MCFP-14-M2

The MCFP-14-M2 dataset is derived from the Malware Capture Facility Project (MCFP), a public repository of real-world malicious network traffic captured in controlled environments. It comprises labeled PCAP files from 14 representative malware families, covering diverse communication behaviors and attack patterns. Network traffic was collected in isolated sandbox settings, where infected hosts interacted with external command-and-control servers. Ground-truth labels are provided at the session level. Raw PCAP files were processed to extract key IP header features, and network flows were reconstructed using five-tuple definitions. Each session is encoded into a fixed-size 50 × 50 RGB image based on selected header fields, and further aggregated into 100 × 100 composite representations. This transformation preserves structural characteristics of traffic while enabling efficient feature learning using image-based models. The dataset reflects realistic variability in traffic patterns and includes measures to ensure data consistency and class balance, making it suitable for benchmarking malware traffic classification methods.