Serial Number: 115
Year: 2024
Kind of Traffic: Simulated
Publicly Available: Yes
Count of Records: 199MB
Features Count: 17
No. of citations: 2
Attack Type: Apache Struts, key-loggers, etc
Download Links: https://zenodo.org/records/10685642
Abstract: The new dataset, named Linux-APT Dataset 2024, captures Advanced Persistent Threat (APT) attacks and other sophisticated payloads. It consists of several parts, including two combined files for analysis. Because of a constraint of 10,000 records per file, logs are segregated into files according to specific date ranges, totaling 17 files from October 1st, 2023, to January 7th, 2024. The dataset is available on Zenodo and Mendeley repositories. The 'Processed Version' and 'Combined' files consolidate all data, with one in its original raw form and the other compiled. Data is available in raw format, XML configuration as well as in Comma Separated Value (CSV) format. The collected data includes both qualitative and quantitative information, detailing APTs, malware, and associated vectors. Qualitative data involves the selection of APTs, payloads and malware, simulated in a mostly Linux-based environment. Since APTs are time-consuming, a broad timetable was necessary for accurate evaluation. In total, there are 125,898 records containing both generalized and malicious traffic/logs. The data gathering process covers recent intrusions, published CVEs, Linux privilege escalation payloads, and APTs like APT29, APT41, APT28, and Turla. Additionally, threat emulations such as key-loggers, Apache Struts vulnerabilities, and backdoor malwares are considered.