Dataset of Advanced Persistent Threat (APT) alerts

Due to the lack of publicly available data of Advanced Persistent Threat (APT) traffic, we built a synthetic dataset which contains APT alerts. This dataset contains 3676 APT alerts that belong to 1000 APT campaigns. The APT alerts were generated to simulate APT scenarios targeting a university campus network. Each APT scenario takes into consideration the following steps of APT life cycle:1- Intelligence gathering2- Point of entry3- Command and control communication4- Lateral movement5- Asset discovery6- Data exfiltration<br>The dataset contains the following columns:[1] Alert type[2] Timestamp[3] Source IP address[4] Source port[5] Destination IP address[6] Destination port[7] Infected machine<br>The database can be opened in software such as SQLite.<br>For more details about generating the dataset, please refer to our work in: https://www.sciencedirect.com/science/article/pii/S0167739X18307532.

鉴于公开可用的高级可持续威胁（Advanced Persistent Threat，APT）流量数据较为匮乏，我们构建了包含APT告警的合成数据集。该数据集共包含3676条APT告警，隶属于1000个APT攻击活动。这些APT告警均为模拟针对大学校园网络的APT攻击场景所生成。每个APT攻击场景均覆盖APT生命周期的如下阶段： 1. 情报搜集 2. 初始接入 3. 命令与控制通信 4. 横向移动 5. 资产探测 6. 数据外溢 该数据集包含以下字段： [1] 告警类型 [2] 时间戳 [3] 源IP地址 [4] 源端口 [5] 目的IP地址 [6] 目的端口 [7] 受感染主机 该数据集可通过SQLite等数据库软件打开。如需了解该数据集构建的更多细节，请参阅我们的相关研究：https://www.sciencedirect.com/science/article/pii/S0167739X18307532。