Time Series Dataset For DDOS Attack Detection

Citation Author(s):
Ratan Kumar
Anil Neerukonda Institute of Technology and Sciences
Valli Kumari
Andhra University
Submitted by:
ratan sajja
Last updated:
Thu, 01/06/2022 - 13:06
Data Format:
0 ratings - Please login to submit your rating.


Distributed Denial of Service (DDoS) attacks first appeared in the mid-1990s, as attacks stopping legitimate users from accessing specific services available on the Internet. A DDoS attack attempts to exhaust the resources of the victim to crash or suspend its services. Time series modeling will help system administrators for better planning of resource allocation to defend against DDoS attacks. Different Time Series analysis techniques are applied to detect the DDoS attacks.

 This time series data set is prepared by processing the pcap files present in the benchmark data set CICDDoS2019

The CICDDoS2019 dataset has numerous modern reflective DDoS attacks, such as PortMap, NetBIOS, LDAP, MSSQL, UDP, UDP-Lag, SYN, NTP, DNS, and SNMP. The training day on 12 January began at 10:30 and ended at 17:15, and the test day on 11 March started at 09:40 and ended at 17:35.

We replayed the CICDDoS2019 dataset pcap files using the tool tcpreplay at different network speeds up to 20 Gbps and captured the traffic using the tool Wireshark. We captured network traffic for every time interval(5 Seconds) as a separate pcap file and processed it to produce the feature score for every time interval.

This data set will help in detecting TCP-based flooding attacks, namely TCP-SYN, TCP-SYN-ACK, TCP-ACK, and TCP-RST.


This data set has two CSV files.  The first CSV file represents the traffic generated on 12th January and second one represents traffic generated on 11th March as per CICDDoS2019.

The features mentioned in dataset are

1. Pcap file number

2. Time period serial number

3. Number of SYN packets

4. Number of SYN-ACK packets

5. Number of ACK packers

6. Number of RESET packets

7. Number of TCP packets