5G-NIDD: A Comprehensive Network Intrusion Detection Dataset Generated over 5G Wireless Network

With a plethora of new connections, features, and services introduced, the 5th generation (5G) wireless technology reflects the development of mobile communication networks and is here to stay for the next decade. The multitude of services and technologies that 5G incorporates have made modern communication networks very complex and sophisticated in nature. This complexity along with the incorporation of Machine Learning (ML) and Artificial Intelligence (AI) provides the opportunity for the attackers to launch intelligent attacks against the network and network devices. These attacks often traverse undetected due to the lack of intelligent security mechanisms to counter these threats. Therefore, the implementation of real-time, proactive, and self-adaptive security mechanisms throughout the network would be an integral part of 5G as well as future communication systems. Therefore, large amounts of data collected from real networks will play an important role in the training of AI/ML models to identify and detect malicious content in network traffic. This work presents 5G-NIDD, a fully labeled dataset built on a functional 5G test network that can be used by those who develop and test AI/ML solutions.5G-NIDD contains data extracted from a 5G testbed. The testbed is attached to 5G Test Network in University of Oulu, Finland. The data are extracted from tow base stations, each having an attacker node, several benign 5G users. The attacker nodes attack the server deployed in 5GTN MEC environment. The attack scenarios include DoS attacks and port scans. Under DoS attacks, the dataset contains CMP Flood, UDP Flood, SYN Flood, HTTP Flood, and Slowrate DoS. Under port scans, the dataset contains SYN Scan, CP Connect Scan, and UDP Scan.The dataset files are available in different formats. These files belong to a series of post-processing steps from network capture (pcapng) to encoded data (csv) ready to feed ML algorithms.

伴随大量新型连接、特性与服务的落地，第五代（5G）无线通信技术顺应移动通信网络的发展演进方向，将在未来十年内长期存续并占据主导地位。5G集成了海量服务与技术栈，使得现代通信网络在本质上愈发复杂精密。这类网络复杂性，加之5G集成了机器学习（Machine Learning, ML）与人工智能（Artificial Intelligence, AI）技术，为攻击者发起针对网络及网络设备的智能攻击提供了可乘之机。由于缺乏能够有效应对此类威胁的智能安全防护机制，这类攻击往往能够绕过检测，悄然实施。因此，在全网部署实时、主动且自适应的安全防护机制，将成为5G乃至未来通信系统不可或缺的核心组成部分。故此，从真实网络中采集的海量数据，将在训练用于识别与检测网络流量中恶意内容的AI/ML模型过程中发挥关键支撑作用。本研究推出5G-NIDD数据集：这是一套基于可运行5G测试网络构建的全标注数据集，可供开发与测试AI/ML解决方案的科研与工程人员使用。5G-NIDD的数据源自一套5G测试平台，该平台接入位于芬兰奥卢大学的5G测试网络（5G Test Network）。数据采集自两台基站，每台基站均配备一个攻击节点与若干正常5G用户终端。攻击节点会对部署于5GTN多接入边缘计算（Multi-Access Edge Computing, MEC）环境中的服务器发起攻击。本次采集的攻击场景涵盖拒绝服务（Denial of Service, DoS）攻击与端口扫描两类。其中拒绝服务攻击包含CMP Flood、UDP Flood、SYN Flood、HTTP Flood以及Slowrate DoS攻击；端口扫描则包含SYN Scan、CP Connect Scan以及UDP Scan攻击。本数据集提供多种格式的文件，涵盖从网络捕获文件（pcapng）到可直接用于机器学习算法训练的编码数据（csv）的全系列后处理步骤产物。