Farm-Flow | AG-IoT Security: Intrusion Detection in Smart Agriculture Dataset

Introduction: The "Farm-Flow" dataset was created to emulate real-world Agricultural Internet of Things (AG-IoT) systems, encompassing network attacks and data collection. Following comprehensive cleaning and processing, the "Farm-Flow" dataset comprises 532 MB of data with 1,310,000 instances, structured around "flows," which represent consecutive series of packets transmitted from a single source to a specific destination. The dataset demonstrates an intrusion detection accuracy of 92.67% and is intended to enhance the security of AG-IoT systems, safeguarding information such as crop health, weather patterns, and soil conditions Captures: The captures comprises three months of network traffic: August, September, and October of 2022. Each month is divided into folders, which categorize the network traffic. These folders contain numerous .pcap files, which have been divided into 5-second intervals. This segmentation is necessary because, as previously mentioned, flows aggregate packets, resulting in only one row of flow data for ongoing connections. To address this, a script was developed to segment the .pcap files into 5-second increments. This approach allows for the generation of multiple rows of flow connections, thereby providing more quantity of data for model training. Dataset: The dataset comprises 532 MB of data, encompassing 1,310,000 instances. These instances have been classified into eight distinct attack types and one category for normal traffic. The identified attacks include Arp Spoofing, BotNet DDoS, HTTP Flood, ICMP Flood, MQTT Flood, Port Scanning, TCP Flood, and UDP Flood. Among the data set, there are 27,458 instances of normal traffic and 1,282,429 instances of aggregated attack traffic. Zip Folder: The zip folder is structured into two main directories: Captures and Dataset. The Captures directory is organized by the month of capture and further categorized by network traffic type. The Datasets directory includes the Farm-Flow Dataset, alongside four additional datasets that have undergone pre-processing: the training and testing datasets for binary classification, and the training and testing datasets for multiclass classification. Additionally, there are further datasets categorized by month and type of network traffic.

引言：本“Farm-Flow”数据集旨在模拟真实世界的农业物联网（Agricultural Internet of Things, AG-IoT）系统，涵盖网络攻击与数据采集场景。经全面清洗与预处理后，该数据集总数据量达532 MB，包含131万个实例，以“流（flows）”为基本结构单元——流指从单一源地址传输至特定目标地址的连续数据包序列。本数据集的入侵检测准确率可达92.67%，其设计初衷为提升农业物联网系统的安全性，保障作物健康、天气状况与土壤墒情等核心信息的安全。 采集数据：该数据集包含2022年8月、9月及10月三个月的网络流量数据。每个月份对应独立文件夹，用于按月份分类网络流量。文件夹内包含大量.pcap文件，这些文件已被划分为5秒时长的片段。进行此类分段的原因在于：如前文所述，流会聚合数据包，导致持续连接仅生成一条流数据行。为此，我们开发了专用脚本将.pcap文件切割为5秒增量片段，该方法可生成多条流连接数据行，从而为模型训练提供更充足的数据量。 数据集本体：本数据集总数据量为532 MB，包含131万个实例。这些实例被划分为8种典型攻击类型与1类正常流量。已识别的攻击类型包括：ARP欺骗（Arp Spoofing）、僵尸网络分布式拒绝服务（BotNet DDoS）、HTTP泛洪（HTTP Flood）、ICMP泛洪（ICMP Flood）、MQTT泛洪（MQTT Flood）、端口扫描（Port Scanning）、TCP泛洪（TCP Flood）以及UDP泛洪（UDP Flood）。数据集中包含27458条正常流量实例，以及1282429条聚合后的攻击流量实例。 压缩包结构：该压缩包包含两个主要目录：采集数据（Captures）与数据集（Dataset）。其中采集数据目录按采集月份组织，并进一步按网络流量类型细分。数据集目录除包含Farm-Flow原生数据集外，还附带4份经过预处理的数据集：分别为二元分类任务的训练集与测试集，以及多分类任务的训练集与测试集。此外，还包含按月份与网络流量类型进一步分类的额外数据集。