IoT-BDA Botnet Analysis Dataset

The proliferation of insecure Internet-connected devices gave rise to the IoT botnets which can grow very large rapidly and may perform high-impact cyber-attacks. To facilitate the improvement and the development of host and network-based IoT botnet detection solutions, and Linux malware analysis tools and methods, we provide the IoT-BDA Botnet Analysis Dataset. The dataset comprises the results of the analysis conducted by IoT-BDA Framework on 4077 unique IoT botnet samples captured by honeypots. The framework executed the samples in a sandbox and performed static, behavioural and network analysis to identify indicators of compromise and attack, anti-static-analysis, anti-dynamic-analysis, anti-forensics and persistence techniques used by IoT botnets. Each of the analysed samples was scanned using Virustotal and was attributed the most probable malware family it belongs to using the AVClass malware classifier. The dataset may also enable clustering of IoT botnet samples based on static, behavioural and network features derived by the framework. In addition to the analysis results, the dataset includes the botnet samples (ELF files), the captured behaviour (systemcalls) and the recorded network traffic (.pcap).