SUNBURST Attack Dataset

SUNBURST Attack Dataset for Network Attack DetectionOverview:The SUNBURST dataset is a unique and valuable resource for researchers studying network intrusion detection and prevention. This dataset provides real-world network traffic data related to SUNBURST, a sophisticated supply chain attack that exploited the SolarWinds Orion software. It focuses on the behavioral characteristics of the SUNBURST malware, enabling the development and evaluation of security mechanisms.Data Collection Methodology:The dataset was created in a controlled lab environment simulating realistic network traffic.Normal traffic: Captured through typical network activities, including file sharing, web browsing, and video conferencing.Infected traffic: Generated by deploying a trojanized SolarWinds Orion DLL file, enabling detailed monitoring of the SUNBURST backdoor communications and attack patterns.Dataset Features:Attributes: The dataset includes 81 features, such as timestamps, source/destination ports, flow durations, and packet-level statistics, essential for identifying anomalies associated with SUNBURST.Labels: Data is labeled as either normal or abnormal (SUNBURST) for clear distinction.Format:The dataset is available in CSV format, derived from packet capture (PCAP) files processed using the CICFlowMeter tool. Each row represents a network flow, annotated with its label. The dataset includes both raw network traffic and labeled metadata, suitable for training and validating machine learning models.Applications:The SUNBURST dataset is well-suited for:Developing and testing Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS).Building machine learning models for detecting and mitigating advanced persistent threats (APT) and supply chain attacks.Conducting research on network-based cyber threats.