CCC DATAset 2008 and CCC DATAset 2009, which were collected by the CCC honeypots. Also, CCC DATAset is the material to evaluate infection traffic and malware analysis technology.
MWS: anti-Malware engineering WorkShop 2008 and 2009, which were held in conjunction with CSS2008 and CSS2009 (Computer Security Symposium) of the SIG-CSEC, IPSJ.
CCC DATAset 2008 + MWS2008, CCC DATAset 2009 + MWS2009
The academic researchers and the enterprise researchers fight same data set during MWS2008 and MWS2009 activities.
[Subject] The research of the dynamic/static analysis of BOTs.
[Specification] The hash value (MD5 and SHA1) of a malware samples acquired by honeypot X in CCC.
[Format] 1 text file
[Subject] The research of the detection of BOT infections.
[Specification] The captured data of attacks to 2 honeypots in 2 days (March 13 - 14, 2009) in CCC. OS of 2 honeypots are Windows 2000 and Windows XP+SP1 with the full patched till 2005.
[Format] 2 libpcap files
[Subject] The research of the overall trend of BOT activities.
[Specification] The access log of attacks to 94 honeypots in 1 year (May 1, 2008 - April 30, 2009) in CCC. The record of access log includes the followings: Timestamp, Honeypot ID, Honeypot port number, Source IP address, Source port number, Hash value (SHA1), Malware name (by Trendmicro), Malware file name.
[Format] 12 text files
These evaluations measured probability of detection and probability of false alarm for each system under test. These evaluations contributed significantly to the intrusion detection research field by providing direction for research efforts and an objective calibration of the technical state of the art.
Such a research data set is not evaluated data for a specific objective. The research interests can be shared between the researchers to use the same data set.