A Realistic Cyber Defense Dataset (CSE-CIC-IDS2018)

This dataset is the result of a collaborative project between the Communications Security Establishment (CSE) and The Canadian Institute for Cybersecurity (CIC) that use the notion of profiles to generate cybersecurity dataset in a systematic manner. It incluides a detailed description of intrusions along with abstract distribution models for applications, protocols, or lower level network entities. The dataset includes seven different attack scenarios, namely Brute-force, Heartbleed, Botnet, DoS, DDoS, Web attacks, and infiltration of the network from inside. The attacking infrastructure includes 50 machines and the victim organization has 5 departments includes 420 PCs and 30 servers. This dataset includes the network traffic and log files of each machine from the victim side, along with 80 network traffic features extracted from captured traffic using CICFlowMeter-V3. For more information on the creation of this dataset, see this paper by researchers at the Canadian Institute for Cybersecurity (CIC) and the University of New Brunswick (UNB): <a href="http://www.scitepress.org/Papers/2018/66398/66398.pdf">Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization</a>.

本数据集系加拿大通信安全局（CSE）与加拿大网络安全研究所（CIC）共同协作项目之成果，旨在系统性构建基于轮廓概念的网络安全数据集。该数据集详尽描述了入侵行为，并包含针对应用程序、协议或底层网络实体的抽象分布模型。数据集涵盖了七种不同的攻击场景，包括暴力破解、Heartbleed、僵尸网络、DoS、DDoS、Web攻击以及内部网络渗透。攻击基础设施包括50台机器，受害组织拥有5个部门，共计420台个人电脑和30台服务器。数据集收录了受害方每个机器的网络流量和日志文件，以及利用CICFlowMeter-V3从捕获的流量中提取的80个网络流量特征。关于本数据集的创建详情，请参阅加拿大网络安全研究所（CIC）和新不伦瑞克大学（UNB）研究人员所著的论文：《Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization》（<a href="http://www.scitepress.org/Papers/2018/66398/66398.pdf">点击此处访问</a>）。