gelvis@home:~$

Archive

About

A realistic cyber defense data set (CSE-CIC-IDS2018)

This dataset is the result of a collaborative project between the Communications Security Establishment (CSE) and the Canadian Institute for Cybersecurity (CIC) that uses the notion of profiles to generate a cybersecurity dataset in a systematic way. It includes a detailed description of intrusions along with abstract distribution models for lower level applications, protocols or network entities. The dataset includes seven different attack scenarios, namely brute force, botnet, denial of service, web attacks and network infiltration from within. For more information on the creation of this dataset, see this article by researchers from the Canadian Institute for Cybersecurity (CIC) and the University of New Brunswick (UNB): Towards the Generation of a New Intrusion Detection and Intrusion Traffic Characterization Dataset.

Info: Data

NOTE: For the following examples only a sample of the entire DataSet was used.

We configure the work area and load libraries

rm(list = ls())
setwd("/home/gelvis.rodriguez/Desktop/")
library(ggplot2)
library(tidyverse)
library(plotly)

Now we load the information:

datos <- read.csv("ips.csv", stringsAsFactors = FALSE)

We verify the structure it has:

> head(datos)
        Attacker        Victim      Attack.Name             Date Attack.Start.Time Attack.Finish.Time
1   18.221.219.4 18.217.21.148   FTP-BruteForce   Wed-14-02-2018             10:32              12:09
2    13.58.98.64 18.217.21.148   SSH-Bruteforce   Wed-14-02-2018             14:01              15:31
3 18.219.211.138 18.217.21.148    DoS-GoldenEye Thurs-15-02-2018              9:26              10:09
4 18.217.165.70) 18.217.21.148    DoS-Slowloris Thurs-15-02-2018             10:59              11:40
5   13.59.126.31 18.217.21.148 DoS-SlowHTTPTest   Fri-16-02-2018             10:12              11:08
6  18.219.193.20 18.217.21.148         DoS-Hulk   Fri-16-02-2018             13:45              14:19

Now we will proceed to generate our graphics data to better understand the information.

Attacking IP with your Attack Type.

ggplot(datos = datos, mapping = aes(x = datos$Attacker, y = datos$Attack.Name)) + geom_point(aes(color = datos$Attacker))

Type of Attack and Date Detected.

p  <- plot_ly(data = datos, x = ~Date, y = ~Attack.Name)
p

Type of Attack, Date Detected and Attacker’s IP (3D and interactive).

plot_ly(datos, x = ~Attacker, y = ~Attack.Name, z = ~Date) %>%
  add_markers(color = ~Date)

We could also obtain the geographic location of each IP of the attackers, but in other posts we have already done that.