Datasets
Open Access
Boğaziçi University DDoS Dataset
- Citation Author(s):
- Submitted by:
- derya erhan
- Last updated:
- Tue, 05/17/2022 - 22:21
- DOI:
- 10.21227/45m9-9p82
- Data Format:
- Link to Paper:
- License:
- Categories:
- Keywords:
Abstract
Boğaziçi University DDoS dataset (BOUN DDoS) is generated in Boğaziçi University via Hping3 traffic generator software by flooding TCP SYN, and UDP packets. This dataset includes attack-free user traffic as well as attack traffic and suitable for evaluating network-based DDoS detection methods. Attacks are towards one victim server connected to the backbone router of the campus. Attack packets have randomly generated spoofed source IP addresses. The data-trace was recorded on the backbone and included over 4000 active hosts.
Bo ğaziçi University DDoS dataset (BOUN DDoS) is generated in Bo ğaziçi University via Hping3 traffic generator software
by flooding TCP SYN, and UDP packets. This dataset includes attack-free user traffic as well as attack traffic and suitable for
evaluating network-based DDoS detection methods. Attacks are towards one victim server connected to the backbone router of
the campus. Attack packets have randomly generated spoofed source IP addresses. The data-trace was recorded on the backbone
and included over 4000 active hosts.
I. INTRODUCTION
The dataset includes two different attack scenarios. In both scenarios, randomly generated spoofed IP addresses are used in
a flooding manner. For TCP flood attacks, TCP port 80 is used as the destination port. All of the datasets lasted 8 minutes.
In each of them, 80 seconds waiting period, then 20 seconds attack period is practiced. Different packet rates are used to let
researchers evaluate their detection methods concerning different packets rates.
The TCP SYN Flood and UDP flood datasets include attack rates of 1000, 1500, 2000 and 2500 packets/second. The
topology of the attack is given in Figure 1.
Fig. 1. BOUN DDoS attack topology.
Attack packets can be distinguished from attack-free packets using the destination IP address of packets. The victim IP
address is 10.50.199.86.
II. DATASET STRUCTURE
Datasets are in comma-separated value file format, and have the following columns:
Time: Time values start from zero and have a resolution of 0.000001 seconds. Time values are expressed in seconds.
Frame Number: Frame number is simply the incremental count of packets in the dataset.
Frame length: Frame length is the length of that packet in bytes.
Source ip: Source IP address of the packet.
Destination IP: Destination Ip address of the packet.
Source Port: Source TCP port of the packet. If it is not a TCP packet, this field is empty.
Destination Port: Destination TCP port of the packet. If it is not a TCP packet, this field is empty
SYN: This value is “Set” if the packet is a TCP packet and its SYN flag is equal to one, it is equal to “Not Set” if the
packet is a TCP packet and its SYN flag is equal to zero. If the packet is not a TCP packet, this field is empty.
1
ACK: This value is “Set” if the packet is a TCP packet and its ACK flag is equal to one, it is equal to “Not Set” if the
packet is a TCP packet and its ACK flag is equal to zero. If the packet is not a TCP packet, this field is empty.
RST: This value is “Set” if the packet is a TCP packet and its RST flag is equal to one, it is equal to “Not Set” if the
packet is a TCP packet and its RST flag is equal to zero. If the packet is not a TCP packet, this field is empty.
TTL: Time to live value of the packets.
TCP Protocol: This value can be TCP or UDP if the packet belongs to a transport layer IP protocol. Else this value can
have different values.
Dataset Files
LOGIN TO ACCESS DATASET FILESOpen Access dataset files are accessible to all logged in users. Don't have a login? Create a free IEEE account. IEEE Membership is not required.
Documentation
Attachment | Size |
---|---|
BOUN_DDoS_Dataset.pdf | 92.35 KB |
Comments
*
I need for my master thesis
*