Label files with packets granularity #105
Labels
enhancement
New feature or request
Comments
UndeadKernel
changed the title
|
We were planning to make the hidden.mark parameter from the P2PBotnet globally available to all attacks. Would you find that sufficient, or would you still suggest an additional label file? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Label files can be extended to include a reference to all the packets that an attack injected.
The current implementation creates one XML labels file that indicates when an attack starts and ends (along with the IPs that took part in the attack). In this setting, it is possible that packets that were not part of an attack are mistaken as being generated by an attack script.
For more precise labeling, we could store in the XML file some identifier (or a pointer) that refers to individual and unique packets. For example, the hashes or packet numbers in the resulting PCAP of the synthetic packets can be added to the XML labels file.
The text was updated successfully, but these errors were encountered: