DDoS Dataset

### Context There are no latest datasets found exclusively for DDoS in the Public domain, though IDS data sets available. So, I have extracted DDoS flows from other public IDS datasets {CSE-CIC-IDS2018-AWS, CICIDS2017, CIC DoS dataset(2016)}. To inroduce more variance, DDOS data is extracted from different IDS datasets which were produced in different years and different experimental DDoS traffic generation tools. The extracted DDOS flows are combined with "Benign " flows which are extracted separately from the same base dataset and made into a single largest dataset. For the detailed process of extraction, please find section 3.1 of the paper "Machine Learning DDoS Detection Using Stochastic Gradient Boosting" available at https://www.ijcseonline.org/pdf_paper_view.php?paper_id=4011&28-IJCSE-06600.pdf ### Content 1. Balanced Dataset(final_dataset.csv): --> Has total datapoints of 12794627 (ddos + benign) and 84 features --> Each data point corresponds to one flow (either forward or reverse) --> important features are Flowid Timestamp Fwd Seg Size MIn Src IP Dst IP Flow IAT Min Src port Tot Fwd Pkts Init Bwd Win Bytes 2.Imbalancd Dataset (unbalaced_20_80_dataset.csv): --> Total datapoints: 7616509 --> 20% ddos & 80 % benign Description of all 84 features please find in , https://www.unb.ca/cic/datasets/ids-2018.html ### Acknowledgements The base Datasets are available at 1. CSE-CIC-IDS2018-AWS: https://www.unb.ca/cic/datasets/ids-2017.html 2. CICIDS2017: https://www.unb.ca/cic/datasets/ids-2018.html 3.CIC DoS dataset(2016) : https://www.unb.ca/cic/datasets/dos-dataset.html

在公共领域内，尚未发现针对分布式拒绝服务（DDoS）的最新数据集，尽管存在可用的入侵检测系统（IDS）数据集。鉴于此，我从其他公开的IDS数据集中提取了DDoS流量，包括{CSE-CIC-IDS2018-AWS}、{CICIDS2017}以及{CIC DoS dataset(2016)}。为了引入更多的多样性，我们从不同年份以及使用不同实验性的DDoS流量生成工具产生的多个IDS数据集中提取了DDoS数据。提取的DDoS流量与从同一基础数据集中单独提取的“良性”流量相结合，形成了一个规模最大的单一数据集。 详细提取过程请参阅论文《基于随机梯度提升机的机器学习DDoS检测》的第3.1节，该论文可在以下链接中找到：https://www.ijcseonline.org/pdf_paper_view.php?paper_id=4011&28-IJCSE-06600.pdf ### 数据内容 1. 平衡数据集（final_dataset.csv） --> 包含总共1,279,4627个数据点（DDoS和良性流量），共84个特征 --> 每个数据点对应一个流量（无论是正向还是反向） --> 重要特征包括： - 流ID - 时间戳 - 前向段大小最小值 - 源IP - 目的IP - 流IAT最小值 - 源端口 - 总前向包数 - 初始反向窗口字节 2. 不平衡数据集（unbalanced_20_80_dataset.csv） --> 总数据点：7,616,509 --> 20%的DDoS与80%的良性流量 --> 所有84个特征的描述请查阅：https://www.unb.ca/cic/datasets/ids-2018.html ### 致谢 基础数据集可在以下链接中获取： 1. {CSE-CIC-IDS2018-AWS}：https://www.unb.ca/cic/datasets/ids-2017.html 2. {CICIDS2017}：https://www.unb.ca/cic/datasets/ids-2018.html 3. {CIC DoS dataset(2016)}：https://www.unb.ca/cic/datasets/dos-dataset.html