Boğaziçi University DDoS Dataset

Citation Author(s):
Derya
Erhan
Boğaziçi University
Submitted by:
derya erhan
Last updated:
Tue, 05/17/2022 - 22:21
DOI:
10.21227/45m9-9p82
Data Format:
Link to Paper:
License:
3021 Views
Categories:
Keywords:
0
0 ratings - Please login to submit your rating.

Abstract 

Boğaziçi University DDoS dataset (BOUN DDoS) is generated in Boğaziçi University via Hping3 traffic generator software by flooding TCP SYN, and UDP packets. This dataset includes attack-free user traffic as well as attack traffic and suitable for evaluating network-based DDoS detection methods. Attacks are towards one victim server connected to the backbone router of the campus.  Attack packets have randomly generated spoofed source  IP addresses.  The data-trace was recorded on the backbone and included over 4000 active hosts.

Instructions: 

Bo ğaziçi University DDoS dataset (BOUN DDoS) is generated in Bo ğaziçi University via Hping3 traffic generator software

by flooding TCP SYN, and UDP packets. This dataset includes attack-free user traffic as well as attack traffic and suitable for

evaluating network-based DDoS detection methods. Attacks are towards one victim server connected to the backbone router of

the campus. Attack packets have randomly generated spoofed source IP addresses. The data-trace was recorded on the backbone

and included over 4000 active hosts.

I. INTRODUCTION

The dataset includes two different attack scenarios. In both scenarios, randomly generated spoofed IP addresses are used in

a flooding manner. For TCP flood attacks, TCP port 80 is used as the destination port. All of the datasets lasted 8 minutes.

In each of them, 80 seconds waiting period, then 20 seconds attack period is practiced. Different packet rates are used to let

researchers evaluate their detection methods concerning different packets rates.

The TCP SYN Flood and UDP flood datasets include attack rates of 1000, 1500, 2000 and 2500 packets/second. The

topology of the attack is given in Figure 1.

Fig. 1. BOUN DDoS attack topology.

Attack packets can be distinguished from attack-free packets using the destination IP address of packets. The victim IP

address is 10.50.199.86.

II. DATASET STRUCTURE

Datasets are in comma-separated value file format, and have the following columns:

    Time: Time values start from zero and have a resolution of 0.000001 seconds. Time values are expressed in seconds.

    Frame Number: Frame number is simply the incremental count of packets in the dataset.

    Frame length: Frame length is the length of that packet in bytes.

    Source ip: Source IP address of the packet.

    Destination IP: Destination Ip address of the packet.

    Source Port: Source TCP port of the packet. If it is not a TCP packet, this field is empty.

    Destination Port: Destination TCP port of the packet. If it is not a TCP packet, this field is empty

    SYN: This value is “Set” if the packet is a TCP packet and its SYN flag is equal to one, it is equal to “Not Set” if the

packet is a TCP packet and its SYN flag is equal to zero. If the packet is not a TCP packet, this field is empty.

1

    ACK: This value is “Set” if the packet is a TCP packet and its ACK flag is equal to one, it is equal to “Not Set” if the

packet is a TCP packet and its ACK flag is equal to zero. If the packet is not a TCP packet, this field is empty.

    RST: This value is “Set” if the packet is a TCP packet and its RST flag is equal to one, it is equal to “Not Set” if the

packet is a TCP packet and its RST flag is equal to zero. If the packet is not a TCP packet, this field is empty.

    TTL: Time to live value of the packets.

    TCP Protocol: This value can be TCP or UDP if the packet belongs to a transport layer IP protocol. Else this value can

have different values.

Comments

*

Submitted by derya erhan on Wed, 10/09/2019 - 10:12

I need for my master thesis

Submitted by aween saeed on Wed, 08/12/2020 - 05:56

*

Submitted by aween saeed on Wed, 08/12/2020 - 05:57

Dataset Files

LOGIN TO ACCESS DATASET FILES
Open Access dataset files are accessible to all logged in  users. Don't have a login?  Create a free IEEE account.  IEEE Membership is not required.

Documentation

AttachmentSize
File BOUN_DDoS_Dataset.pdf92.35 KB