Boğaziçi University DDoS Dataset

Boğaziçi University DDoS Dataset

Citation Author(s):
Derya
Erhan
Boğaziçi University
Yasir
Korkusuz
Submitted by:
derya erhan
Last updated:
Wed, 10/09/2019 - 10:07
DOI:
10.21227/45m9-9p82
Data Format:
License:
Dataset Views:
25
Share / Embed Cite

CATEGORIES

KEYWORDS

Boğaziçi University DDoS dataset (BOUN DDoS) is generated in Boğaziçi University via Hping3 traffic generator software by flooding TCP SYN, and UDP packets. This dataset includes attack-free user traffic as well as attack traffic and suitable for evaluating network-based DDoS detection methods. Attacks are towards one victim server connected to the backbone router of the campus.  Attack packets have randomly generated spoofed source  IP addresses.  The data-trace was recorded on the backbone and included over 2000 active hosts. The average packet/second ratio was around 18000. 

Instructions: 

Bo ğaziçi University DDoS dataset (BOUN DDoS) is generated in Bo ğaziçi University via Hping3 traffic generator software

by flooding TCP SYN, and UDP packets. This dataset includes attack-free user traffic as well as attack traffic and suitable for

evaluating network-based DDoS detection methods. Attacks are towards one victim server connected to the backbone router of

the campus. Attack packets have randomly generated spoofed source IP addresses. The data-trace was recorded on the backbone

and included over 2000 active hosts.

I. INTRODUCTION

The dataset includes two different attack scenarios. In both scenarios, randomly generated spoofed IP addresses are used in

a flooding manner. For TCP flood attacks, TCP port 80 is used as the destination port. All of the datasets lasted 8 minutes.

In each of them, 80 seconds waiting period, then 20 seconds attack period is practiced. Different packet rates are used to let

researchers evaluate their detection methods concerning different packets rates.

The TCP SYN Flood and UDP flood datasets include attack rates of 1000, 1500, 2000 and 2500 packets/second. The

topology of the attack is given in Figure 1.

Fig. 1. BOUN DDoS attack topology.

Attack packets can be distinguished from attack-free packets using the destination IP address of packets. The victim IP

address is 10.50.199.86.

II. DATASET STRUCTURE

Datasets are in comma-separated value file format, and have the following columns:

    Time: Time values start from zero and have a resolution of 0.000001 seconds. Time values are expressed in seconds.

    Frame Number: Frame number is simply the incremental count of packets in the dataset.

    Frame length: Frame length is the length of that packet in bytes.

    Source ip: Source IP address of the packet.

    Destination IP: Destination Ip address of the packet.

    Source Port: Source TCP port of the packet. If it is not a TCP packet, this field is empty.

    Destination Port: Destination TCP port of the packet. If it is not a TCP packet, this field is empty

    SYN: This value is “Set” if the packet is a TCP packet and its SYN flag is equal to one, it is equal to “Not Set” if the

packet is a TCP packet and its SYN flag is equal to zero. If the packet is not a TCP packet, this field is empty.

1

    ACK: This value is “Set” if the packet is a TCP packet and its ACK flag is equal to one, it is equal to “Not Set” if the

packet is a TCP packet and its ACK flag is equal to zero. If the packet is not a TCP packet, this field is empty.

    RST: This value is “Set” if the packet is a TCP packet and its RST flag is equal to one, it is equal to “Not Set” if the

packet is a TCP packet and its RST flag is equal to zero. If the packet is not a TCP packet, this field is empty.

    TTL: Time to live value of the packets.

    TCP Protocol: This value can be TCP or UDP if the packet belongs to a transport layer IP protocol. Else this value can

have different values.

Comments

*

Dataset Files

You must login with an IEEE Account to access these files. IEEE Accounts are FREE.

Sign Up now or login.

Documentation

AttachmentSize
PDF icon BOUN_DDoS_Dataset.pdf92.35 KB

Embed this dataset on another website

Copy and paste the HTML code below to embed your dataset:

Share via email or social media

Click the buttons below:

facebooktwittermailshare
[1] , "Boğaziçi University DDoS Dataset", IEEE Dataport, 2019. [Online]. Available: http://dx.doi.org/10.21227/45m9-9p82. Accessed: Oct. 14, 2019.
@data{45m9-9p82-19,
doi = {10.21227/45m9-9p82},
url = {http://dx.doi.org/10.21227/45m9-9p82},
author = { },
publisher = {IEEE Dataport},
title = {Boğaziçi University DDoS Dataset},
year = {2019} }
TY - DATA
T1 - Boğaziçi University DDoS Dataset
AU -
PY - 2019
PB - IEEE Dataport
UR - 10.21227/45m9-9p82
ER -
. (2019). Boğaziçi University DDoS Dataset. IEEE Dataport. http://dx.doi.org/10.21227/45m9-9p82
, 2019. Boğaziçi University DDoS Dataset. Available at: http://dx.doi.org/10.21227/45m9-9p82.
. (2019). "Boğaziçi University DDoS Dataset." Web.
1. . Boğaziçi University DDoS Dataset [Internet]. IEEE Dataport; 2019. Available from : http://dx.doi.org/10.21227/45m9-9p82
. "Boğaziçi University DDoS Dataset." doi: 10.21227/45m9-9p82