CIC-IDS2017

CICIDS2017数据集包含良性和最新的常见攻击，与真实的现实世界数据（PCAPs）相类似。它还包括使用CICFlowMeter进行网络流量分析的结果，并根据时间戳、源和目的IP、源和目的端口、协议和攻击来标记流量（CSV文件）。此外，还提供了提取的特征定义。 生成真实的背景流量是我们建立这个数据集的首要任务。我们使用了我们提出的B-Profile系统（Sharafaldin, et al. 2016）来描述人类互动的抽象行为并生成自然的良性背景流量。对于这个数据集，我们建立了基于HTTP、HTTPS、FTP、SSH和电子邮件协议的25个用户的抽象行为。

The CICIDS2017 dataset contains benign traffic and up-to-date common attack traffic, which resembles real-world production network data stored as PCAP files. It also includes the results of network traffic analysis conducted using CICFlowMeter, with traffic stored in CSV files labeled based on timestamp, source and destination IP addresses, source and destination port numbers, protocol type, and attack category. In addition, the definitions of the extracted traffic features are also provided. Generating realistic background traffic was the primary task when constructing this dataset. We utilized the proposed B-Profile system (Sharafaldin et al., 2016) to describe the abstract behaviors of human interactions and generate natural benign background traffic. For this dataset, we developed abstract behaviors for 25 users based on HTTP, HTTPS, FTP, SSH, and email protocols.