This archive contains the files submitted to the 4th International Workshop on Data: Acquisition To Analysis (DATA) at SenSys. Files provided in this package are associated with the paper titled "Dataset: Analysis of IFTTT Recipes to Study How Humans Use Internet-of-Things (IoT) Devices"

With the rapid development and usage of Internet-of-Things (IoT) and smart-home devices, researchers continue efforts to improve the ''smartness'' of those devices to address daily needs in people's lives. Such efforts usually begin with understanding evolving user behaviors on how humans utilize the devices and what they expect in terms of their behavior. However, while research efforts abound, there is a very limited number of datasets that researchers can use to both understand how people use IoT devices and to evaluate algorithms or systems for smart spaces. In this paper, we collect and characterize more than 50,000 recipes from the online If-This-Then-That (IFTTT) service to understand a seemingly straightforward but complicated question: ''What kinds of behaviors do humans expect from their IoT devices?'' The dataset we collected contains the basic information of the IFTTT rules, trigger and action event, and how many people are using each rule.

For more detail about this dataset, please refer to the paper listed above.

IoT-23 is a dataset of network traffic from Internet of Things (IoT) devices. It has 20 malware captures executed in IoT devices, and 3 captures for benign IoT devices traffic. It was first published in January 2020, with captures ranging from 2018 to 2019. These IoT network traffic was captured in the Stratosphere Laboratory, AIC group, FEL, CTU University, Czech Republic. Its goal is to offer a large dataset of real and labeled IoT malware infections and IoT benign traffic for researchers to develop machine learning algorithms. This dataset and its research was funded by Avast Software. The malware was allow to connect to the Internet.

This dataset is comprised of NetFlow records, which capture the outbound network traffic of 8 commercial IoT devices and 5 non-IoT devices, collected during a period of 37 days in a lab at Ben-Gurion University of The Negev. The dataset was collected in order to develop a method for telecommunication providers to detect vulnerable IoT models behind home NATs. Each NetFlow record is labeled with the device model which produced it; for research reproducibilty, each NetFlow is also allocated to either the "training" or "test" set, in accordance with the partitioning described in:

Y. Meidan, V. Sachidananda, H. Peng, R. Sagron, Y. Elovici, and A. Shabtai, A novel approach for detecting vulnerable IoT devices connected behind a home NAT, Computers & Security, Volume 97, 2020, 101968, ISSN 0167-4048, https://doi.org/10.1016/j.cose.2020.101968. (http://www.sciencedirect.com/science/article/pii/S0167404820302418)

Please note:

• The dataset itself is free to use, however users are requested to cite the above-mentioned paper, which describes in detail the research objectives as well as the data collection, preparation and analysis.
• Following is a brief description of the features used in this dataset.

# NetFlow features, used in the related paper for analysis

'FIRST_SWITCHED': System uptime at which the first packet of this flow was switched
'IN_BYTES': Incoming counter for the number of bytes associated with an IP Flow
'IN_PKTS': Incoming counter for the number of packets associated with an IP Flow
'IPV4_DST_ADDR': IPv4 destination address
'L4_DST_PORT': TCP/UDP destination port number
'L4_SRC_PORT': TCP/UDP source port number
'LAST_SWITCHED': System uptime at which the last packet of this flow was switched
'PROTOCOL': IP protocol byte (6: TCP, 17: UDP)
'SRC_TOS': Type of Service byte setting when there is an incoming interface
'TCP_FLAGS': Cumulative of all the TCP flags seen for this flow

# Features added by the authors

'IP': Prefix of the destination IP address, representing the network (without the host)
'DURATION': Time (seconds) between first/last packet switching

# Label
'device_model':

# Partition
'partition': Training or test

# Additional NetFlow features (mostly zero-variance)
'SRC_AS': Source BGP autonomous system number
'DST_AS': Destination BGP autonomous system number
'INPUT_SNMP': Input interface index
'OUTPUT_SNMP': Output interface index
'IPV4_SRC_ADDR': IPv4 source address
'MAC': MAC address of the source

# Additional data
'category': IoT or non-IoT
'type': IoT, access_point, smartphone, laptop
'date': Datepart of FIRST_SWITCHED
'inter_arrival_time': Time (seconds) between successive flows of the same device (identified by its MAC address)

Aposemat IoT-23 - a Labeled Dataset with Malcious and Benign Iot Network Traffic

Homepage: https://www.stratosphereips.org/datasets-iot23 This dataset contains a subset of the data from 20 captures of Malcious network traffic and 3 captures from live Benign Traffic on Internet of Things (IoT) devices. Created by Sebastian Garcia, Agustin Parmisano, & Maria Jose Erquiaga at the Avast AIC laboratory with the funding of Avast Software, this dataset is one of the best in the field for… See the full description on the dataset page: https://huggingface.co/datasets/19kmunz/iot-23-preprocessed-minimumcolumns.

About This Dataset

This dataset is based on the famous IoT-23 dataset, originally created by the Stratosphere Laboratory.

IoT-23 contains labeled network traffic captures (PCAPs) of Internet of Things (IoT) devices performing both benign and malicious activities, such as botnet attacks, scans, and normal operations.

In this version, the original IoT-23 dataset has been preprocessed and converted into 23 separate CSV files, where: - Each CSV file corresponds to one capture from the original dataset. - The CSVs contain structured network flow data along with labels for benign and malicious traffic. - Preprocessing was done to make the data more accessible for machine learning and data analysis tasks without needing to manually process PCAP files.

Features

• 23 CSV files (one for each capture)
• Each file contains:
• ts
• uid
• id.orig_h
• id.orig_p
• id.resp_h
• id.resp_p
• proto
• service
• duration
• orig_bytes
• resp_bytes
• conn_state
• local_orig
• local_resp
• missed_bytes
• history
• orig_pkts
• orig_ip_bytes
• resp_pkts
• resp_ip_bytes

• tunnel_parents label detailed-label

• The last column contains 3 features and needs to be processed and made into separate columns

Acknowledgements

Thanks to the Stratosphere IPS team for developing the IoT-23 dataset.

The number of Internet of Things (IoT) devices worldwide is forecast to more than double from 19.8 billion in 2025 to more than 40.6 billion IoT devices by 2034. In 2034, the highest number of IoT devices will be found in China, with around 7.51 billion consumer devices. IoT devices are used in all types of industry verticals and consumer markets, with the consumer segment accounting for around 60 percent of all IoT or connected devices in 2025. This share is projected to stay at this level over the next ten years. Major verticals and use cases Major industry verticals with currently more than 100 million connected IoT devices are electricity, gas, steam & A/C, water supply & waste management, retail & wholesale, transportation & storage, and government. Overall, the number of IoT devices across all industry verticals is forecast to grow to more than eight billion by 2033. Major use-cases The most important use case for IoT devices in the consumer segment are consumer internet & media devices such as smartphones, where the number of IoT devices is forecast to grow to more than 17 billion by 2033. Other use cases with more than one billion IoT devices by 2033 are connected (autonomous) vehicles, IT infrastructure, asset tracking & monitoring, and smart grid.

With the growing interest in Internet of Things (IoT) devices, a number of communication protocols have been developed to support a variety of IoT use cases. One promising communication paradigm that has been widely adopted in the IoT is the publish-subscribe pattern, which is supported by a number of messaging protocols such as MQTT, AMQP, and XMPP. Due to the diversity of IoT device types, an IoT application may communicate with IoT devices using a variety of messaging protocols, software frameworks, and strategies. To this extent, it becomes critical to determine the robustness of components responsible for message delivery (i.e., message brokers). We conduct a comparative study of the MQTT protocol's performance in this paper, comparing performance variables across a range of payload sizes and security levels. Preliminary results indicate that when the payload size remains small, using higher security levels does not result in significant latency overheads. Additionally, we discovered that implementing mutual authentication via Transport Layer Security (TLS) has no effect on MQTT response times in persistent connections when compared to using the default security level, which authenticates only the server.

IoT-FSCIT is a dataset collected for research purposes. This dataset contains statistical features for five distinct IoT devices data, collected over six weeks at laboratory in Universiti Malaya.

Article Information

The work involved in developing the dataset and benchmarking its use of machine learning is set out in the article ‘IoMT-TrafficData: Dataset and Tools for Benchmarking Intrusion Detection in Internet of Medical Things’. DOI: 10.1109/ACCESS.2024.3437214.

Please do cite the aforementioned article when using this dataset.

Abstract

The increasing importance of securing the Internet of Medical Things (IoMT) due to its vulnerabilities to cyber-attacks highlights the need for an effective intrusion detection system (IDS). In this study, our main objective was to develop a Machine Learning Model for the IoMT to enhance the security of medical devices and protect patients’ private data. To address this issue, we built a scenario that utilised the Internet of Things (IoT) and IoMT devices to simulate real-world attacks. We collected and cleaned data, pre-processed it, and provided it into our machine-learning model to detect intrusions in the network. Our results revealed significant improvements in all performance metrics, indicating robustness and reproducibility in real-world scenarios. This research has implications in the context of IoMT and cybersecurity, as it helps mitigate vulnerabilities and lowers the number of breaches occurring with the rapid growth of IoMT devices. The use of machine learning algorithms for intrusion detection systems is essential, and our study provides valuable insights and a road map for future research and the deployment of such systems in live environments. By implementing our findings, we can contribute to a safer and more secure IoMT ecosystem, safeguarding patient privacy and ensuring the integrity of medical data.

ZIP Folder Content

The ZIP folder comprises two main components: Captures and Datasets. Within the captures folder, we have included all the captures used in this project. These captures are organized into separate folders corresponding to the type of network analysis: BLE or IP-Based. Similarly, the datasets folder follows a similar organizational approach. It contains datasets categorized by type: BLE, IP-Based Packet, and IP-Based Flows.

To cater to diverse analytical needs, the datasets are provided in two formats: CSV (Comma-Separated Values) and pickle. The CSV format facilitates seamless integration with various data analysis tools, while the pickle format preserves the intricate structures and relationships within the dataset.

This organization enables researchers to easily locate and utilize the specific captures and datasets they require, based on their preferred network analysis type or dataset type. The availability of different formats further enhances the flexibility and usability of the provided data.

Datasets' Content

Within this dataset, three sub-datasets are available, namely BLE, IP-Based Packet, and IP-Based Flows. Below is a table of the features selected for each dataset and consequently used in the evaluation model within the provided work.

Identified Key Features Within Bluetooth Dataset

Identified Key Features Within IP-Based Packets Dataset

Identified Key Features Within IP-Based Flows Dataset

This experimental dataset contains IoT-based data collected through Long Range Wide Area Network (LoRaWAN) commercial devices in a tomato (Solanum lycopersicum L. cv. HEINZ 1301) cultivation located at the “Azienda Sperimentale Stuard” in Parma, Italy (lat: 44.80787, lon: 10.27467), and data generated by the Agriware platform.

More in detail, the IoT-based irrigation system located in the “Azienda Sperimentale Stuard” to manage the watering of the tomato crop has been organized with 3 experimental lines associated with 3 different watering regimes: (i) Line #1 was irrigated with a water quantity equal to the recommendation of the Italian “Irriframe” platform (https://www.irriframe.it/); (ii) Line #2 was irrigated with a water quantity equal to the 60% of Line #1; (iii) Line #3 was irrigated with a water quantity equal to the 30% of Line #1.

The dataset is composed of 4 CSV files. Three of these files contain the following information, generated by IoT devices (environmental sensor, water meters, and soil sensors) and sampled every 10 minutes: timestamp; device identifier; air moisture and temperature; carbon dioxide (CO2) level; barometric pressure; battery percentage; tomato line identifier; water volume; soil electrical conductivity, moisture, and temperature. The remaining CSV file contains daily values of agronomic indicators, calculated through the Agriware platform mainly using the average daily air temperature values, such as: the daily values of Growing Degree Days (GDD) and Heat Units (namely: standard day degree, daily mean temperature, daily maximum temperature above T_base, daily maximum temperature, daily maximum temperature above T_base with reduction of T_cutoff, Ontario units.)

A complete description of the CSV file can be found in the README.txt file.

The dataset has been generated in the context of the following two projects: (i) Agritech - “National Research Centre for Agricultural Technologies,” project code CN00000022, funded under the National Recovery and Resilience Plan (NRRP), Mission 4 Component 2 Investment 1.4 - Call for tender no. 3138 of 16/12/2021 of Italian Ministry of University and Research funded by the European Union – NextGenerationEU, Concession Decree no. 1032 of 17/06/2022 adopted by the Italian Ministry of University and Research; and (ii) SMALLDERS - “Smart Models for Agrifood Local vaLue chain based on Digital technologies for Enabling covid-19 Resilience and Sustainability,” co-funded by the PRIMA Program - Section 2 Call multi-topics 2021, through the following National Authorities: Ministry of Universities and Research (MUR, Italy), State Research Agency (AEI, Spain), Agence Nationale de la Recherche (ANR, France), Ministry of Higher Education and Scientific Research (Tunisia). The dataset reflects only the authors’ views; the European Commission is not responsible for any use that may be made of the information it contains.

This dataset presents network traffic traces data of the 14 D-Link IoT devices from different types including camera, network camera, smart-plug, door-window sensor, and home-hub. It consists of:

• Network packet traces (inbound and outbound traffic) and
• IEEE 802.11 MAC frame traces.

The experimental testbed was set-up in the Network Systems and Signal Processing (NSSP) laboratory at Universiti Brunei Darussalam (UBD) to collect all the network traffic traces from 9th September 2020 to 10th January 2021 including an access point on a laptop. The network traffic traces were captured passively observing the Ethernet interface and the WiFi interface at the access point.

In packet traces, typical communication protocols, such as TCP, UDP, IP, ICMP, ARP, DNS, SSDP, TLS/SSL etc, data are captured which IoT devices use for communication on the Internet. In the probe request frame (a subtype of management frames) traces, data are recorded which IoT devices use to connect access point on the local area network.

The authors would like to thank the Faculty of Integrated Technologies, Universiti Brunei Darussalam, for the support to conduct this research experiment in the Network Systems and Signal Processing laboratory.

Big Data in Internet of Things (IoT) Market Outlook

The global Big Data in Internet of Things (IoT) market size is projected to grow from USD 50 billion in 2023 to USD 220 billion by 2032, exhibiting a CAGR of 18% during the forecast period. This robust growth can be attributed to the increasing adoption of IoT devices and the subsequent data generation, necessitating advanced analytics to drive business insights and operational efficiencies.

One of the primary growth factors driving the Big Data in IoT market is the exponential increase in connected devices. As the number of IoT devices continues to surge globally, the volume of data generated is also growing at a staggering rate. This data is invaluable for businesses seeking to enhance their operations, customer experiences, and product innovations. Additionally, advancements in machine learning and AI technologies have significantly improved the ability to analyze and derive actionable insights from large datasets, further fueling market growth. Moreover, the reduction in IoT sensor costs has made it economically viable for more industries to integrate IoT into their operations, thereby expanding the market's scope.

Another significant growth factor is the increasing emphasis on real-time analytics. In various sectors such as healthcare, transportation, and retail, the ability to analyze data in real-time can lead to immediate operational improvements and decision-making efficiencies. For instance, in healthcare, real-time data analytics can enhance patient monitoring and predictive maintenance of medical equipment. Similarly, in transportation, it can optimize route planning and fleet management. The push towards real-time analytics is driving the demand for advanced Big Data solutions capable of processing and analyzing data instantaneously.

Furthermore, regulatory support and government initiatives promoting smart cities and digital transformation are propelling market growth. Governments worldwide are investing heavily in smart city projects, which rely on extensive IoT networks to manage urban infrastructure efficiently. These initiatives not only generate vast amounts of data but also require sophisticated Big Data analytics to ensure operational efficacy, safety, and sustainability. Additionally, the adoption of 5G technology is expected to accelerate IoT deployments, leading to even more data generation and the need for robust analytics solutions.

Regionally, North America is anticipated to dominate the Big Data in IoT market due to the presence of major technology companies, a highly developed IoT ecosystem, and significant investments in R&D. Europe is also expected to witness substantial growth, driven by smart city initiatives and stringent data protection regulations. Meanwhile, the Asia Pacific region is projected to experience the highest CAGR, fueled by rapid industrialization, urbanization, and increasing adoption of IoT technologies in countries like China and India.

Component Analysis

The Big Data in IoT market is segmented into software, hardware, and services. The software segment, encompassing data analytics platforms, advanced analytics tools, and AI-driven solutions, is expected to hold the largest market share. This dominance is due to the critical role that software solutions play in analyzing and deriving actionable insights from the massive volumes of data generated by IoT devices. Data analytics platforms enable businesses to process, analyze, and visualize data, thereby facilitating informed decision-making and strategic planning.

The hardware segment, which includes IoT sensors, gateways, and other connected devices, is also anticipated to witness significant growth. IoT sensors are essential for data collection, while gateways facilitate the communication between devices and data processing units. The continuous advancements in sensor technology and the reduction in costs are making hardware components more affordable and efficient, further driving their adoption across various industries. Additionally, the integration of edge computing capabilities in hardware devices is enhancing their ability to process data locally, reducing latency, and improving real-time analytics.

Services, including consulting, deployment, integration, and maintenance services, form another crucial segment of the Big Data in IoT market. As organizations increasingly adopt IoT solutions, they require expert guidance to implement and optimize these technologies effectively. Consulting services help businesses develop IoT strategies and identify suitable s

Internet of Things (IoT) devices are growing constantly in numbers, being forecasted to reach 27 billions in 2025. With such a large number of connected devices, the energy consumption concerns are a major priority for the upcoming years. Cloud / edge / fog computing are critically associated with IoT devices as enablers for data communication and coordination among devices. In this paper, we look at the distribution of semantic reasoning between different IoT devices and define a new class of reasoning, multi-step reasoning that can be associated at the level of the edge or fog node in the context of an IoT cloud / edge / fog computing topology. We conduct an experiment based on synthetic datasets to evaluate the performance of multi-step reasoning in terms of power consumption and other metrics. Overall we found that multi-step reasoning can help in reducing computation time and energy consumption on IoT devices in presence of larger datasets.

building IoT IDS requires the availability of datasets to process

Air Quality (AQ) is a very topical issue for many cities and has a direct impact on the health of its citizens. We propose to investigate the air quality of a large UK city using low-cost commodity Particulate Matter (PM) sensors, and compare them with government operated air quality stations. In this pilot deployment we design and build six AQ IoT devices, each with four different low-cost PM sensors and deploy them at two locations within the city. These devices are equipped with LoRaWAN wireless network transceivers to test city scale Low-Power Wide-Area Network network coverage. We conclude that some low-cost PM sensors are viable for monitoring AQ and demonstrate that our device design can be used via LoRaWAN to facilitate more granular city coverage without limitations of network access. Based on these findings we intend to deploy a larger LoRaWAN enabled Air Quality sensor network deployment across the city.

This dataset includes two labeled CSV files generated to evaluate Distributed Denial-of-Service (DDoS) detection and mitigation techniques in healthcare-IoT (H-IoT) environments. The datasets are generated from simulations of network traffic involving H-IoT devices, such as body temperature, oxygen saturation, and heart rate sensors, using the MQTT and UDP protocols via the Cooja and ns-3 simulators.

The research article "TCN-Based DDoS Detection and Mitigation in 5G Healthcare-IoT: A Frequency Monitoring and Dynamic Threshold Approach" utilizes these datasets, published in IEEE Access (DOI: 10.1109/ACCESS.2025.3531659).

Each file contains tabular features representing H-IoT node behavior and an outcome column indicating whether the sample is normal (0) or an attack (1).

Preprocessing scripts and raw data are available at: https://github.com/mirzaakhi/UL-ECE-DDoS-H-IoT-Datasets2025

including some laptops or smart phones

The exponential growth of the Internet of Things (IoT) devices provides a large attack surface for intruders to launch more destructive cyber-attacks. The intruder aimed to exhaust the target IoT network resources with malicious activity. New techniques and detection algorithms required a well-designed dataset for IoT networks. We proposed a new dataset, namely IoTID20, generated dataset from [1]. The new IoT botnet dataset has a more comprehensive network and flow-based features. The flow-based feature can be used to analyze and evaluate a flow-based intrusion detection system. Our proposed IoT botnet dataset will provide a reference point to identify anomalous activity across the IoT networks. The IoT Botnet dataset can be accessed from [2]. The new IoTID20 dataset will provide a foundation for the development of new intrusion detection techniques in IoT networks.

The data set includes the characteristics of several smart-city implementation projects including project architecture and different IoT devices and components included in smart city projects.

Ethical ref# 204520231/2023/3The research involved designing and testing a narrow-band IoT Delay-Tolerant Network (NB-IoTDTN) to enhance resilience against Distributed Denial-of-Service (DDoS) attacks. The data consisted of simulated network traffic and performance metrics collected from a testbed environment, which was built using Raspberry Pi nodes connected in a K3s edge cluster. The nodes were configured to run containerized environments using Cilium CNI for secure and observable networking.Type of Data: The collected data included network performance metrics such as latency, jitter, packet loss, throughput, and system logs detailing DDoS attack attempts and mitigations. This data was captured using monitoring tools like Grafana and Prometheus.Data Collection: Network traffic, including normal and DDoS-attack scenarios, was simulated using UERANSIM and Open5GS to replicate the interaction between NB-IoT devices and the core network. Data was collected continuously during these simulations to monitor the network's ability to maintain performance under attack conditions.Usage of Data: The data was used to evaluate the effectiveness of the NB-IoTDTN architecture in mitigating the impact of DDoS attacks. Key metrics such as system uptime, data packet delivery rates, and service continuity under attack conditions were analyzed.Outcome: The findings from this data indicated that the NB-IoTDTN architecture significantly improved the network's resilience by maintaining service continuity during DDoS scenarios. The lightweight security protocols designed for resource-constrained devices showed effectiveness with minimal computational overhead. The data demonstrated improved performance in maintaining network functionality even under high-traffic conditions caused by DDoS attacks.