TorusSDN-DDoS Defense Dataset

Published: 5 March 2024| Version 1 | DOI: 10.17632/h9sdd6wjb9.1
karrar alhamamy,


The "TorusSDN-DDoS Defense Dataset" is meticulously crafted to tackle the intricate task of identifying Distributed Denial of Service (DDoS) attacks in Software-Defined Networking (SDN) setups, with a particular focus on the Torus network topology. It encompasses a wide array of network traffic data, encompassing both normal operations and malicious DDoS traffic patterns, making it an indispensable tool for the creation, evaluation, and refinement of sophisticated DDoS detection methodologies. Structured to complement the capabilities of the Mininet emulator for SDN scenarios, the dataset provides extensive details on network dynamics, including packet rates, sizes, and types, along with flow counts and protocol specifications. Each record within the dataset is distinctly labeled to indicate its nature as either "normal" traffic or a "DDoS" attack, thereby enabling the application of supervised learning techniques and facilitating thorough analytical research. Additionally, the dataset is feature by its inclusion of 35 primary network are instrumental in the identification of DDoS attacks, thereby offering a comprehensive resource for cybersecurity professionals and researchers aiming to enhance SDN defenses against DDoS threats.


Steps to reproduce

HPING3 ping3 is a network tool able to send custom ICMP/UDP/TCP packets and to display target replies like ping does with ICMP replies. It is useful to script network tests. Here's how you can install it in a Mininet environment. Since Mininet typically runs on a Ubuntu-based system, you'd use the apt package manager. 1. First, you'll want to update the package lists for upgrades and new package installations: sudo apt-get update 2. Then, you can install hping3: sudo apt-get install hping3 This should install hping3 for you to use within your Mininet environment. Once installed, you can use hping3 within your network. For example, you can use hping3 to perform a simple ping of one host to another. Assuming you have two hosts, h1 and h2, with h2 having an IP address of, you could use the following command in Mininet: Attack code: h1x1 hping3 h3x1 -S -V -d 120 -w 64 -p 80 -c 500 • tcp attack h1x1 hping3 h3x1: This command is running hping3 from the host h1x1 to the host h3x1. In a Mininet environment, to run a command from a host, you specify the hostname before the command. • -S: This sets the SYN flag in the packet, meaning you're performing a TCP SYN scan (also known as a half-open scan). The sender sends a TCP SYN packet to initiate a TCP handshake, and waits for an ACK/SYN response from the receiver. • -V: This enables verbose mode, which provides additional details about the packets being sent and received. • -d 120: This sets the data size to 120 bytes. The packet will contain 120 bytes of actual data. • -w 64: This sets the TCP window size to 64. The window size is used for flow control in TCP and determines the amount of data that can be sent at one time without receiving an acknowledgment from the receiver. • -p 80: This specifies the destination port, in this case, port 80. Port 80 is typically used for HTTP traffic. • -c 500: This sends 500 packets. After 500 packets have been sent, hping3 will stop sending packets. and for UDP and ICMP..


University of Kufa


Data Mining, Machine Learning, Support Vector Machine, Database Security, Decision Tree, Software Defined Network, Networking, Deep Learning, Random Decision Forest, k-Nearest Neighbors Algorithm, Extreme Gradient Boosting