network security

DALHOUSIE NIMS LAB ATTACK IOT DATASET 2025-1 dataset comprises of four prevalent types attacks, namely Portscan, Slowloris, Synflood, and Vulnerability Scan, on nine distinct Internet of Things (IoT) devices. These attacks are very common on the IoT eco-systems because they often serve as precursors to more sophisticated attack vectors. By analyzing attack vector traffic characteristics and IoT device responses, our dataset will aid to shed light on IoT eco-system vulnerabilities.

SUNBURST Attack Dataset for Network Attack Detection

Overview:
The SUNBURST dataset is a unique and valuable resource for researchers studying network intrusion detection and prevention. This dataset provides real-world network traffic data related to SUNBURST, a sophisticated supply chain attack that exploited the SolarWinds Orion software. It focuses on the behavioral characteristics of the SUNBURST malware, enabling the development and evaluation of security mechanisms.

This unlabeled dataset reflects the network activity of a real branch office with 29 active machines connected to the same broadcast domain for four hours. To achieve this, a Network Intrusion Detection System (NIDS) called BCAST IDS listened to network traffic every 10 seconds. During this time, various types of activities were carried out (browsing, emailing, file transfers, etc.) on each machine to ensure the dataset reflected a wide range of benign behavior.

DALHOUSIE NIMS LAB BENIGN DATASET 2024-2 dataset comprises data captured from Consumer IoT devices, depicting three primary real-life states (Power-up, Idle, and Active) experienced by everyday users. Our setup focuses on capturing realistic data through these states, providing a comprehensive understanding of Consumer IoT devices.

The dataset comprises of nine popular IoT devices namely 

Amcrest Camera

Smarter Coffeemaker

Ring Doorbell

Amazon Echodot

Google Nestcam

Google Nestmini

Kasa Powerstrip

This dataset presents real-world IoT device traffic captured under a scenario termed "Active," reflecting typical usage patterns encountered by everyday users. Our methodology emphasizes the collection of authentic data, employing rigorous testing and system evaluations to ensure fidelity to real-world conditions while minimizing noise and irrelevant capture.

5G Network slicing is one of the key enabling technologies that offer dedicated logical resources to different applications on the same physical network. However, a Denial-of-Service (DoS) or Distributed Denial-of-Service (DDoS) attack can severely damage the performance and functionality of network slices. Furthermore, recent DoS/DDoS attack detection techniques are based on the available data sets which are collected from simulated 5G networks rather than from 5G network slices.

This dataset consists of “.csv” files of 4 different routing attacks (Blackhole Attack, Flooding Attack, DODAG Version Number Attack, and Decreased Rank Attack) targeting the RPL protocol, and these files are taken from Cooja (Contiki network simulator). It allows researchers to develop IDS for RPL-based IoT networks using Artificial Intelligence and Machine Learning methods without simulating attacks. Simulating these attacks by mimicking real-world attack scenarios is essential to developing and testing protection mechanisms against such attacks.

Datsets and scripts are for derivation of a lightweight AIoT malware detection model.

The dataset has been developed in Smart Connected Vehicles Innovation Centre (SCVIC) of the University of Ottawa in Kanata North Technology Park.

In order to define a benchmark for Machine Learning (ML)-based Advanced Persistent Threat (APT) detection in the network traffic, we create a dataset named SCVIC-APT-2021, that can realistically represent the contemporary network architecture and APT characteristics.  Please cite the following original article where this work was initially presented: