DATASETS

IoT-BPR-NSS dataset

OVERVIEW

This labeled dataset consists of benign and malicious aggregate traffic pcap files collected at an edge gateway (e.g., Wi-Fi router) in a home type network. The gateway traffic is captured in the form of traffic sessions. We include sessions with 15 mins duration only in this dataset, though in the original experiment we collected sessions with 5 and 10 mins durations as well. Benign traffic was obtained through normal operation of uninfected devices. For the malicious traffic, we used a Mirai-like IoT malware targetting TELNET vulnerability, loligang. The malware binary was run on FANTASM platform (DETERlab) and the resulting traffic was collected for 5 mins. Malicious traffic for the dataset was then generated by replaying the malware traffic on the edge gateway using tcpreplay utility. The malicious traffic consists of both bot scanning and bot-CnC communication packets. For more details, please read the full version of our paper, "Machine Learning-Based Early Detection of IoT Botnets Using Network-Edge Traffic" (available at arXiv.org).

DOWNLOAD

Please fill up this form to a make a request for downloading our dataset: IoT-BPR-NSS dataset request form

CITATION

If you are using our dataset, please cite the following paper appropriately:

Kumar A., Shridhar M., Swaminathan S., Joon Lim T. (2020) ML-Based Early Detection of IoT Botnets. In: Park N., Sun K., Foresti S., Butler K., Saxena N. (eds) Security and Privacy in Communication Networks. SecureComm 2020. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 336. Springer, Cham. https://doi.org/10.1007/978-3-030-63095-9_15