UCM_ESP8266_DDoS
Description
The UCM_ESP8266_DDoS2024 dataset is a detailed collection of data aimed at improving the understanding of Distributed Denial of Service (DDoS) attacks against IoT devices, specifically the ESP8266 module. This dataset documents various types of DDoS attacks including TCP SYN flood, ICMP flood, Slowloris, Slow post and UDP flood to provide insight into their impact on the functionality and availability of IoT devices. Data collection was performed on the local network using a DDoS app tool to simulate the attacks. Network traffic was captured using Wireshark software, and the dataset is available in PCAP and CSV formats for detailed analysis. The captured data includes key attributes such as timestamps, source and destination IP addresses, protocols, packet lengths, and port numbers. The primary goal of this dataset is to enable the simulation and analysis of DDoS attacks on IoT devices, providing a resource for researchers focused on cybersecurity and IoT device protection. By examining network traffic logs and captured packets, researchers can identify attack patterns, understand the dynamics of different types of DDoS attacks, and develop effective mitigation mechanisms. The attacks in the dataset follow each other in the following segments: Segment 1: TCP SYN flood (Start: 9.255660 s, End: 46.659701 s) Success: server did not respond to SYN packets, completely prevented from accessing the web page. Segment 2: ICMP flood (Start: 88.087682 s, End: 134.077894 s) Success rate: first connection attempt failed, second attempt was successful but with significant delay. Segment 3: Slowloris (Start: 230.937268 s, End: 264.143622 s) Success rate: server did not respond to any connection attempts, completely prevented access. Segment 4: Slow post (Start: 160.489993 s, End: 205.522431 s) Success rate: some connections were successful but with significant delay, others failed due to server overload. Segment 5: UDP flood (Start: 298.311444 s, End: 328.497240 s) Success rate: the connection was successful but with a significant delay. The UCM_ESP8266_DDoS2024 dataset serves as a valuable tool for analyzing and developing defenses against DDoS attacks on IoT devices. It provides a practical resource for researchers and cybersecurity practitioners to effectively simulate, analyze, and mitigate DDoS attacks.
Files
Steps to reproduce
To reproduce the dataset, follow these steps: 1. Set up the environment: - Equipment needed: ESP8266 Wi-Fi module, three virtual machines (as attack sources), a physical computer (as a regular user), a Wi-Fi router, and monitoring and data collection software. - Connect all devices to a 300 Mbps Wi-Fi router. Assign IP addresses as follows: normal user (192.168.1.2), attackers (192.168.1.10, 192.168.1.11, 192.168.1.12), and the service running on the ESP8266 module (192.168.1.13). 2. Configure the ESP8266 module: - Use the Arduino IDE to connect and configure the ESP8266 module. - Upload a simple text-only web page to the ESP8266 module. 3. Prepare attack tools: - Install the Python programming language in the virtual machines. - Download and set up the DDoS App tool (https://cloud.fpvucm.sk/index.php/s/BEtitNCbT9iRZLy), which is programmed in Python and uses the PyQt6 library to simulate DDoS attacks. 4. Data Collection - Install Wireshark software on the physical machine to capture network traffic. - Launch Wireshark on the physical computer and start capturing network traffic between the ESP8266 module, the physical computer, and the virtual machines. 5. Simulate the attacks - Use the DDoS App tool to perform the attacks sequentially for each attack type: - TCP SYN flood - ICMP flood - Slowloris - Slow mail - UDP flood 6. Capture and process data: - Use Wireshark to save the captured network data in PCAP format. - After data collection, convert the PCAP files to CSV format for easier analysis.
Institutions
Categories
Funding
Kultúrna a Edukacná Grantová Agentúra MŠVVaŠ SR
KEGA 011UCM-4/2024