Preliminary Fuzzing Dataset for IoT Application-Layer Security Evaluation Using ModSecurity

This dataset captures structured logs and payloads generated from controlled fuzzing experiments conducted on an Industrial IoT (IIoT) environment. The experimental setup involved two versions of the ModSecurity Web Application Firewall (v2.9.5 and v3.0.12), each paired with OWASP Core Rule Set versions 3.5.5 and 4.2.0, deployed on an Apache server. The dataset encompasses over 300000 records from nine distinct attack types, including Command Injection, HTML Injection, Server Side Includes (SSI), Buffer Overflow, SQL Injection, XSS, Server-Side Template Injection (SSTI), Local and Remote File Inclusion, and Path Traversal. Each entry is labeled and includes associated metadata such as response codes, Size Req. Header, Size Req. Body, Size Resp. Header, and security outcomes. This dataset serves as a foundational resource for benchmarking WAF performance, training intrusion detection models, and developing robust IoT-focused security solutions.