NCC-G

Published: 28 July 2025| Version 2 | DOI: 10.17632/zp7578jk4d.2
Contributors:
Muhammad Aidiel Rachman Putra,
,
,

Description

We analyzed three widely used botnet datasets (CTU-13, NCC, and NCC-2) in comma-separated value (CSV) format by clustering them based on the hosts involved and the time intervals of their activities. The results of this clustering were then transformed into a graph, where hosts are represented as nodes and their communication links are defined as edges. We further examined each feature within the dataset, aggregating and analyzing the data statistically to determine the weight of the edges. The findings from the graph visualization and edge weighting were also compiled into a table format in CSV style. The "G" in NCC-G can be understood as either "Graph" or "Group Activity," reflecting the nature of the dataset, which is the result of extracting network traffic with botnet attack activities that have been grouped into activity groups and transformed into a graph.

Files

Steps to reproduce

Detailed processing steps are available in our published paper (see Related Link).

Institutions

Institut Teknologi Sepuluh Nopember

Categories

Network Security, Intrusion Detection, Big Data

Related Links

Article
https://doi.org/10.1109/ACCESS.2025.3541125
compiles this dataset
Article
https://doi.org/10.1016/j.cose.2014.05.011
is source of this dataset
Article
https://doi.org/10.1016/j.dib.2021.107334
is source of this dataset
Article
https://doi.org/10.1016/j.dib.2022.108628
is source of this dataset

Licence