Mirai_Based_DDOS_Dataset

This dataset was prepared by converting raw network data from PCAP format to CSV. It is extracted, labeled to classify Mirai-based DDOS attack and the normal from a recorded IoT Network Intrusion dataset using different machine learning models. According to Kang [19] referenced in our article, the PCAP dataset may be classified into two categories: normal and Mirai botnet-related attacks (SYN Flooding, ACK Flooding, HTTP Flooding, UDP Flooding, Brute Forcing ARP Spoofing, and scanning attacks). To prepare this dataset in a suitable form for applying machine learning we used only the SYN Flooding, ACK Flooding, and HTTP Flooding categories as Mirai-based DDOS attack and Normal packets from the above-given dataset. The developed extractor tool analyses the contents of PCAP files and generates a number of features as a result. It created a total of 16 features, including the category/level, and their full descriptions are listed below: No. Feature Name Description of the feature 1 IP src Source IP address 2 IP dst Destination IP address 3 Iflags IP flags 4 Tflags TCP flags 5 Sport Source port number 6 Dport Destination port number 7 Frag IP fragment 8 Ttl IP ttl 9 Ichksum IP checksum 10 Len IP length 11 Ack TCP acknowledgment 12 Dataofs TCP Dataofs 13 Seq TCP Sequence 14 Window TCP window size 15 Tchksum TCP checksum 16 Label Category of the data (Normal/DDOS) After converting the PCAP file into CSV format using our extractor tool the total number of records are 287,230 among it 150742 records are DDOS attacks and 136488 records are normal. We confirm the validity of new generated dataset's by applying different five supervised machine learning models.