Skip to main content Skip to local navigation
Home » Cybersecurity Datasets

Cybersecurity Datasets

6. Malicious DNS and Attacks (BCCC-CIC-Bell-DNS-2024)

Using ALFlowLyzer, we successfully generated an augmented dataset, “BCCC-CIC-Bell-DNS-2024,” from two existing datasets: “CIC-Bell-DNS-2021” and “CIC-Bell-DNS-EXF-2021.” ALFlowLyzer enabled the extraction of essential flows from raw network traffic data, resulting in CSV files that integrate DNS metadata and application layer features. This new dataset combines light and heavy data exfiltration traffic into six unique sub-categories, providing a comprehensive structure for analyzing DNS data exfiltration attacks. The “BCCC-CIC-Bell-DNS-2024” dataset enhances the richness and diversity needed to evaluate our proposed profiling model effectively.

The full research paper outlining the details of the dataset and its underlying principles:

“Unveiling Malicious DNS Behavior Profiling and Generating Benchmark Dataset through Application Layer Traffic Analysis”, Shafi, MohammadMoein, Arash Habibi Lashkari, Hardhik Mohanty; Computers and Electrical Engineering, 2024

Download Dataset:

5. Cloud DDoS Attacks (BCCC-cPacket-Cloud-DDoS-2024)

The distributed denial of service attack poses a significant threat to network security. The effectiveness of new detection methods depends heavily on well-constructed datasets. After conducting an in-depth analysis of 16 publicly available datasets and identifying their shortcomings across various dimensions, the ‘BCCC-cPacket-Cloud-DDoS-2024’ is meticulously created, addressing challenges identified in previous datasets through a cloud infrastructure. The dataset contains over eight benign user activities and 17 DDoS attack scenarios. The dataset is fully labeled (with a total of 26 labels) with over 300 features extracted from the network and transport layers of the traffic flows using NTLFlowLyzer. The dataset’s extensive size and comprehensive features make it a valuable resource for researchers and practitioners to develop and validate more robust and accurate DDoS detection and mitigation strategies. Furthermore, researchers can leverage the ‘BCCC-cPacket-Cloud-DDoS-2024’ dataset to train learning-based models aimed at predicting benign user behavior, detecting attacks, identifying patterns, classifying network data, etc.

The full research paper outlining the details of the dataset and its underlying principles:

“Toward Generating a New Cloud-Based Distributed Denial of Service (DDoS) Dataset and Cloud Intrusion Traffic Characterization”, Shafi, MohammadMoein, Arash Habibi Lashkari, Vicente Rodriguez, and Ron Nevo.; Information 15, no. 4: 195. https://doi.org/10.3390/info15040195

Download Dataset:

4. DNS over HTTPS ( BCCC-CIRA-CIC-DoHBrw-2020 )

The ‘BCCC-CIRA-CIC-DoHBrw-2020’ as an augmented dataset was created to address the imbalance in the ‘CIRA-CIC-DoBre-2020’ dataset. Unlike the ‘CIRA-CIC-DoHBrw-2020’ dataset, which is skewed with about 90% malicious and only 10% benign Domain over HTTPS (DoH) network traffic, the ‘BCCC-CIRA-CIC-DoHBrw-2020’ dataset offers a more balanced composition. It includes equal numbers of malicious and benign DoH network traffic instances, with 249,836 instances in each category. This balance was achieved using the Synthetic Minority Over-sampling Technique (SMOTE). The ‘BCCC-CIRA-CIC-DoHBrw-2020’ dataset comprises three CSV files: one for malicious DoH traffic, one for benign DoH traffic, and a third that combines both types. 

The full research paper outlining the details of the dataset and its underlying principles:

“Unveiling DoH Tunnel: Toward Generating a Balanced DoH EncryptedTraffic Dataset and Profiling malicious Behaviour using InherentlyInterpretable Machine Learning“, Sepideh Niktabe, Arash Habibi Lashkari, Arousha Haghighian Roudsari, Peer-to-Peer Networking and Applications, Vol. 17, 2023

Download Dataset:

3. Vulnerable Smart Contracts (BCCC-VulSCs-2023)

The BCCC-VulSCs-2023 dataset is a substantial collection for Solidity Smart Contracts (SCs) analysis, comprising 36,670 samples, each enriched with 70 feature columns. These features include the raw source code of the smart contract, a hashed version of the source code for secure referencing, and a binary label that indicates a contract as secure (0) or vulnerable (1). The dataset’s extensive size and comprehensive features make it a valuable resource for machine-learning models to predict contract behavior, identify patterns, or classify contracts based on security and functionality criteria.

The full research paper outlining the details of the dataset and its underlying principles:

“Unveiling Vulnerable Smart Contracts: Toward Profiling Vulnerable Smart Contracts using Genetic Algorithm and Generating Benchmark Dataset”, Sepideh Hajihosseinkhani, Arash Habibi Lashkari, Ali Mizani, Blockchain: Research and Applications, Vol. 4, 2023

Download Dataset:

2. SQL Injection Attack (BCCC-SFU-SQLInj-2023)

This dataset consists of a collection of 11,012 evasive or sophisticated malicious SQL queries. These queries are generated using a genetic algorithm applied to the Kaggle malicious SQL dataset. The goal of the genetic algorithm is to enhance the evasiveness and sophistication of the original malicious queries.

The full research paper outlining the details of the dataset and its underlying principles:

“An Evolutionary Algorithm for Adversarial SQL Injection Attack Generation”, Maryam Issakhani, Mufeng Huang, Mohammad A. Tayebi, Arash Habibi Lashkari, IEEE Intelligence and Security Informatics (ISI2023), NC, USA

1. Source Code Authorship Attribution (YU-SCAA-2022)

Source Code Authorship Attribution (SCAA) is the technique to find the real author of source code in a corpus. Though it is a privacy threat to open-source programmers, it has shown to be significantly helpful in developing forensic-based applications such as ghostwriting detection, copyright dispute settlements, catching authors of malicious applications using source code, and other code analysis applications. This dataset was created by extracting ’code’ data from the GCJ, and GitHub datasets, including examples of attacks and adversarial examples, were created using Source Code imitator. The dataset in a total of 1,632 code files from 204 authors.

The full research paper outlining the details of the dataset and its underlying principles:

”AuthAttLyzer: A Robust defensive distillation-based Authorship Attribution framework”, Abhishek Chopra , Nikhill Vombatkere , Arash Habibi Lashkari, The 12th International Conference on Communication and Network Security (ICCNS), 2022, China

6. Malicious DNS and Attacks (BCCC-CIC-Bell-DNS-2024)

Using ALFlowLyzer, we successfully generated an augmented dataset, “BCCC-CIC-Bell-DNS-2024,” from two existing datasets: “CIC-Bell-DNS-2021” and “CIC-Bell-DNS-EXF-2021.” ALFlowLyzer enabled the extraction of essential flows from raw network traffic data, resulting in CSV files that integrate DNS metadata and application layer features. This new dataset combines light and heavy data exfiltration traffic into six unique sub-categories, providing a comprehensive structure for analyzing DNS data exfiltration attacks. The “BCCC-CIC-Bell-DNS-2024” dataset enhances the richness and diversity needed to evaluate our proposed profiling model effectively.

The full research paper outlining the details of the dataset and its underlying principles:

“Unveiling Malicious DNS Behavior Profiling and Generating Benchmark Dataset through Application Layer Traffic Analysis”, Shafi, MohammadMoein, Arash Habibi Lashkari, Hardhik Mohanty; Computers and Electrical Engineering, 2024

Download Dataset:

5. Cloud DDoS Attacks (BCCC-cPacket-Cloud-DDoS-2024)

The distributed denial of service attack poses a significant threat to network security. The effectiveness of new detection methods depends heavily on well-constructed datasets. After conducting an in-depth analysis of 16 publicly available datasets and identifying their shortcomings across various dimensions, the ‘BCCC-cPacket-Cloud-DDoS-2024’ is meticulously created, addressing challenges identified in previous datasets through a cloud infrastructure. The dataset contains over eight benign user activities and 17 DDoS attack scenarios. The dataset is fully labeled (with a total of 26 labels) with over 300 features extracted from the network and transport layers of the traffic flows using NTLFlowLyzer. The dataset’s extensive size and comprehensive features make it a valuable resource for researchers and practitioners to develop and validate more robust and accurate DDoS detection and mitigation strategies. Furthermore, researchers can leverage the ‘BCCC-cPacket-Cloud-DDoS-2024’ dataset to train learning-based models aimed at predicting benign user behavior, detecting attacks, identifying patterns, classifying network data, etc.

The full research paper outlining the details of the dataset and its underlying principles:

“Toward Generating a New Cloud-Based Distributed Denial of Service (DDoS) Dataset and Cloud Intrusion Traffic Characterization”, Shafi, MohammadMoein, Arash Habibi Lashkari, Vicente Rodriguez, and Ron Nevo.; Information 15, no. 4: 195. https://doi.org/10.3390/info15040195

Download Dataset:

4. DNS over HTTPS ( BCCC-CIRA-CIC-DoHBrw-2020 )

The ‘BCCC-CIRA-CIC-DoHBrw-2020’ as an augmented dataset was created to address the imbalance in the ‘CIRA-CIC-DoBre-2020’ dataset. Unlike the ‘CIRA-CIC-DoHBrw-2020’ dataset, which is skewed with about 90% malicious and only 10% benign Domain over HTTPS (DoH) network traffic, the ‘BCCC-CIRA-CIC-DoHBrw-2020’ dataset offers a more balanced composition. It includes equal numbers of malicious and benign DoH network traffic instances, with 249,836 instances in each category. This balance was achieved using the Synthetic Minority Over-sampling Technique (SMOTE). The ‘BCCC-CIRA-CIC-DoHBrw-2020’ dataset comprises three CSV files: one for malicious DoH traffic, one for benign DoH traffic, and a third that combines both types. 

The full research paper outlining the details of the dataset and its underlying principles:

“Unveiling DoH Tunnel: Toward Generating a Balanced DoH EncryptedTraffic Dataset and Profiling malicious Behaviour using InherentlyInterpretable Machine Learning“, Sepideh Niktabe, Arash Habibi Lashkari, Arousha Haghighian Roudsari, Peer-to-Peer Networking and Applications, Vol. 17, 2023

Download Dataset:

3. Vulnerable Smart Contracts (BCCC-VulSCs-2023)

The BCCC-VulSCs-2023 dataset is a substantial collection for Solidity Smart Contracts (SCs) analysis, comprising 36,670 samples, each enriched with 70 feature columns. These features include the raw source code of the smart contract, a hashed version of the source code for secure referencing, and a binary label that indicates a contract as secure (0) or vulnerable (1). The dataset’s extensive size and comprehensive features make it a valuable resource for machine-learning models to predict contract behavior, identify patterns, or classify contracts based on security and functionality criteria.

The full research paper outlining the details of the dataset and its underlying principles:

“Unveiling Vulnerable Smart Contracts: Toward Profiling Vulnerable Smart Contracts using Genetic Algorithm and Generating Benchmark Dataset”, Sepideh Hajihosseinkhani, Arash Habibi Lashkari, Ali Mizani, Blockchain: Research and Applications, Vol. 4, 2023

Download Dataset:

2. SQL Injection Attack (BCCC-SFU-SQLInj-2023)

This dataset consists of a collection of 11,012 evasive or sophisticated malicious SQL queries. These queries are generated using a genetic algorithm applied to the Kaggle malicious SQL dataset. The goal of the genetic algorithm is to enhance the evasiveness and sophistication of the original malicious queries.

The full research paper outlining the details of the dataset and its underlying principles:

“An Evolutionary Algorithm for Adversarial SQL Injection Attack Generation”, Maryam Issakhani, Mufeng Huang, Mohammad A. Tayebi, Arash Habibi Lashkari, IEEE Intelligence and Security Informatics (ISI2023), NC, USA

1. Source Code Authorship Attribution (YU-SCAA-2022)

Source Code Authorship Attribution (SCAA) is the technique to find the real author of source code in a corpus. Though it is a privacy threat to open-source programmers, it has shown to be significantly helpful in developing forensic-based applications such as ghostwriting detection, copyright dispute settlements, catching authors of malicious applications using source code, and other code analysis applications. This dataset was created by extracting ’code’ data from the GCJ, and GitHub datasets, including examples of attacks and adversarial examples, were created using Source Code imitator. The dataset in a total of 1,632 code files from 204 authors.

The full research paper outlining the details of the dataset and its underlying principles:

”AuthAttLyzer: A Robust defensive distillation-based Authorship Attribution framework”, Abhishek Chopra , Nikhill Vombatkere , Arash Habibi Lashkari, The 12th International Conference on Communication and Network Security (ICCNS), 2022, China

Download Dataset: