Can anyone guide me in converting the KDD 99 dataset,consisting of ip packets in the following format to TCP dump format?
0,udp,private,SF,105,146,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0.00,0.00,0.00,0.00,1.00,0.00,0.00,255,254,1.00,0.01,0.00,0.00,0.00,0.00,0.00,0.00,normal.
0,udp,private,SF,105,146,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0.00,0.00,0.00,0.00,1.00,0.00,0.00,255,254,1.00,0.01,0.00,0.00,0.00,0.00,0.00,0.00,normal.
0,udp,private,SF,105,146,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,1,0.00,0.00,0.00,0.00,1.00,0.00,0.00,255,254,1.00,0.01,0.00,0.00,0.00,0.00,0.00,0.00,normal.
From the KDD99 homepage:
The 1998 DARPA Intrusion Detection Evaluation Program was prepared and managed by MIT Lincoln Labs. ... The 1999 KDD intrusion detection contest uses a version of this dataset.
Being somewhat familiar with the original DARPA dataset and with the information contained in a PCAP network capture file, I can tell you that the KDD99 data files contain nowhere near enough information to reconstruct a proper network capture file.
It seems that KDD99 is a boiled-down version of the DARPA IDEVAL98 data set, where only high-level operations, such as connections, are retained, instead of individual packets. If you need the actual network capture files, you should probably get the original DARPA IDEVAL data sets.
来源:https://stackoverflow.com/questions/5713680/how-to-convert-kdd-99-dataset-to-tcpdump-format