本文介绍了将http请求转换为具有41个参数的kdd ​​cup数据格式的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

限时删除!!


  • 机器学习是使用KDD cup数据集完成的,并形成了一个训练有素的数据集。

  • 现在我必须用训练有素的数据集来检查实时请求。

  • 因为我必须将TCP转储数据/或http请求转换为KDD CUP数据集格式(具有41个参数)


    $ b $我的问题是我该怎么做这个转换?



解决方案

IIRC有何缺点的过程 KDD CUP数据集完全不存在。



但是,它并不反映真正的攻击。在最近的数据上运行它没有任何意义。 这种攻击已经不再存在了(如果它们在1997年以外存在超过脚本小孩使用)。



停止使用此数据集。



它不反映任何真实的网络攻击场景。如果曾经这样做,那就是1997年左右;这些攻击可以被现代路由器轻易地检测出来。任何在该数据集上学习的机器都是解决不存在的问题。有关详细信息,请参阅以前的答案:









(您真的应该使用StackOverflow的搜索功能!)



真正的攻击是例如SQL注入攻击和不能在这些微不足道的TCP特性上被检测到,但需要深度的数据包检测或应用级防火墙。


  • machine learning is done using KDD cup dataset and formed a trained dataset..
  • Now I have to check the real time request with the trained dataset..
  • for that I have to convert TCP dump data/or http request to KDD CUP data set format(with 41 parameters)

    MY QUESTION IS "HOW CAN I DO THIS CONVERSION ??"

解决方案

IIRC the process of how the feature of the flawed KDD CUP data set were exactly derived is not well documented.

But it does not reflect real attacks anyway. Running it on recent data does not make any sense. These kind of attacks do no longer exist (if they ever existed beyond script kiddie use in 1997).

Stop using this data set. NOW.

It does not reflect any realistic network attack scenario. If it ever did, that was in 1997 or so; and these attacks can trivially be detected by modern routers. Any machine learning on this data set is solving a problem that does not exist. For details, see this earlier answer:

NSL KDD Features from Raw Live Packets?

How to derive KDD99 Features from DARPA pcap file?

How to convert KDD 99 dataset to tcpdump format?

(You really should use the search function of StackOverflow!)

The real attacks are e.g. SQL injection attacks, and cannot be detected on these trivial TCP features, but will require deep packet inspection, or application level firewalls.

这篇关于将http请求转换为具有41个参数的kdd ​​cup数据格式的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

1403页,肝出来的..

09-08 15:58