Attack Traces

Data collected for our paper at ACM SOSR 2019

We release packet-level traffic traces (PCAP files) of a mixed set of consumer IoT devices. Daily traces are categorized as follows: (a) "benign," representing the behavior of devices under normal conditions when performing their intended functions, and (b) "attack and benign," representing the behavior of devices under attack conditions.

Benign Data

Attack & Benign Data

Instructions

Flow data contains flow counters of MUD flow, each instance in the file are collected every one minute.
Annotations contains information about the start, end time of the attack and corresponsing MUD flows that are impacted through the Attack. More information about the device and the attacker can be found in here
Below is an example of the annotations from the Samsung smart camera.
eg: “1527838552,1527839153,Localfeatures|Arpfeatures,ArpSpoof100L2D”
The above line indicates that the start time of the attack to be 1527838552 and end time is 1527839153. "Localfeatures|Arpfeatures" explains that it should impact the local communication and ARP protocol. "ArpSpoof100L2D” means that the attack was arpspoof lauched with the maximum rate of 100 packets per seconds. In order to identify the attack rows in flow stats you can use below condition.
“if (flowtime >= startTime*1000 and endTime*1000>=flowtime) then attack = true” -- This corresponds to the line 4470 to 4479 in the samsung smart camera.

Tools

MUDrules

Cite our data

License

SPDX-License-Identifier: MIT-0

Copyright 2021 IoT Traffic Analytics Research Group, School of EE&T, UNSW Sydney.

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.