Broken Access Control Detection Dataset (BAC-ML-1M)

The dataset was built manually through Python script simulations which tracked access control activities on three security compromised web applications named DVWA (Damn Vulnerable Web Application), WebGoat and OWASP Juice Shop. Building an extensive dataset served as the main goal because researchers needed it for training and evaluating machine learning systems that detect Broken Access Control (BAC) attacks in real-time. The script conducted valid access requests and counterfeit attempts to circumvent access controls through automated procedures. The script collected user requests while tagging them by anticipated permission results, vulnerability classification (IDOR, Forced Browsing), and simulated monitoring detection outputs. The established labelling system enables researchers to conduct supervised as well as unsupervised learning experiments in cybersecurity fields. The final version contains 1 million records, which include the following fields: 1. User roles and session metadata 2. Requested resources and access methods 3. Access outcomes (expected vs. granted) 4. Attack payloads and vulnerability types 5. Anomaly and risk scores 6. Binary attack detection labels This dataset supports: 1. The development and benchmarking of intrusion detection and prevention systems serve as the main functionalities of this dataset. 2. Evaluation of real-time access control enforcement techniques 3. Organizations can use Role-based access violation profiling combined with behavioural analytics for their systems. 4. Security education, red team simulation, and vulnerability research 5. The testing of anomaly detection systems, along with access pattern deviation systems, utilizes benchmarking as a method