CloudAPT: a benchmark dataset to evaluate APT countermeasures in cloud environments

In the evolving cybersecurity landscape, Advanced Persistent Threats (APTs) targeting cloud environments pose significant risks to organizations and governments that rely on cloud services. Recent research contributions address critical issues and advance the state-of-the-art, leveraging datasets generated from non-cloud environments. As a result, existing datasets are often inadequate for developing and evaluating robust APT detection mechanisms in cloud contexts. We present a novel benchmark dataset designed to reproduce APT activities in a cloud environment, leveraging a Kubernetes cluster that mirrors the infrastructure used by small to mid-sized organizations. The dataset is generated over eight days covering the entire cloud APT attack lifecycle, including reconnaissance, initial compromise, privilege escalation, lateral movement, and data exfiltration. This dataset provides valuable resources for researching and developing advanced APT countermeasures, featuring interactions from multiple real users while a human attacker conducts malicious activities. The CloudAPT dataset aims to empower researchers to improve cloud security through advanced analytical solutions (e.g., using machine learning).