Introduction This datasets have SQL injection attacks (SLQIA) as malicious Netflow data. The attacks carried out are SQL injection for Union Query and Blind SQL injection. To perform the attacks, the SQLMAP tool has been used. NetFlow traffic has generated using DOROTHEA (DOcker-based fRamework fOr gaTHering nEtflow trAffic). NetFlow is a network protocol developed by Cisco for the collection and monitoring of network traffic flow data generated. A flow is defined as a unidirectional sequence of packets with some common properties that pass through a network device. Datasets The firts dataset was colleted to train the detection models (D1) and other collected using different attacks than those used in training to test the models and ensure their generalization (D2). The datasets contain both benign and malicious traffic. All collected datasets are balanced. The version of NetFlow used to build the datasets is 5. Dataset Aim Samples Benign-malicious
traffic ratio D1 Training 400,003 50% D2 Test 57,239 50% Infrastructure and implementation Two sets of flow data were collected with DOROTHEA. DOROTHEA is a Docker-based framework for NetFlow data collection. It allows you to build interconnected virtual networks to generate and collect flow data using the NetFlow protocol. In DOROTHEA, network traffic packets are sent to a NetFlow generator that has a sensor ipt_netflow installed. The sensor consists of a module for the Linux kernel using Iptables, which processes the packets and converts them to NetFlow flows. DOROTHEA is configured to use Netflow V5 and export the flow after it is inactive for 15 seconds or after the flow is active for 1800 seconds (30 minutes) Benign traffic generation nodes simulate network traffic generated by real users, performing tasks such as searching in web browsers, sending emails, or establishing Secure Shell (SSH) connections. Such tasks run as Python scripts. Users may customize them or even incorporate their own. The network traffic is managed by a gateway that performs two main tasks. On the one hand, it routes packets to the Internet. On the other hand, it sends it to a NetFlow data generation node (this process is carried out similarly to packets received from the Internet). The malicious traffic collected (SQLI attacks) was performed using SQLMAP. SQLMAP is a penetration tool used to automate the process of detecting and exploiting SQL injection vulnerabilities. The attacks were executed on 16 nodes and launch SQLMAP with the parameters of the following table. Parameters Description '--banner','--current-user','--current-db','--hostname','--is-dba','--users','--passwords','--privileges','--roles','--dbs','--tables','--columns','--schema','--count','--dump','--comments', --schema' Enumerate users, password hashes, privileges, roles, databases, tables and columns --level=5 Increase the probability of a false positive identification --risk=3 Increase the probability of extracting data --random-agent Select the User-Agent randomly --batch Never ask for user input, use the default behavior --answers="follow=Y" Predefined answers to yes Every node executed SQLIA on 200 victim nodes. The victim nodes had deployed a web form vulnerable to Union-type injection attacks, which was connected to the MYSQL or SQLServer database engines (50% of the victim nodes deployed MySQL and the other 50% deployed SQLServer). The web service was accessible from ports 443 and 80, which are the ports typically used to deploy web services. The IP address space was 182.168.1.1/24 for the benign and malicious traffic-generating nodes. For victim nodes, the address space was 126.52.30.0/24.
The malicious traffic in the test sets was collected under different conditions. For D1, SQLIA was performed using Union attacks on the MySQL and SQLServer databases. However, for D2, BlindSQL SQLIAs were performed against the web form connected to a PostgreSQL database. The IP address spaces of the networks were also different from those of D1. In D2, the IP address space was 152.148.48.1/24 for benign and malicious traffic generating nodes and 140.30.20.1/24 for victim nodes. To run the MySQL server we ran MariaDB version 10.4.12.
Microsoft SQL Server 2017 Express and PostgreSQL version 13 were used.

This dataset has SQL injection attacks as malicious Netflow data. The attacks carried out are SQL injection for Union Query and Blind SQL injection. To perform the attacks, the SQLmap tool has been used.

NetFlow traffic has generated using DOROTHEA (DOcker-based fRamework fOr gaTHering nEtflow trAffic). NetFlow is a network protocol developed by Cisco for the collection and monitoring of network traffic flow data generated. A flow is defined as a unidirectional sequence of packets with some common properties that pass through a network device.

The version of NetFlow used to build the datasets is 5.

This Code Vulnerabilities Dataset is designed for training and evaluating AI-driven models for identifying cybersecurity vulnerabilities in software codebases. The dataset consists of 1000 rows of synthetic code snippets, each labeled with one of two common vulnerabilities: SQL Injection (SQLi) and Cross-Site Scripting (XSS). The data contains the following columns:

Code Snippet: A synthetic code pattern that demonstrates either an SQL Injection or XSS vulnerability. Vulnerability Type: A label indicating the type of vulnerability in the code (SQLi or XSS). Location: Simulated line numbers (representing where the vulnerability might appear in the code). Preprocessed Tokens: A list of tokenized words from the code snippet, formatted for NLP model processing. This dataset is particularly useful for training machine learning and natural language processing (NLP) models to detect vulnerabilities automatically in software systems, aiming to improve the accuracy of vulnerability detection and reduce the need for manual inspection.

Overview This dataset is a comprehensive, easy-to-understand collection of cybersecurity incidents, threats, and vulnerabilities, designed to help both beginners and experts explore the world of digital security. It covers a wide range of modern cybersecurity challenges, from everyday web attacks to cutting-edge threats in artificial intelligence (AI), satellites, and quantum computing. Whether you're a student, a security professional, a researcher, or just curious about cybersecurity, this dataset offers a clear and structured way to learn about how cyber attacks happen, what they target, and how to defend against them.

With 14134 entries and 15 columns, this dataset provides detailed insights into 26 distinct cybersecurity domains, making it a valuable tool for understanding the evolving landscape of digital threats. It’s perfect for anyone looking to study cyber risks, develop strategies to protect systems, or build tools to detect and prevent attacks.

What’s in the Dataset? The dataset is organized into 16 columns that describe each cybersecurity incident or research scenario in detail:

ID: A unique number for each entry (e.g., 1, 2, 3). Title: A short, descriptive name of the attack or scenario (e.g., "Authentication Bypass via SQL Injection"). Category: The main cybersecurity area, like Mobile Security, Satellite Security, or AI Exploits. Attack Type: The specific kind of attack, such as SQL Injection, Cross-Site Scripting (XSS), or GPS Spoofing. Scenario Description: A plain-language explanation of how the attack works or what the scenario involves. Tools Used: Software or tools used to carry out or test the attack (e.g., Burp Suite, SQLMap, GNURadio). Attack Steps: A step-by-step breakdown of how the attack is performed, written clearly for all audiences. Target Type: The system or technology attacked, like web apps, satellites, or login forms. Vulnerability: The weakness that makes the attack possible (e.g., unfiltered user input or weak encryption). MITRE Technique: A code from the MITRE ATT&CK framework, linking the attack to a standard classification (e.g., T1190 for exploiting public-facing apps). Impact: What could happen if the attack succeeds, like data theft, system takeover, or financial loss. Detection Method: Ways to spot the attack, such as checking logs or monitoring unusual activity. Solution: Practical steps to prevent or fix the issue, like using secure coding or stronger encryption. Tags: Keywords to help search and categorize entries (e.g., SQLi, WebSecurity, SatelliteSpoofing). Source: Where the information comes from, like OWASP, MITRE ATT&CK, or Space-ISAC.

Cybersecurity Domains Covered The dataset organizes cybersecurity into 26 key areas:

AI / ML Security

AI Agents & LLM Exploits

AI Data Leakage & Privacy Risks

Automotive / Cyber-Physical Systems

Blockchain / Web3 Security

Blue Team (Defense & SOC)

Browser Security

Cloud Security

DevSecOps & CI/CD Security

Email & Messaging Protocol Exploits

Forensics & Incident Response

Insider Threats

IoT / Embedded Devices

Mobile Security

Network Security

Operating System Exploits

Physical / Hardware Attacks

Quantum Cryptography & Post-Quantum Threats

Red Team Operations

Satellite & Space Infrastructure Security

SCADA / ICS (Industrial Systems)

Supply Chain Attacks

Virtualization & Container Security

Web Application Security

Wireless Attacks

Zero-Day Research / Fuzzing

Why Is This Dataset Important? Cybersecurity is more critical than ever as our world relies on technology for everything from banking to space exploration. This dataset is a one-stop resource to understand:

What threats exist: From simple web attacks to complex satellite hacks. How attacks work: Clear explanations of how hackers exploit weaknesses. How to stay safe: Practical solutions to prevent or stop attacks. Future risks: Insight into emerging threats like AI manipulation or quantum attacks. It’s a bridge between technical details and real-world applications, making cybersecurity accessible to everyone.

Potential Uses This dataset can be used in many ways, whether you’re a beginner or an expert:

Learning and Education: Students can explore how cyber attacks work and how to defend against them. Threat Intelligence: Security teams can identify common attack patterns and prepare better defenses. Security Planning: Businesses and governments can use it to prioritize protection for critical systems like satellites or cloud infrastructure. Machine Learning: Data scientists can train models to detect threats or predict vulnerabilities. Incident Response Training: Practice responding to cyber incidents, from web hacks to satellite tampering.

Ethical Considerations Purpose: The dataset is for educational and research purposes only, to help improve cybersecurity knowledge and de...

We present a novel, cutting-edge, large-scale multiclass dataset to improve the security of network cognition of suspicious traffic in networks. The proposed newly generated dataset contains up-to-date samples and features available to the public to help reduce the effect of upcoming cyberattacks with machine learning methods. Specifically, 6 million traffic samples with 60 features are collected and organized into two balanced classes: 50% normal traffic and 50% anomaly (attack) traffic. Furthermore, the anomaly traffic is composed of 15 different attacks, including the MITM-ARP-SPOOFING attack, SSH-BRUTE FORCE attack, FTP-BRUTE FORCE attack, DDOS-ICMP attack, DDOS-RAWIP attack, DDOS-UDP attack, DOS attack, EXPLOITING-FTP attack, FUZZING attack, ICMP FLOOD attack, SYN-FLOOD attack, PORT SCANNING attack, REMOTE CODE EXECUTION attack, SQL INJECTION attack, and XSS attack.

For more information about the dataset, please read and cite our research articles: Q. A. Al-Haija, Z. Masoud, A. Yasin, K. Alesawi and Y. Alkarnawi, "Revolutionizing Threat Hunting in Communication Networks: Introducing a Cutting-Edge Large-Scale Multiclass Dataset," 2024 15th International Conference on Information and Communication Systems (ICICS), Irbid, Jordan, 2024, pp. 1-5, doi: 10.1109/ICICS63486.2024.10638287. (https://ieeexplore.ieee.org/document/10638287)

Q. A. Al-Haija, Z. Masoud, A. Yasin, K. Alesawi, and Y. Alkarnawi. End-to-End Threat Hunting with a Novel Multiclass Dataset for Intelligent Intrusion Detection. TechRxiv. August 07, 2025. DOI: 10.36227/techrxiv.175459955.56010835/v1 (https://doi.org/10.36227/techrxiv.175459955.56010835/v1)

Database Firewall Market Outlook

According to our latest research, the global database firewall market size reached USD 2.18 billion in 2024. The market has demonstrated robust growth, registering a CAGR of 15.7% from 2025 to 2033. By 2033, the database firewall market is forecasted to achieve a valuation of USD 7.65 billion. This impressive growth trajectory is primarily driven by the escalating frequency and sophistication of cyberattacks targeting critical business data, compelling organizations across the globe to invest in advanced database security solutions. The rising adoption of digital transformation initiatives, cloud computing, and regulatory compliance requirements further accelerate the demand for database firewalls as a pivotal layer of security infrastructure.

A key growth factor for the database firewall market is the surge in data breaches and cyber threats that specifically target databases, which house sensitive and mission-critical information. Organizations are under increasing pressure to secure their data assets from both external hackers and insider threats. The proliferation of ransomware, SQL injection attacks, and advanced persistent threats (APTs) has made traditional security measures insufficient, leading to a sharp uptick in the deployment of database firewalls. These solutions offer real-time monitoring, threat detection, and policy enforcement capabilities that are essential for modern enterprises to maintain data integrity and customer trust in an evolving threat landscape.

Another significant driver is the stringent regulatory environment that mandates robust data protection practices across various industries. Regulations such as the General Data Protection Regulation (GDPR) in Europe, the Health Insurance Portability and Accountability Act (HIPAA) in the US, and other regional compliance standards require organizations to adopt comprehensive security controls, including database firewalls. Non-compliance can result in hefty fines and reputational damage, prompting companies to prioritize investments in database security technologies. Additionally, the growing trend of remote work and the widespread adoption of cloud-based applications have expanded the attack surface, further necessitating advanced database firewall solutions to safeguard distributed data environments.

Technological advancements and the integration of artificial intelligence (AI) and machine learning (ML) into database firewall solutions are also fueling market expansion. Modern database firewalls are now equipped with intelligent anomaly detection, automated threat response, and adaptive learning capabilities, enabling proactive defense against emerging threats. The demand for scalable, easy-to-deploy, and centrally managed solutions is particularly high among organizations looking to future-proof their data security infrastructure. As enterprises continue to digitize their operations and embrace cloud-native architectures, the role of database firewalls in ensuring end-to-end data protection is expected to become even more critical.

From a regional perspective, North America remains the largest and most mature market for database firewalls, accounting for 38% of global revenue in 2024. This dominance is attributed to the high concentration of technology-driven enterprises, stringent regulatory frameworks, and early adoption of advanced security solutions. However, Asia Pacific is emerging as the fastest-growing region, propelled by rapid digitalization, increasing awareness about cybersecurity, and significant investments in IT infrastructure. Europe also holds a substantial share, driven by strong data protection laws and a growing emphasis on enterprise security. Latin America and the Middle East & Africa are witnessing steady growth, supported by government initiatives and rising cyber threat awareness, albeit from a lower base.

Component Analysis

The component segment of the database firewall market is categorized into software, hardware, and services, each playing a vital role in shaping the industry landscape. Software solutions dominate the segment, accounting for the largest market share, as organizations prioritize flexible, scalable, and feature-rich platforms to secure their databases. Database firewall software offers comprehensive functionalities such as real-time monitoring, threat analytics, policy management, and automated alerts, making it the preferred choice

Labels of normal and attack classes in the CICIDS-2017 dataset.

Dynamic Application Security Testing Market was valued at USD 2687.63 Million in 2023 and is projected to reach USD 39.86 Billion by 2031, growing at a CAGR of 24.71% from 2024 to 2031.

Dynamic Application Security Testing Market: Definition/ Overview

Dynamic Application Security Testing (DAST) serves as a digital security guard for your online apps. It uses real-world attacker strategies to find flaws in your application's security. Imagine someone attempting to break into your home; DAST performs the same for your program but virtually. DAST tools interact with your running application to analyze its behavior and responses to various inputs. They often look for popular vulnerabilities such as SQL injection (injecting malicious code into database queries) and cross-site scripting (injecting scripts to steal user data). DAST assists in identifying weaknesses before they are exploited by real hackers.

Dynamic Application Security Testing (DAST) serves as a digital watchdog over your online apps and APIs. It replicates real-world attacks demonstrating how hackers could exploit flaws. DAST identifies vulnerabilities in operating applications that static code analysis techniques may overlook. These can include standard security issues such as SQL injection (database manipulation) and cross-site scripting (malicious code injection).

Artificial intelligence (AI) will play a larger role in DAST improving accuracy and efficiency. AI may learn from previous weaknesses and attack patterns making it better at recognizing new threats. Additionally, AI can automate processes such as selecting vulnerabilities based on severity allowing security professionals to focus on complicated issues. As APIs become the foundation of modern systems, DAST will evolve to uncover vulnerabilities particular to APIs. This is vital since a hacked API can reveal sensitive information or interrupt critical functions.