Dataset Of Geographically Placed Honeypots

Context

Hornet 15 is a dataset of seven days of network traffic attacks captured in cloud servers used as honeypots to help understand how geography may impact the inflow of network attacks. The honeypots are located in eight different cities: Amsterdam, London, Frankfurt, San Francisco, New York, Singapore, Toronto, Bangalore. The data was captured in April and May 2021.

The eight cloud servers were created and configured simultaneously following identical instructions. The network capture was performed using the Argus network monitoring tool in each cloud server. The cloud servers had only one service running (SSH on a non-standard port) and were fully dedicated as a honeypot. No honeypot software was used in this dataset.

Content

The dataset consists of eight scenarios, one for each geographically located cloud server. Each scenario contains bidirectional NetFlow files in the following format:

hornet15-biargus.tar.gz: all scenarios with bidirectional NetFlow files in Argus binary format;
hornet15-netflow-v5.tar.gz: all scenarios with bidirectional NetFlow v5 files in CSV format;
hornet15-netflow-extended.tar.gz: all scenarios with bidirectional NetFlows files in CSV format containing all features provided by Argus.
hornet15-full.tar.gz: download all the data (biargus, NetFlow v5, and extended NetFlows)

Acknowledgements

"Valeros, Veronica (2021), “Hornet 15: Network Dataset of Geographically Placed Honeypots”, Mendeley Data, V1, doi: 10.17632/rry7bhc2f2.1"