Multiple data types collected during West Point’s 2009 Inter-Service Academy Cyber Defense Competition
One of the issues currently facing many security researchers, especially in the field of Intrusion Detection and Traffic Analysis, is the lack of real world data with malicious and non-malicious traffic identified. The most widely accepted solution to the problem is the MIT Lincoln Labs IDEval Dataset. Unfortunately, the age of the dataset has limited its usefulness in ongoing research. We aim to provide a current, labeled, dataset which we will update yearly using data from the Military Cyber Defense Exercise between the NSA and all of the different service academies.
The Information Technology and Operations Center at West Point held a Cyber Defense Exercise and published the resulting data sets with a paper describing the instrumentation process. The data includes network captures, Snort IDS logs, Domain Name Service Logs, web server logs, and log server aggregate logs.
Paper:
Abstract: In this paper we demonstrate that network warfare competitions can be instrumented to generate modern labeled datasets. Below, we have archived both data capture and log files from the 2009 Inter-Service Academy Cyber Defense Competition. The annual competition pits the service academies, including West Point, against an actual National Security Agency Red Team. We release these data and log files in order to augment existing datasets to help develop better methods for detecting intrusions and attacks against our critical network infrastructure.
