This dataset provides a curated collection of encrypted network traffic designed to support research on Instant Messaging Application (IMA) traffic analysis. Due to privacy and ethical constraints, publicly available datasets containing labelled IMA traffic remain scarce.
As a part of IARPA ReSCIND, LLNL and MITRE hosted multiple 4-day cyber experiments with external participants each attempting to complete four challenges. Three of the four challenges were intended to elicit CogVulns (Cognitive Vulnerabilities) in participants and the fourth was intended to serve as a baseline. Each challenge had a specific cybersecurity-related goal presented to the participant in the form of a cover story. Participants were free to attempt the challenges in any order and for any percentage of their total time.
ABSTRACT Intrusion Detection Systems (IDSs) are widely used to monitor and protect computer networks, but they often rely on very sensitive traffic data. Handling this kind of data may expose private information or even cause breaches if not treated carefully. To deal with this issue, this work introduces an adaptive hybrid obfuscation model designed to protect data privacy while keeping good detection accuracy for Machine Learning (ML)-based IDS.
This dataset contains network connection and traffic analysis data with approximately 25-30 records. The data includes source and destination IP addresses (primarily in the 59.166.x.x and 175.45.x.x ranges), along with port information and protocol details (UDP, ARP, TCP). Key metrics captured include connection states (CON, INT, FIN), byte transfers in both directions (sbytes, dbytes), packet counts, and timing information (sttl, dttl). The dataset appears to focus on UDP connections (53 appears frequently, suggesting DNS traffic) with various connection states and data transfer volumes.
DALHOUSIE NIMS LAB ATTACK IOT DATASET 2025-1 dataset comprises of four prevalent types attacks, namely Portscan, Slowloris, Synflood, and Vulnerability Scan, on nine distinct Internet of Things (IoT) devices. These attacks are very common on the IoT eco-systems because they often serve as precursors to more sophisticated attack vectors. By analyzing attack vector traffic characteristics and IoT device responses, our dataset will aid to shed light on IoT eco-system vulnerabilities.
SUNBURST Attack Dataset for Network Attack Detection
Overview:
The SUNBURST dataset is a unique and valuable resource for researchers studying network intrusion detection and prevention. This dataset provides real-world network traffic data related to SUNBURST, a sophisticated supply chain attack that exploited the SolarWinds Orion software. It focuses on the behavioral characteristics of the SUNBURST malware, enabling the development and evaluation of security mechanisms.
This unlabeled dataset reflects the network activity of a real branch office with 29 active machines connected to the same broadcast domain for four hours. To achieve this, a Network Intrusion Detection System (NIDS) called BCAST IDS listened to network traffic every 10 seconds. During this time, various types of activities were carried out (browsing, emailing, file transfers, etc.) on each machine to ensure the dataset reflected a wide range of benign behavior.
DALHOUSIE NIMS LAB BENIGN DATASET 2024-2 dataset comprises data captured from Consumer IoT devices, depicting three primary real-life states (Power-up, Idle, and Active) experienced by everyday users. Our setup focuses on capturing realistic data through these states, providing a comprehensive understanding of Consumer IoT devices.
The dataset comprises of nine popular IoT devices namely
Amcrest Camera
Smarter Coffeemaker
Ring Doorbell
Amazon Echodot
Google Nestcam
Google Nestmini
Kasa Powerstrip
This dataset presents real-world IoT device traffic captured under a scenario termed "Active," reflecting typical usage patterns encountered by everyday users. Our methodology emphasizes the collection of authentic data, employing rigorous testing and system evaluations to ensure fidelity to real-world conditions while minimizing noise and irrelevant capture.
5G Network slicing is one of the key enabling technologies that offer dedicated logical resources to different applications on the same physical network. However, a Denial-of-Service (DoS) or Distributed Denial-of-Service (DDoS) attack can severely damage the performance and functionality of network slices. Furthermore, recent DoS/DDoS attack detection techniques are based on the available data sets which are collected from simulated 5G networks rather than from 5G network slices.
