[06/15] incubator-spot git commit: edits

[br...@apache.org]

edits


Project: http://git-wip-us.apache.org/repos/asf/incubator-spot/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-spot/commit/dba43934
Tree: http://git-wip-us.apache.org/repos/asf/incubator-spot/tree/dba43934
Diff: http://git-wip-us.apache.org/repos/asf/incubator-spot/diff/dba43934

Branch: refs/heads/master
Commit: dba439345604fdd4ea962cf4bc7ac0fa1b13bd14
Parents: 94a39a2
Author: Brandon Edwards <br...@intel.com>
Authored: Wed Sep 6 10:06:23 2017 -0700
Committer: Brandon Edwards <br...@intel.com>
Committed: Wed Sep 6 10:06:23 2017 -0700

----------------------------------------------------------------------
 spot-ml/DATA_SAMPLE.md | 14 +++-----------
 1 file changed, 3 insertions(+), 11 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-spot/blob/dba43934/spot-ml/DATA_SAMPLE.md
----------------------------------------------------------------------
diff --git a/spot-ml/DATA_SAMPLE.md b/spot-ml/DATA_SAMPLE.md
index 0698bd1..bf0d206 100644
--- a/spot-ml/DATA_SAMPLE.md
+++ b/spot-ml/DATA_SAMPLE.md
@@ -1,14 +1,13 @@
 
-# DNS Labeled Data Sets
+# DNS Labeled Data Set
 
-An IXIA BreakingPoint box to simulate both normal and attack (DNS tunnelling) DNS traffic. The resulting pcaps were obtained and fields relevant to Spot injested (both original pcaps and injested parquet files are available in Amazon-S3). The attacks and the normal activity can be differentiated due to codes that were inserted into the Transaction ID field(upon ingestion the field is: ‘dns_id’) which identifies either the fact that the traffic was normal or identifies the specific dns tunneling activity being used.  We provide the schema for the injested pcap data, location and specifications of the data within Amazon-S3, and how to interpret the ‘dns_id’ codes.
+An IXIA BreakingPoint box was used to simulate both normal and attack (DNS tunnelling) DNS traffic. The resulting pcaps were obtained and fields relevant to Spot injested (both original pcaps and injested parquet files are available in Amazon-S3). The attacks and the normal activity can be differentiated due to codes that were inserted into the Transaction ID field(upon ingestion the field is: ‘dns_id’) which identifies either the fact that the traffic was normal or identifies the specific dns tunneling activity being used.  We provide the schema for the injested pcap data as well as the location and specifications of the data within Amazon-S3. Information is also provieded for how to interpret the ‘dns_id’ codes.
 
-Spot (using version #####fill in here###.) was run on these datasets with ten repetitions each.  We provide the Area Under the Curve (AUC) value related to how well the attacks were detected. We also provide the rank distributions for the various attacks within the dataset, with a rank of 1 meaning the entry was found to be the most suspicious entry out of all other entries.
 
 
 ## Schema For Ingested Data (same for both data sets)
 
-The schema for this DNS data has one additional field, ‘dns_id’, over what is usually used for DNS data in Spot. The schema is as follows:
+The schema for this DNS data includes one field, 'dns_id', in addition to   addition what is usually used for DNS data in Spot. The schema is as follows:
 
 
 | Name         | Type      |
@@ -59,10 +58,3 @@ Within Apache Spot only responses from DNS servers are ingested (since the respo
 | 7/20/2017        | 406,050,508    | 406,043,921 | 856         | 1,269       | 1,167       | 1,694       | 1,601       |
 
 
-More to do here?
-
-
-
-
-
-