Comprehensive Malware Datasets

This dataset containing a wide range of invasions simulated in a research organization was submitted to be audited. By imitating a typical Ecommerce function on the internet, it developed an environment for obtaining raw TCP/IP dump data for a network. The internet was concentrated as if it were a real setting, and various attacks were launched. A connection is a series of TCP packets that begin and stop at a specific time interval and allow data to flow from a source IP address to a target IP address using a well-defined protocol. In addition, each link is classified as either normal or an attack. Each connection record is around 100 bytes long.

For each TCP/IP connection, 19 quantitative and qualitative features are obtained from normal and attack data (2 qualitative and 17 quantitative features). The class variable has categories:
• Normal
• Buffer overflow
• IPsweep
• rootkit
• SQL attack
• worm