Skip to content
Snippets Groups Projects
README.md 3.89 KiB

GRASEC-IoT

A Graph Dataset for Security Enforcement in IoT Networks

Overview

The Graph-Based Dataset for IoT Network Attack Detection is a curated collection of data specifically designed for research and development in the field of cybersecurity, focusing on the detection of attacks in Internet of Things (IoT) networks. This graph-based dataset provides researchers, developers, and practitioners with a comprehensive resource to evaluate and benchmark various detection algorithms and systems in real-world IoT network environments.

Dataset Description

The dataset consists of network traffic data captured from emulated IoT network environments, where various attack scenarios have been emulated. The network traffic data is represented in the form of graphs, capturing the interactions and relationships between different devices, services, and communication patterns within the IoT network. Each graph in the dataset represents a snapshot of network activity over a specific time period, enabling analysis of attack patterns and behaviors. The following figure presents the general netwok architecture.

Alt text alt text

You find in this dataset the graph that contains all the attacks and also one graph per attack. The graph containing all attacks is the merge of attack graphs include normal traffic.

To construct our dataset, we initially establish a test environment mirroring real-world networks and subsequently simulate diverse forms of attacks. Our testbed architecture comprises two primary components: the user network and the adversary network. Within the user network, we incorporate standard elements typical of IoT networks, including end-user devices executing various tasks to replicate the traffic patterns commonly encountered in such networks. Additionally, virtual machines emulate smart devices (IoT Devices), generating typical traffic associated with these devices. Furthermore, we integrate an onsite server furnishing services to network users, serving as the focal point for the attacks we execute on the network.

Conversely, the adversary network features a botnet comprising multiple zombie machines overseen by a singular bot-master machine functioning as a Command and Control (C&C) server. Through this central machine, we can orchestrate an array of botnet attacks directed at the user network. The following figure illustrates the architectural of our testbed.