CoAt-Set (Coordinated Attack Dataset) on Heterogeneous Computer Network

The CoAt-Set dataset is a transformed, specialized dataset designed to support collaborative anomaly detection within Collaborative Intrusion Detection Systems (CIDS). This dataset extract coordinated attack behaviors from established sources like CIC-ToN-IoT, CIC-IDS2017, CIC-UNSW-NB15, CSE-CIC-IDS2018, CIC-BoT-IoT, Distrinet-CIC-IDS2017, and NF-UQ-NIDS, refining these raw datasets into a format specifically designed for collaborative anomaly detection. CoAt-Set highlights coordinated attack situations, such as widespread, stealthy scanning, worm outbreaks, and distributed denial-of-service (DDoS) attacks, all of which mirror high-impact, realistic threats that are frequently found in today’s complex networks. In creating CoAt-Set, the data was restructured and relabeled to represent collaborative security environments for CIDS better. This involved organizing attack behaviors in ways that offer clear annotations and insightful traffic features, which is invaluable for training and testing systems aimed at identifying anomalies across multiple networks. The focus on collaborative contexts means that CoAt-Set is well-suited for researchers and developers who need a dataset that goes beyond isolated attack patterns, instead offering a perspective on the kinds of threats that might span across different segments of a network. CoAt-Set integrates well with common neural network algorithms, allowing researchers to easily plug it into various neural network models and algorithms. The dataset also has broader uses, as it supports development of collaborative machine learning algorithms and can be used to simulate and test attacks across networks with varying configurations. A usage example of CoAt-Set in practice is in multi-agent CIDS setups where each agent analyzes non-IID data for distributed learning. For instance, the NF-UQ-NIDS dataset, created from multiple data sources, allows extraction of coordinated attack patterns, saved as "CoAt_NF-UQ-NIDS-V2.parquet." This version is useful for creating non-IID scenarios within a single dataset, then distributing it across agents for collaborative learning. Each agent can independently learn from its unique data, making this a powerful tool for distributed security research. To further increase heterogeneity, each CIDS agent can be assigned a different CoAt-Set version, such as "CoAt_CIC-BoT-IoT-V2.parquet," "CoAt_CIC-IDS2017-V2.parquet," "CoAt_CIC-ToN-IoT-V2.parquet," "CoAt_CIC-UNSW-NB15_Feeded-V2.parquet," and "CoAt_CSE-CIC-IDS2018_Feeded.parquet." Each dataset represents a unique network environment, with each agent positioned in a distinct network segment to detect coordinated attacks. This diversity enables CIDS agents to capture a range of attack patterns, supporting the development of robust, flexible intrusion detection strategies across heterogeneous networks.

CoAt-Set数据集乃一项经过精心改造与专业化的数据集，旨在为协作入侵检测系统（CIDS）提供支持，以实现协作异常检测。该数据集从诸如CIC-ToN-IoT、CIC-IDS2017、CIC-UNSW-NB15、CSE-CIC-IDS2018、CIC-BoT-IoT、Distrinet-CIC-IDS2017以及NF-UQ-NIDS等既定来源中提取协同攻击行为，将这些原始数据集精炼为专门为协作异常检测设计的格式。CoAt-Set着重突出协同攻击场景，例如广泛分布的隐蔽扫描、蠕虫爆发以及分布式拒绝服务（DDoS）攻击，这些均映射出在当今复杂网络中频繁出现的具有重大影响、逼真的威胁。在构建CoAt-Set的过程中，数据结构被重新组织和重新标记，以更好地代表CIDS的协作安全环境。这包括以清晰注释和深入的流量特征组织攻击行为，这对于旨在识别跨多个网络异常的系统进行训练和测试至关重要。协作背景的聚焦意味着CoAt-Set非常适合需要超越孤立攻击模式的数据集的研究人员和开发者，它提供了一个可能跨越网络不同段落的威胁视角。CoAt-Set与常见的神经网络算法兼容性良好，使研究人员能够轻松将其集成到各种神经网络模型和算法中。此外，该数据集具有更广泛的应用，它支持协作机器学习算法的开发，并可用于模拟和测试具有不同配置的网络攻击。在实际应用中，CoAt-Set的例子之一是应用于多智能体CIDS配置中，其中每个智能体分析非独立同分布（non-IID）数据以实现分布式学习。例如，由多个数据源创建的NF-UQ-NIDS数据集，允许提取协同攻击模式，保存为“CoAt_NF-UQ-NIDS-V2.parquet”。此版本对于在单一数据集中创建非独立同分布场景，然后分配给智能体进行协作学习非常有用。每个智能体都可以独立地从其独特的数据中进行学习，这使得它成为分布式安全研究的有力工具。为了进一步增强异构性，每个CIDS智能体可以分配不同的CoAt-Set版本，例如“CoAt_CIC-BoT-IoT-V2.parquet”、“CoAt_CIC-IDS2017-V2.parquet”、“CoAt_CIC-ToN-IoT-V2.parquet”、“CoAt_CIC-UNSW-NB15_Feeded-V2.parquet”以及“CoAt_CSE-CIC-IDS2018_Feeded.parquet”。每个数据集代表一个独特的网络环境，每个智能体位于不同的网络段以检测协同攻击。这种多样性使得CIDS智能体能够捕捉到一系列攻击模式，支持在异构网络中开发稳健、灵活的入侵检测策略。