Beginning Analysis of the SSU Attack-Defense CTF Packet Capture Corpus
Starting In 2018, SSU students started building the SSU attack-defense CTF corpus as part of a research project. The corpus currently contains the network traffic of over 30 public CTF games, to be used in follow-on research. We report on work-in-progress in the analysis of network traffic from the DEFCON 22 CTF game. Using partial tokens from the DEFCON 22 database, we extract records related to exploits and correlate these with the actual traffic data from the game using pcap metadata. This is our first step in forensic detection of exploits in the traffic data since the exploits themselves typically precede the tokens in the traffic.