Newer
Older
## A Graph Dataset for Security Enforcement in IoT Networks
### Overview
The Graph-Based Dataset for IoT Network Attack Detection is a curated collection of data specifically designed for research and development in the field of cybersecurity, focusing on the detection of attacks in Internet of Things (IoT) networks. This graph-based dataset provides researchers, developers, and practitioners with a comprehensive resource to evaluate and benchmark various detection algorithms and systems in real-world IoT network environments.
The dataset consists of network traffic data captured from emulated IoT network environments, where various attack scenarios have been emulated. The network traffic data is represented in the form of graphs, capturing the interactions and relationships between different devices, services, and communication patterns within the IoT network. Each graph in the dataset represents a snapshot of network activity over a specific time period, enabling analysis of attack patterns and behaviors. The following figure presents the general netwok architecture.
<img src="image-1.png" alt="alt text" width="500" />
You find in this dataset the graph that contains all the attacks and also one graph per attack. The graph containing all attacks is the merge of attack graphs include normal traffic.
To construct our dataset, we initially establish a test environment mirroring real-world networks and subsequently simulate diverse forms of attacks. Our testbed architecture comprises two primary components: the user network and the adversary network. Within the user network, we incorporate standard elements typical of IoT networks, including end-user devices executing various tasks to replicate the traffic patterns commonly encountered in such networks. Additionally, virtual machines emulate smart devices (IoT Devices), generating typical traffic associated with these devices. Furthermore, we integrate an onsite server furnishing services to network users, serving as the focal point for the attacks we execute on the network.
Conversely, the adversary network features a botnet comprising multiple zombie machines overseen by a singular bot-master machine functioning as a Command and Control (C&C) server. Through this central machine, we can orchestrate an array of botnet attacks directed at the user network. The following figure illustrates the architectural of our testbed.
<div align="center">
<img src="image-2.png" alt="alt text" width="500" />
</div>
For implementing this environment, we used the GNS3 tool. It is an open-source software for network emulation. It empowers users to design, configure, and test intricate network topologies within a virtual environment.
<img src="image.png" alt="alt text" width="500" />
Graph Representation: Network traffic data represented as graphs, facilitating intuitive visualization and analysis.
Attack Scenarios: Diverse attack scenarios, including DDoS attacks, HTTP Get/Post flood, TCP SYN flood, UDP flood, ICMP flood, brute force and port scanning.
Realistic Environment: emulated IoT network environments reflecting real-world conditions and configurations.
Anomaly Labels: Ground truth labels for anomalous network activity, enabling supervised learning approaches for attack detection.
The GRASEC-IoT Dataset is available for download and exploration via this gitlab.
If you use this dataset in your research or projects, please cite the following publication:
GRASEC-IoT: A Graph Dataset for Security Enforcement in IoT Networks
Those who have contributed to the project: Djameleddine Hamouche, Mohamed Reda Kadri, Mohamed-Lamine Messai, Hamida Seba.
This work is supported by the French National Research Agency (ANR) under grant ANR-20-CE39-0008.
Creative Commons Attribution. CC BY 4.0 Deed Attribution 4.0 International.
<img src="image-3.png" alt="alt text" width="250" />