Experimental Data on Network Tool Detection of Modern C2 Frameworks
by Zderadicka IV, Joseph / Harvard Dataverse·Updated 1mo ago
Available on 1 platform
Sign in to view source links and access this dataset
Description
48 automated experimental runs evaluate the detection effectiveness of Zeek, Suricata, and Security Onion against Empire and Sliver command-and-control traffic. The dataset contains raw logs, packet captures, and derived summary tables from a controlled laboratory study authored by Joseph Zderadicka IV. Artifacts were published via Harvard Dataverse in April 2026.
Use Cases
Benchmarking network monitoring tools based on detection results across different configurations.
Analyzing command-and-control traffic patterns based on HTTP and HTTPS communication profiles.
Training or evaluating machine learning models for threat detection based on derived summary tables.
Studying the impact of sensor tuning on detection rates based on default and tuned configuration comparisons.
Strengths
48 experimental runs provide a structured comparison across multiple variables.
Includes raw artifacts like Zeek logs, Suricata logs, and packet captures for detailed analysis.
Covers two modern command-and-control frameworks (Empire and Sliver) and multiple sensor configurations.
Limitations
Column-level documentation is absent; field semantics must be inferred after download.
Row count is unknown, which may limit suitability assessment.
Data is from a controlled lab environment; real-world generalizability may be limited.
Provenance
Source
Harvard Dataverse
Collection Method
Controlled laboratory evaluation with automated runs.
Time Range
Experimental timeframe not specified; publication date is 2026.
Freshness
Last updated 2026-04-27 15:31:55; freshness should be verified.
Geography
Laboratory setting; geographic coverage not specified.
License restrictions are unknown and should be verified before use.