In the fourth quarter of 2024, around 512,000 DDoS attacks were registered worldwide. The figure has gradually increased from 274,000 incidents in the first quarter of 2023.

2018.

In the first half of 2024, DDoS attacks on web search portals and all other information services in Indonesia had the highest average duration, amounting to around 375 minutes per attack. DDoS attack, also known as a Distributed Denial-of-Service attack, is a type of cybercrime where the attacker overwhelms a server with internet traffic in an effort to prevent people from accessing linked websites and online services.

The Real-Time DDoS Traffic Dataset for ML is designed to support the development, testing, and validation of machine learning models focused on detecting Distributed Denial of Service (DDoS) attacks in real-time. As cybersecurity threats evolve, particularly in the realm of network traffic anomalies like DDoS, having access to labeled data that mirrors real-world attack scenarios is essential. This dataset aims to bridge this gap by providing comprehensive, structured network traffic data that includes both normal and DDoS attack instances, facilitating machine learning research and experimentation in DDoS detection and prevention.

The dataset is compiled from network traffic that either replicates real-time conditions or is simulated under carefully controlled network configurations to generate authentic DDoS attack traffic. This data encompasses variations in packet transmission and byte flow, which are key indicators in distinguishing between typical network behavior and DDoS attack patterns. The primary motivation behind this dataset is to aid machine learning practitioners and cybersecurity experts in training models that can effectively differentiate between benign and malicious traffic, even under high-stress network conditions.

Data Source and Collection: Include information on how the data was collected, whether it was simulated or recorded from real systems, and any specific tools or configurations used.

Dataset Structure: List and explain the features or columns in the dataset. For instance, you might describe columns such as:

• traffic_type: Indicates whether the traffic is normal or DDoS.
• packet_count: The number of packets in a session.
• packet_count_per_second: The rate of packets over time.
• byte_count: Total data in bytes for a session.
• byte_count_per_second: The data transfer rate over time.

This dataset is ideal for a range of applications in cybersecurity and machine learning:

1.Training DDoS Detection Models: The dataset is specifically structured for use in supervised learning models that aim to identify DDoS attacks in real time. Researchers and developers can train and test models using the labeled data provided.

2.Real-Time Anomaly Detection: Beyond DDoS detection, the dataset can serve as a foundation for models focused on broader anomaly detection tasks in network traffic monitoring.

3.Benchmarking and Comparative Studies: By providing data for both normal and attack traffic, this dataset is suitable for benchmarking various algorithms, allowing comparisons across different detection methods and approaches.

4.Cybersecurity Education: The dataset can also be used in educational contexts, allowing students and professionals to gain hands-on experience with real-world data, fostering deeper understanding of network anomalies and cybersecurity threats.

Limitations and Considerations While the dataset provides realistic DDoS patterns, it is essential to note a few limitations:

Data Origin: The dataset may contain simulated attack patterns, which could differ from real-world DDoS attack traffic in more complex network environments.

Sampling Bias: Certain features or types of attacks may be overrepresented due to the specific network setup used during data collection. Users should consider this when generalizing their models to other environments.

Ethical Considerations: This dataset is intended for educational and research purposes only and should be used responsibly to enhance network security.

Acknowledgments This dataset is an open-source contribution to the cybersecurity and machine learning communities, and it is designed to empower researchers, educators, and industry professionals in developing stronger defenses against DDoS attacks.

Distributed Denial of Service (DDoS) attack is a menace to network security that aims at exhausting the target networks with malicious traffic. Although many statistical methods have been designed for DDoS attack detection, designing a real-time detector with low computational overhead is still one of the main concerns. On the other hand, the evaluation of new detection algorithms and techniques heavily relies on the existence of well-designed datasets. In this paper, first, we review the existing datasets comprehensively and propose a new taxonomy for DDoS attacks. Secondly, we generate a new dataset, namely CICDDoS2019, which remedies all current shortcomings. Thirdly, using the generated dataset, we propose a new detection and family classification approach based on a set of network flow features. Finally, we provide the most important feature sets to detect different types of DDoS attacks with their corresponding weights.

The dataset offers an extended set of Distributed Denial of Service attacks, most of which employ some form of amplification through reflection. The dataset shares its feature set with the other CIC NIDS datasets, IDS2017, IDS2018 and DoS2017

original paper link: https://ieeexplore.ieee.org/abstract/document/8888419 kaggle dataset link: https://www.kaggle.com/datasets/dhoogla/cicddos2019

The finance industry was the major target of DDoS attacks in Russia in 2023. Furthermore, the share of attacks on e-commerce companies was almost 25 percent. DDoS, or distributed denial-of-service attacks involve sending a high number of requests to a target network or website, more than it is capable of handling, leading to the disruption in the resource's functioning.

Context

This is a dataset of DDoS Botnet attacks from IOT devices.

Content

Contains all features about packets from bots.

Inspiration:

For making DDoS attack preventable.

In the first half of 2024, DDoS attacks on wireless telecommunication carriers in Indonesia amounted to around 14,558. DDoS attack, also known as a Distributed Denial-of-Service attack, is a type of cybercrime where the attacker overwhelms a server with internet traffic in an effort to prevent people from accessing linked websites and online services.

In 2023, the estimated number of distributed denial-of-service (DDoS) cyberattacks in Italy was of approximately 13,000. This represents a decrease from the 2,000 attacks registered in 20212. In 2019 and 2020, the country registered the peak of DDoS attacks, with over 15,000 cyberattacks reported.

In 2023, organizations in the finance industry worldwide saw the highest share of DDoS attacks, ** percent. The finance industry ranked second, with over ** percent, while healthcare followed, with **** percent.

Scoreboard dataset contains statistical data for each second during the testing period. Scoreboard represents srcip:srcport-dstip:dstport pair with statistics count for the number of packets, protocol identification, flag (if it is TCP), and a number of SYN packets (if it is TCP). Each ip:port pair represents one communication channel.

a Denial-of-Service (DoS) or Distributed Denial-of-Service (DDoS) attack can severely damage the performance and functionality of network slices. Furthermore

To cite the dataset please reference it as Y. Kim, S. Hakak, and A. Ghorbani. "DDoS Attack Dataset (CICEV2023) against EV Authentication in Charging Infrastructure," in 2023 20th Annual International Conference on Privacy, Security and Trust (PST), IEEE Computer Society, pp. 1-9, August 2023.

Explore a comprehensive dataset capturing DDoS attack scenarios within electric vehicle (EV) charging infrastructure. This dataset features diverse machine learning attributes, including packet access counts, system status details, and authentication profiles across multiple charging stations and grid services. Simulated attack scenarios, authentication protocols, and extensive profiling results offer invaluable insights for training and testing detection models in safeguarding EV charging systems against cyber threats.

https://www.googleapis.com/download/storage/v1/b/kaggle-user-content/o/inbox%2F5737185%2F2dec3a047fec426e0b6d2f7672d25016%2Fadjusted-5221113.jpg?generation=1743055158796994&alt=media" alt=""> Figure 1: Proposed simulator structure, source: Y. Kim, S. Hakak, and A. Ghorbani.

Acknowledgment :

The authors sincerely appreciate the support provided by the Canadian Institute for Cybersecurity (CIC), as well as the funding received from the Canada Research Chair and the Atlantic Canada Opportunities Agency (ACOA).

Reference :

Y. Kim, S. Hakak, and A. Ghorbani. "DDoS Attack Dataset (CICEV2023) against EV Authentication in Charging Infrastructure," in 2023 20th Annual International Conference on Privacy, Security and Trust (PST), IEEE Computer Society, pp. 1-9, August 2023.

NCSRD-DS-5GDDos v2.0 Dataset
===
NCSRD-DS-5GDDos is a comprehensive dataset recorded in a real-world 5G testbed that aligns with the 3GPP specifications. The dataset captures Distributed Denial of Service (DDoS) attacks initiated by malicious connected users (UEs).

The setup comprises of 3 cells with a total of 9 UEs connected to the same core network. The 5G network is implemented by the Amarisoft Callbox Mini solution (cell 2), and we further employ a second cell using the Amarisoft Classic (cell 1 & 3), that also hosts the 5G core.

The setup utilizes a broad set of UE devices comprising a set of smart phones (Huawei P40), microcomputers (Raspberry Pi 4 - Waveshare 5G Hat M2), industrial 5G routers (Industrial Waveshare 5G Router), a WiFi-6 mobile hotspot (DWR-2101 5G Wi-Fi 6 Mobile Hotspot) and a CPE box (Waveshare 5G CPE Box). All UEs are being operated by subsidiary hosts which are responsible for the traffic generation, occurring from scheduled communications times.

All identifiers are artificially generated and do not represent or based on personal data. We identify each UE through its ‘imeisv’ ID, that corresponds to the device in use, due to vendor implementation, that uses the same IMSI for all UEs.

This dataset captures attack data from a total of 5 malicious User Equipment (UE) devices that initiated various flooding attacks on a 5G network. Each record includes key identifiers such as the IMEISV (International Mobile Equipment Identity Software Version number) and IP address of the attacking UE, along with the device type. The file "summary_report.csv" summarizes this information. The traffic types used in the attacks include syn flooding, UDP flooding, ICMP flooding, DNS flooding, and GTP-U flooding. The benign users stream YouTube and Skype traffic.

The dataset is recorded through the use of a data collector that interfaces with the 5G network and gathers data regarding UEs, gNBs and the Core Network. The data are recorded in an InfluxdB and pre-processed into three separate tabular .csv files for more efficient processing: “amari_ue_data.csv”, “enb_counters.csv” and “mme_counters.csv”. In this version, we use an Amarisoft Classic (cells 1 & 3, Core Network) and an Amarisoft Mini (cell 2) (more information on the products can be found in https://www.amarisoft.com/).

The ”amari_ue_data.csv” provides information on the UEs regarding identification (“imeisv”, “5g_tmsi”, “rnti”), IP addressing, bearer information, cell information (“tac”, “ran_plmn”), and cell information (“ul_bitrate”, “dl_bitrate”, “cell_id”, retransmissions per user per cell “ul_retx” as well as aggregated bit rates for each cell).

The ”enb_counters.csv” focuses on cell-level information, providing downlink and uplink bitrates, usage ratio per user, cpu load of the gNB.

We provide separate files of ”amari_ue_data.csv” and ”enb_counters.csv” generated from each gNB (Amarisoft Classic and Mini).

The “mme_counters.csv” provides information on the Non-Access Stratum (NAS) of the 5G Network and focuses on session status reports (e.g., number of PDU session establishments, paging, context setup. This part gives an overview of the connection management throughout the recording session, and provides information on features suggested by 3GPP for abnormal user behavior.

We also provide a separate pre-processed dataset, that merges the two "amari_ue_data_*.csv" file, including labeling of the malicious/benign samples, and may be more flexible for interested data scientists.

Please refer to README.txt for the features included in each file.

DDoS Attack Protection Service Market Outlook

The global DDoS Attack Protection Service market size was valued at approximately USD 3.2 billion in 2023 and is projected to reach nearly USD 7.5 billion by 2032, growing at a compound annual growth rate (CAGR) of 10.1% during the forecast period. The increasing frequency and sophistication of Distributed Denial of Service (DDoS) attacks, coupled with the expanding digital footprint of enterprises, are significant growth factors for the market.

One of the critical drivers for the DDoS Attack Protection Service market is the exponential growth in internet traffic and the increasing reliance on digital platforms for business operations. As more organizations move their critical operations to the cloud and adopt remote working models, the vulnerability to DDoS attacks has surged. Additionally, the rising incidences of high-profile cyber-attacks have heightened awareness and driven the demand for robust DDoS protection solutions. Companies across various industry verticals are increasingly investing in these services to safeguard their digital assets.

Advancements in technology are another significant market growth factor. The development of sophisticated DDoS protection solutions, such as artificial intelligence (AI) and machine learning (ML)-based systems, has enhanced the ability to detect and mitigate threats in real-time. These advanced systems can analyze vast amounts of data and identify unusual patterns that may indicate an impending attack. This technological progression is expected to accelerate the adoption of DDoS protection services, further propelling market growth.

Regulatory requirements and compliance standards are also contributing factors to market expansion. Governments and regulatory bodies across the globe are imposing stringent cybersecurity regulations that mandate the implementation of adequate protective measures against DDoS attacks. Compliance with these regulations is critical for organizations to avoid hefty fines and reputational damage, prompting them to adopt comprehensive DDoS protection services.

From a regional perspective, North America is anticipated to hold a significant market share owing to the high adoption rate of advanced technologies and the presence of major market players in the region. The Asia Pacific region is expected to witness substantial growth due to the rapid digital transformation and increasing cyber threats in countries such as China, India, and Japan. Europe also demonstrates a strong market potential, driven by stringent data protection regulations and an elevated focus on cybersecurity.

The integration of an Anti DDoS System Ads Platform is becoming increasingly vital for businesses aiming to protect their digital advertising infrastructure. As digital platforms continue to expand, they become more susceptible to DDoS attacks, which can disrupt advertising operations and lead to significant financial losses. By incorporating advanced anti-DDoS systems, companies can ensure the seamless delivery of ads, maintain user engagement, and protect revenue streams. These platforms are designed to detect and mitigate threats in real-time, offering advertisers peace of mind and allowing them to focus on optimizing their campaigns without the constant worry of potential disruptions.

Component Analysis

The DDoS Attack Protection Service market by component is segmented into hardware solutions, software solutions, and services. Hardware solutions include specialized appliances that are designed to detect and mitigate DDoS attacks at the network level. These solutions are often deployed in data centers and are critical for enterprises with high traffic volumes. Companies prefer hardware solutions for their robustness and ability to handle large-scale attacks efficiently. Moreover, advancements in hardware technology have led to the development of more sophisticated and powerful devices capable of providing enhanced protection.

Software solutions, on the other hand, provide a flexible and scalable approach to DDoS attack mitigation. These solutions are designed to be integrated into an organizationÂ’s existing IT infrastructure, offering real-time threat detection and automated response capabilities. Software-based DDoS protection solutions are increasingly popular among organizations due to their ease of deployment and cost-effectiveness. The rise of cloud computing has further fueled the demand for softw

In the second half of 2023, DDoS attacks on wired telecommunication carriers in Thailand amounted to around 13.25 thousand. DDoS attack, also known as a Distributed Denial-of-Service Attack, is a type of cybercrime where the attacker overwhelms a server with internet traffic in an effort to prevent people from accessing linked websites and online services.

DDoS Attack Solution Market Outlook

The DDoS (Distributed Denial of Service) attack solution market has seen substantial growth, with a market size valued at approximately USD 3.5 billion in 2023 and is projected to reach over USD 6.8 billion by 2032, driven by a compound annual growth rate (CAGR) of 7.8%. The growing frequency and sophistication of cyber-attacks are propelling this market, as businesses and organizations increasingly seek robust solutions to protect their digital infrastructure. The heightened reliance on digital platforms across various industries and the surge in online activities are major factors contributing to this growth. Additionally, the expansion of Internet of Things (IoT) devices, which often serve as gateways for DDoS attacks, is further necessitating advanced security measures, thereby fueling demand for DDoS protection solutions.

The increasing adoption of cloud-based services across industries is another significant growth factor for the DDoS attack solution market. As businesses migrate their operations to the cloud, the potential attack surface expands, making them more susceptible to DDoS attacks. Cloud service providers and businesses alike are investing substantially in cybersecurity measures to safeguard cloud-based systems and ensure uninterrupted service delivery. Furthermore, the rapid digital transformation driven by advancements in technology and the global shift towards remote work arrangements have made robust cybersecurity measures imperative. This shift has heightened the awareness and urgency among businesses to adopt DDoS protection solutions, further bolstering market growth.

Moreover, regulatory frameworks and compliance requirements across different regions are compelling organizations to prioritize their cybersecurity strategies, including DDoS protection. Industries such as BFSI, healthcare, and government are under stringent regulations to protect sensitive data and maintain service continuity. This regulatory landscape is compelling organizations to invest in comprehensive DDoS solutions to ensure compliance and safeguard their reputation. Additionally, the rising cost associated with data breaches and downtime due to DDoS attacks is driving organizations to adopt preventive measures, thereby creating a conducive environment for the growth of the DDoS attack solution market.

From a regional outlook, North America currently dominates the DDoS attack solution market, attributed to the presence of advanced digital infrastructure and a high concentration of tech-savvy businesses. However, the Asia Pacific region is expected to witness the highest growth rate during the forecast period. The rapid digitalization of economies, coupled with increasing internet penetration and smart device usage, is driving the demand for DDoS solutions in this region. Factors such as increased government initiatives towards digital infrastructure development and heightened cybersecurity threats also contribute to the market's expansion in Asia Pacific.

Solution Type Analysis

The DDoS attack solution market is segmented into hardware solutions, software solutions, and services. Hardware solutions form a crucial part of the DDoS protection framework, offering dedicated appliances that can be deployed on-site to mitigate attacks. These hardware solutions are especially favored by large enterprises with substantial IT infrastructure as they provide high-performance protection and can be customized to meet specific organizational needs. The reliability and efficiency of hardware solutions in detecting and mitigating volumetric and application-layer attacks contribute significantly to their continued demand in the market.

Software solutions have gained prominence due to their flexibility and scalability, making them an attractive choice for organizations of all sizes. These solutions can be integrated with existing IT systems and provide real-time threat intelligence, ensuring continuous monitoring and protection against DDoS attacks. The shift towards software solutions is also driven by the need for cost-effective security measures that can be easily updated to counter evolving threats. Software-based DDoS solutions are seeing increased adoption in sectors where rapid deployment and cost efficiency are critical, such as small and medium enterprises (SMEs).

In the face of escalating cyber threats, DDoS Protection and Mitigation have become essential components of a comprehensive cybersecurity stra

1.Introduction

In the digital era of the Industrial Internet of Things (IIoT), the conventional Critical Infrastructures (CIs) are transformed into smart environments with multiple benefits, such as pervasive control, self-monitoring and self-healing. However, this evolution is characterised by several cyberthreats due to the necessary presence of insecure technologies. DNP3 is an industrial communication protocol which is widely adopted in the CIs of the US. In particular, DNP3 allows the remote communication between Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA). It can support various topologies, such as Master-Slave, Multi-Drop, Hierarchical and Multiple-Server. Initially, the architectural model of DNP3 consists of three layers: (a) Application Layer, (b) Transport Layer and (c) Data Link Layer. However, DNP3 can be now incorporated into the Transmission Control Protocol/Internet Protocol (TCP/IP) stack as an application-layer protocol. However, similarly to other industrial protocols (e.g., Modbus and IEC 60870-5-104), DNP3 is characterised by severe security issues since it does not include any authentication or authorisation mechanisms. More information about the DNP3 security issue is provided in [1-3]. This dataset contains labelled Transmission Control Protocol (TCP) / Internet Protocol (IP) network flow statistics (Common-Separated Values - CSV format) and DNP3 flow statistics (CSV format) related to 9 DNP3 cyberattacks. These cyberattacks are focused on DNP3 unauthorised commands and Denial of Service (DoS). The network traffic data are provided through Packet Capture (PCAP) files. Consequently, this dataset can be used to implement Artificial Intelligence (AI)-powered Intrusion Detection and Prevention (IDPS) systems that rely on Machine Learning (ML) and Deep Learning (DL) techniques.

2.Instructions

This DNP3 Intrusion Detection Dataset was implemented following the methodological frameworks of A. Gharib et al. in [4] and S. Dadkhah et al in [5], including eleven features: (a) Complete Network Configuration, (b) Complete Traffic, (c) Labelled Dataset, (d) Complete Interaction, (e) Complete Capture, (f) Available Protocols, (g) Attack Diversity, (h) Heterogeneity, (i) Feature Set and (j) Metadata.

A network topology consisting of (a) eight industrial entities, (b) one Human Machine Interfaces (HMI) and (c) three cyberattackers was used to implement this DNP3 Intrusion Detection Dataset. In particular, the following cyberattacks were implemented.

On Thursday, May 14, 2020, the DNP3 Disable Unsolicited Messages Attack was executed for 4 hours.

On Friday, May 15, 2020, the DNP3 Cold Restart Message Attack was executed for 4 hours.

On Friday, May 15, 2020, the DNP3 Warm Restart Message Attack was executed for 4 hours.

On Saturday, May 16, 2020, the DNP3 Enumerate Attack was executed for 4 hours.

On Saturday, May 16, 2020, the DNP3 Info Attack was executed for 4 hours.

On Monday, May 18, 2020, the DNP3 Initialisation Attack was executed for 4 hours.

On Monday, May 18, 2020, the Man In The Middle (MITM)-DoS Attack was executed for 4 hours.

On Monday, May 18, 2020, the DNP3 Replay Attack was executed for 4 hours.

On Tuesday, May 19, 2020, the DNP3 Stop Application Attack was executed for 4 hours.

The aforementioned DNP3 cyberattacks were executed, utilising penetration testing tools, such as Nmap and Scapy. For each attack, a relevant folder is provided, including the network traffic and the network flow statistics for each entity. In particular, for each cyberattack, a folder is given, providing (a) the pcap files for each entity, (b) the Transmission Control Protocol (TCP)/ Internet Protocol (IP) network flow statistics for 120 seconds in a CSV format and (c) the DNP3 flow statistics for each entity (using different timeout values in terms of second (such as 45, 60, 75, 90, 120 and 240 seconds)). The TCP/IP network flow statistics were produced by using the CICFlowMeter, while the DNP3 flow statistics were generated based on a Custom DNP3 Python Parser, taking full advantage of Scapy.

1. Dataset Structure

The dataset consists of the following folders:

20200514_DNP3_Disable_Unsolicited_Messages_Attack: It includes the pcap and CSV files related to the DNP3 Disable Unsolicited Message attack.

20200515_DNP3_Cold_Restart_Attack: It includes the pcap and CSV files related to the DNP3 Cold Restart attack.

20200515_DNP3_Warm_Restart_Attack: It includes the pcap and CSV files related to DNP3 Warm Restart attack.

20200516_DNP3_Enumerate: It includes the pcap and CSV files related to the DNP3 Enumerate attack.

20200516_DNP3_Ιnfo: It includes the pcap and CSV files related to the DNP3 Info attack.

20200518_DNP3_Initialize_Data_Attack: It includes the pcap and CSV files related to the DNP3 Data Initialisation attack.

20200518_DNP3_MITM_DoS: It includes the pcap and CSV files related to the DNP3 MITM-DoS attack.

20200518_DNP3_Replay_Attack: It includes the pcap and CSV files related to the DNP3 replay attack.

20200519_DNP3_Stop_Application_Attack: It includes the pcap and CSV files related to the DNP3 Stop Application attack.

Training_Testing_Balanced_CSV_Files: It includes balanced CSV files from CICFlowMeter and the Custom DNP3 Python Parser that could be utilised for training ML and DL methods. Each folder includes different sub-folder for the corresponding flow timeout values used by the DNP3 Python Custom Parser. For CICFlowMeter, only the timeout value of 120 seconds was used.

Each folder includes respective subfolders related to the entities/devices (described in the following section) participating in each attack. In particular, for each entity/device, there is a folder including (a) the DNP3 network traffic (pcap file) related to this entity/device during each attack, (b) the TCP/IP network flow statistics (CSV file) generated by CICFlowMeter for the timeout value of 120 seconds and finally (c) the DNP3 flow statistics (CSV file) from the Custom DNP3 Python Parser. Finally, it is noteworthy that the network flows from both CICFlowMeter and Custom DNP3 Python Parser in each CSV file are labelled based on the DNP3 cyberattacks executed for the generation of this dataset. The description of these attacks is provided in the following section, while the various features from CICFlowMeter and Custom DNP3 Python Parser are presented in Section 5.

4.Testbed & DNP3 Attacks

The following figure shows the testbed utilised for the generation of this dataset. It is composed of eight industrial entities that play the role of the DNP3 outstations/slaves, such as Remote Terminal Units (RTUs) and Intelligent Electron Devices (IEDs). Moreover, there is another workstation which plays the role of the Master station like a Master Terminal Unit (MTU). For the communication between, the DNP3 outstations/slaves and the master station, opendnp3 was used.

Table 1: DNP3 Attacks Description

DNP3 Attack

Description

Dataset Folder

DNP3 Disable Unsolicited Message Attack

This attack targets a DNP3 outstation/slave, establishing a connection with it, while acting as a master station. The false master then transmits a packet with the DNP3 Function Code 21, which requests to disable all the unsolicited messages on the target.

20200514_DNP3_Disable_Unsolicited_Messages_Attack

DNP3 Cold Restart Attack

The malicious entity acts as a master station and sends a DNP3 packet that includes the “Cold Restart” function code. When the target receives this message, it initiates a complete restart and sends back a reply with the time window before the restart process.

20200515_DNP3_Cold_Restart_Attack

DNP3 Warm Restart Attack

This attack is quite similar to the “Cold Restart Message”, but aims to trigger a partial restart, re-initiating a DNP3 service on the target outstation.

20200515_DNP3_Warm_Restart_Attack

DNP3 Enumerate Attack

This reconnaissance attack aims to discover which DNP3 services and functional codes are used by the target system.

20200516_DNP3_Enumerate

DNP3 Info Attack

This attack constitutes another reconnaissance attempt, aggregating various DNP3 diagnostic information related the DNP3 usage.

20200516_DNP3_Ιnfo

Data Initialisation Attack

This cyberattack is related to Function Code 15 (Initialize Data). It is an unauthorised access attack, which demands from the slave to re-initialise possible configurations to their initial values, thus changing potential values defined by legitimate masters

20200518_Initialize_Data_Attack

MITM-DoS Attack

In this cyberattack, the cyberattacker is placed between a DNP3 master and a DNP3 slave device, dropping all the messages coming from the DNP3 master or the DNP3 slave.

20200518_MITM_DoS

DNP3 Replay Attack

This cyberattack replays DNP3 packets coming from a legitimate DNP3 master or DNP3 slave.

20200518_DNP3_Replay_Attack

DNP3 Step Application Attack

This attack is related to the Function Code 18 (Stop Application) and demands from the slave to stop its function so that the slave cannot receive messages from the master.

20200519_DNP3_Stop_Application_Attack

1. Features

The TCP/IP network flow statistics generated by CICFlowMeter are summarised below. The TCP/IP network flows and their statistics generated by CICFlowMeter are labelled based on the DNP3 attacks described above, thus allowing the training of ML/DL models. Finally, it is worth mentioning that these statistics are generated when the flow timeout value is equal with 120 seconds.

Table

The DDoS protection market is experiencing robust growth, driven by the escalating frequency and sophistication of distributed denial-of-service (DDoS) attacks targeting businesses and critical infrastructure globally. The market's expansion is fueled by several key factors: the increasing reliance on cloud services and digital infrastructure, the proliferation of IoT devices creating larger attack surfaces, and the evolution of DDoS attack methodologies towards more complex and evasive techniques. Significant investments in advanced security solutions are being made by organizations across various sectors, including finance, healthcare, and e-commerce, to mitigate the financial and reputational damage caused by successful DDoS attacks. The market is segmented by application (mobile, data center, government & carrier transport) and attack type (UDP flood, ICMP flood, SYN flood, HTTP flood, others), with data centers and cloud providers representing substantial market segments due to their concentration of critical assets. Geographic distribution shows strong growth across North America and Asia-Pacific, driven by higher levels of internet penetration and adoption of cloud-based services in these regions. Competitive landscape features established players like F5 Networks, Akamai Technologies, and Cloudflare, alongside emerging security specialists offering innovative solutions. Continued innovation in AI-powered threat detection and mitigation, coupled with the growing demand for comprehensive security solutions, promises sustained market expansion in the coming years. While precise market sizing data wasn't provided, reasonable estimation based on industry reports suggests a current market value exceeding $5 billion USD. Considering the factors above, a Compound Annual Growth Rate (CAGR) of 15% seems plausible over the forecast period (2025-2033), implying significant growth opportunities. This expansion is moderated by factors such as the cost of implementing advanced DDoS protection solutions and the ongoing challenge of staying ahead of evolving attack vectors. Nevertheless, the rising sophistication of cyberattacks and the escalating consequences of service disruptions will likely drive consistent demand for robust DDoS protection, sustaining the market's positive trajectory. The increasing adoption of hybrid cloud models and the expansion of 5G networks are expected to further fuel market growth, presenting significant opportunities for vendors offering comprehensive solutions that address the complexities of distributed infrastructure.

The global Anti-DDoS Attack Tool market is experiencing robust growth, driven by the escalating frequency and sophistication of Distributed Denial-of-Service (DDoS) attacks targeting businesses of all sizes. While precise market size figures for 2025 are unavailable in the provided data, we can infer a substantial market value based on industry trends and reported CAGRs. Assuming a conservative CAGR of 15% (a common rate for rapidly evolving cybersecurity sectors) and a 2024 market size of $5 billion (a reasonable estimate given the prevalence of DDoS attacks and the need for mitigation solutions), the 2025 market size could be estimated at approximately $5.75 billion. This growth is fueled by several key drivers: the increasing reliance on cloud-based infrastructure, the expansion of the Internet of Things (IoT) creating more potential attack vectors, and the growing adoption of advanced DDoS attack techniques. The market is segmented by deployment (cloud-based and on-premises) and user type (SMEs and large enterprises), with cloud-based solutions witnessing faster adoption due to scalability and cost-effectiveness. Market restraints include the high initial investment required for advanced DDoS protection and the ongoing need for skilled professionals to manage and maintain these systems. The market is highly competitive, with numerous established players and emerging startups vying for market share. Future growth will be influenced by advancements in AI-powered threat detection and mitigation, increased regulatory pressure on data security, and the continued evolution of DDoS attack methods. The forecast period (2025-2033) promises continued expansion, with a projected CAGR above 12%. This sustained growth stems from the ongoing digital transformation across industries, making organizations increasingly vulnerable to cyberattacks. Factors such as the proliferation of 5G networks, the rising adoption of edge computing, and the increasing reliance on digital services will further fuel market demand for robust Anti-DDoS solutions. The market will likely witness consolidation as larger players acquire smaller companies to enhance their product portfolios and expand their geographic reach. Furthermore, the development of innovative solutions combining AI, machine learning, and blockchain technology is expected to reshape the competitive landscape. Strategic partnerships and collaborations between vendors and cybersecurity experts will also play a critical role in driving market growth and enhancing the effectiveness of Anti-DDoS protection.