Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clean network traffic are not the 1st million packets #17

Open
fil618 opened this issue Dec 9, 2021 · 0 comments
Open

Clean network traffic are not the 1st million packets #17

fil618 opened this issue Dec 9, 2021 · 0 comments

Comments

@fil618
Copy link

fil618 commented Dec 9, 2021
edited
Loading

Greetings YisroelMirsky,
I wish to use your datasets as an input to my models. However, upon looking into the I/O graphs of the captured pcap files, I found that there is no spikes of any attack packets after 1st million packets in the following dataset (I downloaded all 9 pcaps from google drive in your github kitsune project):

In the SSL renegotiation pcap:
SSL

As can be seen, after the first million packets, there is no significant rise in SSL filter line.

In the SSDP flood pcap:
SSDP

Also, there is no abnormal behavior in the UDP filter line. I presume in SSDP flood attack, UDP packets are the attack vectors. (The abnormal behavior of UDP packets doesn't happen until the very end, which is after around 2.621.185 packets)

Do I understand your statement of "clean network traffic was captured for the first 1 million packets " correctly? Or am I missing something?

Thanks,
Hieu
@fil618 fil618 changed the title Clean network traffic are not the 1st million packets! Clean network traffic are not the 1st million packets Dec 9, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@fil618