Dataset Open Access

AIT Log Data Set V1.1

Landauer Max; Skopik Florian; Wurzenberger Markus; Hotwagner Wolfgang; Rauber Andreas


DCAT Export

<?xml version='1.0' encoding='utf-8'?>
<rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:adms="http://www.w3.org/ns/adms#" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:dct="http://purl.org/dc/terms/" xmlns:dctype="http://purl.org/dc/dcmitype/" xmlns:dcat="http://www.w3.org/ns/dcat#" xmlns:duv="http://www.w3.org/ns/duv#" xmlns:foaf="http://xmlns.com/foaf/0.1/" xmlns:frapo="http://purl.org/cerif/frapo/" xmlns:geo="http://www.w3.org/2003/01/geo/wgs84_pos#" xmlns:gsp="http://www.opengis.net/ont/geosparql#" xmlns:locn="http://www.w3.org/ns/locn#" xmlns:org="http://www.w3.org/ns/org#" xmlns:owl="http://www.w3.org/2002/07/owl#" xmlns:prov="http://www.w3.org/ns/prov#" xmlns:rdfs="http://www.w3.org/2000/01/rdf-schema#" xmlns:schema="http://schema.org/" xmlns:skos="http://www.w3.org/2004/02/skos/core#" xmlns:vcard="http://www.w3.org/2006/vcard/ns#" xmlns:wdrs="http://www.w3.org/2007/05/powder-s#">
  <rdf:Description rdf:about="https://doi.org/10.5281/zenodo.4264796">
    <rdf:type rdf:resource="http://www.w3.org/ns/dcat#Dataset"/>
    <dct:type rdf:resource="http://purl.org/dc/dcmitype/Dataset"/>
    <dct:identifier rdf:datatype="http://www.w3.org/2001/XMLSchema#anyURI">https://doi.org/10.5281/zenodo.4264796</dct:identifier>
    <foaf:page rdf:resource="https://doi.org/10.5281/zenodo.4264796"/>
    <dct:creator>
      <rdf:Description>
        <rdf:type rdf:resource="http://xmlns.com/foaf/0.1/Agent"/>
        <foaf:name>Landauer Max</foaf:name>
        <org:memberOf>
          <foaf:Organization>
            <foaf:name>AIT Austrian Institute of Technology</foaf:name>
          </foaf:Organization>
        </org:memberOf>
      </rdf:Description>
    </dct:creator>
    <dct:creator>
      <rdf:Description>
        <rdf:type rdf:resource="http://xmlns.com/foaf/0.1/Agent"/>
        <foaf:name>Skopik Florian</foaf:name>
        <org:memberOf>
          <foaf:Organization>
            <foaf:name>AIT Austrian Institute of Technology</foaf:name>
          </foaf:Organization>
        </org:memberOf>
      </rdf:Description>
    </dct:creator>
    <dct:creator>
      <rdf:Description>
        <rdf:type rdf:resource="http://xmlns.com/foaf/0.1/Agent"/>
        <foaf:name>Wurzenberger Markus</foaf:name>
        <org:memberOf>
          <foaf:Organization>
            <foaf:name>AIT Austrian Institute of Technology</foaf:name>
          </foaf:Organization>
        </org:memberOf>
      </rdf:Description>
    </dct:creator>
    <dct:creator>
      <rdf:Description>
        <rdf:type rdf:resource="http://xmlns.com/foaf/0.1/Agent"/>
        <foaf:name>Hotwagner Wolfgang</foaf:name>
        <org:memberOf>
          <foaf:Organization>
            <foaf:name>AIT Austrian Institute of Technology</foaf:name>
          </foaf:Organization>
        </org:memberOf>
      </rdf:Description>
    </dct:creator>
    <dct:creator>
      <rdf:Description>
        <rdf:type rdf:resource="http://xmlns.com/foaf/0.1/Agent"/>
        <foaf:name>Rauber Andreas</foaf:name>
        <org:memberOf>
          <foaf:Organization>
            <foaf:name>Vienna University of Technology</foaf:name>
          </foaf:Organization>
        </org:memberOf>
      </rdf:Description>
    </dct:creator>
    <dct:title>AIT Log Data Set V1.1</dct:title>
    <dct:publisher>
      <foaf:Agent>
        <foaf:name>Zenodo</foaf:name>
      </foaf:Agent>
    </dct:publisher>
    <dct:issued rdf:datatype="http://www.w3.org/2001/XMLSchema#gYear">2020</dct:issued>
    <frapo:isFundedBy rdf:resource="info:eu-repo/grantAgreement/EC/H2020/833456/"/>
    <schema:funder>
      <foaf:Organization>
        <dct:identifier rdf:datatype="http://www.w3.org/2001/XMLSchema#string">10.13039/501100000780</dct:identifier>
        <foaf:name>European Commission</foaf:name>
      </foaf:Organization>
    </schema:funder>
    <dct:issued rdf:datatype="http://www.w3.org/2001/XMLSchema#date">2020-11-09</dct:issued>
    <owl:sameAs rdf:resource="https://zenodo.org/record/4264796"/>
    <adms:identifier>
      <adms:Identifier>
        <skos:notation rdf:datatype="http://www.w3.org/2001/XMLSchema#anyURI">https://zenodo.org/record/4264796</skos:notation>
        <adms:schemeAgency>url</adms:schemeAgency>
      </adms:Identifier>
    </adms:identifier>
    <dct:isVersionOf rdf:resource="https://doi.org/10.5281/zenodo.3723082"/>
    <owl:versionInfo>v1_1</owl:versionInfo>
    <dct:description>&lt;p&gt;&lt;strong&gt;AIT Log Data Sets&lt;/strong&gt;&lt;/p&gt; &lt;p&gt;This repository contains synthetic log data suitable for evaluation of intrusion detection systems. The logs were collected from four independent testbeds that were built at the Austrian Institute of Technology (AIT) following the approach by Landauer et al. (2020) [1]. Please refer to the paper for more detailed information on automatic testbed generation and cite it if the data is used for academic publications. In brief, each testbed simulates user accesses to a webserver that runs Horde Webmail and OkayCMS. The duration of the simulation is six days. On the fifth day (2020-03-04) two attacks are launched against each web server.&lt;/p&gt; &lt;p&gt;The archive AIT-LDS-v1_0.zip contains the directories &amp;quot;data&amp;quot; and &amp;quot;labels&amp;quot;.&lt;/p&gt; &lt;p&gt;The data directory is structured as follows. Each directory mail.&amp;lt;name&amp;gt;.com contains the logs of one web server. Each directory user-&amp;lt;ID&amp;gt; contains the logs of one user host machine, where one or more users are simulated. Each file log&amp;lt;UID&amp;gt;.log in the user-&amp;lt;ID&amp;gt; directories contains the activity logs of one particular user.&lt;/p&gt; &lt;p&gt;Setup details of the web servers:&lt;/p&gt; &lt;ul&gt; &lt;li&gt;OS: Debian Stretch 9.11.6&lt;/li&gt; &lt;li&gt;Services: &lt;ul&gt; &lt;li&gt;Apache2&lt;/li&gt; &lt;li&gt;PHP7&lt;/li&gt; &lt;li&gt;Exim 4.89&lt;/li&gt; &lt;li&gt;Horde 5.2.22&lt;/li&gt; &lt;li&gt;OkayCMS 2.3.4&lt;/li&gt; &lt;li&gt;Suricata&lt;/li&gt; &lt;li&gt;ClamAV&lt;/li&gt; &lt;li&gt;MariaDB&lt;/li&gt; &lt;/ul&gt; &lt;/li&gt; &lt;/ul&gt; &lt;p&gt;Setup details of user machines:&lt;/p&gt; &lt;ul&gt; &lt;li&gt;OS: Ubuntu Bionic&lt;/li&gt; &lt;li&gt;Services: &lt;ul&gt; &lt;li&gt;Chromium&lt;/li&gt; &lt;li&gt;Firefox&lt;/li&gt; &lt;/ul&gt; &lt;/li&gt; &lt;/ul&gt; &lt;p&gt;User host machines are assigned to web servers in the following way:&lt;/p&gt; &lt;ul&gt; &lt;li&gt;mail.cup.com is accessed by users from host machines user-{0, 1, 2, 6}&lt;/li&gt; &lt;li&gt;mail.spiral.com is accessed by users from host machines user-{3, 5, 8}&lt;/li&gt; &lt;li&gt;mail.insect.com is accessed by users from host machines user-{4, 9}&lt;/li&gt; &lt;li&gt;mail.onion.com is accessed by users from host machines user-{7, 10}&lt;/li&gt; &lt;/ul&gt; &lt;p&gt;The following attacks are launched against the web servers (different starting times for each web server, please check the labels for exact attack times):&lt;/p&gt; &lt;ul&gt; &lt;li&gt;Attack 1: multi-step attack with sequential execution of the following attacks: &lt;ul&gt; &lt;li&gt;nmap scan&lt;/li&gt; &lt;li&gt;nikto scan&lt;/li&gt; &lt;li&gt;smtp-user-enum tool for account enumeration&lt;/li&gt; &lt;li&gt;hydra brute force login&lt;/li&gt; &lt;li&gt;webshell upload through Horde exploit (CVE-2019-9858)&lt;/li&gt; &lt;li&gt;privilege escalation through Exim exploit (CVE-2019-10149)&lt;/li&gt; &lt;/ul&gt; &lt;/li&gt; &lt;li&gt;Attack 2: webshell injection through malicious cookie (CVE-2019-16885)&lt;/li&gt; &lt;/ul&gt; &lt;p&gt;Attacks are launched from the following user host machines. In each of the corresponding directories user-&amp;lt;ID&amp;gt;, logs of the attack execution are found in the file attackLog.txt:&lt;/p&gt; &lt;ul&gt; &lt;li&gt;user-6 attacks mail.cup.com&lt;/li&gt; &lt;li&gt;user-5 attacks mail.spiral.com&lt;/li&gt; &lt;li&gt;user-4 attacks mail.insect.com&lt;/li&gt; &lt;li&gt;user-7 attacks mail.onion.com&lt;/li&gt; &lt;/ul&gt; &lt;p&gt;The log data collected from the web servers includes&lt;/p&gt; &lt;ul&gt; &lt;li&gt;&amp;nbsp;Apache access and error logs&lt;/li&gt; &lt;li&gt;&amp;nbsp;syscall logs collected with the Linux audit daemon&lt;/li&gt; &lt;li&gt;&amp;nbsp;suricata logs&lt;/li&gt; &lt;li&gt;&amp;nbsp;exim logs&lt;/li&gt; &lt;li&gt;&amp;nbsp;auth logs&lt;/li&gt; &lt;li&gt;&amp;nbsp;daemon logs&lt;/li&gt; &lt;li&gt;&amp;nbsp;mail logs&lt;/li&gt; &lt;li&gt;&amp;nbsp;syslogs&lt;/li&gt; &lt;li&gt;&amp;nbsp;user logs&lt;/li&gt; &lt;/ul&gt; &lt;p&gt;&amp;nbsp;&lt;br&gt; Note that due to their large size, the audit/audit.log files of each server were compressed in a .zip-archive. In case that these logs are needed for analysis, they must first be unzipped.&lt;br&gt; &amp;nbsp;&lt;br&gt; Labels are organized in the same directory structure as logs. Each file contains two labels for each log line separated by a comma, the first one based on the occurrence time, the second one based on similarity and ordering. Note that this does not guarantee correct labeling for all lines and that no manual corrections were conducted.&lt;/p&gt; &lt;p&gt;&lt;em&gt;Version history:&lt;/em&gt;&lt;/p&gt; &lt;ul&gt; &lt;li&gt;AIT-LDS-v1_0.zip: Initial version of data set.&lt;/li&gt; &lt;li&gt;AIT-LDS-v1_1.zip: Removed carriage return of line endings in audit.log files.&lt;/li&gt; &lt;/ul&gt; &lt;p&gt;[1] &lt;a href="https://ieeexplore.ieee.org/document/9262078"&gt;M. Landauer, F. Skopik, M. Wurzenberger, W. Hotwagner and A. Rauber, &amp;quot;Have it Your Way: Generating Customized Log Datasets With a Model-Driven Simulation Testbed,&amp;quot; in IEEE Transactions on Reliability, vol. 70, no. 1, pp. 402-415, March 2021, doi: 10.1109/TR.2020.3031317.&lt;/a&gt;&lt;/p&gt;</dct:description>
    <dct:description>Additionally funded by the FFG projects INDICAETING (868306) and DECEPT (873980).</dct:description>
    <dct:accessRights rdf:resource="http://publications.europa.eu/resource/authority/access-right/PUBLIC"/>
    <dct:accessRights>
      <dct:RightsStatement rdf:about="info:eu-repo/semantics/openAccess">
        <rdfs:label>Open Access</rdfs:label>
      </dct:RightsStatement>
    </dct:accessRights>
    <dcat:distribution>
      <dcat:Distribution>
        <dct:license rdf:resource="https://creativecommons.org/licenses/by-nc-sa/4.0/legalcode"/>
        <dcat:accessURL rdf:resource="https://doi.org/10.5281/zenodo.4264796"/>
      </dcat:Distribution>
    </dcat:distribution>
    <dcat:distribution>
      <dcat:Distribution>
        <dcat:accessURL>https://doi.org/10.5281/zenodo.4264796</dcat:accessURL>
        <dcat:byteSize>3253920924</dcat:byteSize>
        <dcat:downloadURL rdf:resource="https://zenodo.org/record/4264796/files/AIT-LDS-v1_0.zip">https://zenodo.org/record/4264796/files/AIT-LDS-v1_0.zip</dcat:downloadURL>
        <dcat:mediaType>application/zip</dcat:mediaType>
      </dcat:Distribution>
    </dcat:distribution>
    <dcat:distribution>
      <dcat:Distribution>
        <dcat:accessURL>https://doi.org/10.5281/zenodo.4264796</dcat:accessURL>
        <dcat:byteSize>3404722917</dcat:byteSize>
        <dcat:downloadURL rdf:resource="https://zenodo.org/record/4264796/files/AIT-LDS-v1_1.zip">https://zenodo.org/record/4264796/files/AIT-LDS-v1_1.zip</dcat:downloadURL>
        <dcat:mediaType>application/zip</dcat:mediaType>
      </dcat:Distribution>
    </dcat:distribution>
  </rdf:Description>
  <foaf:Project rdf:about="info:eu-repo/grantAgreement/EC/H2020/833456/">
    <dct:identifier rdf:datatype="http://www.w3.org/2001/XMLSchema#string">833456</dct:identifier>
    <dct:title>A cybersecurity framework to GUArantee Reliability and trust for Digital service chains</dct:title>
    <frapo:isAwardedBy>
      <foaf:Organization>
        <dct:identifier rdf:datatype="http://www.w3.org/2001/XMLSchema#string">10.13039/501100000780</dct:identifier>
        <foaf:name>European Commission</foaf:name>
      </foaf:Organization>
    </frapo:isAwardedBy>
  </foaf:Project>
</rdf:RDF>
1,135
452
views
downloads
All versions This version
Views 1,135444
Downloads 452135
Data volume 1.5 TB455.7 GB
Unique views 920388
Unique downloads 272106

Share

Cite as