@ CSV Version of the Network Intrusion Dataset


In order to make the network instrusion dataset easier to import into database systems, and easier to analyse by non-network experts, we have converted the network data set to CSV files. The files are:

Dataset Records
Size
base.csv.gz 358760
4.4Mb
net1.csv.gz 628775
7.9Mb
net2.csv.gz 481851
6.1Mb
net3.csv.gz 509263
6.5Mb
net4.csv.gz 632036
7.9Mb


Description of fields:

time Converted to floating pt seconds ... hr*3600+min*60+secs
addr and port The first two fields of the src and dest address make up the fake address, so the converted address was made as: x + y*256
(you may want to get rid of x.y.256.256.port)
flag Added a "U" for udp data (only has ulen) X - means packet was a DNS name server request or response. The ID# and rest of data is in the "op" field. (see tcpdump descrip.) XPE - means there were no ports... from "fragmented packets"
seq1 The data sequence number of the packet
seq2 The data sequence number of the data expected in return
buf The number of bytes of receive buffer space available
ack The sequence number of the next data expected from the other direction on this connection
win The number of bytes of receive buffer space available from the other direction on this connection
ulen The length, if a udp packet
op Optional info such as (df) ... do not fragment

 

Example of a first few lines of baseline data:

time,src_addr,src_port,dest_addr,dest_port,flag,seq1,seq2,
ack,win,buf,ulen,op
38141.504694,1,7000,2,7001,U,,,,,,148,""
38141.510076,3,20,2,3421,.,1811081902,1811082414,366784001,9216,512,,""
38141.515159,3,20,2,3421,.,512,1024,1,9216,512,,""
38141.516172,4,80,2,2609,.,,,438528422,9112,,," (DF)"
38141.516647,5,25,2,1362,F,266688477,266688477,580609140,4096,0,,""

With the CSV file, a non value in the field is allowed. Two fields are string values - flag and op, which means they are enclosed with double quotes. The rest are numeric (one floating point).




Copyright ©1996-2001 by the Institute for Visualization and Perception Research. All rights reserved.
Please, send comments and/or questions to Dr. Georges Grinstein.
Last update: April 4, 2001