IoT network intrusion dataset
- Citation Author(s):
-
Hyunjae KangDong Hyun AhnGyung Min LeeJeong Do YooKyung Ho ParkHuy Kang Kim
- Submitted by:
- Huy Kang Kim
- Last updated:
- DOI:
- 10.21227/q70p-q449
- Data Format:
- Links:
- Categories:
- Keywords:
Abstract
We created various types of network attacks in Internet of Things (IoT) environment for academic purpose. Two typical smart home devices -- SKT NUGU (NU 100) and EZVIZ Wi-Fi Camera (C2C Mini O Plus 1080P) -- were used. All devices, including some laptops or smart phones, were connected to the same wireless network. The dataset consists of 42 raw network packet files (pcap) at different time points.
* The packet files are captured by using monitor mode of wireless network adapter. The wireless headers are removed by Aircrack-ng.
* All attacks except Mirai Botnet category are the packets captured while simulating attacks using tools such as Nmap. The case of Mirai Botnet category, the attack packets were generated on a laptop and then manipulated to make it appear as if it originated from the IoT device.
Instructions:
The dataset consists of 42 raw network packet files (pcap) at different time points.
* The packet files are captured by using monitor mode of wireless network adapter. The wireless headers are removed by Aircrack-ng.
* All attacks except Mirai Botnet category are the packets captured while simulating attacks using tools such as Nmap. The case of the Mirai Botnet category, the attack packets were generated on a laptop and then manipulated to make it appear as if it originated from the IoT device.
<packet file description>
benign-dec.pcap: benign-only traffic
mitm-arpspoofing-n(1~6)-dec.pcap: traffic containing benign and MITM(arp spoofing)
dos-synflooding-n(1~6)-dec.pcap: traffic containing benign and DoS(SYN flooding) attack
scan-hostport-n(1~6)-dec.pcap: traffic containing benign and Scan(host & port scan) attack
scan-portos-n(1~6)-dec.pcap: traffic containing benign and Scan(port & os scan) attack
mirai-udpflooding-n(1~4)-dec.pcap: traffic containing benign and 3 most typical attacks(UDP/ACK/HTTP Flooding) of zombie pc compromised by mirai malware
mirai-ackflooding-n(1~4)-dec.pcap
mirai-httpflooding-n(1~4)-dec.pcap
mirai-hostbruteforce-n(1~5)-dec.pcap: traffic containing benign and initial phase of Mirai malware including host discovery and Telnet brute-force attack
In reply to Very Warm Regards, by Ankita Anand
In reply to You can download IoT dataset by Huy Kang Kim
In reply to Hello by neetu Wadhwa
In reply to You can download IoT dataset by Huy Kang Kim
In reply to Hello, by Drasty Parvin
In reply to Very Warm Regards, by Ahmad Houkan
In reply to Hi, I would like to split the by Manush Sekaran C
I know several months have passed since you queried, though you can parse the packets by writing Python codes using packet handling libraries such as scapy or dpkt. Parse IP addresses, ports, or streams you need using the libraries and save them into another PCAP.