This repository contains scripts used for the pre-processing and analysis of attack traffic generated by mirai. Attack traffic was generated by launching attacks in a sandbox environment, but the traffic is too large to upload here.
argus_6attack: 6 types of Mirai DDoS attack traffic captured in isolated lab environment. Attack types are 'ack', 'vse', 'greip', 'greeth', 'syn' and 'udp'. The capture packets were converted to flows using Argus.
tranalyzer_6attack: Same as argus_6attack, but the pcaps are converted to flows with Tranalyzer instead of Argus.
CTU-Malware-Capture-Botnet-45: https://mcfp.felk.cvut.cz/publicDatasets/CTU-Malware-Capture-Botnet-45/
argus_6attack - python and weka decision trees