convert http request to kdd cup data format with 4

2019-09-24 02:28发布

问题:

  • machine learning is done using KDD cup dataset and formed a trained dataset..
  • Now I have to check the real time request with the trained dataset..
  • for that I have to convert TCP dump data/or http request to KDD CUP data set format(with 41 parameters)

    MY QUESTION IS "HOW CAN I DO THIS CONVERSION ??"

回答1:

IIRC the process of how the feature of the flawed KDD CUP data set were exactly derived is not well documented.

But it does not reflect real attacks anyway. Running it on recent data does not make any sense. These kind of attacks do no longer exist (if they ever existed beyond script kiddie use in 1997).

Stop using this data set. NOW.

It does not reflect any realistic network attack scenario. If it ever did, that was in 1997 or so; and these attacks can trivially be detected by modern routers. Any machine learning on this data set is solving a problem that does not exist. For details, see this earlier answer:

NSL KDD Features from Raw Live Packets?

How to derive KDD99 Features from DARPA pcap file?

How to convert KDD 99 dataset to tcpdump format?

(You really should use the search function of StackOverflow!)

The real attacks are e.g. SQL injection attacks, and cannot be detected on these trivial TCP features, but will require deep packet inspection, or application level firewalls.