Dark Mode
Network Security Classification Data
Data Science and Analytics
Tags and Keywords
Trusted By
"No reviews yet"
Free
About
Presents detailed log file data capturing internet traffic activity managed by a network firewall. This raw data set is derived from a security environment and features 12 metrics describing connection flows. The primary goal of the data is to facilitate the classification of firewall actions, which include decisions such as 'allow', 'drop', or 'reset-both', making it invaluable for training network intrusion detection and security policy analysis models. The source material was developed for research focused on classifying firewall log files using multiclass support vector machines.
Columns
- Source Port: The network port used by the initiating host.
- Destination Port: The network port targeted by the connection attempt.
- NAT Source Port: The source port after Network Address Translation has been applied.
- NAT Destination Port: The destination port after Network Address Translation has been applied.
- Action: The resulting firewall class decision, serving as the label attribute. The four distinct actions captured are 'allow', 'action', 'drop', and 'reset-both'.
- Bytes: The total volume of data transferred during the recorded connection.
- Bytes Sent: The volume of data transmitted from the source.
- Bytes Received: The volume of data received by the destination.
- Packets: The overall count of network packets involved in the connection.
- Elapsed Time (sec): The duration of the recorded connection flow in seconds.
- pkts_sent: The number of packets sent by the source host.
- pkts_received: The number of packets received by the destination host.
Distribution
The data is provided in a CSV file format, specifically named
log2.csv, with a size of approximately 2.88 MB. It consists of 12 distinct columns and contains 65.5 thousand valid records. Across all critical attributes, 100% of the data is reported as valid, with zero missing or mismatched entries noted, ensuring high data quality for processing. The expected update frequency for this log data is never.Usage
This resource is ideally suited for developing and testing algorithms related to network security and traffic management. Specific uses include:
- Training and benchmarking machine learning models for multiclass classification of firewall actions.
- Research into optimising network flow analysis and firewall policies.
- Developing tools for security incident response and intrusion detection systems.
- Statistical analysis of network behaviour patterns.
Coverage
The data covers flow metrics and statistics recorded by an internet firewall, focusing exclusively on network characteristics (ports, bytes, packets, and duration). It does not contain geographic, time range, or demographic scope information. The underlying source research originated from Fatih Ertam at Firat University, Turkey.
License
CC0: Public Domain
Who Can Use It
- Academics and Researchers: For use in computer science and engineering studies concerning data classification, network log analysis, and the application of machine learning in cybersecurity.
- Data Scientists: To apply supervised learning techniques, such as Support Vector Machines, to categorise security events accurately.
- Network Engineers/Security Professionals: To simulate network environments and test the effectiveness of existing or proposed security protocols.
Dataset Name Suggestions
- Firewall Traffic Action Logs
- Network Security Classification Data
- Internet Log Flow Metrics
- Firewall Packet Metrics
Attributes
Original Data Source: Network Security Classification Data
QUALITYLoading...