Dataset of intrusion detection alerts from a sharing platform

Investor logo

Warning

This publication doesn't include Faculty of Economics and Administration. It includes Institute of Computer Science. Official publication website can be found on muni.cz.
Authors

HUSÁK Martin ŽÁDNÍK Martin BARTOŠ Václav SOKOL Pavol

Year of publication 2020
Type Article in Periodical
Magazine / Source Data in Brief
MU Faculty or unit

Institute of Computer Science

Citation
Web
Doi http://dx.doi.org/10.1016/j.dib.2020.106530
Keywords Cyber security;Intrusion detection alerts;Information exchange;Geolocation;Reputation
Description The dataset contains intrusion detection alerts obtained via an alert sharing platform (SABU) for one week. A plethora of heterogeneous intrusion detection systems deployed across several organizations contributed to the sharing platform. The alerts are stored in the intrusion Detection Extensible Alert (IDEA) format and categorized using the eCSIRT.net Incident Taxonomy. Dataset can be used in several areas of cybersecurity research for the analysis of intrusion detection alerts including temporal and spatial correlations, reputation scoring, attack scenario reconstruction, and attack projection. The network identifiers (e.g., IP addresses, hostnames) are anonymized. However, the list of interesting features (e.g., presence on blacklists, geolocation) of such entities at the time of data collection is provided.
Related projects:

You are running an old browser version. We recommend updating your browser to its latest version.