Test Set question

Sames_David · July 11, 2005, 5:11pm

Does anyone know what the ratio of "attack traffic" to "normal traffic"
is in a "representative" network? It's a pretty open-ended question, but
I need to construct a (decent) data set for an internal evaluation I'm
doing. I'd like to make sure (to the extent possible) that the attack
data isn't unfairly represented in the set.

Thanks!

Dave Sames

Christian_Kreibich3 · July 12, 2005, 12:19am

I think that really depends on way too many things (size of net, host
population, IP range, background traffic, firewalling, organizational
policies, the aim of your eval, etc) to be answerable in general. Try
asking on SecrurityFocus' focus-ids list instead?

Good luck,
Christian.

Topic		Replies	Views
Packet drop rates Zeek	1	96	May 6, 2022
Daily report and Byte Transfer Pairs Zeek	1	58	May 6, 2022
Daily report and Byte Transfer Pairs Zeek	1	68	May 6, 2022
Announce: StreamDB Zeek	1	66	May 6, 2022
Toggling traffic direction in reports/logs? Zeek	2	65	May 6, 2022

Test Set question

Related Topics