Intrusion Detection System

This unlabeled dataset reflects the network activity of a real branch office with 29 active machines connected to the same broadcast domain for four hours. To achieve this, a Network Intrusion Detection System (NIDS) called BCAST IDS listened to network traffic every 10 seconds. During this time, various types of activities were carried out (browsing, emailing, file transfers, etc.) on each machine to ensure the dataset reflected a wide range of benign behavior.

The UNSW-NB15 Dataset is a compilation of raw network data packets crafted by the University of South Wales. This dataset is designed to create a blend of modern normal network activity and synthetic contemporary attack behavior. It encompasses nine types of attacks, including Fuzzers, Analysis, Backdoors, DoS, Exploits, Generic, Reconnaissance, Shellcode, and Worms, resulting in a total of 10 classes of traffic and 49 features.

This dataset consists of “.csv” files of 4 different routing attacks (Blackhole Attack, Flooding Attack, DODAG Version Number Attack, and Decreased Rank Attack) targeting the RPL protocol, and these files are taken from Cooja (Contiki network simulator). It allows researchers to develop IDS for RPL-based IoT networks using Artificial Intelligence and Machine Learning methods without simulating attacks. Simulating these attacks by mimicking real-world attack scenarios is essential to developing and testing protection mechanisms against such attacks.

Slow-rate DDoS attacks are recent threats targeting next-generation networks such as IoT, 5G, etc. Unlike conventional high-rate DDoS, slow-rate DDoS have not been deeply studied, mainly due to the limited number of existing datasets with real traces.

The Advanced Metering Infrastructure is established in Electrical Drives Laboratory, School of Electrical and Electronics Engineering, SASTRA Deemed to be University, Thanjavur, Tamil Nadu,India. Further, the ARP spoofing attack emulation is deliberated between Smart Meter and Data Concentrator through the Ettercap tool in two different test beds by incorporating Modbus TCP/IP and MQTT.Then, the benign and malicious traffic patterns of two protocols are captured using Wireshark to form the dataset.

For academic purposes, we are happy to release our datasets. This dataset is in support of my research paper 'TOW-IDS: Intrusion Detection System based on Three Overlapped Wavelets in Automotive Ethernet'. If you want to use our dataset for your experiment, please cite our paper.

Anomaly detection is a well-known topic in cybersecurity. Its application to the Internet of Things can lead to suitable protection techniques against problems such as denial of service attacks.