IDS2025 (Balanced Intrusion Detection Evaluation Dataset)

This dataset, titled IDS2025: Balanced Intrusion Detection Evaluation Dataset, is an enhanced and refined version of the original CICIDS2017 dataset, designed specifically for research and development in Intrusion Detection Systems (IDS). It addresses key limitations identified in a detailed analysis of the CICIDS2017 dataset, including severe class imbalance (e.g., Benign traffic dominating at 83.34%), high data volume leading to processing challenges, scattered attack instances across files, and inconsistencies in labeling. Key Improvements and Features: Class Balancing: Minority classes have been relabeled and merged where appropriate (e.g., combining similar attack variants like DoS subtypes) to reduce imbalance, improving model training efficacy and reducing bias toward dominant classes like Benign. The resulting distribution aims for a more equitable representation, with prevalence ratios adjusted from extremes like 0.0009% for rare attacks to more balanced levels. Data Volume Optimization: Redundant or low-value instances were resampled or removed, resulting in a more manageable size while preserving essential network traffic patterns. The dataset retains approximately [insert approximate total instances, e.g., 2,830,540 based on original, adjusted post-processing] records across merged classes. Attack Coverage: Includes a comprehensive set of real-world attack scenarios captured from simulated network environments, such as DoS/DDoS (e.g., Hulk, GoldenEye, Slowloris), Brute Force (FTP/SSH), Web Attacks (XSS, SQL Injection), Infiltration, Botnet, PortScan, and Heartbleed. Attacks are now more uniformly distributed across files for easier access and analysis. Features: Comprises 80 network flow features (e.g., flow duration, packet lengths, flags, protocols like HTTP, HTTPS, SSH), extracted using tools like CICFlowMeter, ensuring compatibility with machine learning frameworks for IDS model development. File Structure: Organized into daily CSV files (e.g., Monday-WorkingHours.csv to Friday-WorkingHours.csv) with labeled benign and attack traffic, facilitating chronological analysis of network behavior over a 5-day period. This dataset is ideal for cybersecurity researchers, machine learning practitioners, and IDS developers seeking a benchmark resource for evaluating anomaly detection, classification algorithms, and defensive strategies against modern cyber threats. It supports tasks like binary/multiclass classification, with improved suitability for imbalanced learning techniques. Cite: Panigrahi, R., & Borah, S. (2018). A detailed analysis of CICIDS2017 dataset for designing Intrusion Detection Systems. International Journal of Engineering & Technology, 7(3.24), 479-482. Iman Sharafaldin, Arash Habibi Lashkari, and Ali A. Ghorbani, “Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization”, 4th International Conference on Information Systems Security and Privacy (ICISSP), Portugal, January 2018.