MAD (MAlicious Traffic Dataset) in home and commercial environments - Environment with scalability

We have used the Internet environment: 01 Switch, 01 IP camera, 01 server for monitoring, 01 server for honeypot and no firewall. This environment is directly connected to the Internet. We installed a server, functioning as a Monitoring Environment. The network traffic was obtained via Port Mirroring on the switch to the Monitoring Environment server. We added 08 virtual machines and performed the following test with a denial of service DoS attack: 01 virtual machine from 04:00 pm to 23:55 pm on 2019-12-04 with an interval every 01 hour; 02 virtual machines from 23:55 am on 2019-12-04 to 08:50 am on 2019-12-05 with an interval every 01 hour; 04 virtual machines as of 08:55 am on 2019-12-05 to 05:25 pm on 2019-12-06 with an interval every 5 minutes; 08 virtual machines from 05:30 pm on 2019-12-06 to 23:59 on 2019-12-06 with an interval every 5 minutes; End of tests with shutdown of virtual machines at 23:59 on 2019-12-06. The results were obtained from Suricata and Telegraf collections from the TICK stack. All evidence was performed by queries via EveBox, which received data from Suricata, Grafana or graphics with information extracted from the InfluxDB (Grafana) and PostgreSQL (EveBox) databases. events.csv.gz - Suricata / Evebox collections net.csv.gz - Telegraf collections from the TICK stack netstat.csv.gz - Telegraf collections from the TICK stack For correlation purposes, use the events.csv.gz file as a basis. The key to correlation is the 'timestamp' column events.csv.gz with the 'time' column in the net.csv.gz and netstat.csv.gz files. The interval between collections, non-consecutive, was from 2019-12-04 to 2019-12-06