MQTT Internet of Things Intrusion Detection Dataset

MQTT Internet of Things Intrusion Detection Dataset

Citation Author(s):
Hanan
Hindy
Abertay University
Christos
Tachtatzis
University of Strathclyde
Robert
Atkinson
University of Strathclyde
Ethan
Bayne
Abertay University
Xavier
Bellekens
University of Strathclyde
Submitted by:
Hanan Hindy
Last updated:
Tue, 06/23/2020 - 16:35
DOI:
10.21227/bhxy-ep04
Data Format:
License:
Dataset Views:
183
Rating:
5
1 rating - Please login to submit your rating.
Share / Embed Cite

Message Queuing Telemetry Transport (MQTT) protocol is one of the most recent standards used in Internet of Things (IoT) machine to machine communication. The increase in the number of available IoT devices and used protocols reinforce the need for new and robust Intrusion Detection Systems (IDS). However, building IoT IDS requires the availability of datasets to process, train and evaluate these models. The dataset presented in this paper is the first to simulate and MQTT-based network. The dataset is generated using a simulated MQTT network architecture. The network comprises twelve sensors, a broker, a simulated camera, and an attacker. Five scenarios are recorded: (1) normal operation, (2) aggressive scan, (3) UDP scan, (4) Sparta SSH brute-force, and (5) MQTT brute-force attack.  The raw pcap files are saved, then features are extracted. Three abstraction levels of features are extracted from the raw pcap files: (a) packet features, (b) Unidirectional flow features and (c) Bidirectional flow features. The csv feature files in the dataset are suited for Machine Learning (ML) usage. Also, the raw pcap files are suitable for the deeper analysis of MQTT IoT networks communication and the associated attacks. 

Instructions: 

The dataset consists of 5 pcap files, namely, normal.pcap, sparta.pcap, scan_A.pcap, mqtt_bruteforce.pcap and scan_sU.pcap. Each file represents a recording of one scenario; normal operation, Sparta SSH brute-force, aggressive scan, MQTT brute-force and UDP scan respectively. The attack pcap files contain background normal operations. The attacker IP address is “192.168.2.5”. Basic packet features are extracted from the pcap files into CSV files with the same pcap file names. The features include flags, length, MQTT message parameters, etc. Later, unidirectional and bidirectional features are extracted.  It is important to note that for the bidirectional flows, some features (pointed as *) have two values—one for forward flow and one for the backward flow. The two features are recorded and distinguished by a prefix “fwd_” for forward and “bwd_” for backward. 

 

Dataset Files

You must login with an IEEE Account to access these files. IEEE Accounts are FREE.

Sign Up now or login.

Embed this dataset on another website

Copy and paste the HTML code below to embed your dataset:

Share via email or social media

Click the buttons below:

facebooktwittermailshare
[1] Hanan Hindy, Christos Tachtatzis, Robert Atkinson, Ethan Bayne, Xavier Bellekens, "MQTT Internet of Things Intrusion Detection Dataset", IEEE Dataport, 2020. [Online]. Available: http://dx.doi.org/10.21227/bhxy-ep04. Accessed: Jul. 08, 2020.
@data{bhxy-ep04-20,
doi = {10.21227/bhxy-ep04},
url = {http://dx.doi.org/10.21227/bhxy-ep04},
author = {Hanan Hindy; Christos Tachtatzis; Robert Atkinson; Ethan Bayne; Xavier Bellekens },
publisher = {IEEE Dataport},
title = {MQTT Internet of Things Intrusion Detection Dataset},
year = {2020} }
TY - DATA
T1 - MQTT Internet of Things Intrusion Detection Dataset
AU - Hanan Hindy; Christos Tachtatzis; Robert Atkinson; Ethan Bayne; Xavier Bellekens
PY - 2020
PB - IEEE Dataport
UR - 10.21227/bhxy-ep04
ER -
Hanan Hindy, Christos Tachtatzis, Robert Atkinson, Ethan Bayne, Xavier Bellekens. (2020). MQTT Internet of Things Intrusion Detection Dataset. IEEE Dataport. http://dx.doi.org/10.21227/bhxy-ep04
Hanan Hindy, Christos Tachtatzis, Robert Atkinson, Ethan Bayne, Xavier Bellekens, 2020. MQTT Internet of Things Intrusion Detection Dataset. Available at: http://dx.doi.org/10.21227/bhxy-ep04.
Hanan Hindy, Christos Tachtatzis, Robert Atkinson, Ethan Bayne, Xavier Bellekens. (2020). "MQTT Internet of Things Intrusion Detection Dataset." Web.
1. Hanan Hindy, Christos Tachtatzis, Robert Atkinson, Ethan Bayne, Xavier Bellekens. MQTT Internet of Things Intrusion Detection Dataset [Internet]. IEEE Dataport; 2020. Available from : http://dx.doi.org/10.21227/bhxy-ep04
Hanan Hindy, Christos Tachtatzis, Robert Atkinson, Ethan Bayne, Xavier Bellekens. "MQTT Internet of Things Intrusion Detection Dataset." doi: 10.21227/bhxy-ep04