Introduction

This datasets have SQL injection attacks (SLQIA) as malicious Netflow data. The attacks carried out are SQL injection for Union Query and Blind SQL injection. To perform the attacks, the SQLMAP tool has been used.

NetFlow traffic has generated using DOROTHEA (DOcker-based fRamework fOr gaTHering nEtflow trAffic). NetFlow is a network protocol developed by Cisco for the collection and monitoring of network traffic flow data generated. A flow is defined as a unidirectional sequence of packets with some common properties that pass through a network device.

Datasets

The firts dataset was colleted to train the detection models (D1) and other collected using different attacks than those used in training to test the models and ensure their generalization (D2).

The datasets contain both benign and malicious traffic. All collected datasets are balanced.

The version of NetFlow used to build the datasets is 5.

Infrastructure and implementation

Two sets of flow data were collected with DOROTHEA. DOROTHEA is a Docker-based framework for NetFlow data collection. It allows you to build interconnected virtual networks to generate and collect flow data using the NetFlow protocol. In DOROTHEA, network traffic packets are sent to a NetFlow generator that has a sensor ipt_netflow installed. The sensor consists of a module for the Linux kernel using Iptables, which processes the packets and converts them to NetFlow flows.

DOROTHEA is configured to use Netflow V5 and export the flow after it is inactive for 15 seconds or after the flow is active for 1800 seconds (30 minutes)

Benign traffic generation nodes simulate network traffic generated by real users, performing tasks such as searching in web browsers, sending emails, or establishing Secure Shell (SSH) connections. Such tasks run as Python scripts. Users may customize them or even incorporate their own. The network traffic is managed by a gateway that performs two main tasks. On the one hand, it routes packets to the Internet. On the other hand, it sends it to a NetFlow data generation node (this process is carried out similarly to packets received from the Internet).

The malicious traffic collected (SQLI attacks) was performed using SQLMAP. SQLMAP is a penetration tool used to automate the process of detecting and exploiting SQL injection vulnerabilities.

The attacks were executed on 16 nodes and launch SQLMAP with the parameters of the following table.

Every node executed SQLIA on 200 victim nodes. The victim nodes had deployed a web form vulnerable to Union-type injection attacks, which was connected to the MYSQL or SQLServer database engines (50% of the victim nodes deployed MySQL and the other 50% deployed SQLServer).

The web service was accessible from ports 443 and 80, which are the ports typically used to deploy web services. The IP address space was 182.168.1.1/24 for the benign and malicious traffic-generating nodes. For victim nodes, the address space was 126.52.30.0/24.
The malicious traffic in the test sets was collected under different conditions. For D1, SQLIA was performed using Union attacks on the MySQL and SQLServer databases.

However, for D2, BlindSQL SQLIAs were performed against the web form connected to a PostgreSQL database. The IP address spaces of the networks were also different from those of D1. In D2, the IP address space was 152.148.48.1/24 for benign and malicious traffic generating nodes and 140.30.20.1/24 for victim nodes.

To run the MySQL server we ran MariaDB version 10.4.12.
Microsoft SQL Server 2017 Express and PostgreSQL version 13 were used.

The dataset for SQL injection detection was collected at Makerere University through both simulated attacks and real-world queries. Using tools like Burp Suite and SQLMap in a controlled testbed, alongside MySQL server logs from live systems, a dataset of 22,470 SQL queries was created (91.65% malicious, 8.35% benign). Malicious queries were categorized into six attack types, with Union-based (28.37%) being the most common. Analysis revealed malicious queries were typically longer (128±41 characters vs. 87±32) and contained distinctive keyword patterns, with UNION appearing 90x more frequently in malicious queries than benign ones.

This dataset has SQL injection attacks as malicious Netflow data. The attacks carried out are SQL injection for Union Query and Blind SQL injection. To perform the attacks, the SQLmap tool has been used.

NetFlow traffic has generated using DOROTHEA (DOcker-based fRamework fOr gaTHering nEtflow trAffic). NetFlow is a network protocol developed by Cisco for the collection and monitoring of network traffic flow data generated. A flow is defined as a unidirectional sequence of packets with some common properties that pass through a network device.

The version of NetFlow used to build the datasets is 5.

This dataset contains network traffic logs captured by Burp-Suite, aimed at classifying web requests as either good or bad based on their characteristics. By analyzing patterns in the network logs, this dataset helps in identifying web requests that could be categorized as legitimate or malicious. The main goal is to assist in the detection and prevention of web-based attacks, contributing to a more secure online environment.

The dataset was gathered using Burp-Suite, a tool widely recognized for web vulnerability scanning and traffic monitoring. Burp-Suite captures network traffic, providing detailed records of the interactions between clients and servers. This includes information such as URL paths, headers, and parameters. Using this information, it is possible to develop classification models that assess the characteristics of each web request, determining whether they should be considered "good" or "bad."

Characteristics of the Dataset Traffic Log Format: The dataset contains various HTTP(S) requests, including headers, URLs, and request bodies. Each request is labeled based on its perceived legitimacy. The legitimate requests ("good") are standard, benign user activity, while the malicious requests ("bad") are crafted to exploit server vulnerabilities.

Feature Analysis: The characteristics of each web request are crucial to classifying it correctly. This includes analyzing the structure of the URL, the parameters included in the query string, and the content of request headers. By evaluating these elements, we can detect suspicious patterns that may indicate a malicious request, such as SQL injection attempts, cross-site scripting (XSS), or other forms of attack.

Detection Strategy: The classification is based on identifying certain key patterns and terms that are indicative of an attack. This approach is particularly useful for detecting known types of attacks, such as SQL injection, command injection, and XSS. The dataset includes specific keywords that have been identified as potential indicators of malicious intent.

List of Bad Words in the URL Path The dataset specifically highlights the importance of monitoring the URL path for certain keywords that are commonly used in attacks. The list of "bad words" that should be checked in the URL path includes:

sleep: Used in SQL injection attacks to delay server response. uid: Frequently targeted in attempts to exploit user identifier vulnerabilities. select: A common SQL keyword that might indicate a potential SQL injection attempt. waitfor: Used in SQL Server to introduce delays, often seen in timing attacks. delay: Similar to "sleep," used to manipulate response times. system: Can indicate an attempt to execute system commands through vulnerabilities like command injection. union: Often used in SQL injection to combine results from different tables, which may lead to data exposure. order by: Another SQL term that may be exploited to modify query results. group by: Similar to "order by," used in SQL queries that might be manipulated for malicious purposes. admin: An attempt to access administrative sections of a website, possibly leading to privilege escalation. drop: Indicates an attempt to delete database tables or other critical components. script: Often used in cross-site scripting (XSS) attacks to inject malicious code into webpages. These "bad words" serve as potential red flags in the dataset and play an important role in differentiating between legitimate and malicious requests. If any of these keywords appear in the URL path, it significantly increases the likelihood that the request is malicious and warrants further investigation or immediate blocking.

Importance for Web Security The ability to classify web requests as good or bad is a fundamental aspect of web security. Many cyber attacks begin with an attempt to interact with web servers in unintended ways, exploiting vulnerabilities to gain unauthorized access, disrupt services, or steal sensitive information. By training models using this dataset, security teams can create intelligent systems that automatically recognize patterns associated with attacks.

SQL Injection Prevention: By identifying keywords such as "select," "union," "drop," and others, the model can flag requests that appear to contain SQL code, suggesting an attempt to execute an unauthorized database query.

Command Injection: Keywords like "system" may indicate attempts to execute shell commands, which can be highly damaging if successful.

Access Control: Requests that include "admin" may signal attempts to access restricted areas, possibly representing privilege escalation attacks.

Practical Usage In practice, this dataset could be used to build a machine learning model for real-time web traffic analysis. The model could be integrated into web application firewalls (WAFs) to detect and block suspicious requests be...

This dataset meticulously captured for the analysis and detection of cyberattacks using machine learning techniques. It comprises 100,000 rows, each representing a unique cyberattack event. The dataset includes a diverse range of attack types, protocols, and affected systems, making it an invaluable resource for developing and testing detection models.

Columns and Attributes

• Attack ID: A unique identifier assigned to each attack instance, ranging from 1 to 100,000. This column ensures each row is distinct and can be referenced individually.
• Timestamp: The exact date and time when the attack was detected, formatted as YYYY-MM-DD HH:MM:SS. This column helps in analyzing the temporal patterns of attacks and identifying trends over time.
• Source IP: The IP address of the machine from which the attack originated. Each IP address in the dataset is unique, simulating a diverse set of attackers and adding realism to the dataset.
• Destination IP: The IP address of the target machine under attack. Similar to the source IPs, destination IPs are also unique, representing a wide range of potential targets and ensuring a comprehensive dataset.
• Source Country: The country associated with the source IP address, randomly assigned from a set of major countries (e.g., USA, China, Russia). This attribute is crucial for geographic analysis of attack origins and understanding global threat landscapes.
• Destination Country: The country associated with the destination IP address, providing context about the target locations and enabling analysis of international attack patterns.
• Protocol: The network protocol used during the attack, such as TCP, UDP, or ICMP. This column is essential for understanding the type of communication involved in the attack and for protocol-specific analysis.
• Source Port: The port number on the source machine used for the attack. This can be useful in identifying common ports used by attackers and understanding the methods of attack.
• Destination Port: The port number on the destination machine targeted by the attack. This attribute, combined with the port type, helps in understanding the specific services under attack and identifying vulnerable entry points.
• Port Type: A derived column that categorizes the destination port into common service types (e.g., HTTP, HTTPS, FTP). This simplifies the analysis of which services are frequently targeted and aids in focusing defensive measures.
• Attack Type: A descriptive label for the type of cyberattack, including a variety of attack methods such as Distributed Denial of Service (DDoS), SQL Injection, and Phishing. The dataset includes a broad spectrum of attack types to cover different threat scenarios and provide comprehensive analysis opportunities.
• Payload Size (bytes): The size of the data payload involved in the attack, measured in bytes. This helps in understanding the scale and potential impact of each attack, with larger payloads often indicating more significant or complex attacks.
• Detection Label: Indicates whether the attack was detected by the system (Detected) or not (Not Detected). This binary label is crucial for evaluating the effectiveness of detection models and understanding detection rates.
• Confidence Score: A probability score ranging from 0 to 1, representing the confidence level of the detection model for each attack instance. For detected attacks, the score is between 0.50 and 1.00, while for undetected attacks, it is between 0.00 and 0.49. This score is essential for assessing the reliability of the detection model.
• ML Model: The type of machine learning model used to identify the attack, randomly chosen from popular models such as Random Forest, Support Vector Machine, and Neural Network. This provides insight into the model's performance and preferences, enabling comparative analysis of different models.
• Affected System: The type of system targeted by the attack, such as a Database Server, Web Server, or IoT Device. This helps in understanding the potential impact on different infrastructure components and focusing security efforts on the most critical systems.

Realism and Practicality

The dataset introduces a realistic element by including null values in various columns. This simulates real-world data imperfections and prepares the dataset for more robust handling and preprocessing techniques during analysis. The inclusion of unique IP addresses for both source and destination adds to the authenticity, reflecting the diverse nature of cyberattacks in the real world.

Overall, this dataset is a valuable resource for researchers, analysts, and developers working on cybersecurity solutions. It provides a rich, varied, and realistic foundation for developing and testing machine learning models aimed at detecting and mitigating cybe...

NetAttackMix

The NetAttackMix dataset combines normal network traffic with three classes of injection attacks for training and evaluating detection models:

  Class Description

SQL Injection (SQLi) – attempts to manipulate SQL statements through request parameters.
Cross-Site Scripting (XSS) – injection of client-side scripts that execute in the victim’s browser.
Command / OS Injection (CMDi) – payloads that try to run shell commands on the server, often leading to… See the full description on the dataset page: https://huggingface.co/datasets/blnkoff/NetAttackMix.

We present a novel cutting-edge, large-scale multiclass dataset to improve the security of network cognition of suspicious traffic in networks. The proposed newly generated dataset contains up-to-date samples and features available to the public to help reduce the effect of upcoming cyberattacks with machine learning methods. Specifically, 6 million traffic samples with 60 features are collected and organized into two balanced classes: 50% normal traffic and 50% anomaly (attack) traffic. Furthermore, the anomaly traffic is composed of 15 different attacks including MITM-ARP-SPOOFING attack, SSH-BRUTE FORCE attack, FTP-BRUTE FORCE attack, DDOS-ICMP, DDOS-RAWIP attack, DDOS-UDP attack, DOS attack, EXPLOITING-FTP attack, FUZZING attack, ICMP FLOOD attack, SYN-FLOOD attack, PORT SCANNING attack, REMOTE CODE EXECUTION attack, SQL INJECTION attack, and XSS attack.

For detailed info, Please refer to and cite our article: Q. Abu Al-Haija, Z. Masoud, A. Yasin, K. Alesawi, Y. Alkarnawi, "Revolutionizing Threat Hunting in Communication Networks: Introducing a Cutting-Edge Large-Scale Multiclass Dataset", 15th International Conference on Information and Communication Systems (ICICS 2024), IEEE, Aug. 2024.

Guarded SQL Generation Market Outlook

According to our latest research, the Guarded SQL Generation market size reached USD 1.26 billion in 2024, reflecting robust demand across key verticals. The market is expected to grow at a CAGR of 17.4% from 2025 to 2033, culminating in a forecasted value of USD 5.01 billion by 2033. This rapid expansion is propelled by growing data security concerns, the proliferation of digital transformation initiatives, and the increasing adoption of automated solutions to mitigate SQL injection and related cyber threats.

The primary growth driver for the Guarded SQL Generation market is the exponential rise in cyber-attacks targeting databases, particularly SQL injection attacks. Organizations across sectors are facing heightened risks associated with data breaches, pushing them to invest in advanced SQL generation tools that automatically produce secure, parameterized queries. These solutions significantly reduce the attack surface by ensuring that SQL code is generated in a way that inherently guards against vulnerabilities. The integration of artificial intelligence and machine learning into these tools further enhances their ability to detect and neutralize evolving threats, making them indispensable in today’s security-conscious environment. The growing regulatory landscape, with stringent data protection standards such as GDPR and CCPA, is also compelling enterprises to adopt robust SQL generation solutions, as compliance failures can result in substantial penalties and reputational damage.

A secondary, but equally important, factor fueling the growth of the Guarded SQL Generation market is the ongoing digital transformation across industries. As organizations migrate workloads to the cloud and embrace microservices architectures, the complexity and volume of database interactions have surged. This has made traditional, manual approaches to SQL code generation both impractical and risky. Automated, guarded SQL generation tools provide a scalable and efficient solution, enabling businesses to maintain speed and agility without compromising security. The rapid adoption of DevOps and continuous integration/continuous deployment (CI/CD) pipelines has further accelerated the need for such solutions, as development cycles shorten and the margin for error narrows. Consequently, vendors are focusing on delivering seamless integration capabilities, user-friendly interfaces, and comprehensive support for a wide range of database environments.

Moreover, the rising adoption of cloud-based applications and the proliferation of SaaS platforms have created additional growth opportunities for the Guarded SQL Generation market. Enterprises are increasingly seeking cloud-native solutions that can be rapidly deployed and scaled to meet fluctuating demands. Cloud deployment not only offers cost advantages but also enhances collaboration and accessibility, making it an attractive choice for organizations of all sizes. Vendors are responding by offering flexible, subscription-based pricing models and robust APIs that facilitate integration with existing cloud ecosystems. This shift is particularly pronounced among small and medium enterprises (SMEs), which often lack the resources to maintain dedicated security teams and are thus highly motivated to adopt automated, managed solutions.

From a regional perspective, North America continues to dominate the Guarded SQL Generation market, driven by a mature IT infrastructure, high awareness of cybersecurity threats, and significant investments in cutting-edge technologies. However, Asia Pacific is emerging as the fastest-growing region, supported by rapid digitalization, a burgeoning startup ecosystem, and increasing regulatory scrutiny. Europe is also witnessing steady growth, buoyed by strict data privacy laws and a proactive approach to cybersecurity. Latin America and the Middle East & Africa are gradually catching up, with governments and enterprises recognizing the importance of robust database security solutions in safeguarding critical information assets.

Kali Linux Tools Dataset

A comprehensive and structured dataset of common offensive security tools available in Kali Linux, including usage commands, flags, descriptions, categories, and official documentation links.

This dataset is designed to support cybersecurity training, red team automation, LLM fine-tuning, and terminal assistants for penetration testers.

📁 Dataset Format

Each entry is a JSON object and stored in .jsonl (JSON Lines) format. This structure is ideal for machine learning pipelines and programmatic use.

Fields:

🧪 Example Entry

{
 "tool": "sqlmap",
 "command": "sqlmap -u http://example.com --dbs",
 "description": "Enumerate databases on a vulnerable web application.",
 "category": "Web Application",
 "use_case": "SQL injection testing",
 "flags": ["-u", "--dbs"],
 "os": "Linux",
 "reference_link": "http://sqlmap.org/"
}
✅ Key Features

  ✅ Covers widely-used tools: nmap, hydra, sqlmap, burpsuite, aircrack-ng, wireshark, etc.

  ✅ Multiple real-world command examples per tool

  ✅ Cross-categorized where tools serve multiple purposes

  ✅ Ready for use in LLM training, cybersecurity education, and CLI helpers

🔍 Use Cases

  Fine-tuning AI models (LLMs) for cybersecurity and terminal tools

  Building red team knowledge bases or documentation bots

  Creating terminal assistant tools and cheat sheets

  Teaching ethical hacking through command-line exercises

📚 Categories Covered

  Networking

  Web Application Testing

  Exploitation

  Password Cracking

  Wireless Attacks

  System Forensics

  Sniffing & Spoofing

⚠️ Legal Notice

This dataset is provided for educational, research, and ethical security testing purposes only. Use of these tools and commands in unauthorized environments may be illegal.
📜 License

This dataset is released under the MIT License.
🙌 Contributions

Contributions are welcome! Feel free to submit PRs to add tools, improve descriptions, or fix errors.
📫 Maintainer

Created by: sunnythakur
GitHub: github.com/sunnythakur25
Contact: sunny48445@gmail.com

CICIDS Dataset

The Canadian Institute for Cybersecurity Intrusion Detection System (CICIDS) dataset is a modern and comprehensive benchmark dataset for network intrusion detection research.
It was created by the Canadian Institute for Cybersecurity (CIC) in collaboration with industry partners to address the limitations of older datasets (such as KDD99 and NSL-KDD) by providing realistic traffic patterns, up-to-date attack types, and a balanced mix of normal and malicious activities.

Key Characteristics

• Realistic Traffic Generation: Traffic was captured in a controlled but realistic enterprise-like network, including servers, clients, switches, and routers.
• Diverse Attack Scenarios:
  • Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS)
  • Brute force (SSH, FTP)
  • Web-based attacks (XSS, SQL Injection, Command Injection)
  • Infiltration from inside the network
  • Botnet activities
  • Port scanning and reconnaissance
• Data Capture: Raw traffic was recorded in PCAP format.
• Feature Extraction: Processed with CICFlowMeter to generate over 80 features, including:
  • Flow-based: Duration, total forward/backward packets, packet length statistics
  • Time-based: Inter-arrival times, active and idle times
  • Content-based: HTTP methods, DNS queries, and more
• Labeling: Each network flow is annotated as either benign or belonging to a specific attack type.
• Balance: Designed to include both normal and attack traffic with realistic distribution patterns.

Advantages

• Reflects modern threats not covered in older datasets.
• Provides detailed labels for fine-grained attack classification.
• Suitable for both binary classification (normal vs. attack) and multi-class classification (attack type detection).
• Enables research in machine learning, deep learning, and feature selection for IDS.

Usage

The CICIDS dataset has become a widely adopted benchmark for evaluating Intrusion Detection Systems (IDS) due to its: - Rich feature set - Real-world attack scenarios - Balanced structure for training and testing models

Database Firewall Market Outlook

According to our latest research, the global database firewall market size reached USD 2.18 billion in 2024. The market has demonstrated robust growth, registering a CAGR of 15.7% from 2025 to 2033. By 2033, the database firewall market is forecasted to achieve a valuation of USD 7.65 billion. This impressive growth trajectory is primarily driven by the escalating frequency and sophistication of cyberattacks targeting critical business data, compelling organizations across the globe to invest in advanced database security solutions. The rising adoption of digital transformation initiatives, cloud computing, and regulatory compliance requirements further accelerate the demand for database firewalls as a pivotal layer of security infrastructure.

A key growth factor for the database firewall market is the surge in data breaches and cyber threats that specifically target databases, which house sensitive and mission-critical information. Organizations are under increasing pressure to secure their data assets from both external hackers and insider threats. The proliferation of ransomware, SQL injection attacks, and advanced persistent threats (APTs) has made traditional security measures insufficient, leading to a sharp uptick in the deployment of database firewalls. These solutions offer real-time monitoring, threat detection, and policy enforcement capabilities that are essential for modern enterprises to maintain data integrity and customer trust in an evolving threat landscape.

Another significant driver is the stringent regulatory environment that mandates robust data protection practices across various industries. Regulations such as the General Data Protection Regulation (GDPR) in Europe, the Health Insurance Portability and Accountability Act (HIPAA) in the US, and other regional compliance standards require organizations to adopt comprehensive security controls, including database firewalls. Non-compliance can result in hefty fines and reputational damage, prompting companies to prioritize investments in database security technologies. Additionally, the growing trend of remote work and the widespread adoption of cloud-based applications have expanded the attack surface, further necessitating advanced database firewall solutions to safeguard distributed data environments.

Technological advancements and the integration of artificial intelligence (AI) and machine learning (ML) into database firewall solutions are also fueling market expansion. Modern database firewalls are now equipped with intelligent anomaly detection, automated threat response, and adaptive learning capabilities, enabling proactive defense against emerging threats. The demand for scalable, easy-to-deploy, and centrally managed solutions is particularly high among organizations looking to future-proof their data security infrastructure. As enterprises continue to digitize their operations and embrace cloud-native architectures, the role of database firewalls in ensuring end-to-end data protection is expected to become even more critical.

From a regional perspective, North America remains the largest and most mature market for database firewalls, accounting for 38% of global revenue in 2024. This dominance is attributed to the high concentration of technology-driven enterprises, stringent regulatory frameworks, and early adoption of advanced security solutions. However, Asia Pacific is emerging as the fastest-growing region, propelled by rapid digitalization, increasing awareness about cybersecurity, and significant investments in IT infrastructure. Europe also holds a substantial share, driven by strong data protection laws and a growing emphasis on enterprise security. Latin America and the Middle East & Africa are witnessing steady growth, supported by government initiatives and rising cyber threat awareness, albeit from a lower base.

Component Analysis

The component segment of the database firewall market is categorized into software, hardware, and services, each playing a vital role in shaping the industry landscape. Software solutions dominate the segment, accounting for the largest market share, as organizations prioritize flexible, scalable, and feature-rich platforms to secure their databases. Database firewall software offers comprehensive functionalities such as real-time monitoring, threat analytics, policy management, and automated alerts, making it the preferred choice

📂

The Global Cybersecurity Threats Dataset (2015-2024) provides extensive data on cyberattacks, malware types, targeted industries, and affected countries. It is designed for threat intelligence analysis, cybersecurity trend forecasting, and machine learning model development to enhance global digital security.

📊 Column Descriptions

Labels of normal and attack classes in the CICIDS-2017 dataset.

This dataset is for analysis of cyber threats for small and medium businesses. and has about 1000 dataset with 26 feature.

S/N Attribute Data Type Description 1 Attack_ID String (UUID) Unique identifier for each attack record. 2 Timestamp DateTime Date and time when the attack occurred. 3 Business_Type String Industry type (e.g., Retail, Healthcare, IT, Finance). 4 Business_Size String Classification as Small or Medium business. 5 Geographical_Location String Country or region of the SMB. 6 Attack_Type String Type of cyber attack (e.g., Phishing, Ransomware, DDoS). 7 Threat_Source String Origin of the threat (Internal/External). 8 Malware_Name String Name of the malware used, if applicable. 9 Attack_Vector String Entry point of the attack (e.g., Email, Web, Network). 10 Exploit_Method String Vulnerability exploited (e.g., SQL Injection, Zero-Day). 11 Payload_Details String Description of the malicious action performed. 12 Affected_Systems String Systems impacted (e.g., Database, ERP, Cloud Storage). 13 Data_Compromised String Type of data affected (Customer Data, Financial Records). 14 Financial_Loss Float Estimated loss due to attack (in USD). 15 Operational_Disruption Float Downtime duration in hours/days. 16 Reputation_Damage_Score Integer Severity of reputational impact (Scale: 1-10). 17 Detection_Method String How the attack was detected (e.g., IDS, Antivirus). 18 Mitigation_Steps String Actions taken to contain the attack. 19 Incident_Response_Time Float Time taken to respond to the attack (in minutes/hours). 20 Recovery_Time Float Time taken to restore normal operations (in days). 21 Legal_Action_Taken Boolean Whether legal action was pursued (Yes/No). 22 Cybersecurity_Budget Float SMB annual cybersecurity spending (in USD). 23 Employee_Training Boolean Whether staff received cybersecurity training (Yes/No). 24 Use_of_MFA Boolean Whether Multi-Factor Authentication (MFA) was implemented (Yes/No). 25 Data_Backup_Availability Boolean Whether backups were available before the attack (Yes/No). 26 Compliance_Standards String Security frameworks followed (e.g., ISO 27001, NIST, GDPR).

Database Security Market size was valued at USD 7.87 USD Billion in 2024 and is projected to reach USD 27.02 USD Billion by 2032, growing at a CAGR of 18.40% during the forecast period 2026-2032.Global Database Security Market DriversRising Incidences of Cybersecurity Threats and Data Breaches: The escalating frequency and sophistication of cybersecurity threats and data breaches are among the foremost drivers of the database security market. Organizations across industries are increasingly vulnerable to attacks such as SQL injection, ransomware, and insider threats, which can compromise sensitive information, including personal data, financial records, and intellectual property. With stringent regulations like GDPR, CCPA, and HIPAA enforcing strict penalties for data mishandling, companies are prioritizing investments in database security solutions. These solutions, including encryption, activity monitoring, and vulnerability assessment tools, help mitigate risks, ensure compliance, and maintain customer trust, making cybersecurity concerns a critical growth catalyst for the market.Increasing Adoption of Cloud-Based Databases: The widespread adoption of cloud computing and cloud-based database solutions is driving demand for robust database security measures. As organizations migrate sensitive data to cloud environments for scalability, flexibility, and cost-effectiveness, the need to secure these databases from unauthorized access and cyber threats becomes paramount.

Database Firewall for SMB Market Outlook

According to our latest research, the global Database Firewall for SMB market size is valued at USD 1.18 billion in 2024 and is projected to reach USD 3.11 billion by 2033, expanding at a robust CAGR of 11.2% during the forecast period from 2025 to 2033. The market’s rapid growth is primarily driven by the escalating frequency and sophistication of cyber threats targeting small and medium-sized businesses (SMBs), compelling organizations to invest in advanced database security solutions such as database firewalls.

The significant rise in cyberattacks, including ransomware, SQL injection, and data breaches, has heightened the awareness among SMBs regarding the importance of robust database security. Unlike large enterprises, SMBs often lack dedicated security teams and advanced infrastructure, making them more vulnerable to data theft and compliance violations. As regulatory requirements such as GDPR, HIPAA, and CCPA become more stringent, SMBs are increasingly seeking database firewall solutions that offer real-time threat detection, granular access controls, and automated response capabilities. The growing reliance on digital operations and cloud-based applications further amplifies the need for scalable and easy-to-deploy database firewalls, thereby fueling market growth.

Another crucial growth factor is the rapid digital transformation among SMBs, which has led to exponential growth in sensitive data stored across multiple platforms, including on-premises, cloud, and hybrid environments. As organizations embrace digitalization to enhance operational efficiency and customer experience, the attack surface expands, making databases a prime target for cybercriminals. Database firewall solutions equipped with machine learning and behavioral analytics are gaining traction, as they can proactively identify anomalous activities and potential threats. The integration of database firewalls with broader security ecosystems, such as Security Information and Event Management (SIEM) and Identity and Access Management (IAM) platforms, further enhances their value proposition for SMBs.

Market expansion is also supported by the increasing availability of affordable and easy-to-use database firewall solutions tailored specifically for SMBs. Vendors are focusing on delivering solutions that require minimal IT expertise, offer seamless integration with existing infrastructure, and provide flexible deployment options. The proliferation of managed security service providers (MSSPs) offering database firewall as a service is enabling SMBs to access enterprise-grade security without significant upfront investments. Additionally, the ongoing innovation in threat intelligence, automation, and cloud-native security is expected to drive further adoption of database firewalls among SMBs in the coming years.

From a regional perspective, North America currently dominates the Database Firewall for SMB market, accounting for the largest share due to the high concentration of SMBs, advanced IT infrastructure, and early adoption of security technologies. Europe follows closely, driven by stringent data protection regulations and an increasing focus on cybersecurity among small businesses. The Asia Pacific region is expected to witness the fastest growth over the forecast period, propelled by the rapid digitalization of SMBs, rising cyber threats, and government initiatives to strengthen cybersecurity frameworks. Latin America and the Middle East & Africa are also emerging as promising markets, supported by increasing investments in digital infrastructure and growing awareness of database security.

Component Analysis

The Database Firewall for SMB market is segmented by component into software, hardware, and services. The software segment holds the largest market share, driven by the increasing demand for robust, scalable, and easy-to-deploy database firewall solutions. SMBs prefer software-based firewalls due to their cost-effectiveness, flexibility, and ability to in

Overview

This project include two intrusion detection datasets collected on a K8s cluster. The datasets were collected by simulating normal and malicious activities on two different web apps hosted on the cluster. Each dataset contains: - Network data: Packets captures and extracted TCP flows. - Container metrics: cAdvisor metrics such as container cpu utilization, cache memory, open network sockets, number of processes and threads, etc. - K8s cluster metrics: KubeStateMetrics and other metrics such as the number of available pods for a microservice and resource quotas.

This data is part of Multidimensional Intrusion Detection System for Containerized Environments paper.

Simulated normal and malicious activities

We named the datasets according to the two cloud-native apps that were used as the target service which are : the Damn Vulnerable Web App (DVWA) and Google's Bank of Anthos (BoA). The following table summarizes the different scenarios found in the datasets and some labeling info :

| Scenario | Tools Used | DVWA Dataset | BoA Dataset | Label value | How To Label |--------------|-------------|------|-----|------------| | Normal Activity | Locust | ✅ | ✅ | 0 | Any destination port not used by an attack captured in that file | DoS Attack 1 | Slowloris | ✅ | ✅ | 1 | - DVWA: dst_port = 30025
- BoA: dst_port = 30026 | DoS Attack 2 | Torshammer | ✅ | ✅ | 2 | dst_port = 30026 | Brute Force Attack | Hydra | ✅ | ❌ | 3 | dst_port = 30027 | SQL Injection Attack| Sqlmap | ✅ | ❌ | 4 | dst_port = 30025

Labeling Notes

• The correct label values were not assigned in the network flow files ("1-network_flows" folder).
• To label from PCAP files (or the network flow CSV files), use the destination port as shown in the "How To Label" column in the table above.
• The specified destination port is specific to each file (e.g., if a file contains only normal and DoS-Torshammer records, normal records may use destination ports of other attacks mentioned in the table).
• Don't forget to remove dst_port column when training, as it was used for labeling the data.

Title: Network Traffic Analysis Dataset for Cybersecurity

Description: This dataset contains network traffic data that simulates various types of communication between network entities, specifically focusing on different protocols and potential security threats. The data includes information about packets exchanged between sender and receiver entities, their attributes, and associated attack types.

Columns:

Protocol: The communication protocol used for the packet (e.g., TCP or UDP). Flag: The flag associated with the packet (e.g., SYN, ACK, RST, FIN). Packet: The type of packet exchanged (e.g., HTTP, DNS, SSH, FTP, NTP). Sender ID: Unique identifier for the sender entity. Receiver ID: Unique identifier for the receiver entity. Source IP Address: IP address of the source entity. Destination IP Address: IP address of the destination entity. Source Port: Port number on the source entity. Destination Port: Port number on the destination entity. Packet Size: Size of the packet in bytes. Target Variable: The potential security threat associated with the packet (e.g., Phishing, DoS, Man-in-the-Middle, DDoS, SQL Injection, Cross-Site Scripting, Ransomware, Password Attacks, Zero-Day Exploits). Intended Use: This dataset is intended for use in cybersecurity research and analysis, particularly for the development and evaluation of intrusion detection systems, network anomaly detection algorithms, and predictive models for identifying potential security threats. It can also be utilized to explore patterns and relationships between different types of network traffic and associated attack vectors.

Considerations:

Data Privacy: Ensure that any sensitive or personal information in the dataset is anonymized or masked to protect user privacy. Data Preprocessing: Before using the dataset, perform preprocessing tasks such as handling missing values, standardizing column names, and encoding categorical variables. Feature Engineering: Depending on the analysis goals, additional features may be engineered from the available attributes to enhance model performance. Data Splitting: Divide the dataset into training, validation, and testing subsets for model development and evaluation. Documentation: Provide clear documentation detailing the dataset's origin, structure, and any preprocessing steps applied. By providing this dataset on Kaggle, researchers and data scientists interested in the field of cybersecurity can access a controlled simulation of network traffic to explore and develop solutions for detecting and mitigating potential security threats.

Dynamic Application Security Testing Market was valued at USD 2687.63 Million in 2023 and is projected to reach USD 39.86 Billion by 2031, growing at a CAGR of 24.71% from 2024 to 2031.

Dynamic Application Security Testing Market: Definition/ Overview

Dynamic Application Security Testing (DAST) serves as a digital security guard for your online apps. It uses real-world attacker strategies to find flaws in your application's security. Imagine someone attempting to break into your home; DAST performs the same for your program but virtually. DAST tools interact with your running application to analyze its behavior and responses to various inputs. They often look for popular vulnerabilities such as SQL injection (injecting malicious code into database queries) and cross-site scripting (injecting scripts to steal user data). DAST assists in identifying weaknesses before they are exploited by real hackers.

Dynamic Application Security Testing (DAST) serves as a digital watchdog over your online apps and APIs. It replicates real-world attacks demonstrating how hackers could exploit flaws. DAST identifies vulnerabilities in operating applications that static code analysis techniques may overlook. These can include standard security issues such as SQL injection (database manipulation) and cross-site scripting (malicious code injection).

Artificial intelligence (AI) will play a larger role in DAST improving accuracy and efficiency. AI may learn from previous weaknesses and attack patterns making it better at recognizing new threats. Additionally, AI can automate processes such as selecting vulnerabilities based on severity allowing security professionals to focus on complicated issues. As APIs become the foundation of modern systems, DAST will evolve to uncover vulnerabilities particular to APIs. This is vital since a hacked API can reveal sensitive information or interrupt critical functions.

×Original Source: http://data.mendeley.com/datasets/7pzyfvv9jn/1 We present a novel cutting-edge, large-scale multiclass dataset to improve the security of network cognition of suspicious traffic in networks. The proposed newly generated dataset contains up-to-date samples and features available to the public to help reduce the effect of upcoming cyberattacks with machine learning methods. Specifically, 6 million traffic samples with 60 features are collected and organized into two balanced classes: 50% normal traffic and 50% anomaly (attack) traffic. Furthermore, the anomaly traffic is composed of 15 different attacks including MITM-ARP-SPOOFING attack, SSH-BRUTE FORCE attack, FTP-BRUTE FORCE attack, DDOS-ICMP, DDOS-RAWIP attack, DDOS-UDP attack, DOS attack, EXPLOITING-FTP attack, FUZZING attack, ICMP FLOOD attack, SYN-FLOOD attack, PORT SCANNING attack, REMOTE CODE EXECUTION attack, SQL INJECTION attack, and XSS attack.

For detailed info, Please refer to and cite our article: Q. Abu Al-Haija, Z. Masoud, A. Yasin, K. Alesawi, Y. Alkarnawi, "Revolutionizing Threat Hunting in Communication Networks: Introducing a Cutting-Edge Large-Scale Multiclass Dataset", 15th International Conference on Information and Communication Systems (ICICS 2024), IEEE, Aug. 2024.