Datasets
Standard Dataset
SUNBURST Attack Dataset
- Citation Author(s):
- Submitted by:
- Prof. mouhammd ...
- Last updated:
- Sun, 01/19/2025 - 03:29
- DOI:
- 10.21227/70hq-a446
- Data Format:
- Research Article Link:
- License:
67 Views- Categories:
- Keywords:
Abstract
SUNBURST Attack Dataset for Network Attack Detection
Overview:
The SUNBURST dataset is a unique and valuable resource for researchers studying network intrusion detection and prevention. This dataset provides real-world network traffic data related to SUNBURST, a sophisticated supply chain attack that exploited the SolarWinds Orion software. It focuses on the behavioral characteristics of the SUNBURST malware, enabling the development and evaluation of security mechanisms.
Data Collection Methodology:
The dataset was created in a controlled lab environment simulating realistic network traffic.
- Normal traffic: Captured through typical network activities, including file sharing, web browsing, and video conferencing.
- Infected traffic: Generated by deploying a trojanized SolarWinds Orion DLL file, enabling detailed monitoring of the SUNBURST backdoor communications and attack patterns.
Dataset Features:
- Attributes: The dataset includes 81 features, such as timestamps, source/destination ports, flow durations, and packet-level statistics, essential for identifying anomalies associated with SUNBURST.
- Labels: Data is labeled as either "normal" or "abnormal (SUNBURST)" for clear distinction.
Format:
The dataset is available in CSV format, derived from packet capture (PCAP) files processed using the CICFlowMeter tool. Each row represents a network flow, annotated with its label. The dataset includes both raw network traffic and labeled metadata, suitable for training and validating machine learning models.
Applications:
The SUNBURST dataset is well-suited for:
- Developing and testing Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS).
- Building machine learning models for detecting and mitigating advanced persistent threats (APT) and supply chain attacks.
- Conducting research on network-based cyber threats.
SUNBURST Attack Dataset for Network Attack Detection
Overview:
The SUNBURST dataset is a unique and valuable resource for researchers studying network intrusion detection and prevention. This dataset provides real-world network traffic data related to SUNBURST, a sophisticated supply chain attack that exploited the SolarWinds Orion software. It focuses on the behavioral characteristics of the SUNBURST malware, enabling the development and evaluation of security mechanisms.
Data Collection Methodology:
The dataset was created in a controlled lab environment simulating realistic network traffic.
- Normal traffic: Captured through typical network activities, including file sharing, web browsing, and video conferencing.
- Infected traffic: Generated by deploying a trojanized SolarWinds Orion DLL file, enabling detailed monitoring of the SUNBURST backdoor communications and attack patterns.
Dataset Features:
- Attributes: The dataset includes 81 features, such as timestamps, source/destination ports, flow durations, and packet-level statistics, essential for identifying anomalies associated with SUNBURST.
- Labels: Data is labeled as either "normal" or "abnormal (SUNBURST)" for clear distinction.
Format:
The dataset is available in CSV format, derived from packet capture (PCAP) files processed using the CICFlowMeter tool. Each row represents a network flow, annotated with its label. The dataset includes both raw network traffic and labeled metadata, suitable for training and validating machine learning models.
Applications:
The SUNBURST dataset is well-suited for:
- Developing and testing Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS).
- Building machine learning models for detecting and mitigating advanced persistent threats (APT) and supply chain attacks.
- Conducting research on network-based cyber threats.
Documentation
| Attachment | Size |
|---|---|
 TSP_CSSE_40626 (1).pdf | 1.13 MB |
