如何将KDD 99数据集转换为tcpdump格式？ [英] How to convert KDD 99 dataset to tcpdump format?

问题描述

任何人都可以指导我将 KDD 99 数据集转换为以下格式的 ip 数据包code> TCP 转储格式？

Can anyone guide me in converting the KDD 99 dataset,consisting of ip packets in the following format to TCP dump format?

0,udp,private,SF,105,146,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0.00,0.00,0.00,0.00,1.00,0.00,0.00,255,254,1.00,0.01,0.00,0.00,0.00,0.00,0.00,0.00,normal.
0,udp,private,SF,105,146,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0.00,0.00,0.00,0.00,1.00,0.00,0.00,255,254,1.00,0.01,0.00,0.00,0.00,0.00,0.00,0.00,normal.
0,udp,private,SF,105,146,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0.00,0.00,0.00,0.00,1.00,0.00,0.00,255,254,1.00,0.01,0.00,0.00,0.00,0.00,0.00,0.00,normal.

推荐答案

来自 KDD99主页：

1998年DARPA入侵检测
评估计划已经准备好，b $ b由麻省理工学院林肯实验室管理。 ...
1999 KDD入侵检测竞赛
使用此数据集的一个版本。

The 1998 DARPA Intrusion Detection Evaluation Program was prepared and managed by MIT Lincoln Labs. ... The 1999 KDD intrusion detection contest uses a version of this dataset.

有点熟悉使用原始DARPA数据集以及 PCAP 网络捕获文件中包含的信息，我可以告诉你KDD99数据文件包含的信息不足以重建正确的网络捕获文件。

Being somewhat familiar with the original DARPA dataset and with the information contained in a PCAP network capture file, I can tell you that the KDD99 data files contain nowhere near enough information to reconstruct a proper network capture file.

KDD99似乎是DARPA IDEVAL98数据的简化版本set，其中仅保留高级别操作（例如连接），而不是单个数据包。如果你需要实际的网络捕获文件，你应该得到原始的 DARPA IDEVAL数据集。

It seems that KDD99 is a boiled-down version of the DARPA IDEVAL98 data set, where only high-level operations, such as connections, are retained, instead of individual packets. If you need the actual network capture files, you should probably get the original DARPA IDEVAL data sets.

这篇关于如何将KDD 99数据集转换为tcpdump格式？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！