IoT Environment Dataset

ABSTRACT

Recently, the technology of the fourth revolution has given the characteristics of things constantly expanding, and everything, including people, things, people, and the environment, is connected based on the Internet. In particular, the network structure is connected to various IoT devices and is changing from wired to wireless. Unlike users who operated each device, other devices can now be operated through gateways inside and outside the smart home. However, these changes have created an environment vulnerable to external attacks, and when an attacker accesses a gateway, he can attempt various attacks, including Port scans, OS&Service detection, and DoS attacks on IoT devices. Therefore, we disclose the dataset below to promote security research on IoT.

1. DATASET

We provide IoT environment datasets which include Port Scan, OS & Service Detection, and HTTP Flooding Attack. After setting up the environment of IoT devices, we captured packets using Wireshark.

1.1   CONFIGURATION OF IoT ENVIRONMENT

192.168.10.1) Router

192.168.10.2) NUGU

192.168.10.3) EZVIZ home camera

192.168.10.4) Philips Hue

192.168.10.5) Google Home MINI 

192.168.10.6) TP-Link home camera

192.168.10.7) Attacker's PC (HTTP Flooding Attack)

192.168.10.10) A cell phone

192.168.10.11) A cell phone

192.168.10.12) A cell phone 

192.168.10.13) A cell phone   

192.168.10.30) : Attacker's PC (OS & Service Detection Attack, Port Scan Attack)

121.53.216.31) : Daum Kakao Corp.

211.188.147.64) : SK Telecom Corp.  

1.2   OVERVIEW OF DATASETS

1.   Normal (All IoT)

- Duration : about 34min

- Number of attacks : None

- Number of packets : 125,182 packets

- Description : The traffic consists of various activities of all IoT devices (NUGU, EZVIZ, Hue, Google Home Mini, TP-Link). It mainly smart speakers (NUGU, Google Home Mini) answer to questions of play music, and home cameras (EZVIZ, TP-Link) stream images to a cell phone, and smart bulb (Hue) turn on/off or control the light color of bulbs.

2.   Normal (Google Home Mini)

- Duration : about 30min

- Number of attacks : None

- Number of packets : 14,400 packets

- Description : The traffic consists of various activities of Google Home Mini. We asked various questions and request Google Home Mini and tried to manipulate the music function through cellphone.

3. Port Scan Attack

- Attacker : PC (192.168.10.30)

- Target : Google Home Mini (192.168.10.5)

- Duration : about 21sec

- Number of attacks : 2 times

- Number of packets : 8,866 packets

- Description : The attacker did port scanning by sending TCP packets with SYN flag on.

4. OS & Service Detection

- Attacker : PC (192.168.10.30)

- Target : Google Home Mini (192.168.10.5)

- Duration : about 28min

- Number of attacks : 4 times

- Number of packets : 96,097 packets

- Description : The attacker did OS & service detection by sending TCP packets with SYN flag on. Attack intensity could be varied.

5. HTTP Flooding Attack

- Attacker : PC (192.168.10.7)

- Target : Google Home Mini (192.168.10.5 : 8008)

- Duration : about 6min

- Number of attacks : Consistent

- Number of packets : 1,126,070 packets

- Description : The traffic consists of HTTP flooding packets using Flooding attack tool(LOIC) configured as 800 threads and highest speed, so the device (Google Home Mini) stuttered or disconnected from the phone application.

2. DOWNLOADS

For academic purposes, we are happy to release our datasets. If you want to use our dataset for your experiment, please cite our dataset’s page.

1.   Normal (All IoT)

2.   Normal (Google Home Mini)

3.   Port Scan Attack 

4.   OS & Service Detection Attack

5.   HTTP Flooding Attack

If you want to download dataset, please fill out the questionnaire at the following URL.

We will send you the download URL by e-mail.

  Dataset Download Link: https://goo.gl/WiVeFj

3. CONTACT

Huy Kang Kim (cenda at korea.ac.kr)