Intrusion Detection Systems based on Artificial Intelligence need robust data sources in order to achieve strong generalization levels from the knowledge domain of interest. Anomaly detection is a well-known topic in cybersecurity, and its application to the Internet of Things can lead to suitable protection techniques against problems such as DoS and DDoS attacks. Here we present the creation of a new dataset called LATAM-DDoS-IoT, result of a collaboration between Aligo, Universidad de Antioquia, and Tecnologico de Monterrey, that includes attack traffic to physical Internet of Things devices, and normal traffic from external real users consuming real services from Aligo's production network. These characteristics make our dataset be convenient for real production environments.
The LATAM-DDoS-IoT dataset was designed and created in a collaboration between Aligo, Universidad de Antioquia, and Tecnologico de Monterrey. Thanks to Aligo's support, we built and implemented a testbed for DoS and DDoS attacks. This testbed is mainly based on physical IoT devices and real users consuming real services from a production network. We provide the ground truth pcap files and the generated network flows, their features, and the labeled categories and subcategories to facilitate the implementation of supervised learning methods.
The total number of samples for the DoS version of our new dataset is 30,662,911 flows with 20 columns, and for the DDoS version is 49,666,991 flows with the same number of columns. In total, there is more than 300 GB of information, including .argus, .csv, and .pcap files.