USB-IDS-TC

The USB-IDS-TC dataset was conceived to explore the dependence of ML/DL-based NIDS on the network used to collect the training traffic data. In this dataset, DoS attacks have been conducted in different network scenarios, in the belief that the network has a non-negligible effect on the detection capability of the NIDS as indicated by our initial analysis. Differently from existing datasets that collect the data in a single scenario, USB-IDS-TC allows studying the dependence of the attacks, traffic features and ML/DL models on the network.

USB-IDS-TC is released in the form of five csv files, where each file provides normal and DoS flow records of one network scenario in the following Table. Each csv file provides ready-to-use labeled network flows, obtained appending five previously-labeled flow collections (NOR - normal traffic, DoS attacks:  HLK (hulk), GSL (slowloris), HSL (slowhttptest in slowloris mode) and HSP slowhttptest in slow POST mode).