memberOf>
      </rdf:Description>
    </dct:creator>
    <dct:creator>
      <rdf:Description rdf:about="http://orcid.org/0000-0003-0183-6910">
        <rdf:type rdf:resource="http://xmlns.com/foaf/0.1/Agent"/>
        <dct:identifier rdf:datatype="http://www.w3.org/2001/XMLSchema#string">0000-0003-0183-6910</dct:identifier>
        <foaf:name>Paul Groth</foaf:name>
        <org:memberOf>
          <foaf:Organization>
            <foaf:name>Universiteit van Amsterdam</foaf:name>
          </foaf:Organization>
        </org:memberOf>
      </rdf:Description>
    </dct:creator>
    <dct:title>PANDAcap SSH Honeypot Dataset</dct:title>
    <dct:publisher>
      <foaf:Agent>
        <foaf:name>Zenodo</foaf:name>
      </foaf:Agent>
    </dct:publisher>
    <dct:issued rdf:datatype="http://www.w3.org/2001/XMLSchema#gYear">2020</dct:issued>
    <dcat:keyword>ssh</dcat:keyword>
    <dcat:keyword>honeypots</dcat:keyword>
    <dcat:keyword>execution traces</dcat:keyword>
    <dct:issued rdf:datatype="http://www.w3.org/2001/XMLSchema#date">2020-04-21</dct:issued>
    <owl:sameAs rdf:resource="https://zenodo.org/record/3759652"/>
    <adms:identifier>
      <adms:Identifier>
        <skos:notation rdf:datatype="http://www.w3.org/2001/XMLSchema#anyURI">https://zenodo.org/record/3759652</skos:notation>
        <adms:schemeAgency>url</adms:schemeAgency>
      </adms:Identifier>
    </adms:identifier>
    <dct:relation rdf:resource="https://doi.org/10.1145/3380786.3391396"/>
    <dct:isVersionOf rdf:resource="https://doi.org/10.5281/zenodo.3759651"/>
    <owl:versionInfo>1.0</owl:versionInfo>
    <dct:description>&lt;p&gt;This is a dataset of &lt;strong&gt;63 &lt;a href="https://github.com/panda-re/panda"&gt;PANDA&lt;/a&gt; traces&lt;/strong&gt;, collected using the &lt;a href="https://github.com/vusec/pandacap"&gt;PANDAcap&lt;/a&gt; framework. The dataset aims to offer a starting point for the analysis of &lt;em&gt;ssh brute force attacks&lt;/em&gt;. The traces were collected through the course of approximately 3 days from 21 to 23 February 2020. A VM was configured using PANDAcap so that it accepts all passwords for user &lt;code&gt;root&lt;/code&gt;. When an ssh session starts for the user, PANDA is signaled by the &lt;a href="https://github.com/panda-re/panda/tree/master/panda/plugins/recctrl"&gt;recctrl plugin&lt;/a&gt; to start recording for 30&amp;#39;.&lt;/p&gt; &lt;p&gt;You can read more details about the experimental setup and an overview of the dataset &lt;strong&gt;EuroSec 2020&lt;/strong&gt; publication:&lt;/p&gt; &lt;ul&gt; &lt;li&gt; &lt;p&gt;Manolis Stamatogiannakis, Herbert Bos, and Paul Groth. PANDAcap: A Framework for Streamlining Collection of Full-System Traces. In &lt;em&gt;Proceedings of the 13th European Workshop on Systems Security&lt;/em&gt;, &lt;a href="https://www.concordia-h2020.eu/eurosec-2020/"&gt;EuroSec &amp;#39;20&lt;/a&gt;, Heraklion, Greece, April 2020. doi: &lt;a href="https://doi.org/10.1145/3380786.3391396"&gt;10.1145/3380786.3391396&lt;/a&gt;, preprint: &lt;a href="https://www.vusec.net/publications/#stamatogiannakis-bos-groth-pandacapaframeworkforstreamliningcollectionoffullsystemtraces-2020"&gt;vusec.net&lt;/a&gt;&lt;/p&gt; &lt;/li&gt; &lt;/ul&gt; &lt;p&gt;The dataset is split in 3 zip files/directories:&lt;/p&gt; &lt;ul&gt; &lt;li&gt;&lt;strong&gt;rr&lt;/strong&gt;: Contains the 63 PANDA traces of the dataset. The traces are in the upcoming RRArchive format. Note that PANDA support for the format is still wip at the time of writing (April 2020). If you need to downgrade to the traditional PANDA trace format, you can use the snippet in &lt;a href="https://github.com/vusec/pandacap/blob/master/docs/xxx"&gt;foo&lt;/a&gt;.&lt;/li&gt; &lt;li&gt;&lt;strong&gt;qcow&lt;/strong&gt;: Contains the QCOW base image (&lt;code&gt;ubuntu16-planb.qcow2&lt;/code&gt;) used to create the dataset, as well as the disk deltas for the 63 traces. These can be mounted to inspect the contents of the filesystem before and after each session. and disk deltas for the 63 traces. Quick instructions on how to mount and inspect a QCOW image can be found below.&lt;/li&gt; &lt;li&gt;&lt;strong&gt;pcap&lt;/strong&gt;: Contains the pcap network traces for the sessions in the PANDA traces. These have been extracted using the PANDA &lt;a href="https://github.com/panda-re/panda/tree/master/panda/plugins/network"&gt;network plugin&lt;/a&gt;. We decided to also include them in the dataset as standalone files for convenience.&lt;/li&gt; &lt;/ul&gt; &lt;p&gt;Additionally, we provide the PANDA linux kernel profile &lt;code&gt;ubuntu16-planb-kernelinfo.conf&lt;/code&gt;, which can be used to analyze the traces using the PANDA &lt;a href="https://github.com/panda-re/panda/tree/master/panda/plugins/osi_linux"&gt;osi_linux plugin&lt;/a&gt;.&lt;/p&gt; &lt;p&gt;Additional information:&lt;/p&gt; &lt;ul&gt; &lt;li&gt;To convert RRArchive traces to the traditional PANDA format, run the following snippet inside the &lt;code&gt;rr&lt;/code&gt; directory: &lt;pre&gt;&lt;code class="language-bash"&gt;for f in *.tar.gz; do tar -zxvf "$f" --exclude=PANDArr --xform='s%/%-%' --xform='s%-metadata%%' rm -f "$f" done&lt;/code&gt;&lt;/pre&gt; &lt;/li&gt; &lt;li&gt;If you wish to reuse the VM image in your project, it is available as a standalone download through &lt;a href="https://academictorrents.com/details/39df3904460e909e175434cbd87764b8c487891d"&gt;academictorrents.com&lt;/a&gt;, along with more detailed information on its contents.&lt;/li&gt; &lt;li&gt;If you wish to download individual samples rather than the whole dataset, you can use the dataset torrent file available through &lt;a href="https://academictorrents.com/details/4a3eadf47425cb60111ec224de272997294eec93"&gt;academictorrents.com&lt;/a&gt;. Unlike this Zenodo deposit, the files in the torrent have not been zipped.&lt;/li&gt; &lt;li&gt;A better formatted (and possibly more up-to-date) version of this information can be found &lt;a href="https://github.com/vusec/pandacap/blob/master/docs/eurosec20-dataset.md"&gt;here&lt;/a&gt;.&lt;/li&gt; &lt;/ul&gt;</dct:description>
    <dct:accessRights rdf:resource="http://publications.europa.eu/resource/authority/access-right/PUBLIC"/>
    <dct:accessRights>
      <dct:RightsStatement rdf:about="info:eu-repo/semantics/openAccess">
        <rdfs:label>Open Access</rdfs:label>
      </dct:RightsStatement>
    </dct:accessRights>
    <dcat:distribution>
      <dcat:Distribution>
        <dct:license rdf:resource="https://creativecommons.org/licenses/by/4.0/legalcode"/>
        <dcat:accessURL rdf:resource="https://doi.org/10.5281/zenodo.3759652"/>
      </dcat:Distribution>
    </dcat:distribution>
    <dcat:distribution>
      <dcat:Distribution>
        <dcat:accessURL>https://doi.org/10.5281/zenodo.3759652</dcat:accessURL>
        <dcat:byteSize>1106321401</dcat:byteSize>
        <dcat:downloadURL rdf:resource="https://zenodo.org/record/3759652/files/eurosec2020-pandacap-pcap.zip">https://zenodo.org/record/3759652/files/eurosec2020-pandacap-pcap.zip</dcat:downloadURL>
        <dcat:mediaType>application/zip</dcat:mediaType>
      </dcat:Distribution>
    </dcat:distribution>
    <dcat:distribution>
      <dcat:Distribution>
        <dcat:accessURL>https://doi.org/10.5281/zenodo.3759652</dcat:accessURL>
        <dcat:byteSize>6429700473</dcat:byteSize>
        <dcat:downloadURL rdf:resource="https://zenodo.org/record/3759652/files/eurosec2020-pandacap-qcow.zip">https://zenodo.org/record/3759652/files/eurosec2020-pandacap-qcow.zip</dcat:downloadURL>
        <dcat:mediaType>application/zip</dcat:mediaType>
      </dcat:Distribution>
    </dcat:distribution>
    <dcat:distribution>
      <dcat:Distribution>
        <dcat:accessURL>https://doi.org/10.5281/zenodo.3759652</dcat:accessURL>
        <dcat:byteSize>14897472844</dcat:byteSize>
        <dcat:downloadURL rdf:resource="https://zenodo.org/record/3759652/files/eurosec2020-pandacap-rr.zip">https://zenodo.org/record/3759652/files/eurosec2020-pandacap-rr.zip</dcat:downloadURL>
        <dcat:mediaType>application/zip</dcat:mediaType>
      </dcat:Distribution>
    </dcat:distribution>
    <dcat:distribution>
      <dcat:Distribution>
        <dcat:accessURL>https://doi.org/10.5281/zenodo.3759652</dcat:accessURL>
        <dcat:byteSize>1572</dcat:byteSize>
        <dcat:downloadURL rdf:resource="https://zenodo.org/record/3759652/files/ubuntu16-planb-kernelinfo.conf">https://zenodo.org/record/3759652/files/ubuntu16-planb-kernelinfo.conf</dcat:downloadURL>
        <dcat:mediaType>text/plain</dcat:mediaType>
      </dcat:Distribution>
    </dcat:distribution>
  </rdf:Description>
</rdf:RDF>
297
128
views
downloads
All versions This version
Views 297297
Downloads 128128
Data volume 708.8 GB708.8 GB
Unique views 267267
Unique downloads 6161

Share

Cite as