Giter Site home page Giter Site logo

nss_mirai_dataset's Introduction

NSS_Mirai_Dataset

This dataset is captured from a Mirai type botnet attack on an emulated IoT network in OpenStack. Experimental setup can be found in setup.pdf.

  • NSS_Mirai_Dataset/dataset_1/for_fim/ : alerts coded into a FIM ready format (for both with subnet and without subnet cases)

  • NSS_Mirai_Dataset/dataset_1/gateways/ : alerts captured at the individual gateways in the FIM ready format (for both with subnet and without subnet cases)

  • NSS_Mirai_Dataset/dataset_1/raw_entries/ : raw alerts aggregated at the security manager

  • NSS_Mirai_Dataset/dataset_1/sampled_alerts/

    final_sampled_inputs.csv : all the alerts aggregated at the security manager in a single file

    labeled_final_sampled_inputs.csv : all the alerts aggregated at the security manager in a single file with corresponding class labels

  • There is another dataset (dataset_2) in raw alert format captured using the same emulated IoT network, but with a different time duration.

Detailed information on the dataset is depicted in the following work. Please cite it when you use this dataset for your research.

  • Kalupahana Liyanage Kushan Sudheera, Dinil Mon Divakaran, Rhishi Pratap Singh, and Mohan Gurusamy, "ADEPT: Detection and Identification of Correlated Attack-Stages in IoT Networks," in IEEE Internet of Things Journal (Accepted), URL: https://doi.org/10.1109/JIOT.2021.3055937

Class | Description

Port Scan | Bots scan for open ports of IoT devices

Scan In | Bots scan for specific vulnerabilities, e.g., status of telnet, ssh ports

Login Attempts | Bots execute dictionary attack on vulnerable IoT devices

Malware Loader| Upload/Download of malware from an external source

C&C Communication (success) | Successful communication sessions with the C&C server

C&C Communication (failure) | Failed communication sessions with the C&C server

Scan Out (ports) | Compromised IoT devices scan for open ports on other IoT devices

Scan Out (login) | Compromised IoT devices carry out dictionary attack on other vulnerable IoT devices

Attack (DDoS-Volumetric) | All compromised IoT devices execute DDoS attack on a victim server

Attack (DDoS-Reflective) | All compromised IoT devices execute reflective DNS DDoS attack on a victim server

Noise | False alerts due to firmware updates, setup changes, etc.


nss_mirai_dataset's People

Contributors

kaysudheera avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.