Primarily HTTP, HTTPS, FTP, SSH, and standard TCP/UDP background noise.
In its raw form, the data is unlabeled. You must correlate the timestamps in the bd_116 capture with the official attack schedule provided by the CIC to label flows as "Benign." Security Note
It typically contains a subset of "Benign" (normal) network traffic data, which serves as the baseline for identifying anomalies.
While the data inside bd_116.zip is generally benign, these datasets often contain traces of malware communication or exploit attempts (if you are looking at the attack-day subsets). It is best practice to handle these files in a if you are performing deep packet inspection or executing any embedded payloads for forensic research.
Use the CICFlowMeter tool to convert the raw packets into a CSV format containing 80+ network traffic features.
High-volume benign traffic captured from a specific VLAN or set of machines within the testbed environment.
Primarily HTTP, HTTPS, FTP, SSH, and standard TCP/UDP background noise.
In its raw form, the data is unlabeled. You must correlate the timestamps in the bd_116 capture with the official attack schedule provided by the CIC to label flows as "Benign." Security Note
It typically contains a subset of "Benign" (normal) network traffic data, which serves as the baseline for identifying anomalies.
While the data inside bd_116.zip is generally benign, these datasets often contain traces of malware communication or exploit attempts (if you are looking at the attack-day subsets). It is best practice to handle these files in a if you are performing deep packet inspection or executing any embedded payloads for forensic research.
Use the CICFlowMeter tool to convert the raw packets into a CSV format containing 80+ network traffic features.
High-volume benign traffic captured from a specific VLAN or set of machines within the testbed environment.