README

Data hosted and ReadMe file provided by AZSecure Data and the University of Arizona Artificial Intelligence Lab. Citation information below.
UHNDS collection (190.1 GB uncompressed) contains:
Host
	wls_day-n.bz2 (n=01 through 90)
Netflow
	netflow_day-n.bz2 (n=02 through 90)
UHNDS-readme.txt

Due to the file sizes of the Netflow data, they have been bundled into increments. CHECK THAT YOU HAVE RETRIEVED ALL THE FILES FOR THIS COLLECTION. 



DESCRIPTION
This dataset helps to address the current lack of datasets derived from real-world enterprise networks, and to also fulfill the need for a rich dataset has not been so heavily sanitized as to cripple any cyber-research value.  There are two sets which comprise this dataset: one of network flow data mainly originating from internal enterprise routers, and one of Windows host data.

For more information see: https://csr.lanl.gov/data/2017.html

file types: CSV, JSON

Date range of data: Data collected over 90 days prior to August 2017

Collection method: The data was collected over a period of 90 days from the Los Alamos National Laboratory's enterprise network.  Some values were anonymized, but for those values, the anonymization was kept consistent between the two datasets (so their values match across the two).

The network flow data is pruned to include the features found in Argus netflows, and consolidated from unidirectional to bidirectional.  The Windows host data comprises all Microsoft Windows hosts within the Los Alamos National Laboratory's enterprise network.

Network flow data was collected using Cisco NetFlow Version 9 flow records captured from internal enterprise routers within the Los Alamos National Laboratory's enterprise network.    Windows host data was collected from these hosts' event logs, using the Windows Logging Service.

Topics covered or keywords used: Network flow data, Windows host event log, netflow, bidirectional, WLS

FUNDING SOURCE
Contract No. DE-AC52-06NA25396 with the U.S. Department of Energy




HOW TO CITE THIS DATASET

Author(s): Melissa J. M. Turcotte, Alexander D. Kent, and Curtis Hash

Title:  Unified Host and Network Data Set

Publisher: University of Arizona Artificial Intelligence Lab, AZSecure Data

Location: Copy and paste the location where you retrieve this file from within http://www.azsecure-data.org/ 

Publication date: May 2018


IEEE formatted citation:
M. Turcotte, A. Kent, and C. Hash, Unified Host and Network Data Set, University of Arizona Artificial Intelligence Lab, AZSecure Data. Available http://www.azsecure-data.org/ [2018]



ALSO CITE:
M. Turcotte, A. Kent and C. Hash, “Unified Host and Network Data Set”, in ArXiv e-prints. Aug. 2017.