@ CSV Version of the Network Intrusion Dataset
In order to make the network instrusion dataset easier to import into database systems, and easier to analyse by non-network experts, we have converted the network data set to CSV files. The files are:
Description of fields:
|time||Converted to floating pt seconds ... hr*3600+min*60+secs|
|addr and port||The
first two fields of the src and dest address make up the fake address, so
the converted address was made as: x + y*256
(you may want to get rid of x.y.256.256.port)
|flag||Added a "U" for udp data (only has ulen) X - means packet was a DNS name server request or response. The ID# and rest of data is in the "op" field. (see tcpdump descrip.) XPE - means there were no ports... from "fragmented packets"|
|seq1||The data sequence number of the packet|
|seq2||The data sequence number of the data expected in return|
|buf||The number of bytes of receive buffer space available|
|ack||The sequence number of the next data expected from the other direction on this connection|
|win||The number of bytes of receive buffer space available from the other direction on this connection|
|ulen||The length, if a udp packet|
|op||Optional info such as (df) ... do not fragment|
Example of a first few lines of
With the CSV file, a non value in the field is allowed. Two fields are string values - flag and op, which means they are enclosed with double quotes. The rest are numeric (one floating point).
Copyright ©1996-2001 by the Institute for Visualization and Perception Research. All rights reserved.
Please, send comments and/or questions to Dr. Georges Grinstein.
Last update: April 4, 2001