Packed with 845,373 network flow records engineered with 40 statistical flow-level features. It is designed for detecting Distributed Denial-of-Service attacks, specifically focusing on LDAP-based DDoS traffic, and uses a dual-labelling scheme for binary and attack-specific classification.
Use Cases
- Train a binary classifier using the binary label to distinguish between benign and malicious traffic across 845,373 flow records.
- Perform multi-class classification on the categorical attack type label using features like flow bytes per second and packet length statistics.
- Analyze forward packet dynamics and inter-arrival time features to model traffic patterns specific to LDAP-based DDoS attacks.
- Build a real-time detection system using source/destination IP addresses, ports, protocols, and timestamps for cyber-physical system security.
Strengths
- 845,373 network flow records provide substantial data volume for model training.
- 40 statistical flow-level features per record, including packet size, traffic volume, and flow duration.
- Dual-labelling scheme with both categorical attack type and binary labels enables flexible classification tasks.
- Focus on LDAP-based DDoS traffic makes it computationally efficient for targeted security applications.
Limitations
- The dataset's primary focus on LDAP-based DDoS traffic may limit generalizability to other attack vectors.
- No information is provided on potential class imbalance between benign and malicious traffic labels.
- The geographic origin of the network traffic and the time range covered are not specified.
Provenance
- Source
- Harvard Dataverse
- Collection Method
- Flow records extracted using CICFlowMeter-style feature engineering.
- Time Range
- null
- Freshness
- null
- Geography
- null