SDN-SlowRate-DDoS dataset
- Citation Author(s):
-
Noe M. Yungaicela-Naula
(Tecnologico de Monterrey)
Cesar Vargas-Rosales
(Tecnologico de Monterrey)
Jesus Arturo Pérez-Díaz
(Tecnologico de Monterrey)
Eduardo Jacob
(University of the Basque Country UPV/EHU)
Carlos Martinez-Cagnazzo (LACNIC) - Submitted by:
- Noe Yungaicela-Naula
- Last updated:
- DOI:
- 10.21227/amrt-8y98
- Data Format:
2835 views
- Categories:
- Keywords:
Abstract
Slow-rate DDoS attacks are recent threats targeting next-generation networks such as IoT, 5G, etc. Unlike conventional high-rate DDoS, slow-rate DDoS have not been deeply studied, mainly due to the limited number of existing datasets with real traces. The SDN-SlowRate-DDoS dataset captures traffic from a physical testbed deployed on the European Experimental Facility Smart Networks for Industry (SN4I, https://i2t.ehu.eus/en/resources/sn4i). A Software Defined Network (SDN)-based datacenter topology was deployed, and multiple experiments of slow-rate DDoS attacks (slow HTTP read) were performed varying the number of victims and attackers.
Instructions:
To create the SDN-SlowRate-DDoS dataset, we deployed SDN-based datacenter topology with two spine switches and four leaf switches using physical equipment from SN4I. Furthermore, ONOS controller was used. The SDN-SlowRate-DDoS dataset contains 23 experiments for slow HTTP read attack, varying the number of attackers (1-4 attackers) and victims (1-3 victims). Slowhttptest (https://www.kali.org/tools/slowhttptest/) was used to attack the victim servers. For each experiment, a least one of the following resources is provided: (i) pcap files containing the raw packets of the network captured using tcpdump, and (ii) csv files containing flow-based features. The flow-based features involve: (1) Device ID (switch ID), (2) Flow ID, (3) IP Src, (4) IP Dst, (5) Mac Src, (6) Mac Dst, (7) Port Src, (8) Port Dst, (9) Protocol, (10) Bytes, (11) Packets, (12) Life, and (13) TimeStamp.The total size of the dataset is 388 GB.
Dataset Files
- Slow HTTP read (Size: 48.19 GB)
- 02_OneAttacker_OneVictim_T4000.zip (Size: 13.27 MB)
- 03_FourAttackers_OneVictim_T4000.zip (Size: 16.71 MB)
- 04_FourAttackers_TwoVictims_T4000.zip (Size: 17.65 MB)
- 05_ThreeAttackers_ThreeVictims_T4000.zip (Size: 14.3 MB)
- 06_OneAttacker_OneVictim_High_T4000.zip (Size: 13.57 MB)
- 07_OneAttacker_OneVictim_Low_T4000.zip (Size: 14.46 MB)
- 08_FourAttackers_OneVictim_Low_T4000.zip (Size: 16.72 MB)
- 09_FourAttackers_TwoVictims_Low_T4000.zip (Size: 17.44 MB)
- 10_OneAttacker_OneVictim_T4000.zip (Size: 9.7 MB)
- 11_NormalTrafficOnly_T1200.zip (Size: 47.33 GB)
- 12_OneAttacker_OneVictim_T1200.zip (Size: 18.83 GB)
- 13_FourAttackers_OneVictim_T1200.zip (Size: 22.54 GB)
- 14_FourAttackers_TwoVictims_T1200.zip (Size: 26.83 GB)
- 15_ThreeAttackers_ThreeVictims_T1200.zip (Size: 25.14 GB)
- 16_OneAttacker_OneVictim_High_T1200.zip (Size: 23.39 GB)
- 17_FourAttackers_OneVictim_Low_T1200.zip (Size: 13.89 GB)
- 18_FourAttackers_TwoVictims_Low_T1200.zip (Size: 7.2 GB)
- 19_OneAttacker_OneVictim_T1200.zip (Size: 26.37 GB)
- 20_TwoAttackers_TwoVictims_T1200.zip (Size: 22.82 GB)
- 21_FourAttackers_OneVictim_T1200.zip (Size: 19.03 GB)
- 22_FourAttackers_TwoVictims_T1200.zip (Size: 29.71 GB)
- 23_FourAttackers_OneVictim_Low_T1200.zip (Size: 11 GB)
In reply to Downloading it for research by Sukhjit Sehra
I want to download this dataset for my reasaerch for ddos detection. Thank you for sharing!
Downloading it for research purposes
downloading for research
downloading for research
download for research
download for research ,thanks for sharing