The BoT-IoT Dataset

The BoT-IoT dataset was created by designing a realistic network environment in the Cyber Range Lab of The center of UNSW Canberra Cyber, as shown in Figure 1. The environment incorporates a combination of normal and botnet traffic. The dataset’s source files are provided in different formats, including the original pcap files, the generated argus files and csv files. The files were separated, based on attack category and subcategory, to better assist in labeling process.

The captured pcap files are 69.3 GB in size, with more than 72.000.000 records. The extracted flow traffic, in csv format is 16.7 GB in size. The dataset includes DDoS, DoS, OS and Service Scan, Keylogging and Data exfiltration attacks, with the DDoS and DoS attacks further organized, based on the protocol used.

To ease the handling of the dataset, we extracted 5% of the original dataset via the use of select MySQL queries. The extracted 5%, is comprised of 4 files of approximately 1.07 GB total size, and about 3 million records.

The BoT-IoT dataset can be downloaded from HERE.


Figure 1: Testbed configuration of the Bot-IoT dataset



Free use of the Bot-IoT dataset for academic research purposes is hereby granted in perpetuity. Use for commercial purposes should be agreed by the authors. The authors have asserted their rights under the Copyright. To whom intent the use of the Bot-IoT dataset, please cite the following paper that has the dataset’s details.

We encourage using the recent UNSW-NB15 dataset for the comparisons with this dataset (the Bot-IoT). There are many new approaches in Intrusion Detection, Network Forensics and Privacy-Preservation in different systems such as networking, IoT, Industry 4.0 and cloud, that could be used and citied from the UNSW-NB15 dataset webpage.

Last Updated: 14 November 2018