SDNFlow Dataset

the SDNFlow Dataset is distinct from others, as it has been generated exclusively from OpenFlow switch statistics, and subsequently processed by an SDN application. The dataset consists of 37 parameters; each record is obtained from the information periodically gatheres from the flows within an OpenFlow switch. The resulting dataset comprises 662,828 records, with 221,564 corresponding to normal records and 441,264 to attack records.

For a better understanding, the parameters are grouped in the following manner:

• Flow identifier features: These parameters are associated with the match fields in a flow rule, allowing the identification of a specific flow. They serve as a basis for updating other parameters. Values such as flow_id, eth_type. ipv4_src, ipv4_dst, ip_proto, src_port, dst_port and flow_duration can be grouped here.
• Packet-based features: This group of parameters contains statistics about the packets processed by the switch that match flow entries. It includes total packets per flow, packets per time unit, and the sample period for each flow.
• Byte-based features: These parameters store information about the bytes of the matching-flow packets processed by the switch. Similar to packet-based features, this group includes total bytes per flow, bytes per flow per time unit, and the sample period for each flow.
• Flow-timer features: Flow-timer features to track the uptime and downtime of each flow.
• Cumulative features: These statistics store metrics associated with different flows with parameters in common in a given time. They include metrics like the total number of packets/bytes per source and destination IP and the total number of connections per source and destination IP. These statistics provide an overview of the network activity.