The number of Internet of Things (IoT) cyber attacks worldwide amounted to over *** million in 2022. Over the recent years, this figure has increased significantly from around ** million detected cases in 2018. In the latest measured year, the year-over-year increase in the number of Internet of Things (IoT) malware incidents was ** percent.

The number of Internet of Things (IoT) attacks in the world reached over ***** million in December 2022. However, in the same month of 2021, the number of reported IoT attacks dropped to nearly ***********. The highest number of monthly attacks was detected in June 2022, with approximately ** million attacks.

Overview

The RT-IoT2022, a proprietary dataset derived from a real-time IoT infrastructure, is introduced as a comprehensive resource integrating a diverse range of IoT devices and sophisticated network attack methodologies. This dataset encompasses both normal and adversarial network behaviours, providing a general representation of real-world scenarios. Incorporating data from IoT devices such as ThingSpeak-LED, Wipro-Bulb, and MQTT-Temp, as well as simulated attack scenarios involving Brute-Force SSH attacks, DDoS attacks using Hping and Slowloris, and Nmap patterns, RT-IoT2022 offers a detailed perspective on the complex nature of network traffic. The bidirectional attributes of network traffic are meticulously captured using the Zeek network monitoring tool and the Flowmeter plugin. Researchers can leverage the RT-IoT2022 dataset to advance the capabilities of Intrusion Detection Systems (IDS), fostering the development of robust and adaptive security solutions for real-time IoT networks.

Introductory Paper Quantized autoencoder (QAE) intrusion detection system for anomaly detection in resource-constrained IoT devices using RT-IoT2022 dataset By B. S. Sharmila, Rohini Nagapadma. 2023 Published in Cybersecurity

Variable Table available here: https://archive.ics.uci.edu/dataset/942/rt-iot2022

Column Details: id.orig_p id.resp_p proto service flow_duration fwd_pkts_tot bwd_pkts_tot fwd_data_pkts_tot bwd_data_pkts_tot fwd_pkts_per_sec bwd_pkts_per_sec flow_pkts_per_sec down_up_ratio fwd_header_size_tot fwd_header_size_min fwd_header_size_max bwd_header_size_tot bwd_header_size_min bwd_header_size_max flow_FIN_flag_count flow_SYN_flag_count flow_RST_flag_count fwd_PSH_flag_count bwd_PSH_flag_count flow_ACK_flag_count fwd_URG_flag_count bwd_URG_flag_count flow_CWR_flag_count flow_ECE_flag_count fwd_pkts_payload.min fwd_pkts_payload.max fwd_pkts_payload.tot fwd_pkts_payload.avg fwd_pkts_payload.std bwd_pkts_payload.min bwd_pkts_payload.max bwd_pkts_payload.tot bwd_pkts_payload.avg bwd_pkts_payload.std flow_pkts_payload.min flow_pkts_payload.max flow_pkts_payload.tot flow_pkts_payload.avg flow_pkts_payload.std fwd_iat.min fwd_iat.max fwd_iat.tot fwd_iat.avg fwd_iat.std bwd_iat.min bwd_iat.max bwd_iat.tot bwd_iat.avg bwd_iat.std flow_iat.min flow_iat.max flow_iat.tot flow_iat.avg flow_iat.std payload_bytes_per_second fwd_subflow_pkts bwd_subflow_pkts fwd_subflow_bytes bwd_subflow_bytes fwd_bulk_bytes bwd_bulk_bytes fwd_bulk_packets bwd_bulk_packets fwd_bulk_rate bwd_bulk_rate active.min active.max active.tot active.avg active.std idle.min idle.max idle.tot idle.avg idle.std fwd_init_window_size bwd_init_window_size fwd_last_window_size Attack_type

Class Labels

The Dataset contains both Attack patterns and Normal Patterns. Attacks patterns Details: 1. DOS_SYN_Hping------------------------94659 2. ARP_poisioning--------------------------7750 3. NMAP_UDP_SCAN--------------------2590 4. NMAP_XMAS_TREE_SCAN--------2010 5. NMAP_OS_DETECTION-------------2000 6. NMAP_TCP_scan-----------------------1002 7. DDOS_Slowloris------------------------534 8. Metasploit_Brute_Force_SSH---------37 9. NMAP_FIN_SCAN---------------------28 Normal Patterns Details:

1. MQTT -----------------------------------8108
2. Thing_speak-----------------------------4146
3. Wipro_bulb_Dataset-------------------253

In 2022, almost a third of cyber attacks targeting IoT devices were aimed at a denial of service, while the outcome pursued by nearly 30 percent of them was overflow. The number of IoT devices worldwide is forecast to be close to 30 billion in 2030.

Context

This is a dataset of DDoS Botnet attacks from IOT devices.

Content

Contains all features about packets from bots.

Inspiration:

For making DDoS attack preventable.

IOT BENIGN AND ATTACK TRACES

Data Collected for ACM SOSR 2019 Attack & Benign Data Instructions Flow data contains flow counters of MUD flow, each instance in the file are collected every one minute. Annotations contains information about the start, end time of the attack and corresponsing MUD flows that are impacted through the Attack. More information about the device and the attacker can be found in here Below is an example of the annotations from the Samsung smart camera. eg: "1527838552,1527839153,Localfeatures|Arpfeatures,ArpSpoof100L2D" The above line indicates that the start time of the attack to be 1527838552 and end time is 1527839153. "Localfeatures|Arpfeatures" explains that it should impact the local communication and ARP protocol. "ArpSpoof100L2D" means that the attack was arpspoof lauched with the maximum rate of 100 packets per seconds. In order to identify the attack rows in flow stats you can use below condition. "if (flowtime >= startTime*1000 and endTime*1000>=flowtime) then attack = true" -- This corresponds to the line 4470 to 4479 in the samsung smart camera.

Cite our data A. Hamza, H. Habibi Gharakheili, T. Benson, V. Sivaraman, "Detecting Volumetric Attacks on IoT Devices via SDN-Based Monitoring of MUD Activity", ACM SOSR, San Jose, California, USA, Apr 2019.

Source code https://github.com/ayyoob/mud-ie

Contact ayyoobhamza@student.unsw.edu.au

Globally, 33 percent of respondents have internet of things (IoT) security concerns regarding attacks on devices in 2019. Generally, 99 percent of respondents have internet of things (IoT) data security concerns that also refer to a lack of skilled personnel and sensitive data protection as their top worries. Internet of things broadly refers to a system of internet-connected devices that collect and transfer data over a network without human-to-computer interaction. As an increasing amount of internet of things devices are deployed, security and key management grow in importance to effectively implement data encryption and identity security on devices used.

ABSTRACT In this project, we propose a new comprehensive realistic cyber security dataset of IoT and IIoT applications, called Edge-IIoTset, which can be used by machine learning-based intrusion detection systems in two different modes, namely, centralized and federated learning. Specifically, the proposed testbed is organized into seven layers, including, Cloud Computing Layer, Network Functions Virtualization Layer, Blockchain Network Layer, Fog Computing Layer, Software-Defined Networking Layer, Edge Computing Layer, and IoT and IIoT Perception Layer. In each layer, we propose new emerging technologies that satisfy the key requirements of IoT and IIoT applications, such as, ThingsBoard IoT platform, OPNFV platform, Hyperledger Sawtooth, Digital twin, ONOS SDN controller, Mosquitto MQTT brokers, Modbus TCP/IP, ...etc. The IoT data are generated from various IoT devices (more than 10 types) such as Low-cost digital sensors for sensing temperature and humidity, Ultrasonic sensor, Water level detection sensor, pH Sensor Meter, Soil Moisture sensor, Heart Rate Sensor, Flame Sensor, ...etc.). However, we identify and analyze fourteen attacks related to IoT and IIoT connectivity protocols, which are categorized into five threats, including, DoS/DDoS attacks, Information gathering, Man in the middle attacks, Injection attacks, and Malware attacks. In addition, we extract features obtained from different sources, including alerts, system resources, logs, network traffic, and propose new 61 features with high correlations from 1176 found features. After processing and analyzing the proposed realistic cyber security dataset, we provide a primary exploratory data analysis and evaluate the performance of machine learning approaches (i.e., traditional machine learning as well as deep learning) in both centralized and federated learning modes.

Instructions:

Great news! The Edge-IIoT dataset has been featured as a "Document in the top 1% of Web of Science." This indicates that it is ranked within the top 1% of all publications indexed by the Web of Science (WoS) in terms of citations and impact.

Please kindly visit kaggle link for the updates: https://www.kaggle.com/datasets/mohamedamineferrag/edgeiiotset-cyber-sec...

Free use of the Edge-IIoTset dataset for academic research purposes is hereby granted in perpetuity. Use for commercial purposes is allowable after asking the leader author, Dr Mohamed Amine Ferrag, who has asserted his right under the Copyright.

The details of the Edge-IIoT dataset were published in following the paper. For the academic/public use of these datasets, the authors have to cities the following paper:

Mohamed Amine Ferrag, Othmane Friha, Djallel Hamouda, Leandros Maglaras, Helge Janicke, "Edge-IIoTset: A New Comprehensive Realistic Cyber Security Dataset of IoT and IIoT Applications for Centralized and Federated Learning", IEEE Access, April 2022 (IF: 3.37), DOI: 10.1109/ACCESS.2022.3165809

Link to paper : https://ieeexplore.ieee.org/document/9751703

The directories of the Edge-IIoTset dataset include the following:

•File 1 (Normal traffic)

-File 1.1 (Distance): This file includes two documents, namely, Distance.csv and Distance.pcap. The IoT sensor (Ultrasonic sensor) is used to capture the IoT data.

-File 1.2 (Flame_Sensor): This file includes two documents, namely, Flame_Sensor.csv and Flame_Sensor.pcap. The IoT sensor (Flame Sensor) is used to capture the IoT data.

-File 1.3 (Heart_Rate): This file includes two documents, namely, Flame_Sensor.csv and Flame_Sensor.pcap. The IoT sensor (Flame Sensor) is used to capture the IoT data.

-File 1.4 (IR_Receiver): This file includes two documents, namely, IR_Receiver.csv and IR_Receiver.pcap. The IoT sensor (IR (Infrared) Receiver Sensor) is used to capture the IoT data.

-File 1.5 (Modbus): This file includes two documents, namely, Modbus.csv and Modbus.pcap. The IoT sensor (Modbus Sensor) is used to capture the IoT data.

-File 1.6 (phValue): This file includes two documents, namely, phValue.csv and phValue.pcap. The IoT sensor (pH-sensor PH-4502C) is used to capture the IoT data.

-File 1.7 (Soil_Moisture): This file includes two documents, namely, Soil_Moisture.csv and Soil_Moisture.pcap. The IoT sensor (Soil Moisture Sensor v1.2) is used to capture the IoT data.

-File 1.8 (Sound_Sensor): This file includes two documents, namely, Sound_Sensor.csv and Sound_Sensor.pcap. The IoT sensor (LM393 Sound Detection Sensor) is used to capture the IoT data.

-File 1.9 (Temperature_and_Humidity): This file includes two documents, namely, Temperature_and_Humidity.csv and Temperature_and_Humidity.pcap. The IoT sensor (DHT11 Sensor) is used to capture the IoT data.

-File 1.10 (Water_Level): This file includes two documents, namely, Water_Level.csv and Water_Level.pcap. The IoT sensor (Water sensor) is used to capture the IoT data.

•File 2 (Attack traffic):

-File 2.1 (Attack traffic (CSV files)): This file includes 13 documents, namely, Backdoor_attack.csv, DDoS_HTTP_Flood_attack.csv, DDoS_ICMP_Flood_attack.csv, DDoS_TCP_SYN_Flood_attack.csv, DDoS_UDP_Flood_attack.csv, MITM_attack.csv, OS_Fingerprinting_attack.csv, Password_attack.csv, Port_Scanning_attack.csv, Ransomware_attack.csv, SQL_injection_attack.csv, Uploading_attack.csv, Vulnerability_scanner_attack.csv, XSS_attack.csv. Each document is specific for each attack.

-File 2.2 (Attack traffic (PCAP files)): This file includes 13 documents, namely, Backdoor_attack.pcap, DDoS_HTTP_Flood_attack.pcap, DDoS_ICMP_Flood_attack.pcap, DDoS_TCP_SYN_Flood_attack.pcap, DDoS_UDP_Flood_attack.pcap, MITM_attack.pcap, OS_Fingerprinting_attack.pcap, Password_attack.pcap, Port_Scanning_attack.pcap, Ransomware_attack.pcap, SQL_injection_attack.pcap, Uploading_attack.pcap, Vulnerability_scanner_attack.pcap, XSS_attack.pcap. Each document is specific for each attack.

•File 3 (Selected dataset for ML and DL):

-File 3.1 (DNN-EdgeIIoT-dataset): This file contains a selected dataset for the use of evaluating deep learning-based intrusion detection systems.

-File 3.2 (ML-EdgeIIoT-dataset): This file contains a selected dataset for the use of evaluating traditional machine learning-based intrusion detection systems.

Step 1: Downloading The Edge-IIoTset dataset From the Kaggle platform from google.colab import files

!pip install -q kaggle

files.upload()

!mkdir ~/.kaggle

!cp kaggle.json ~/.kaggle/

!chmod 600 ~/.kaggle/kaggle.json

!kaggle datasets download -d mohamedamineferrag/edgeiiotset-cyber-security-dataset-of-iot-iiot -f "Edge-IIoTset dataset/Selected dataset for ML and DL/DNN-EdgeIIoT-dataset.csv"

!unzip DNN-EdgeIIoT-dataset.csv.zip

!rm DNN-EdgeIIoT-dataset.csv.zip

Step 2: Reading the Datasets' CSV file to a Pandas DataFrame: import pandas as pd

import numpy as np

df = pd.read_csv('DNN-EdgeIIoT-dataset.csv', low_memory=False)

Step 3 : Exploring some of the DataFrame's contents: df.head(5)

print(df['Attack_type'].value_counts())

Step 4: Dropping data (Columns, duplicated rows, NAN, Null..): from sklearn.utils import shuffle

drop_columns = ["frame.time", "ip.src_host", "ip.dst_host", "arp.src.proto_ipv4","arp.dst.proto_ipv4",

 "http.file_data","http.request.full_uri","icmp.transmit_timestamp",

 "http.request.uri.query", "tcp.options","tcp.payload","tcp.srcport",

 "tcp.dstport", "udp.port", "mqtt.msg"]

df.drop(drop_columns, axis=1, inplace=True)

df.dropna(axis=0, how='any', inplace=True)

df.drop_duplicates(subset=None, keep="first", inplace=True)

df = shuffle(df)

df.isna().sum()

print(df['Attack_type'].value_counts())

Step 5: Categorical data encoding (Dummy Encoding): import numpy as np

from sklearn.model_selection import train_test_split

from sklearn.preprocessing import StandardScaler

from sklearn import preprocessing

def encode_text_dummy(df, name):

dummies = pd.get_dummies(df[name])

for x in dummies.columns:

dummy_name = f"{name}-{x}"

df[dummy_name] = dummies[x]

df.drop(name, axis=1, inplace=True)

encode_text_dummy(df,'http.request.method')

encode_text_dummy(df,'http.referer')

encode_text_dummy(df,"http.request.version")

encode_text_dummy(df,"dns.qry.name.len")

encode_text_dummy(df,"mqtt.conack.flags")

encode_text_dummy(df,"mqtt.protoname")

encode_text_dummy(df,"mqtt.topic")

Step 6: Creation of the preprocessed dataset df.to_csv('preprocessed_DNN.csv', encoding='utf-8')

For more information about the dataset, please contact the lead author of this project, Dr Mohamed Amine Ferrag, on his email: mohamed.amine.ferrag@gmail.com

More information about Dr. Mohamed Amine Ferrag is available at:

https://www.linkedin.com/in/Mohamed-Amine-Ferrag

https://dblp.uni-trier.de/pid/142/9937.html

https://www.researchgate.net/profile/Mohamed_Amine_Ferrag

https://scholar.google.fr/citations?user=IkPeqxMAAAAJ&hl=fr&oi=ao

https://www.scopus.com/authid/detail.uri?authorId=56115001200

https://publons.com/researcher/1322865/mohamed-amine-ferrag/

https://orcid.org/0000-0002-0632-3172

Last Updated: 27 Mar. 2023

Dragon_Pi

For a more in depth description of the Dragon_Pi dataset, please consult the journal article of the same name:

Lightbody et al., Future Internet, 2024, https://doi.org/10.3390/fi16030088 - specifically Section 3.2: Dataset Overview.

Dragon_Pi is an intrusion detection dataset for IoT devices. In the field of IoT security there are few datasets, and those which do exist tend to focus solely on network traffic. The Dragon_Pi dataset seeks to provide not only more data for the field of IoT security, but also, data of a somewhat under-published type: linear time series power consumption data.

Dragon_Pi is a fully labelled Intrusion Detection dataset for IoT devices. It is composed of both normal and under-attack power consumption data obtained from two separate testbeds - one using a DragonBoard 410c and the other a Raspberry Pi Model 3 - Hence the moniker Dragon_Pi.

These testbeds were set up with predefined normal behavour as described in the attached publications. The normal linear time series power consumption was sampled from the testbed under these normal conditions. Both testbeds were then attacked using some common attacks on IoT - the linear time series power consumption captured under these condtions as well.

Specifically, the testbeds were subjected to the Port Scan (using Nmap), SSH Brute Force (using Hydra) and SYNFlood Denial of Service (using Hping3) attacks. These attacks were repeated to gain insight to what their signatures looked like and also how varying the tool settings effected the resultant signature. A fourth type of scenario was also conducted on the testbeds - the "Capture the Flag" scenarios. In these files multiple attack types were used with a more specific target - to exfiltrate a hidden file from the testbeds.

Each file has three hierarchical levels of annotation for each sample within:

A simple "Normal or Anomaly" label for the specific sample

A specifc attack type label e.g. "SSH Bruteforce", for the specific sample

A specific tool setting for that attack e.g. "Hydra_T16", for the specific sample

Users can decide for themselves what level of annotation they require for their specific task.

Each file in the Dragon_Pi dataset is accompanied by its own legend file. This file explains the contents of the specific .csv file and the specific indexes of the events within.

The Dragon_Pi dataset consists of approximately 67 files, as shown in Table 1. Compressed, the datset totals approximately 13GB. Completely decompressed the dataset is approximately 80GB ( 30GB Pi data, 50 GB Dragon data).

Label Type Specific Label Number of Files DragonBoard 410c Number of Files Raspberry Pi

Normal Normal 3 2

Port Scan Attack Nmap_T5 2 1

Nmap_T4 1 1

Nmap_T3 1 1

Nmap_T2 1 1

SSH Brute Force Hydra_T32 4 2

Hydra_T16 16 2

Hydra_T3 8 2

Hydra_T1 5 2

SYNFlood DOS SYNFlood DOS 1 1

Capture the Flag Misc Attacks 3 5

Table 1. Enumeration of the in the Dragon_Pi dataset.

For a more in depth description of the Dragon_Pi dataset, please consult the journal article of the same name:

Lightbody et al., Future Internet, 2024, https://doi.org/10.3390/fi16030088 - specifically Section 3.2: Dataset Overview.

Publication of this dataset:

This dataset was published in Lightbody et al., Future Internet, 2024, https://doi.org/10.3390/fi16030088. Consult and cite this article for a more in depth dataset description, as well as an in depth review of first AI Intrusion Detection model trained on this dataset.

See article Lightbody et al., Future Internet, 2023, https://doi.org/10.3390/fi15050187 for a detailed investigation on the attack signatures discovered while creating this dataset. This work was an inital investigation of the dataset and can serve as a part 1 to the Dragon_Pi paper.

How to cite this dataset in your work:

Please cite these two DOIs when publishing using this dataset:

Dragon_Pi release publication: https://doi.org/10.3390/fi16030088 (most important)

Zenodo Dataset DOI: https://doi.org/10.5281/zenodo.10784947

DATASET INFORMATION

This Dataset contains some of the main attacks that can compromise the security of IoT systems with MQTT protocol, such as: Denial of Service (DoS) attacks, Brute Force, Topic Enumeration and Man-in-the-Middle.

UFPI-NCAD-IoT-Attacks-all-v1-Description.txt - This file contains a brief description of the dataset columns.

UFPI-NCAD-IoT-Attacks-all-v1.csv - The full set including labels for all attack-types in CSV format.

This dataset accompanies the research article on MQTTEEB-D and is intended for public use in cybersecurity research. The MQTTEEB-D dataset is a practical real-world data set for intrusion detection improvement in Message Queuing Telemetry Transport (MQTT)-based Internet of Things (IoT) networks. In contrast to already existing datasets that are constructed on simulated network traffic, MQTTEEB-D is obtained from a real-time IoT deployment at the International University of Rabat (UIR), Morocco. Using MySignals IoT health sensors, Raspberry Pi 4, and an MQTT broker server, this dataset represents the actual complexity of the active IoT communication process, which synthetic data fails to offer. To narrow the gap between simulated and real-world attack scenarios, various cyberattacks including Denial of Service (DoS), Slow DoS against Internet of Things Environments (SlowITe), Malformed Data Injection, Brute Force, and MQTT publish flooding were carried out in real-time, permitting close monitoring of network traffic anomalies. The data was captured using Python wrapper for tshark (PyShark) and organized into multiple Comma-Separated Values (CSV) files. To ensure high data quality, we performed pre-processing steps, such as outlier removal, normalization, standardization, and class balance. Several processed forms (raw, cleaned, normalized, standardized, Synthetic Minority Over-sampling Technique (SMOTE)) applied for this dataset are provided, along with detailed metadata to facilitate ease of use in cybersecurity research. This dataset provides an opportunity for researchers to develop and validate intrusion detection models in a real-world MQTT environment - a critical ingredient in Artificial Intelligence (AI)-driven cybersecurity solutions for IoT networks. The dataset will support future research IoT security and anomaly detection domains.

IoT Cybersecurity Market Outlook

The global IoT cybersecurity market size is anticipated to grow significantly from 2023, when it was valued at approximately USD 12 billion, to a projected USD 30 billion by 2032, registering a compound annual growth rate (CAGR) of 11%. This remarkable expansion is primarily driven by the surging adoption of Internet of Things (IoT) devices across various industries, which has necessitated robust cybersecurity measures to protect against rising threats. The growing connectivity of devices increases the exposure to potential cyber attacks, compelling industries to invest heavily in cybersecurity solutions and services tailored specifically for IoT environments. Moreover, regulatory pressures and the increasing sophistication of cyber threats are further propelling the demand for comprehensive IoT cybersecurity solutions.

A critical growth factor for the IoT cybersecurity market is the exponential increase in the deployment of IoT devices across various sectors, including healthcare, manufacturing, and smart homes. With the burgeoning number of connected devices, each serving as a potential entry point for cyber threats, the need for enhanced security measures has become paramount. Companies are recognizing the vulnerabilities associated with IoT ecosystems, and this realization is driving the adoption of sophisticated cybersecurity solutions designed to safeguard data integrity, privacy, and overall network security. Additionally, the integration of IoT technology with critical infrastructure has amplified the focus on security to prevent disruptions that could lead to significant operational and financial losses.

Furthermore, the escalation of cyber attacks targeting IoT networks is prompting organizations to prioritize cybersecurity investments. High-profile incidents involving data breaches and ransomware attacks have underscored the vulnerabilities inherent in IoT systems, highlighting the necessity for robust security frameworks. The market is witnessing a surge in demand for advanced threat detection solutions, which leverage artificial intelligence and machine learning to identify potential threats and respond in real-time. This proactive approach to cybersecurity is gaining traction, as organizations strive to mitigate risks and protect sensitive information from unauthorized access and exploitation.

Another driving force behind the market's growth is the increasing regulatory landscape aimed at ensuring the security of IoT devices. Governments and regulatory bodies worldwide are implementing stringent regulations and standards to safeguard data and privacy. Compliance with these regulations necessitates the adoption of comprehensive cybersecurity solutions, thereby fueling market growth. Moreover, collaboration between public and private sectors is fostering the development of innovative security solutions, as stakeholders work together to address the evolving threat landscape. Such initiatives are further augmenting the market's expansion by creating a conducive environment for the adoption of IoT cybersecurity technologies.

Medical Cyber Security is becoming increasingly crucial as the healthcare sector continues to embrace IoT technologies. With the integration of connected medical devices and systems, there is a heightened risk of cyber threats that could compromise patient data and disrupt critical healthcare services. Ensuring the security of these devices is paramount to protecting patient privacy and maintaining the integrity of healthcare operations. As cyber threats become more sophisticated, healthcare providers are investing in advanced cybersecurity solutions to safeguard their IoT ecosystems. This includes implementing robust security frameworks that address vulnerabilities specific to medical devices and networks. The focus on Medical Cyber Security is also driven by regulatory requirements, which mandate stringent data protection measures to ensure compliance and mitigate the risks associated with data breaches.

Regionally, North America is poised to dominate the IoT cybersecurity market, owing to the presence of a robust IT infrastructure, a high concentration of IoT device manufacturers, and early adoption of advanced technologies. The region's companies are at the forefront of developing innovative cybersecurity solutions, which is driving market growth. Meanwhile, the Asia Pacific region is expected to witness significant growth, driven by the rapid digital transformation and increasing IoT adoption across various sectors, particularly in countrie

Between 2020 and 2022, around a quarter of surveyed healthcare institutions in the United States experienced nine to 15 cyberattacks involving Internet of Things (IoT) and Internet of Medical Things (IoMT) devices. A further 24 percent reported experiencing four to eight cyberattacks in the measured period.

North America IoT Security Market size was valued at USD 13.8 Billion in 2023 and is projected to reach USD 34.1 Billion by 2031 growing at a CAGR of 12.1% from 2024 to 2031.

Key Market Drivers:

Escalating Cyber Attacks and Data Breaches: According to the FBI's 2023 Internet Crime Report, there were 800,944 cyber-attack complaints in the United States, with losses totaling more than USD 10.3 Billion. Approximately 22% of these events featured IoT-related vulnerabilities, highlighting the crucial need for improved IoT security measures to protect against cyber threats and data breaches.

Growing IoT Device Adoption Across Industries: According to the US Bureau of Labor Statistics, industrial IoT adoption in North American manufacturing increasing by 84% between 2021 and 2023. This spike, with devices per facility increasing from 1,650 to over 3,000, offers new potential security vulnerabilities, necessitating stronger IoT security solutions.

IoT Security Solution Market Outlook

The global IoT security solution market size was valued at approximately $16.55 billion in 2023 and is anticipated to reach $51.42 billion by 2032, exhibiting a compound annual growth rate (CAGR) of 13.4% during the forecast period. The substantial growth is driven by the increasing adoption of IoT devices across various industries and the subsequent need to secure these devices and networks against cyber threats. The rising frequency of cyber-attacks and the growing importance of data privacy have made IoT security solutions crucial for organizations globally.

A key growth factor in the IoT security solution market is the rapid increase in the number of connected devices. As industries across the globe embrace digital transformation, the deployment of IoT devices has surged, resulting in a greater attack surface for cybercriminals. Consequently, the demand for robust security solutions to safeguard these devices and the data they generate has significantly increased. Organizations are investing heavily in advanced security technologies to protect their IoT ecosystems from potential threats, thereby propelling market growth.

Another major growth driver is the stringent regulatory landscape surrounding data protection and privacy. Governments and regulatory bodies worldwide are implementing strict regulations to ensure the security of IoT devices and networks. Compliance with these regulations necessitates the adoption of comprehensive IoT security solutions by organizations. For instance, the General Data Protection Regulation (GDPR) in Europe and the California Consumer Privacy Act (CCPA) in the United States have mandated stringent data protection measures, encouraging companies to invest in IoT security solutions.

The proliferation of smart cities and smart home devices is also contributing to the market's expansion. As urban areas become increasingly connected, the need for secure IoT infrastructure has become paramount. Smart cities rely on a vast network of connected devices to manage infrastructure, utilities, and services efficiently. Similarly, the growing adoption of smart home devices, such as smart speakers, thermostats, and security systems, has heightened the need for robust security measures to protect user data and privacy, thereby boosting the IoT security solution market.

Regionally, North America holds a dominant position in the IoT security solution market, driven by the presence of major technology companies and early adopters of IoT technology. The region's robust technological infrastructure and high awareness regarding cybersecurity further fuel market growth. However, Asia Pacific is expected to witness the highest growth rate during the forecast period, owing to increasing investments in IoT technology, rising cyber threats, and supportive government initiatives aimed at securing digital infrastructure.

Component Analysis

The IoT security solution market by component is segmented into hardware, software, and services. Each of these components plays a vital role in ensuring the security and integrity of IoT devices and networks. The hardware segment includes security devices such as routers, firewalls, and gateways that act as the first line of defense against cyber threats. These devices are equipped with advanced security features to monitor and prevent unauthorized access to IoT networks. As the deployment of IoT devices increases, the demand for secure and resilient hardware solutions is expected to rise significantly.

The software segment encompasses various security solutions designed to protect IoT devices and networks. This includes antivirus software, encryption tools, and security management platforms that provide comprehensive protection against cyber threats. The software solutions are constantly evolving to address new and emerging threats in the IoT landscape. The increasing complexity of cyber-attacks and the need for real-time threat detection and response are driving the growth of the software segment in the IoT security solution market.

Services form an integral part of the IoT security solution market, offering support and maintenance for hardware and software solutions. This segment includes consulting services, managed security services, and professional services such as integration and implementation. Organizations often rely on third-party service providers to manage their IoT security needs, ensuring that their systems are up-to-date and compliant with regulatory standards. The demand for specialized IoT security services is exp

Article Information

The work involved in developing the dataset and benchmarking its use of machine learning is set out in the article ‘IoMT-TrafficData: Dataset and Tools for Benchmarking Intrusion Detection in Internet of Medical Things’. DOI: 10.1109/ACCESS.2024.3437214.

Please do cite the aforementioned article when using this dataset.

Abstract

The increasing importance of securing the Internet of Medical Things (IoMT) due to its vulnerabilities to cyber-attacks highlights the need for an effective intrusion detection system (IDS). In this study, our main objective was to develop a Machine Learning Model for the IoMT to enhance the security of medical devices and protect patients’ private data. To address this issue, we built a scenario that utilised the Internet of Things (IoT) and IoMT devices to simulate real-world attacks. We collected and cleaned data, pre-processed it, and provided it into our machine-learning model to detect intrusions in the network. Our results revealed significant improvements in all performance metrics, indicating robustness and reproducibility in real-world scenarios. This research has implications in the context of IoMT and cybersecurity, as it helps mitigate vulnerabilities and lowers the number of breaches occurring with the rapid growth of IoMT devices. The use of machine learning algorithms for intrusion detection systems is essential, and our study provides valuable insights and a road map for future research and the deployment of such systems in live environments. By implementing our findings, we can contribute to a safer and more secure IoMT ecosystem, safeguarding patient privacy and ensuring the integrity of medical data.

ZIP Folder Content

The ZIP folder comprises two main components: Captures and Datasets. Within the captures folder, we have included all the captures used in this project. These captures are organized into separate folders corresponding to the type of network analysis: BLE or IP-Based. Similarly, the datasets folder follows a similar organizational approach. It contains datasets categorized by type: BLE, IP-Based Packet, and IP-Based Flows.

To cater to diverse analytical needs, the datasets are provided in two formats: CSV (Comma-Separated Values) and pickle. The CSV format facilitates seamless integration with various data analysis tools, while the pickle format preserves the intricate structures and relationships within the dataset.

This organization enables researchers to easily locate and utilize the specific captures and datasets they require, based on their preferred network analysis type or dataset type. The availability of different formats further enhances the flexibility and usability of the provided data.

Datasets' Content

Within this dataset, three sub-datasets are available, namely BLE, IP-Based Packet, and IP-Based Flows. Below is a table of the features selected for each dataset and consequently used in the evaluation model within the provided work.

Identified Key Features Within Bluetooth Dataset

Feature	Meaning
btle.advertising_header	BLE Advertising Packet Header
btle.advertising_header.ch_sel	BLE Advertising Channel Selection Algorithm
btle.advertising_header.length	BLE Advertising Length
btle.advertising_header.pdu_type	BLE Advertising PDU Type
btle.advertising_header.randomized_rx	BLE Advertising Rx Address
btle.advertising_header.randomized_tx	BLE Advertising Tx Address
btle.advertising_header.rfu.1	Reserved For Future 1
btle.advertising_header.rfu.2	Reserved For Future 2
btle.advertising_header.rfu.3	Reserved For Future 3
btle.advertising_header.rfu.4	Reserved For Future 4
btle.control.instant	Instant Value Within a BLE Control Packet
btle.crc.incorrect	Incorrect CRC
btle.extended_advertising	Advertiser Data Information
btle.extended_advertising.did	Advertiser Data Identifier
btle.extended_advertising.sid	Advertiser Set Identifier
btle.length	BLE Length
frame.cap_len	Frame Length Stored Into the Capture File
frame.interface_id	Interface ID
frame.len	Frame Length Wire
nordic_ble.board_id	Board ID
nordic_ble.channel	Channel Index
nordic_ble.crcok	Indicates if CRC is Correct
nordic_ble.flags	Flags
nordic_ble.packet_counter	Packet Counter
nordic_ble.packet_time	Packet time (start to end)
nordic_ble.phy	PHY
nordic_ble.protover	Protocol Version

Identified Key Features Within IP-Based Packets Dataset

Feature	Meaning
http.content_length	Length of content in an HTTP response
http.request	HTTP request being made
http.response.code	Sequential number of an HTTP response
http.response_number	Sequential number of an HTTP response
http.time	Time taken for an HTTP transaction
tcp.analysis.initial_rtt	Initial round-trip time for TCP connection
tcp.connection.fin	TCP connection termination with a FIN flag
tcp.connection.syn	TCP connection initiation with SYN flag
tcp.connection.synack	TCP connection establishment with SYN-ACK flags
tcp.flags.cwr	Congestion Window Reduced flag in TCP
tcp.flags.ecn	Explicit Congestion Notification flag in TCP
tcp.flags.fin	FIN flag in TCP
tcp.flags.ns	Nonce Sum flag in TCP
tcp.flags.res	Reserved flags in TCP
tcp.flags.syn	SYN flag in TCP
tcp.flags.urg	Urgent flag in TCP
tcp.urgent_pointer	Pointer to urgent data in TCP
ip.frag_offset	Fragment offset in IP packets
eth.dst.ig	Ethernet destination is in the internal network group
eth.src.ig	Ethernet source is in the internal network group
eth.src.lg	Ethernet source is in the local network group
eth.src_not_group	Ethernet source is not in any network group
arp.isannouncement	Indicates if an ARP message is an announcement

Identified Key Features Within IP-Based Flows Dataset

Feature	Meaning
proto	Transport layer protocol of the connection
service	Identification of an application protocol
orig_bytes	Originator payload bytes
resp_bytes	Responder payload bytes
history	Connection state history
orig_pkts	Originator sent packets
resp_pkts	Responder sent packets
flow_duration	Length of the flow in seconds
fwd_pkts_tot	Forward packets total
bwd_pkts_tot	Backward packets total
fwd_data_pkts_tot	Forward data packets total
bwd_data_pkts_tot	Backward data packets total
fwd_pkts_per_sec	Forward packets per second
bwd_pkts_per_sec	Backward packets per second
flow_pkts_per_sec	Flow packets per second
fwd_header_size	Forward header bytes
bwd_header_size	Backward header bytes
fwd_pkts_payload	Forward payload bytes
bwd_pkts_payload	Backward payload bytes
flow_pkts_payload	Flow payload bytes
fwd_iat	Forward inter-arrival time
bwd_iat	Backward inter-arrival time
flow_iat	Flow inter-arrival time
active	Flow active duration

IoT Security As A Service Market Outlook

The global IoT Security As A Service market size was valued at approximately $12.5 billion in 2023, and it is projected to reach around $43.8 billion by 2032, growing at a compound annual growth rate (CAGR) of 14.8% during the forecast period from 2024 to 2032. This remarkable growth is driven by the increasing adoption of IoT devices across various industry verticals, coupled with the rising concerns over data security and privacy. As IoT continues to expand, the pressing need to secure these interconnected devices becomes paramount, propelling the demand for robust security solutions.

One of the primary growth factors for the IoT Security As A Service market is the exponential increase in the number of IoT devices. With estimates suggesting that there will be over 75 billion IoT devices globally by 2025, the potential attack surface for cyber threats has expanded significantly. This proliferation necessitates comprehensive security solutions to safeguard sensitive data and ensure the uninterrupted functioning of these devices. Companies are investing heavily in advanced security systems capable of addressing the diverse and complex threats targeting IoT infrastructures.

Another significant growth factor is the rising awareness regarding the economic and reputational impact of cyber-attacks. High-profile security breaches and data leaks have highlighted the vulnerabilities associated with IoT devices and the critical need for robust security measures. Organizations are increasingly prioritizing their cybersecurity budgets to include IoT security solutions, recognizing that a proactive approach is essential to mitigate potential risks and avoid substantial financial losses.

Moreover, regulatory compliance is driving the market for IoT Security As A Service. Governments and regulatory bodies worldwide are implementing stringent data protection laws and security standards to ensure that IoT devices are secure and user data is protected. Compliance with these regulations is not optional, and businesses are compelled to adopt comprehensive IoT security solutions to meet legal requirements and maintain trust with their customers. This trend is particularly pronounced in sectors such as healthcare, finance, and manufacturing, where data security is paramount.

The regional outlook for the IoT Security As A Service market indicates robust growth across various geographies. North America currently holds the largest market share, driven by the early adoption of IoT technologies and stringent regulatory frameworks. Europe is also a significant player, with increasing investments in IoT security due to the General Data Protection Regulation (GDPR). The Asia Pacific region is expected to witness the highest growth rate, fueled by rapid digitalization, a burgeoning IoT ecosystem, and increasing cyber threats in countries like China and India.

Component Analysis

The IoT Security As A Service market can be segmented by components into software, hardware, and services. Each of these components plays a crucial role in securing IoT infrastructure and ensuring seamless operations. The software segment includes various solutions such as encryption, identity and access management, and security analytics. These software solutions are essential for detecting, preventing, and responding to cyber threats. The growth of the software segment is driven by the increasing complexity of cyber-attacks and the need for advanced threat detection and mitigation tools.

Hardware components, such as security chips and modules, are integral to the physical security of IoT devices. These components provide an additional layer of security by ensuring that data is encrypted and devices are authenticated at the hardware level. The demand for hardware security solutions is growing as organizations recognize the importance of securing IoT devices from the ground up. Innovations in hardware security, such as Trusted Platform Modules (TPMs) and secure elements, are enhancing the overall security posture of IoT ecosystems.

The services segment encompasses a wide range of offerings, including consulting, implementation, and managed security services. These services are crucial for helping organizations design, deploy, and manage their IoT security strategies. The growing complexity of IoT environments and the shortage of skilled cybersecurity professionals are driving the demand for managed security services. Organizations are increasingly relying on third-party experts to manage their IoT security needs, allowing them to focus on

INFO ABOUT THE BOT-IOT DATASET, NOTE: only the csv files stated in the description are used

The BoT-IoT dataset can be downloaded from HERE. You can also use our new datasets: the TON_IoT and UNSW-NB15.

--------------------------------------------------------------------------

The BoT-IoT dataset was created by designing a realistic network environment in the Cyber Range Lab of UNSW Canberra. The network environment incorporated a combination of normal and botnet traffic. The dataset’s source files are provided in different formats, including the original pcap files, the generated argus files and csv files. The files were separated, based on attack category and subcategory, to better assist in labeling process.

The captured pcap files are 69.3 GB in size, with more than 72.000.000 records. The extracted flow traffic, in csv format is 16.7 GB in size. The dataset includes DDoS, DoS, OS and Service Scan, Keylogging and Data exfiltration attacks, with the DDoS and DoS attacks further organized, based on the protocol used.

To ease the handling of the dataset, we extracted 5% of the original dataset via the use of select MySQL queries. The extracted 5%, is comprised of 4 files of approximately 1.07 GB total size, and about 3 million records.

--------------------------------------------------------------------------

Free use of the Bot-IoT dataset for academic research purposes is hereby granted in perpetuity. Use for commercial purposes should be agreed by the authors. The authors have asserted their rights under the Copyright. To whom intent the use of the Bot-IoT dataset, the authors have to cite the following papers that has the dataset’s details: .

Koroniotis, Nickolaos, Nour Moustafa, Elena Sitnikova, and Benjamin Turnbull. "Towards the development of realistic botnet dataset in the internet of things for network forensic analytics: Bot-iot dataset." Future Generation Computer Systems 100 (2019): 779-796. Public Access Here.

Koroniotis, Nickolaos, Nour Moustafa, Elena Sitnikova, and Jill Slay. "Towards developing network forensic mechanism for botnet activities in the iot based on machine learning techniques." In International Conference on Mobile Networks and Management, pp. 30-44. Springer, Cham, 2017.

Koroniotis, Nickolaos, Nour Moustafa, and Elena Sitnikova. "A new network forensic framework based on deep learning for Internet of Things networks: A particle deep framework." Future Generation Computer Systems 110 (2020): 91-106.

Koroniotis, Nickolaos, and Nour Moustafa. "Enhancing network forensics with particle swarm and deep learning: The particle deep framework." arXiv preprint arXiv:2005.00722 (2020).

Koroniotis, Nickolaos, Nour Moustafa, Francesco Schiliro, Praveen Gauravaram, and Helge Janicke. "A Holistic Review of Cybersecurity and Reliability Perspectives in Smart Airports." IEEE Access (2020).

Koroniotis, Nickolaos. "Designing an effective network forensic framework for the investigation of botnets in the Internet of Things." PhD diss., The University of New South Wales Australia, 2020.

--------------------------------------------------------------------------

Internet of Things Security Market Outlook

The global Internet of Things (IoT) Security market size is witnessing remarkable growth, with predictions estimating it to expand from USD 12.5 billion in 2023 to USD 54.5 billion by 2032, growing at a CAGR of 17.5% during the forecast period. This exponential growth is driven by the increasing proliferation of IoT devices across various sectors and the rising threats of cyberattacks, necessitating robust security solutions. As IoT becomes more ingrained in daily life and business operations, the demand for comprehensive security solutions is becoming increasingly critical. The escalation in smart device adoption, coupled with the advancement in technologies such as AI and machine learning, is propelling the need for enhanced IoT security solutions globally.

One of the primary growth factors in the IoT Security market is the burgeoning number of IoT devices across industries, creating a broader attack surface for potential cyber threats. With billions of devices connected globally, every new device being added represents a potential vulnerability. Businesses, especially those within sensitive industries such as healthcare and finance, are investing heavily in IoT security solutions to safeguard their data and operations. The rapid digital transformation in various sectors has compelled organizations to prioritize the implementation of strict security measures to protect their IoT ecosystems. Moreover, governmental regulations and compliance mandates for data protection have further accelerated the adoption of sophisticated IoT security solutions.

Another significant growth driver is the increasing sophistication of cyber threats, which are evolving in complexity and scale. Hackers are constantly developing new methods to breach systems, with IoT devices often being less secure entry points due to their widespread use and varying security standards. This has heightened the urgency for companies to deploy advanced security measures that can detect and mitigate threats in real-time. The integration of AI and machine learning into security solutions is becoming a crucial factor, as these technologies offer predictive and proactive capabilities to identify potential threats before they manifest into attacks. The ability to offer real-time insights and automated responses is a significant lever for growth in the IoT security market.

The expansion of cloud-based services is another catalyst for the market's growth. As more businesses leverage the cloud for IoT device management and data storage, security concerns around cloud infrastructure have surged. This has led to increased demand for cloud security solutions tailored specifically for IoT environments. The scalability, cost-effectiveness, and flexibility of cloud-based security solutions make them an attractive option for enterprises looking to secure their IoT networks. Additionally, the trend towards decentralized networks and edge computing is creating new security challenges and opportunities, further driving the demand for innovative IoT security solutions.

In terms of regional outlook, North America holds the largest market share in the IoT Security market, driven by the presence of major technology companies and a high rate of IoT adoption across various sectors including healthcare, manufacturing, and smart homes. The region's advanced infrastructure and technological expertise contribute to its dominant position. However, the Asia Pacific region is expected to witness the highest growth rate, with a projected CAGR of 19.5% during the forecast period. This growth is fueled by rapid industrialization, increasing investments in smart city projects, and a growing awareness of cybersecurity. Europe also plays a significant role, with stringent regulations around data protection driving the market forward. The Middle East & Africa and Latin America are also anticipated to see steady growth as IoT technology continues to penetrate these regions.

Component Analysis

The IoT Security market is segmented by components into solutions and services, both of which are essential in creating a comprehensive security framework for IoT systems. Solutions comprise software suites that offer functionalities like encryption, identity access management, and anomaly detection, among others. These solutions are pivotal in ensuring the secure operation of IoT devices by preventing unauthorized access and data breaches. As the technological landscape evolves, there is a growing emphasis on developing more sophisticated solutions that incorporate AI and machine learning to provide real-time threat detection and mitigat

This dataset represents the baseline benign and attack traffic for IoT (Internet of Things) consumer devices that may be representative of a smart-home network. The purpose of this dataset, in comparison to other IoT datasets, is to simplify the input data in terms of size and its ability to be interpreted under different scenarios.

A wireshark column template is provided to add extra columns of interest beyond the default view (view bottom right profile area in wireshark, right-click and "import" zip file below) - wiresharkprofile_template.zip

The dataset is provided in PCAP format (readable by Wireshark or other platforms) and is categorized as follows:

IoT SETUP (real network traffic patterns to represent setup exchanges for common IoT devices) - iot_setup_plug1_an.pcapng - iot_setup_bulb1_an.pcapng

IoT BENIGN IDLE (Network traffic associated with IoT devices on the network that are on, but only in a standby state) - all_idle_1Hrs_an.pcapng - all_idle_5Hrs_an.pcapng - all_idle_10Hrs_part1_an.pcapng - all_idle_10Hrs_part2_an.pcapng

IoT BENIGN ACTIVE (Network traffic associated with IoT devices on the network that are active and in use) - all_active_1Hrs_an.pcapng - all_active_5Hrs_an.pcapng - all_active_10Hrs_part1_an.pcapng - all_active_10Hrs_part2_an.pcapng

IoT ATTACK TRAFFIC (Kali Linux HPING3 from 192.168.100.240 attack machine using ICMP Floods and SYN Floods as Attacks for four (4) IoT device targets in use)
- ICMP flood of IoT Camera 1 (192.168.100.11) - two separate segments of flood attack within five minute session - ICMP flood of IoT EchoShow (192.168.100.21) - two separate segments of flood attack within five minute session - ICMP flood of IoT plug1 (192.168.100.31) - two separate segments of flood attack within five minute session - ICMP flood of IoT lightbulb1 (192.168.100.41) - two separate segments of flood attack within five minute session - SYN flood of IoT Camera 1 (192.168.100.11) - SYN flood of IoT EchoShow (192.168.100.21)
- SYN flood of IoT plug1 (192.168.100.31)
- SYN flood of IoT lightbulb1 (192.168.100.41)

This academic work is part of ongoing dissertation research at Colorado State University. All credit should reference the authors David Weissman (PhD Candidate) and Dr. Anura Jayasumana (Professor) - copyright (c) 2023-2024.

Datasets are subject to revisions or enhancements over time.