10.5281/zenodo.4275775
https://zenodo.org/records/4275775
oai:zenodo.org:4275775
Jan Luxemburk
Jan Luxemburk
CESNET z.s.p.o.
Karel Hynek
Karel Hynek
0000-0002-8281-618X
CESNET z.s.p.o.
Tomas Cejka
Tomas Cejka
0000-0001-7794-9511
CESNET z.s.p.o.
HTTPS Brute-force dataset with extended network flows
Zenodo
2020
HTTPS
Brute-force attacks
Traffic analysis
Flow monitoring
Encrypted traffic
2020-11-16
eng
10.5281/zenodo.4275774
Creative Commons Attribution 4.0 International
We are publishing a dataset we created for designing a brute-force detector of attacks in HTTPS. The dataset consists of extended network flows that we captured with flow exporter Ipifixprobe. Apart from traditional fields like source and destination IP addresses and ports, each flow contains information (size, direction, inter-packet time, TCP flags) about up to the first 100 packets. The sizes of packets are taken from the transport layer (TCP, UPD); packets with zero payload (e.g., TCP ACKs) are ignored.
We publish three files:
flows.csv, which contains raw flow data.
aggregated_flows.csv, which contains aggregated flows
samples.csv, which contains samples with extracted features. This data can be used for training a machine-learning classification model.
All IP addresses, source ports, TLS SNIs are sha256-hashed. Column CLASS is 0 for benign samples and 1 for brute-force samples.
Brute-force data
The brute-force data were generated with three popular attack tools - Ncrack, Thc-hydra, and Patator. Attacks were performed against these applications:
WordPress
Joomla
MediaWiki
Ghost
Grafana
Discourse
PhpBB
OpenCart
Redmine
Nginx
Apache
The SCENARIO columns indicate which tool and application were used to generate the sample.
Benign data
Bening data consists of eight captures from a backbone network. The SCENARIO column indicates individual captures.
European Commission
10.13039/501100000780
833418
Sharing and Automation for Privacy Preserving Attack Neutralization