Teitl: Risk Score data for Cyberattacks

Javed A, Lakoju M, Burnap P, et al. (2020). Risk Score data for Cyberattacks. Cardiff University. http://doi.org/10.17035/d.2020.0102115178

Hawliau Mynediad: Darperir Data dan drwydded Creative Commons Attribution (CC BY 4.0)

Dull Mynediad: I anfon cais i gael y data hwn, ebostiwch opendata@caerdydd.ac.uk

Crewyr y Set Ddata o Brifysgol Caerdydd

Manylion y Set Ddata

Cyhoeddwr: Cardiff University

Dyddiad (y flwyddyn) pryd y daeth y data ar gael i'r cyhoedd: 2020

Fformat y data: .xlsx

Amcangyfrif o gyfanswm maint storio'r set ddata: Llai na 100 megabeit

Nifer y ffeiliau yn y set ddata: 4

DOI : 10.17035/d.2020.0102115178

DOI URL: http://doi.org/10.17035/d.2020.0102115178


Our (measurement-based) study is based on malicious network traffic observed by the Palo Alto Networks' Wildfire system. The log files containing malicious traffic instances of 144 consecutive hours were preprocessed to extract information about threats, their categories, severity levels, occurrence time and the targeted software applications, which were then grouped on an hourly basis in terms of threat occurrence time. The collected malicious traffic data has more than 400,000 instances with 278 unique threats targeting 90 different software applications with 5 distinct severity levels (informational, low, medium, high and critical).

We considered the two most frequently occurring threats during the considered time period, which formed 95.67% of the total observed threats. These threats were: i) MS-RDP Brute-Force Attempt (RDP) - which targets Microsoft's Remote Desktop Protocol to remotely access windows servers and desktops by trying several commonly used username and passwords, thus, following a brute-force method to gain unauthorized access to remote systems. MS-RDP is widely used in many Cloud-based deployments to provide remote desktop access to users, based on servers hosted within a data centre; ii) Android Package File (Android) - distributed using a drive-by download mechanism and targeting Android-based devices, performing the malware-based actions on the device and leaving them more vulnerable to further sophisticated attacks;

Having identified the two most frequently occurring threats we have associated a time unit t with the Risk Score to calculate risk score at a given time instance. The time granularity for this study has been considered as an hour. We calculate Risk Score, associated with a particular threat, λ at time t represented as Riskλ(t) using the following equation:


The resultant dataset contains three columns, the date, hour and risk score for the threat.

Research results based upon these data are published at http://doi.org/10.1002/spe.2822

Prosiectau Cysylltiedig

Diweddarwyd y tro diwethaf ar 2020-13-07 am 08:48