Serial Number: 47
Year: 2017
Kind of Traffic: Simulated + Real
Publicly Available: Yes
Count of Records: 32M Flows
Features Count: 14
No. of citations: 17
Attack Type: scan, DoS, Brute Force
Download Links: https://www.kaggle.com/datasets/dhoogla/cidds001
Abstract: CIDDS-001 dataset was captured in 2017 using simulated small business environment, and includes unidirectional network traffic based on flow of “4” weeks. External server is included in dataset that was attacked in internet. As opposed to honeypots, clients were regularly accessing this server. Malicious & Normal user behaviour was executed. This data set is available to public. To generate malicious traffic on the network, Port Scans, Brute Force attacks and (DoS) Denial of Service, were used. Labelling the recorded NetFlow data was simple because the targets, origins, and timestamps of the executed attacks were all known. Adding network traffic outside the OpenStack environment was achieved by deploying an external server. The server provides a file synchronization service (Seafile) as well as an HTTP web server to clients. This server was vulnerable to real and current internet attacks because it had a publicly accessible IP address.