IoT-BDA Botnet Analysis Dataset

The proliferation of insecure Internet-connected devices gave rise to the IoT botnets which can grow very large rapidly and may perform high-impact cyber-attacks. To facilitate the improvement and the development of host and network-based IoT botnet detection solutions, and Linux malware analysis tools and methods, we provide the IoT-BDA Botnet Analysis Dataset. The dataset comprises the results of the analysis conducted by IoT-BDA Framework on 4077 unique IoT botnet samples captured by honeypots. The framework executed the samples in a sandbox and performed static, behavioural and network analysis to identify indicators of compromise and attack, anti-static-analysis, anti-dynamic-analysis, anti-forensics and persistence techniques used by IoT botnets. Each of the analysed samples was scanned using Virustotal and was attributed the most probable malware family it belongs to using the AVClass malware classifier. The dataset may also enable clustering of IoT botnet samples based on static, behavioural and network features derived by the framework. In addition to the analysis results, the dataset includes the botnet samples (ELF files), the captured behaviour (systemcalls) and the recorded network traffic (.pcap).

不安全联网设备的激增催生了物联网僵尸网络，这类网络可迅速发展至庞大规模，并可能发动高影响力的网络攻击。为促进基于主机与网络的物联网僵尸网络检测方案、以及Linux恶意软件分析工具与方法的改进和发展，我们提供了IoT-BDA僵尸网络分析数据集。该数据集包含IoT-BDA框架对蜜罐捕获的4077个独特物联网僵尸网络样本进行分析的结果。该框架在沙箱中执行样本，并通过静态、行为及网络分析，识别物联网僵尸网络所使用的入侵与攻击指标（indicators of compromise and attack）、反静态分析、反动态分析、反取证及持久化技术。每个分析样本均通过Virustotal进行扫描，并利用AVClass恶意软件分类器确定其最可能归属的恶意软件家族。该数据集还可支持基于框架提取的静态、行为及网络特征对物联网僵尸网络样本进行聚类分析。除分析结果外，该数据集还包含僵尸网络样本（ELF文件）、捕获的行为数据（系统调用，systemcalls）以及记录的网络流量（.pcap格式）。