Docker Container Escape Attack Dataset: Capabilities and System Call Traces

This dataset was developed as part of a container security research framework targeting forensic detection of Docker container escape attacks. It captures low-level system activity by recording system call sequences and Linux capabilities from both benign and hostile containers. Each container entry includes the container name, added and dropped capabilities, a detailed trace of invoked system calls, return values, and a binary classification label indicating whether the container is safe or vulnerable. The dataset simulates diverse container attack vectors including mounted host file systems, process injection, malicious kernel modules, and misuse of Docker sockets. It was designed to support machine learning-based anomaly detection methods, particularly using sequence alignment algorithms like Needleman-Wunsch to compute feature penalties. Stored in structured CSV format, this dataset is suitable for training and evaluating lightweight intrusion detection models in containerized environments. It provides a foundational resource for researchers and practitioners in the fields of container forensics, system-level anomaly detection, and DevSecOps.