Table 2 DARPA event sources
From: An approach to the correlation of security events based on machine learning techniques
Analyzer | |||||
|---|---|---|---|---|---|
Int. Snort | Ext. Snort | BSM | Windows | ||
Week 1 | Records | 142,674 | 143,098 | 2,063,809 | 581,192 |
Alerts | 142,674 | 143,098 | 846 | 2,953 | |
Week 2 | Records | 47,405 | 47,826 | 2,151,011 | 3,650,045 |
Alerts | 47,405 | 47,826 | 728 | 405 | |
Week 3 | Records | 18,742 | 21,687 | 2,147,384 | 3,574,791 |
Alerts | 18,742 | 21,687 | 10,752 | 419 | |
Week 4 | Records | 17,169 | 23,032 | 1,841,269 | 2,292,926 |
Alerts | 17,169 | 23,032 | 701 | 643 | |
Week 5 | Records | 34,652 | 53,612 | 2,949,363 | 2,476,508 |
Alerts | 34,652 | 53,612 | 912 | 852 | |