Cryptojacking Network Traffic 2021

Description

The Cryptojacking Network Traffic 2021 (CNT21) dataset contains a collection of features extracted by network flows that have been generated to detect cryptojacking-related activities at the network level. The dataset includes network flows produced by cryptocurrencies (Bitcoin, Bytecoin, Monero), both in their original form and shaped by VPN software. In addition, CNT21 also contains network flows generated by other mainstream software not related to crypto mining (Skype, Youtube, and other productivity software) that can be used as negative samples. The dataset includes 54 files representing 27 different network flows, divided by direction (either ingoing or outgoing). Eighteen of them were produced by crypto mining activities, while the other nine are not related to cryptocurrencies. For every network flow, the dataset contains two features, i.e., interarrival time and packet size, that can be used to model network traffic, even if encrypted. Out of 54 total flows, 36 are shaped by VPNs (NordVPn or ExpressVPN). The described raw features are presented as textual (.txt) files. In addition, the dataset contains an aggregated data structure (CNT21.mat) containing the same features in an organized form---we also provide the MatLab script (parser.m) we adopted to generate the aggregate data from the raw features. The CNT21 dataset can be used for several purposes, such as detecting cryptojacking via network traffic, discriminating between regular network traffic and traffic shaped by VPNs, and possibly others.

Categories

Funding

Licence