DARPA_eval.readme ----------------- This directory contains four files: - this readme - feb98_DARPA_pi_meeting.ps.gz a gzipped PostScript file containing the presentation slides from the talk given by Richard Lippmann at the February DARPA pi meeting. - DARPA_eval_b.tar.gz a gzipped tar file containing all the files for the intrusion detection evaluation sample data. - DARPA_eval_new.tar.gz a gzipped tar file of the new readmes (the bsm and tcpdump files were not changed, but there is a new description/scoring system.) The DARPA_eval_b tar file will expand into a directory called DARPA_eval_b and contains the following pieces: (taken from the README in the DARPA_eval_b directory) README v1.0 ----------- This directory contains sample data for the 1998 DARPA Intrusion Detection Evaluation. Please read all the READMEs in this directory. Contents of this directory -------------------------- CONFIG/ contains the bsm configuration files and starting scripts from the simulation (see the file README.bsm for a description of these files) README this document README.bsm describes the bsm configuration files used in this simulation and how we produced praudit output for processing (there is a bug in praudit) README.formats describes what your intrusion detection system must do and the format of the ".list" files in this directory README.tcpdump describes how the tcpdump data was collected bsm.list the list file for the bsm data. The format is described in "README.formats" network.ps.gz a gzipped PostScript file showing the topology of the test network used in this simulation sample_data01.bsm.gz the actual raw bsm data from this simulation (gzipped. Uncompressed this is about 7.5 MB) sample_data01.praudit.gz our praudit results (gzipped. Uncompressed, this is about 12.5 MB) sample_data01.ps-elf.gz the results of running the UNIX command "ps -elf" every 60 seconds on the machine which was audited (see the file CONFIG/bsm/reset for the script that created this file) sample_data01.tcpdump.gz the raw tcpdump data from the sniffer in this simulation tcpdump.list the list file for the tcpdump data as described in "README.formats" (last updated February 2, 1998)