The number of Internet of Things (IoT) cyber attacks worldwide amounted to over *** million in 2022. Over the recent years, this figure has increased significantly from around ** million detected cases in 2018. In the latest measured year, the year-over-year increase in the number of Internet of Things (IoT) malware incidents was ** percent.

The number of Internet of Things (IoT) attacks in the world reached over ***** million in December 2022. However, in the same month of 2021, the number of reported IoT attacks dropped to nearly ***********. The highest number of monthly attacks was detected in June 2022, with approximately ** million attacks.

Overview

The RT-IoT2022, a proprietary dataset derived from a real-time IoT infrastructure, is introduced as a comprehensive resource integrating a diverse range of IoT devices and sophisticated network attack methodologies. This dataset encompasses both normal and adversarial network behaviours, providing a general representation of real-world scenarios. Incorporating data from IoT devices such as ThingSpeak-LED, Wipro-Bulb, and MQTT-Temp, as well as simulated attack scenarios involving Brute-Force SSH attacks, DDoS attacks using Hping and Slowloris, and Nmap patterns, RT-IoT2022 offers a detailed perspective on the complex nature of network traffic. The bidirectional attributes of network traffic are meticulously captured using the Zeek network monitoring tool and the Flowmeter plugin. Researchers can leverage the RT-IoT2022 dataset to advance the capabilities of Intrusion Detection Systems (IDS), fostering the development of robust and adaptive security solutions for real-time IoT networks.

Introductory Paper Quantized autoencoder (QAE) intrusion detection system for anomaly detection in resource-constrained IoT devices using RT-IoT2022 dataset By B. S. Sharmila, Rohini Nagapadma. 2023 Published in Cybersecurity

Variable Table available here: https://archive.ics.uci.edu/dataset/942/rt-iot2022

Column Details: id.orig_p id.resp_p proto service flow_duration fwd_pkts_tot bwd_pkts_tot fwd_data_pkts_tot bwd_data_pkts_tot fwd_pkts_per_sec bwd_pkts_per_sec flow_pkts_per_sec down_up_ratio fwd_header_size_tot fwd_header_size_min fwd_header_size_max bwd_header_size_tot bwd_header_size_min bwd_header_size_max flow_FIN_flag_count flow_SYN_flag_count flow_RST_flag_count fwd_PSH_flag_count bwd_PSH_flag_count flow_ACK_flag_count fwd_URG_flag_count bwd_URG_flag_count flow_CWR_flag_count flow_ECE_flag_count fwd_pkts_payload.min fwd_pkts_payload.max fwd_pkts_payload.tot fwd_pkts_payload.avg fwd_pkts_payload.std bwd_pkts_payload.min bwd_pkts_payload.max bwd_pkts_payload.tot bwd_pkts_payload.avg bwd_pkts_payload.std flow_pkts_payload.min flow_pkts_payload.max flow_pkts_payload.tot flow_pkts_payload.avg flow_pkts_payload.std fwd_iat.min fwd_iat.max fwd_iat.tot fwd_iat.avg fwd_iat.std bwd_iat.min bwd_iat.max bwd_iat.tot bwd_iat.avg bwd_iat.std flow_iat.min flow_iat.max flow_iat.tot flow_iat.avg flow_iat.std payload_bytes_per_second fwd_subflow_pkts bwd_subflow_pkts fwd_subflow_bytes bwd_subflow_bytes fwd_bulk_bytes bwd_bulk_bytes fwd_bulk_packets bwd_bulk_packets fwd_bulk_rate bwd_bulk_rate active.min active.max active.tot active.avg active.std idle.min idle.max idle.tot idle.avg idle.std fwd_init_window_size bwd_init_window_size fwd_last_window_size Attack_type

Class Labels

The Dataset contains both Attack patterns and Normal Patterns. Attacks patterns Details: 1. DOS_SYN_Hping------------------------94659 2. ARP_poisioning--------------------------7750 3. NMAP_UDP_SCAN--------------------2590 4. NMAP_XMAS_TREE_SCAN--------2010 5. NMAP_OS_DETECTION-------------2000 6. NMAP_TCP_scan-----------------------1002 7. DDOS_Slowloris------------------------534 8. Metasploit_Brute_Force_SSH---------37 9. NMAP_FIN_SCAN---------------------28 Normal Patterns Details:

1. MQTT -----------------------------------8108
2. Thing_speak-----------------------------4146
3. Wipro_bulb_Dataset-------------------253

IOT BENIGN AND ATTACK TRACES

Data Collected for ACM SOSR 2019 Attack & Benign Data Instructions Flow data contains flow counters of MUD flow, each instance in the file are collected every one minute. Annotations contains information about the start, end time of the attack and corresponsing MUD flows that are impacted through the Attack. More information about the device and the attacker can be found in here Below is an example of the annotations from the Samsung smart camera. eg: "1527838552,1527839153,Localfeatures|Arpfeatures,ArpSpoof100L2D" The above line indicates that the start time of the attack to be 1527838552 and end time is 1527839153. "Localfeatures|Arpfeatures" explains that it should impact the local communication and ARP protocol. "ArpSpoof100L2D" means that the attack was arpspoof lauched with the maximum rate of 100 packets per seconds. In order to identify the attack rows in flow stats you can use below condition. "if (flowtime >= startTime*1000 and endTime*1000>=flowtime) then attack = true" -- This corresponds to the line 4470 to 4479 in the samsung smart camera.

Cite our data A. Hamza, H. Habibi Gharakheili, T. Benson, V. Sivaraman, "Detecting Volumetric Attacks on IoT Devices via SDN-Based Monitoring of MUD Activity", ACM SOSR, San Jose, California, USA, Apr 2019.

Source code https://github.com/ayyoob/mud-ie

Contact ayyoobhamza@student.unsw.edu.au

In 2022, almost a third of cyber attacks targeting IoT devices were aimed at a denial of service, while the outcome pursued by nearly 30 percent of them was overflow. The number of IoT devices worldwide is forecast to be close to 30 billion in 2030.

Context

This is a dataset of DDoS Botnet attacks from IOT devices.

Content

Contains all features about packets from bots.

Inspiration:

For making DDoS attack preventable.

Dragon_Pi

For a more in depth description of the Dragon_Pi dataset, please consult the journal article of the same name:

Lightbody et al., Future Internet, 2024, https://doi.org/10.3390/fi16030088 - specifically Section 3.2: Dataset Overview.

Dragon_Pi is an intrusion detection dataset for IoT devices. In the field of IoT security there are few datasets, and those which do exist tend to focus solely on network traffic. The Dragon_Pi dataset seeks to provide not only more data for the field of IoT security, but also, data of a somewhat under-published type: linear time series power consumption data.

Dragon_Pi is a fully labelled Intrusion Detection dataset for IoT devices. It is composed of both normal and under-attack power consumption data obtained from two separate testbeds - one using a DragonBoard 410c and the other a Raspberry Pi Model 3 - Hence the moniker Dragon_Pi.

These testbeds were set up with predefined normal behavour as described in the attached publications. The normal linear time series power consumption was sampled from the testbed under these normal conditions. Both testbeds were then attacked using some common attacks on IoT - the linear time series power consumption captured under these condtions as well.

Specifically, the testbeds were subjected to the Port Scan (using Nmap), SSH Brute Force (using Hydra) and SYNFlood Denial of Service (using Hping3) attacks. These attacks were repeated to gain insight to what their signatures looked like and also how varying the tool settings effected the resultant signature. A fourth type of scenario was also conducted on the testbeds - the "Capture the Flag" scenarios. In these files multiple attack types were used with a more specific target - to exfiltrate a hidden file from the testbeds.

Each file has three hierarchical levels of annotation for each sample within:

A simple "Normal or Anomaly" label for the specific sample

A specifc attack type label e.g. "SSH Bruteforce", for the specific sample

A specific tool setting for that attack e.g. "Hydra_T16", for the specific sample

Users can decide for themselves what level of annotation they require for their specific task.

Each file in the Dragon_Pi dataset is accompanied by its own legend file. This file explains the contents of the specific .csv file and the specific indexes of the events within.

The Dragon_Pi dataset consists of approximately 67 files, as shown in Table 1. Compressed, the datset totals approximately 13GB. Completely decompressed the dataset is approximately 80GB ( 30GB Pi data, 50 GB Dragon data).

Label Type Specific Label Number of Files DragonBoard 410c Number of Files Raspberry Pi

Normal Normal 3 2

Port Scan Attack Nmap_T5 2 1

Nmap_T4 1 1

Nmap_T3 1 1

Nmap_T2 1 1

SSH Brute Force Hydra_T32 4 2

Hydra_T16 16 2

Hydra_T3 8 2

Hydra_T1 5 2

SYNFlood DOS SYNFlood DOS 1 1

Capture the Flag Misc Attacks 3 5

Table 1. Enumeration of the in the Dragon_Pi dataset.

For a more in depth description of the Dragon_Pi dataset, please consult the journal article of the same name:

Lightbody et al., Future Internet, 2024, https://doi.org/10.3390/fi16030088 - specifically Section 3.2: Dataset Overview.

Publication of this dataset:

This dataset was published in Lightbody et al., Future Internet, 2024, https://doi.org/10.3390/fi16030088. Consult and cite this article for a more in depth dataset description, as well as an in depth review of first AI Intrusion Detection model trained on this dataset.

See article Lightbody et al., Future Internet, 2023, https://doi.org/10.3390/fi15050187 for a detailed investigation on the attack signatures discovered while creating this dataset. This work was an inital investigation of the dataset and can serve as a part 1 to the Dragon_Pi paper.

How to cite this dataset in your work:

Please cite these two DOIs when publishing using this dataset:

Dragon_Pi release publication: https://doi.org/10.3390/fi16030088 (most important)

Zenodo Dataset DOI: https://doi.org/10.5281/zenodo.10784947

This dataset accompanies the research article on MQTTEEB-D and is intended for public use in cybersecurity research. The MQTTEEB-D dataset is a practical real-world data set for intrusion detection improvement in Message Queuing Telemetry Transport (MQTT)-based Internet of Things (IoT) networks. In contrast to already existing datasets that are constructed on simulated network traffic, MQTTEEB-D is obtained from a real-time IoT deployment at the International University of Rabat (UIR), Morocco. Using MySignals IoT health sensors, Raspberry Pi 4, and an MQTT broker server, this dataset represents the actual complexity of the active IoT communication process, which synthetic data fails to offer. To narrow the gap between simulated and real-world attack scenarios, various cyberattacks including Denial of Service (DoS), Slow DoS against Internet of Things Environments (SlowITe), Malformed Data Injection, Brute Force, and MQTT publish flooding were carried out in real-time, permitting close monitoring of network traffic anomalies. The data was captured using Python wrapper for tshark (PyShark) and organized into multiple Comma-Separated Values (CSV) files. To ensure high data quality, we performed pre-processing steps, such as outlier removal, normalization, standardization, and class balance. Several processed forms (raw, cleaned, normalized, standardized, Synthetic Minority Over-sampling Technique (SMOTE)) applied for this dataset are provided, along with detailed metadata to facilitate ease of use in cybersecurity research. This dataset provides an opportunity for researchers to develop and validate intrusion detection models in a real-world MQTT environment - a critical ingredient in Artificial Intelligence (AI)-driven cybersecurity solutions for IoT networks. The dataset will support future research IoT security and anomaly detection domains.

The share of IoT attacks has increased significantly starting 2020. However, in the fourth quarter of 2021, the share of IoT attacks dropped at nine percent, from 19 percent in the same quarter in the previous year.

ABSTRACT In this project, we propose a new comprehensive realistic cyber security dataset of IoT and IIoT applications, called Edge-IIoTset, which can be used by machine learning-based intrusion detection systems in two different modes, namely, centralized and federated learning. Specifically, the proposed testbed is organized into seven layers, including, Cloud Computing Layer, Network Functions Virtualization Layer, Blockchain Network Layer, Fog Computing Layer, Software-Defined Networking Layer, Edge Computing Layer, and IoT and IIoT Perception Layer. In each layer, we propose new emerging technologies that satisfy the key requirements of IoT and IIoT applications, such as, ThingsBoard IoT platform, OPNFV platform, Hyperledger Sawtooth, Digital twin, ONOS SDN controller, Mosquitto MQTT brokers, Modbus TCP/IP, ...etc. The IoT data are generated from various IoT devices (more than 10 types) such as Low-cost digital sensors for sensing temperature and humidity, Ultrasonic sensor, Water level detection sensor, pH Sensor Meter, Soil Moisture sensor, Heart Rate Sensor, Flame Sensor, ...etc.). However, we identify and analyze fourteen attacks related to IoT and IIoT connectivity protocols, which are categorized into five threats, including, DoS/DDoS attacks, Information gathering, Man in the middle attacks, Injection attacks, and Malware attacks. In addition, we extract features obtained from different sources, including alerts, system resources, logs, network traffic, and propose new 61 features with high correlations from 1176 found features. After processing and analyzing the proposed realistic cyber security dataset, we provide a primary exploratory data analysis and evaluate the performance of machine learning approaches (i.e., traditional machine learning as well as deep learning) in both centralized and federated learning modes.

Instructions:

Great news! The Edge-IIoT dataset has been featured as a "Document in the top 1% of Web of Science." This indicates that it is ranked within the top 1% of all publications indexed by the Web of Science (WoS) in terms of citations and impact.

Please kindly visit kaggle link for the updates: https://www.kaggle.com/datasets/mohamedamineferrag/edgeiiotset-cyber-sec...

Free use of the Edge-IIoTset dataset for academic research purposes is hereby granted in perpetuity. Use for commercial purposes is allowable after asking the leader author, Dr Mohamed Amine Ferrag, who has asserted his right under the Copyright.

The details of the Edge-IIoT dataset were published in following the paper. For the academic/public use of these datasets, the authors have to cities the following paper:

Mohamed Amine Ferrag, Othmane Friha, Djallel Hamouda, Leandros Maglaras, Helge Janicke, "Edge-IIoTset: A New Comprehensive Realistic Cyber Security Dataset of IoT and IIoT Applications for Centralized and Federated Learning", IEEE Access, April 2022 (IF: 3.37), DOI: 10.1109/ACCESS.2022.3165809

Link to paper : https://ieeexplore.ieee.org/document/9751703

The directories of the Edge-IIoTset dataset include the following:

•File 1 (Normal traffic)

-File 1.1 (Distance): This file includes two documents, namely, Distance.csv and Distance.pcap. The IoT sensor (Ultrasonic sensor) is used to capture the IoT data.

-File 1.2 (Flame_Sensor): This file includes two documents, namely, Flame_Sensor.csv and Flame_Sensor.pcap. The IoT sensor (Flame Sensor) is used to capture the IoT data.

-File 1.3 (Heart_Rate): This file includes two documents, namely, Flame_Sensor.csv and Flame_Sensor.pcap. The IoT sensor (Flame Sensor) is used to capture the IoT data.

-File 1.4 (IR_Receiver): This file includes two documents, namely, IR_Receiver.csv and IR_Receiver.pcap. The IoT sensor (IR (Infrared) Receiver Sensor) is used to capture the IoT data.

-File 1.5 (Modbus): This file includes two documents, namely, Modbus.csv and Modbus.pcap. The IoT sensor (Modbus Sensor) is used to capture the IoT data.

-File 1.6 (phValue): This file includes two documents, namely, phValue.csv and phValue.pcap. The IoT sensor (pH-sensor PH-4502C) is used to capture the IoT data.

-File 1.7 (Soil_Moisture): This file includes two documents, namely, Soil_Moisture.csv and Soil_Moisture.pcap. The IoT sensor (Soil Moisture Sensor v1.2) is used to capture the IoT data.

-File 1.8 (Sound_Sensor): This file includes two documents, namely, Sound_Sensor.csv and Sound_Sensor.pcap. The IoT sensor (LM393 Sound Detection Sensor) is used to capture the IoT data.

-File 1.9 (Temperature_and_Humidity): This file includes two documents, namely, Temperature_and_Humidity.csv and Temperature_and_Humidity.pcap. The IoT sensor (DHT11 Sensor) is used to capture the IoT data.

-File 1.10 (Water_Level): This file includes two documents, namely, Water_Level.csv and Water_Level.pcap. The IoT sensor (Water sensor) is used to capture the IoT data.

•File 2 (Attack traffic):

-File 2.1 (Attack traffic (CSV files)): This file includes 13 documents, namely, Backdoor_attack.csv, DDoS_HTTP_Flood_attack.csv, DDoS_ICMP_Flood_attack.csv, DDoS_TCP_SYN_Flood_attack.csv, DDoS_UDP_Flood_attack.csv, MITM_attack.csv, OS_Fingerprinting_attack.csv, Password_attack.csv, Port_Scanning_attack.csv, Ransomware_attack.csv, SQL_injection_attack.csv, Uploading_attack.csv, Vulnerability_scanner_attack.csv, XSS_attack.csv. Each document is specific for each attack.

-File 2.2 (Attack traffic (PCAP files)): This file includes 13 documents, namely, Backdoor_attack.pcap, DDoS_HTTP_Flood_attack.pcap, DDoS_ICMP_Flood_attack.pcap, DDoS_TCP_SYN_Flood_attack.pcap, DDoS_UDP_Flood_attack.pcap, MITM_attack.pcap, OS_Fingerprinting_attack.pcap, Password_attack.pcap, Port_Scanning_attack.pcap, Ransomware_attack.pcap, SQL_injection_attack.pcap, Uploading_attack.pcap, Vulnerability_scanner_attack.pcap, XSS_attack.pcap. Each document is specific for each attack.

•File 3 (Selected dataset for ML and DL):

-File 3.1 (DNN-EdgeIIoT-dataset): This file contains a selected dataset for the use of evaluating deep learning-based intrusion detection systems.

-File 3.2 (ML-EdgeIIoT-dataset): This file contains a selected dataset for the use of evaluating traditional machine learning-based intrusion detection systems.

Step 1: Downloading The Edge-IIoTset dataset From the Kaggle platform from google.colab import files

!pip install -q kaggle

files.upload()

!mkdir ~/.kaggle

!cp kaggle.json ~/.kaggle/

!chmod 600 ~/.kaggle/kaggle.json

!kaggle datasets download -d mohamedamineferrag/edgeiiotset-cyber-security-dataset-of-iot-iiot -f "Edge-IIoTset dataset/Selected dataset for ML and DL/DNN-EdgeIIoT-dataset.csv"

!unzip DNN-EdgeIIoT-dataset.csv.zip

!rm DNN-EdgeIIoT-dataset.csv.zip

Step 2: Reading the Datasets' CSV file to a Pandas DataFrame: import pandas as pd

import numpy as np

df = pd.read_csv('DNN-EdgeIIoT-dataset.csv', low_memory=False)

Step 3 : Exploring some of the DataFrame's contents: df.head(5)

print(df['Attack_type'].value_counts())

Step 4: Dropping data (Columns, duplicated rows, NAN, Null..): from sklearn.utils import shuffle

drop_columns = ["frame.time", "ip.src_host", "ip.dst_host", "arp.src.proto_ipv4","arp.dst.proto_ipv4",

 "http.file_data","http.request.full_uri","icmp.transmit_timestamp",

 "http.request.uri.query", "tcp.options","tcp.payload","tcp.srcport",

 "tcp.dstport", "udp.port", "mqtt.msg"]

df.drop(drop_columns, axis=1, inplace=True)

df.dropna(axis=0, how='any', inplace=True)

df.drop_duplicates(subset=None, keep="first", inplace=True)

df = shuffle(df)

df.isna().sum()

print(df['Attack_type'].value_counts())

Step 5: Categorical data encoding (Dummy Encoding): import numpy as np

from sklearn.model_selection import train_test_split

from sklearn.preprocessing import StandardScaler

from sklearn import preprocessing

def encode_text_dummy(df, name):

dummies = pd.get_dummies(df[name])

for x in dummies.columns:

dummy_name = f"{name}-{x}"

df[dummy_name] = dummies[x]

df.drop(name, axis=1, inplace=True)

encode_text_dummy(df,'http.request.method')

encode_text_dummy(df,'http.referer')

encode_text_dummy(df,"http.request.version")

encode_text_dummy(df,"dns.qry.name.len")

encode_text_dummy(df,"mqtt.conack.flags")

encode_text_dummy(df,"mqtt.protoname")

encode_text_dummy(df,"mqtt.topic")

Step 6: Creation of the preprocessed dataset df.to_csv('preprocessed_DNN.csv', encoding='utf-8')

For more information about the dataset, please contact the lead author of this project, Dr Mohamed Amine Ferrag, on his email: mohamed.amine.ferrag@gmail.com

More information about Dr. Mohamed Amine Ferrag is available at:

https://www.linkedin.com/in/Mohamed-Amine-Ferrag

https://dblp.uni-trier.de/pid/142/9937.html

https://www.researchgate.net/profile/Mohamed_Amine_Ferrag

https://scholar.google.fr/citations?user=IkPeqxMAAAAJ&hl=fr&oi=ao

https://www.scopus.com/authid/detail.uri?authorId=56115001200

https://publons.com/researcher/1322865/mohamed-amine-ferrag/

https://orcid.org/0000-0002-0632-3172

Last Updated: 27 Mar. 2023

North America IoT Security Market size was valued at USD 13.8 Billion in 2023 and is projected to reach USD 34.1 Billion by 2031 growing at a CAGR of 12.1% from 2024 to 2031.

Key Market Drivers:

Escalating Cyber Attacks and Data Breaches: According to the FBI's 2023 Internet Crime Report, there were 800,944 cyber-attack complaints in the United States, with losses totaling more than USD 10.3 Billion. Approximately 22% of these events featured IoT-related vulnerabilities, highlighting the crucial need for improved IoT security measures to protect against cyber threats and data breaches.

Growing IoT Device Adoption Across Industries: According to the US Bureau of Labor Statistics, industrial IoT adoption in North American manufacturing increasing by 84% between 2021 and 2023. This spike, with devices per facility increasing from 1,650 to over 3,000, offers new potential security vulnerabilities, necessitating stronger IoT security solutions.

Globally, 33 percent of respondents have internet of things (IoT) security concerns regarding attacks on devices in 2019. Generally, 99 percent of respondents have internet of things (IoT) data security concerns that also refer to a lack of skilled personnel and sensitive data protection as their top worries. Internet of things broadly refers to a system of internet-connected devices that collect and transfer data over a network without human-to-computer interaction. As an increasing amount of internet of things devices are deployed, security and key management grow in importance to effectively implement data encryption and identity security on devices used.

IoT Cybersecurity Market Outlook

The global IoT cybersecurity market size is anticipated to grow significantly from 2023, when it was valued at approximately USD 12 billion, to a projected USD 30 billion by 2032, registering a compound annual growth rate (CAGR) of 11%. This remarkable expansion is primarily driven by the surging adoption of Internet of Things (IoT) devices across various industries, which has necessitated robust cybersecurity measures to protect against rising threats. The growing connectivity of devices increases the exposure to potential cyber attacks, compelling industries to invest heavily in cybersecurity solutions and services tailored specifically for IoT environments. Moreover, regulatory pressures and the increasing sophistication of cyber threats are further propelling the demand for comprehensive IoT cybersecurity solutions.

A critical growth factor for the IoT cybersecurity market is the exponential increase in the deployment of IoT devices across various sectors, including healthcare, manufacturing, and smart homes. With the burgeoning number of connected devices, each serving as a potential entry point for cyber threats, the need for enhanced security measures has become paramount. Companies are recognizing the vulnerabilities associated with IoT ecosystems, and this realization is driving the adoption of sophisticated cybersecurity solutions designed to safeguard data integrity, privacy, and overall network security. Additionally, the integration of IoT technology with critical infrastructure has amplified the focus on security to prevent disruptions that could lead to significant operational and financial losses.

Furthermore, the escalation of cyber attacks targeting IoT networks is prompting organizations to prioritize cybersecurity investments. High-profile incidents involving data breaches and ransomware attacks have underscored the vulnerabilities inherent in IoT systems, highlighting the necessity for robust security frameworks. The market is witnessing a surge in demand for advanced threat detection solutions, which leverage artificial intelligence and machine learning to identify potential threats and respond in real-time. This proactive approach to cybersecurity is gaining traction, as organizations strive to mitigate risks and protect sensitive information from unauthorized access and exploitation.

Another driving force behind the market's growth is the increasing regulatory landscape aimed at ensuring the security of IoT devices. Governments and regulatory bodies worldwide are implementing stringent regulations and standards to safeguard data and privacy. Compliance with these regulations necessitates the adoption of comprehensive cybersecurity solutions, thereby fueling market growth. Moreover, collaboration between public and private sectors is fostering the development of innovative security solutions, as stakeholders work together to address the evolving threat landscape. Such initiatives are further augmenting the market's expansion by creating a conducive environment for the adoption of IoT cybersecurity technologies.

Medical Cyber Security is becoming increasingly crucial as the healthcare sector continues to embrace IoT technologies. With the integration of connected medical devices and systems, there is a heightened risk of cyber threats that could compromise patient data and disrupt critical healthcare services. Ensuring the security of these devices is paramount to protecting patient privacy and maintaining the integrity of healthcare operations. As cyber threats become more sophisticated, healthcare providers are investing in advanced cybersecurity solutions to safeguard their IoT ecosystems. This includes implementing robust security frameworks that address vulnerabilities specific to medical devices and networks. The focus on Medical Cyber Security is also driven by regulatory requirements, which mandate stringent data protection measures to ensure compliance and mitigate the risks associated with data breaches.

Regionally, North America is poised to dominate the IoT cybersecurity market, owing to the presence of a robust IT infrastructure, a high concentration of IoT device manufacturers, and early adoption of advanced technologies. The region's companies are at the forefront of developing innovative cybersecurity solutions, which is driving market growth. Meanwhile, the Asia Pacific region is expected to witness significant growth, driven by the rapid digital transformation and increasing IoT adoption across various sectors, particularly in countrie

DATASET INFORMATION

This Dataset contains some of the main attacks that can compromise the security of IoT systems with MQTT protocol, such as: Denial of Service (DoS) attacks, Brute Force, Topic Enumeration and Man-in-the-Middle.

UFPI-NCAD-IoT-Attacks-all-v1-Description.txt - This file contains a brief description of the dataset columns.

UFPI-NCAD-IoT-Attacks-all-v1.csv - The full set including labels for all attack-types in CSV format.

This dataset represents the baseline benign and attack traffic for IoT (Internet of Things) consumer devices that may be representative of a smart-home network. The purpose of this dataset, in comparison to other IoT datasets, is to simplify the input data in terms of size and its ability to be interpreted under different scenarios.

A wireshark column template is provided to add extra columns of interest beyond the default view (view bottom right profile area in wireshark, right-click and "import" zip file below) - wiresharkprofile_template.zip

The dataset is provided in PCAP format (readable by Wireshark or other platforms) and is categorized as follows:

IoT SETUP (real network traffic patterns to represent setup exchanges for common IoT devices) - iot_setup_plug1_an.pcapng - iot_setup_bulb1_an.pcapng

IoT BENIGN IDLE (Network traffic associated with IoT devices on the network that are on, but only in a standby state) - all_idle_1Hrs_an.pcapng - all_idle_5Hrs_an.pcapng - all_idle_10Hrs_part1_an.pcapng - all_idle_10Hrs_part2_an.pcapng

IoT BENIGN ACTIVE (Network traffic associated with IoT devices on the network that are active and in use) - all_active_1Hrs_an.pcapng - all_active_5Hrs_an.pcapng - all_active_10Hrs_part1_an.pcapng - all_active_10Hrs_part2_an.pcapng

IoT ATTACK TRAFFIC (Kali Linux HPING3 from 192.168.100.240 attack machine using ICMP Floods and SYN Floods as Attacks for four (4) IoT device targets in use)
- ICMP flood of IoT Camera 1 (192.168.100.11) - two separate segments of flood attack within five minute session - ICMP flood of IoT EchoShow (192.168.100.21) - two separate segments of flood attack within five minute session - ICMP flood of IoT plug1 (192.168.100.31) - two separate segments of flood attack within five minute session - ICMP flood of IoT lightbulb1 (192.168.100.41) - two separate segments of flood attack within five minute session - SYN flood of IoT Camera 1 (192.168.100.11) - SYN flood of IoT EchoShow (192.168.100.21)
- SYN flood of IoT plug1 (192.168.100.31)
- SYN flood of IoT lightbulb1 (192.168.100.41)

This academic work is part of ongoing dissertation research at Colorado State University. All credit should reference the authors David Weissman (PhD Candidate) and Dr. Anura Jayasumana (Professor) - copyright (c) 2023-2024.

Datasets are subject to revisions or enhancements over time.

The number of Internet of Things (IoT) attacks in the United States reached over 4.16 millions in October 2020. However, in the same month of 2021, the number of IoT attacks dropped to 2.51 millions.

The IP address listed were the main 12 originators of attacks targeting CVE-2021-35394 from August 2021 to December 2022. Overall, three of these IP addresses originated from the United States, and another three from France. However, the source mentions that attackers could have leveraged proxy servers and VPNs located in the selected countries in order to hide their real location.

INFO ABOUT THE BOT-IOT DATASET, NOTE: only the csv files stated in the description are used

The BoT-IoT dataset can be downloaded from HERE. You can also use our new datasets: the TON_IoT and UNSW-NB15.

--------------------------------------------------------------------------

The BoT-IoT dataset was created by designing a realistic network environment in the Cyber Range Lab of UNSW Canberra. The network environment incorporated a combination of normal and botnet traffic. The dataset’s source files are provided in different formats, including the original pcap files, the generated argus files and csv files. The files were separated, based on attack category and subcategory, to better assist in labeling process.

The captured pcap files are 69.3 GB in size, with more than 72.000.000 records. The extracted flow traffic, in csv format is 16.7 GB in size. The dataset includes DDoS, DoS, OS and Service Scan, Keylogging and Data exfiltration attacks, with the DDoS and DoS attacks further organized, based on the protocol used.

To ease the handling of the dataset, we extracted 5% of the original dataset via the use of select MySQL queries. The extracted 5%, is comprised of 4 files of approximately 1.07 GB total size, and about 3 million records.

--------------------------------------------------------------------------

Free use of the Bot-IoT dataset for academic research purposes is hereby granted in perpetuity. Use for commercial purposes should be agreed by the authors. The authors have asserted their rights under the Copyright. To whom intent the use of the Bot-IoT dataset, the authors have to cite the following papers that has the dataset’s details: .

Koroniotis, Nickolaos, Nour Moustafa, Elena Sitnikova, and Benjamin Turnbull. "Towards the development of realistic botnet dataset in the internet of things for network forensic analytics: Bot-iot dataset." Future Generation Computer Systems 100 (2019): 779-796. Public Access Here.

Koroniotis, Nickolaos, Nour Moustafa, Elena Sitnikova, and Jill Slay. "Towards developing network forensic mechanism for botnet activities in the iot based on machine learning techniques." In International Conference on Mobile Networks and Management, pp. 30-44. Springer, Cham, 2017.

Koroniotis, Nickolaos, Nour Moustafa, and Elena Sitnikova. "A new network forensic framework based on deep learning for Internet of Things networks: A particle deep framework." Future Generation Computer Systems 110 (2020): 91-106.

Koroniotis, Nickolaos, and Nour Moustafa. "Enhancing network forensics with particle swarm and deep learning: The particle deep framework." arXiv preprint arXiv:2005.00722 (2020).

Koroniotis, Nickolaos, Nour Moustafa, Francesco Schiliro, Praveen Gauravaram, and Helge Janicke. "A Holistic Review of Cybersecurity and Reliability Perspectives in Smart Airports." IEEE Access (2020).

Koroniotis, Nickolaos. "Designing an effective network forensic framework for the investigation of botnets in the Internet of Things." PhD diss., The University of New South Wales Australia, 2020.

--------------------------------------------------------------------------

IoT Security Solution Market Outlook

The global IoT security solution market size was valued at approximately $16.55 billion in 2023 and is anticipated to reach $51.42 billion by 2032, exhibiting a compound annual growth rate (CAGR) of 13.4% during the forecast period. The substantial growth is driven by the increasing adoption of IoT devices across various industries and the subsequent need to secure these devices and networks against cyber threats. The rising frequency of cyber-attacks and the growing importance of data privacy have made IoT security solutions crucial for organizations globally.

A key growth factor in the IoT security solution market is the rapid increase in the number of connected devices. As industries across the globe embrace digital transformation, the deployment of IoT devices has surged, resulting in a greater attack surface for cybercriminals. Consequently, the demand for robust security solutions to safeguard these devices and the data they generate has significantly increased. Organizations are investing heavily in advanced security technologies to protect their IoT ecosystems from potential threats, thereby propelling market growth.

Another major growth driver is the stringent regulatory landscape surrounding data protection and privacy. Governments and regulatory bodies worldwide are implementing strict regulations to ensure the security of IoT devices and networks. Compliance with these regulations necessitates the adoption of comprehensive IoT security solutions by organizations. For instance, the General Data Protection Regulation (GDPR) in Europe and the California Consumer Privacy Act (CCPA) in the United States have mandated stringent data protection measures, encouraging companies to invest in IoT security solutions.

The proliferation of smart cities and smart home devices is also contributing to the market's expansion. As urban areas become increasingly connected, the need for secure IoT infrastructure has become paramount. Smart cities rely on a vast network of connected devices to manage infrastructure, utilities, and services efficiently. Similarly, the growing adoption of smart home devices, such as smart speakers, thermostats, and security systems, has heightened the need for robust security measures to protect user data and privacy, thereby boosting the IoT security solution market.

Regionally, North America holds a dominant position in the IoT security solution market, driven by the presence of major technology companies and early adopters of IoT technology. The region's robust technological infrastructure and high awareness regarding cybersecurity further fuel market growth. However, Asia Pacific is expected to witness the highest growth rate during the forecast period, owing to increasing investments in IoT technology, rising cyber threats, and supportive government initiatives aimed at securing digital infrastructure.

Component Analysis

The IoT security solution market by component is segmented into hardware, software, and services. Each of these components plays a vital role in ensuring the security and integrity of IoT devices and networks. The hardware segment includes security devices such as routers, firewalls, and gateways that act as the first line of defense against cyber threats. These devices are equipped with advanced security features to monitor and prevent unauthorized access to IoT networks. As the deployment of IoT devices increases, the demand for secure and resilient hardware solutions is expected to rise significantly.

The software segment encompasses various security solutions designed to protect IoT devices and networks. This includes antivirus software, encryption tools, and security management platforms that provide comprehensive protection against cyber threats. The software solutions are constantly evolving to address new and emerging threats in the IoT landscape. The increasing complexity of cyber-attacks and the need for real-time threat detection and response are driving the growth of the software segment in the IoT security solution market.

Services form an integral part of the IoT security solution market, offering support and maintenance for hardware and software solutions. This segment includes consulting services, managed security services, and professional services such as integration and implementation. Organizations often rely on third-party service providers to manage their IoT security needs, ensuring that their systems are up-to-date and compliant with regulatory standards. The demand for specialized IoT security services is exp

Between 2020 and 2022, around a quarter of surveyed healthcare institutions in the United States experienced nine to 15 cyberattacks involving Internet of Things (IoT) and Internet of Medical Things (IoMT) devices. A further 24 percent reported experiencing four to eight cyberattacks in the measured period.