I want to train Bot Iot dataset to train a model to predict data exfiltration attacks but I am having some issues.

I have for versions of this dataset

  • Full dataset with around 46 million rows but only 126 rows are categorized as data exfiltration and in those 126 only 8 are not classified as attack.
  • 5% of the Full dataset with around 3.6 million rows but only 6 rows are categorized as data exfiltration and in those 6 none is classified as non attack.
  • Partial dataset with 1 around 1 million rows and only the 10 best features but there is no row that is categorized as data exfiltration.
  • A subset of the full dataset with only the lines categorized as data exfiltration. The major problem in this subset is its size since it only has 126 lines and the fact that it is unbalanced since only 8 rows are classifies as non attack.

Which of this datasets should I use and how do I make the data treatment?

  • deluded_soulB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Ya, like the other comment says, you can try to formulate this as an anomaly detection problem.