Datasets
Standard Dataset
SDN-SlowRate-DDoS dataset
- Citation Author(s):
-
Noe M.Yungaicela-Naula
Tecnologico de MonterreyCesarVargas-RosalesTecnologico de MonterreyJesus ArturoPérez-DíazTecnologico de MonterreyEduardoJacobUniversity of the Basque Country UPV/EHU - Submitted by:
- Noe Yungaicela-Naula
- Last updated:
- Thu, 03/30/2023 - 18:56
- DOI:
- 10.21227/amrt-8y98
- Data Format:
- License:
2088 Views- Categories:
- Keywords:
Abstract
Slow-rate DDoS attacks are recent threats targeting next-generation networks such as IoT, 5G, etc. Unlike conventional high-rate DDoS, slow-rate DDoS have not been deeply studied, mainly due to the limited number of existing datasets with real traces. The SDN-SlowRate-DDoS dataset captures traffic from a physical testbed deployed on the European Experimental Facility Smart Networks for Industry (SN4I, https://i2t.ehu.eus/en/resources/sn4i). A Software Defined Network (SDN)-based datacenter topology was deployed, and multiple experiments of slow-rate DDoS attacks (slow HTTP read) were performed varying the number of victims and attackers.
To create the SDN-SlowRate-DDoS dataset, we deployed SDN-based datacenter topology with two spine switches and four leaf switches using physical equipment from SN4I. Furthermore, ONOS controller was used. The SDN-SlowRate-DDoS dataset contains 23 experiments for slow HTTP read attack, varying the number of attackers (1-4 attackers) and victims (1-3 victims). Slowhttptest (https://www.kali.org/tools/slowhttptest/) was used to attack the victim servers. For each experiment, a least one of the following resources is provided: (i) pcap files containing the raw packets of the network captured using tcpdump, and (ii) csv files containing flow-based features. The flow-based features involve: (1) Device ID (switch ID), (2) Flow ID, (3) IP Src, (4) IP Dst, (5) Mac Src, (6) Mac Dst, (7) Port Src, (8) Port Dst, (9) Protocol, (10) Bytes, (11) Packets, (12) Life, and (13) TimeStamp.The total size of the dataset is 388 GB.
Dataset Files
- Slow HTTP read 01_NormalTrafficOnly_T4000.zip (48.19 GB)
- Slow HTTP read 02_OneAttacker_OneVictim_T4000.zip (13.27 MB)
- Slow HTTP read 03_FourAttackers_OneVictim_T4000.zip (16.71 MB)
- Slow HTTP read 04_FourAttackers_TwoVictims_T4000.zip (17.65 MB)
- Slow HTTP read 05_ThreeAttackers_ThreeVictims_T4000.zip (14.30 MB)
- Slow HTTP read 06_OneAttacker_OneVictim_High_T4000.zip (13.57 MB)
- Slow HTTP read 07_OneAttacker_OneVictim_Low_T4000.zip (14.46 MB)
- Slow HTTP read 08_FourAttackers_OneVictim_Low_T4000.zip (16.72 MB)
- Slow HTTP read 09_FourAttackers_TwoVictims_Low_T4000.zip (17.44 MB)
- Slow HTTP read 10_OneAttacker_OneVictim_T4000.zip (9.70 MB)
- Slow HTTP read 11_NormalTrafficOnly_T1200.zip (47.33 GB)
- Slow HTTP read 12_OneAttacker_OneVictim_T1200.zip (18.83 GB)
- Slow HTTP read 13_FourAttackers_OneVictim_T1200.zip (22.54 GB)
- Slow HTTP read 14_FourAttackers_TwoVictims_T1200.zip (26.83 GB)
- Slow HTTP read 15_ThreeAttackers_ThreeVictims_T1200.zip (25.14 GB)
- Slow HTTP read 16_OneAttacker_OneVictim_High_T1200.zip (23.39 GB)
- Slow HTTP read 17_FourAttackers_OneVictim_Low_T1200.zip (13.89 GB)
- Slow HTTP read 18_FourAttackers_TwoVictims_Low_T1200.zip (7.20 GB)
- Slow HTTP read 19_OneAttacker_OneVictim_T1200.zip (26.37 GB)
- Slow HTTP read 20_TwoAttackers_TwoVictims_T1200.zip (22.82 GB)
- Slow HTTP read 21_FourAttackers_OneVictim_T1200.zip (19.03 GB)
- Slow HTTP read 22_FourAttackers_TwoVictims_T1200.zip (29.71 GB)
- 23_FourAttackers_OneVictim_Low_T1200.zip (11.00 GB)
Documentation
| Attachment | Size |
|---|---|
 Instruction.pdf | 50.09 KB |
Comments
Downloading it for research purposes
I want to download this dataset for my reasaerch for ddos detection. Thank you for sharing!
for scientific research
Downloading it for research purposes
Downloading it for research purposes
downloading for research
downloading for research