Traffic and log data captured during a cyber defense exercise
Status PubMed-not-MEDLINE Language English Country Netherlands Media electronic-ecollection
Document type Journal Article
PubMed
32577444
PubMed Central
PMC7300108
DOI
10.1016/j.dib.2020.105784
PII: S2352-3409(20)30678-8
Knihovny.cz E-resources
- Keywords
- Cyber defense exercise, Cybersecurity, Event log, KYPO, Network flow, Network traffic, Syslog,
- Publication type
- Journal Article MeSH
Cybersecurity research relies on relevant datasets providing researchers a snapshot of network traffic generated by current users and modern applications and services. The lack of datasets coming from a realistic network environment leads to inefficiency of newly designed methods that are not useful in practice. This data article provides network traffic flows and event logs (Linux and Windows) from a two-day cyber defense exercise involving attackers, defenders, and fictitious users operating in a virtual exercise network. The data are stored as structured JSON, including data schemes and data dictionaries, ready for direct processing. Network topology of the exercise network in NetJSON format is also provided.
Faculty of Informatics Masaryk University Brno Czech Republic
Institute of Computer Science Masaryk University Brno Czech Republic
See more in PubMed
Vykopal J., Vizvary M., Oslejsek R., Celeda P., Tovarnak D. Proceedings of the IEEE Frontiers in Education Conference. 2017. Lessons learned from complex hands-on defence exercises in a cyber range; pp. 1–8. DOI
Vykopal J., Oslejsek R., Celeda P., Vizvary M., Tovarnak D., Cyber Range K.Y.P.O. Proceedings of the 12th International Conference on Software Technologies. Volume 1. 2017. Design and use cases; pp. 310–321. DOI
NetJSON, NetJSON: Data Interchange Format for Networks. http://netjson.org/rfc.html, 2020(accessed 8 April 2020).
V. Jacobson, C. Leres and S. McCanne, TCPDUMP Public Repository. http://www.tcpdump.org, 2003(accessed 5 April 2020).
Internet Engineering Taskforce (IETF), RFC 7012 - Information Model for IP Flow Information Export (IPFIX). https://tools.ietf.org/html/rfc7012, 2013(accessed 5 April 2020).
Flowmon, The Most Powerful Netflow/ipfix Exporters in the World. https://www.flowmon.com/en/products/appliances/probe, 2020(accessed 5 April 2020).
GitHub, GitHub - CESNET/ipfixcol: IPFIXcol is an Implementation of an IPFIX (RFC 7011) Collector. https://github.com/CESNET/ipfixcol, 2020(accessed 5 April 2020).
Man7, syslog(3) - Linux Manual Page. http://man7.org/linux/man-pages/man3/syslog.3.html, 2017(accessed 5 April 2020).
Rsyslog, The Rocket-Fast Syslog Server - Rsyslog. https://www.rsyslog.com/, 2020 (accessed 5 April 2020).
Internet Engineering Taskforce(IETF), RFC 5424 - The Syslog Protocol.https://tools.ietf.org/html/rfc5424, 2009(accessed 5 April 2020).
Microsoft, Windows Event Log - Win32 apps | Microsoft Docs.https://docs.microsoft.com/en-us/windows/win32/wes/windows-event-log, 2018(accessed 5 April 2020).
Elastic, Winlogbeat Reference [7.6].https://www.elastic.co/guide/en/beats/winlogbeat/current/index.html, 2020(accessed 5 April 2020).
Elastic, Logstash Reference [7.6].https://www.elastic.co/guide/en/logstash/current/index.html, 2020(accessed 5 April 2020).
