A Graph Dataset for Security Enforcement in IoT Networks
The Graph-Based Dataset for IoT Network Attack Detection is a curated collection of data specifically designed for research and development in the field of cybersecurity, focusing on the detection of attacks in Internet of Things (IoT) networks. This graph-based dataset provides researchers, developers, and practitioners with a comprehensive resource to evaluate and benchmark various detection algorithms and systems in real-world IoT network environments.
Dataset Description
The dataset consists of network traffic data captured from emulated IoT network environments, where various attack scenarios have been emulated. The network traffic data is represented in the form of graphs, capturing the interactions and relationships between different devices, services, and communication patterns within the IoT network. Each graph in the dataset represents a snapshot of network activity over a specific time period, enabling analysis of attack patterns and behaviors. The following figure presents the general netwok architecture.
You find in this dataset the graph that contains all the attacks and also one graph per attack. The graph containing all attacks is the merge of attack graphs include normal traffic.
To construct our dataset, we initially establish a test environment mirroring real-world networks and subsequently simulate diverse forms of attacks. Our testbed architecture comprises two primary components: the user network and the adversary network. Within the user network, we incorporate standard elements typical of IoT networks, including end-user devices executing various tasks to replicate the traffic patterns commonly encountered in such networks. Additionally, virtual machines emulate smart devices (IoT Devices), generating typical traffic associated with these devices. Furthermore, we integrate an onsite server furnishing services to network users, serving as the focal point for the attacks we execute on the network.
Conversely, the adversary network features a botnet comprising multiple zombie machines overseen by a singular bot-master machine functioning as a Command and Control (C&C) server. Through this central machine, we can orchestrate an array of botnet attacks directed at the user network. The following figure illustrates the architectural of our testbed.
For implementing this environment, we used the GNS3 tool. It is an open-source software for network emulation. It empowers users to design, configure, and test intricate network topologies within a virtual environment.
1. Normal traffic generation
For normal traffic generation, we used multiple virtual machine that were supposed to mimic the behavior of real network users. It consisted of 3 Ubuntu VMs that served as users and another Ubuntu VM that played the role of a local server providing services such as web site hosting and file sharing using FTP. We also used an Ubuntu VM to run IoT-Flock, an IoT devices simulation tool. We used it to simulate the following devices: Light intensity sensor, Temperature sensor, Smoke sensor, Door lock, Fan speed controller.
2. Attack scenarios
As for the attack scenarios, we used a botnet composed of multiple VMs controlled by a Kali virtual machine. This botnet was able to launch a variety of network attacks on the local server described above. These attacks included the following: HTTP GET flood, HTTP POST flood, ICMP flood, TCP SYN flood, UDP flood, Port scanning and Brute force.
3. Data capture
To capture the network trafic in our environment, we used a flow capture tool called CICFlowmeter.
Graph modeling
Key Features
- Graph Representation: Network traffic data represented as graphs, facilitating intuitive visualization and analysis.
- Attack Scenarios: Diverse attack scenarios, including DDoS attacks, HTTP Get/Post flood, TCP SYN flood, UDP flood, ICMP flood, brute force and port scanning.
- Realistic Environment: emulated IoT network environments reflecting real-world conditions and configurations.
- Anomaly Labels: Ground truth labels for anomalous network activity, enabling supervised learning approaches for attack detection.
Dataset Access
The GRASEC-IoT Dataset is available for download and exploration via this gitlab.
If you use this dataset in your research or projects, please cite the following publication: GRASEC-IoT: A Graph Dataset for Security Enforcement in IoT Networks
Authors and acknowledgment
Those who have contributed to the project: Djameleddine Hamouche, Mohamed Reda Kadri, Mohamed-Lamine Messai, Hamida Seba. This work is supported by the French National Research Agency (ANR) under grant ANR-20-CE39-0008.
Creative Commons Attribution. CC BY 4.0 Deed Attribution 4.0 International.

Project status