attack_scan_features.csv
Active scanning involves actively probing a network to discover systems, services, and potential vulnerabilities. This technique is often used by attackers to map out the network and identify entry points.
As this step in the scenario is used to grab more information about the target, those definitions can be useful:
Network Mapping: Helps in understanding the layout of the target network, including active hosts and network structure.
Port Scanning: Identifies which ports are open and listening, indicating potential services to target.
Service Identification: Provides detailed information about the services running on open ports, including their versions, which is critical for identifying known vulnerabilities.
Web Server Scanning: Specifically targets web servers to find vulnerabilities that could be exploited for initial access.
Banner Grabbing: Collects additional information about services by capturing banners, which can provide version numbers and other identifying details.
There are no views created for this resource yet.
Data Dictionary
| Column | Type | Label | Description |
|---|---|---|---|
| ip.session_id | numeric | ||
| meta.direction | numeric | ||
| ip.pkts_per_flow | numeric | ||
| duration | numeric | ||
| ip.header_len | numeric | ||
| ip.payload_len | numeric | ||
| ip.avg_bytes_tot_len | numeric | ||
| time_between_pkts_sum | numeric | ||
| time_between_pkts_avg | numeric | ||
| time_between_pkts_max | numeric | ||
| time_between_pkts_min | numeric | ||
| time_between_pkts_std | numeric | ||
| (-0.001, 50.0] | numeric | ||
| (50.0, 100.0] | numeric | ||
| (100.0, 150.0] | numeric | ||
| (150.0, 200.0] | numeric | ||
| (200.0, 250.0] | numeric | ||
| (250.0, 300.0] | numeric | ||
| (300.0, 350.0] | numeric | ||
| (350.0, 400.0] | numeric | ||
| (400.0, 450.0] | numeric | ||
| (450.0, 500.0] | numeric | ||
| (500.0, 550.0] | numeric | ||
| tcp_pkts_per_flow | numeric | ||
| pkts_rate | numeric | ||
| tcp_bytes_per_flow | numeric | ||
| byte_rate | numeric | ||
| tcp.tcp_session_payload_up_len | numeric | ||
| tcp.tcp_session_payload_down_len | numeric | ||
| (-0.001, 150.0] | numeric | ||
| (150.0, 300.0] | numeric | ||
| (300.0, 450.0] | numeric | ||
| (450.0, 600.0] | numeric | ||
| (600.0, 750.0] | numeric | ||
| (750.0, 900.0] | numeric | ||
| (900.0, 1050.0] | numeric | ||
| (1050.0, 1200.0] | numeric | ||
| (1200.0, 1350.0] | numeric | ||
| (1350.0, 1500.0] | numeric | ||
| (1500.0, 10000.0] | numeric | ||
| tcp.fin | numeric | ||
| tcp.syn | numeric | ||
| tcp.rst | numeric | ||
| tcp.psh | numeric | ||
| tcp.ack | numeric | ||
| tcp.urg | numeric | ||
| sport_g | numeric | ||
| sport_le | numeric | ||
| dport_g | numeric | ||
| dport_le | numeric | ||
| mean_tcp_pkts | numeric | ||
| std_tcp_pkts | numeric | ||
| min_tcp_pkts | numeric | ||
| max_tcp_pkts | numeric | ||
| entropy_tcp_pkts | numeric | ||
| mean_tcp_len | numeric | ||
| std_tcp_len | numeric | ||
| min_tcp_len | numeric | ||
| max_tcp_len | numeric | ||
| entropy_tcp_len | numeric | ||
| ssl.tls_version | numeric | ||
| malware | numeric |
Additional Information
| Field | Value |
|---|---|
| Data last updated | September 10, 2025 |
| Metadata last updated | September 10, 2025 |
| Created | September 10, 2025 |
| Format | CSV |
| License | Open Data Commons Open Database License (ODbL) |
| Datastore active | True |
| Has views | False |
| Id | b9ed84ce-24c8-4db9-a5d4-722b4ecbc31a |
| Mimetype | text/csv |
| Package id | ff293242-dc9a-4e25-8670-6cb2f550d475 |
| Position | 1 |
| Size | 686.4 KiB |
| State | active |
| Url type | upload |