Abstract
Cybersecurity research relies on relevant datasets providing researchers a snapshot of network traffic generated by current users and modern applications and services. The lack of datasets coming from a realistic network environment leads to inefficiency of newly designed methods that are not useful in practice. This data article provides network traffic flows and event logs (Linux and Windows) from a two-day cyber defense exercise involving attackers, defenders, and fictitious users operating in a virtual exercise network. The data are stored as structured JSON, including data schemes and data dictionaries, ready for direct processing. Network topology of the exercise network in NetJSON format is also provided.
Highlights
Cybersecurity research relies on relevant datasets providing researchers a snapshot of network traffic generated by current users and modern applications and services
Network traffic flows and a high variety of event logs were captured in an exercise network deployed in the KYPO Cyber Range Platform
The network traffic was captured on a single network interface in the exercise network and exported into IPFIX flows
Summary
The dataset includes traffic flows and event logs from Linux and Windows machines captured and collected during a run of a Red Team/Blue Team cyber defense exercise held on March 19– 20, 2019. The exercise network topology is described in a machine-readable NetJSON [3] format and it is a part of a set of auxiliary files archive – auxiliary-material.tgz – which includes the following. Topology.{json,pdf,png} – the topology of the complete Cyber Czech exercise network in the NetJSON, PDF and PNG format. At the same time, simulated users interact with the network and fulfil their routine tasks They may contact the Blue Teams and ask for help if needed. Blue Teams are scored based on the availability of required network services and applications, response to attacks, and communication with simulated users. More details about the exercise and the used cyber range are provided in [1] and [2], respectively
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have