JP: No of Subscriber: Internet: IP-VPN Service Users data was reported at 632,261.000 Unit in Jun 2018. This records an increase from the previous number of 618,566.000 Unit for Mar 2018. JP: No of Subscriber: Internet: IP-VPN Service Users data is updated quarterly, averaging 414,992.000 Unit from Jun 2004 (Median) to Jun 2018, with 57 observations. The data reached an all-time high of 632,261.000 Unit in Jun 2018 and a record low of 224,976.000 Unit in Jun 2004. JP: No of Subscriber: Internet: IP-VPN Service Users data remains active status in CEIC and is reported by Ministry of internal affairs and communications. The data is categorized under Global Database’s Japan – Table JP.TB001: Internet Service Provider and Subscriber.

This feed is filterable by Rank, Host ASN, Network, Days Unresolved, Insidents Reported, Last Reported:
Rank- Rank of UNRESOLVED ISP ABUSE LEADERBOARD
Host ASN- unique number that's available globally to identify an autonomous system
Network - Network in which attack took place
Day Unresolved - amount of days issue was unresolved
Insidents Reported -amount of insidents reported
Last Reported- Date issue was last reported ;

The Image Signal Processor (ISP) IP market is a crucial segment within the semiconductor industry, specializing in processing image signals captured by cameras and sensors to enhance visual quality in various applications. ISPs are integral in industries such as telecommunications, automotive, and consumer electroni

Please refer to the original data article for further data description: Jeřábek & Hynek et al., Collection of datasets with DNS over HTTPS traffic In: Data in Brief Journal ,DOI:10.1016/j.dib.2022.108310

The collection of datasets contains DoH and HTTPS traffic that was captured in a real large ISP network. The data are provided in the form of PCAP files. However, since we needed to anonymize the real captures, we also provided TLS enriched flow data that are generated with opensource ipfixprobe flow exporter. Other than TLS related information is not relevant since the dataset comprises only encrypted TLS traffic. The TLS enriched flow data are provided in the form of CSV files with the following columns:

    Column Name
    Column Description




    DST_IP
    Destination IP address


    SRC_IP
    Source IP address


    BYTES
    The number of transmitted bytes from Source to Destination


    BYTES_REV
    The number of transmitted bytes from Destination to Source


    TIME_FIRST
    Timestamp of the first packet in the flow in format YYYY-MM-DDTHH-MM-SS


    TIME_LAST
    Timestamp of the last packet in the flow in format YYYY-MM-DDTHH-MM-SS


    PACKETS
    The number of packets transmitted from Source to Destination


    PACKETS_REV
    The number of packets transmitted from Destination to Source


    DST_PORT
    Destination port


    SRC_PORT
    Source port


    PROTOCOL
    The number of transport protocol


    TCP_FLAGS
    Logic OR across all TCP flags in the packets transmitted from Source to Destination


    TCP_FLAGS_REV
    Logic OR across all TCP flags in the packets transmitted from Destination to Source


    TLS_ALPN
    The Value of Application Protocol Negotiation Extension sent from Server


    TLS_JA3
    The JA3 fingerprint


    TLS_SNI
    The value of Server Name Indication Extension sent by Client

The DoH resolvers in the dataset can be identified by IP addresses written in doh_resolver_ip.csv file.

The main part of the dataset is located in DoH-Real-World.tar.gz and has the following structure:

. └── data | - Main directory with data └── captured | - Directory with data captured on ISP backbone lines ├── pcap | - ISP backbone PCAPS └── tls-flow-csv | - ISP backbone CSV flow data

Dataset collection statistics:

    Name
    Value




    Total Data Size
    179 GB


    Total Time
    ~10 Days


    Connections
    ~420 M


    Number of unique Client IP addresses
    116,263


    Number of unique Server IP addresses
    9343


    Number of unique DoH Resolver's IP addresses
    142

Please cite the original article:

@article{Jerabek2022, title = {Collection of datasets with DNS over HTTPS traffic}, journal = {Data in Brief}, volume = {42}, pages = {108310}, year = {2022}, issn = {2352-3409}, doi = {https://doi.org/10.1016/j.dib.2022.108310}, url = {https://www.sciencedirect.com/science/article/pii/S2352340922005121}, author = {Kamil Jeřábek and Karel Hynek and Tomáš Čejka and Ondřej Ryšavý} }

OC48 packet header trace from a peering point in a large ISP's network on April 24, 2003.

This dataset was used for training the IoT C&C classifier. It is provided in the form of extended bidirectional flow data. The flow data were generated by ipfixprobe flow exporter and converted into CSV files. Apart from traditional flow information (IP addresses, ports, amount of transferred data), ipfixprobe was set with default timeouts (5 minutes active, 30 s inactive) to generate per-packet information for the first 30 packets. The flow records were then aggregated into 5-minute intervals - when the flow was split due to inactivity, the aggregator then stitched the flow back into a single one.

The column headers in provided CSV files stand for:

    Column Name
    Description




    ipaddr DST_IP
    Source IP address


    ipaddr SRC_IP
    Destination IP address


    uint64 BYTES
    The number of transmitted bytes from SRC->DST


    uint64 BYTES_REV
    The number of transmitted bytes from DST->SRC


    time TIME_FIRST
    Timestamp of the first packet in the flow in format YYYY-MM-DDTHH-MM-SS


    time TIME_LAST
    Timestamp of the last packet in the flow in format YYYY-MM-DDTHH-MM-SS


    macaddr DST_MAC
    Destination MAC address


    macaddr SRC_MAC
    Source MAC address


    uint32 COUNT
    Number of aggregated flow records


    uint32 PACKETS
    The number of packets transmitted from Source to Destination


    uint32 PACKETS_REV
    The number of packets transmitted from Destination to Source


    uint16 DST_PORT
    Destination port


    uint16 SRC_PORT
    Source port


    uint8 DIR_BIT_FIELD
    Flag for distinguishin WAN(1)/LAN(0)


    uint8 PROTOCOL
    The number of transport protocol


    uint8 TCP_FLAGS
    Logic OR across all TCP flags in the packets transmitted SRC->DST


    uint8 TCP_FLAGS_REV
    Logic OR across all TCP flags in the packets transmitted DST->SRC


    int8* PPI_PKT_DIRECTIONS
    Array with packets' direction (1)- SRC->DST, (-1)-DST->SRC


    uint8* PPI_PKT_FLAGS
    Array with packets' TCP flags


    uint16* PPI_PKT_LENGTHS
    Array with packets' payload lengths


    time* PPI_PKT_TIMES
    Array with packets' timestamps

Dataset consists of two parts: a benign part captured on the real ISP network and a malicious part captured in a lab environment.

Bening part captured on the real ISP network This part was created by packet capturing on the metering points located at the perimeter of the CESNET2 network. The metering points monitor 100 Gbps backbone peering lines used by approximately half a million users. We performed packet filtering based on ports for the capture. The CESNET training capture was used as benign traffic in the C&C model training and testing pipeline to cover potential nuances and variability of benign data seen in the ISP-level network. Since we deal with data from the production network, we cannot guarantee a benign nature of all captured communication. However, we verified every IP address according to the internal blocklist of the CESNET association and external ones. We used AbuseIPDB and URLhaus blocklists.

Since we are dealing with the real captures, the IP addresses, and MAC addresses were anonymized.

Malicious part created in the controlled lab-created environment From leaked source codes, we picked one variant from each of the most prevalent client-server IoT botnet families: (1) Tsunami, (2) Gafgyt, (3) Mirai. Each implements a distinct communication protocol; Tsunami is an example of an IRC bot; Gafgyt uses a simple text-based protocol; Mirai implements a custom binary protocol. Afterward, we prepared virtualized testing environment.

We deployed the malware in a controlled manner, filtering out its scanning and exploiting activities. The dataset covers the most notable C&C behavior. As previously recognized, the C&C communication consists of C&C heartbeat and bot commands. Thus, for each of the three prepared malware variants, we first imagine the malware running with no received commands. That includes the initiation of the TCP connection to the C&C server, which continues for one hour. And then, we imagine the malware receiving commands from its C&C server. The position of the command packets is chosen arbitrarily relative to the background heartbeat packets because, in the real-world scenario, the timing of the commands is tied to a random human action.

Directory tree of provided dataset

. ├── README.md ├── benign │ ├── AN_p20-21-25-143-3389.agg.head.csv │ ├── AN_p22.agg.head.csv │ ├── AN_p443.agg.head.csv │ ├── AN_p80.agg.head.csv │ └── AN_p8080.agg.head.csv └── cnc ├── kaiten │ ├── cnc.csv │ ├── command-01.csv │ ├── command-02.csv │ ├── command-03.csv │ ├── command-04.csv │ ├── command-05.csv │ ├── command-06.csv │ ├── command-07.csv │ └── command-08.csv ├── mirai │ ├── cnc.csv │ ├── command-01.csv │ ├── command-02.csv │ ├── command-03.csv │ ├── command-04.csv │ ├── command-05.csv │ ├── command-06.csv │ ├── command-07.csv │ └── command-08.csv └── qbot ├── cnc.csv ├── command-01.csv ├── command-02.csv ├── command-03.csv └── command-04.csv

Acknowledgment This research was funded by the Ministry of Interior of the Czech Republic, grant No. VJ02010024: Flow-Based Encrypted Traffic Analysis and also by the Grant Agency of the CTU in Prague, grant No. SGS20/210/OHK3/3T/18 funded by the MEYS of the Czech Republic.

CESNET-TimeSeries24: The dataset for network traffic forecasting and anomaly detection

The dataset called CESNET-TimeSeries24 was collected by long-term monitoring of selected statistical metrics for 40 weeks for each IP address on the ISP network CESNET3 (Czech Education and Science Network). The dataset encompasses network traffic from more than 275,000 active IP addresses, assigned to a wide variety of devices, including office computers, NATs, servers, WiFi routers, honeypots, and video-game consoles found in dormitories. Moreover, the dataset is also rich in network anomaly types since it contains all types of anomalies, ensuring a comprehensive evaluation of anomaly detection methods.Last but not least, the CESNET-TimeSeries24 dataset provides traffic time series on institutional and IP subnet levels to cover all possible anomaly detection or forecasting scopes. Overall, the time series dataset was created from the 66 billion IP flows that contain 4 trillion packets that carry approximately 3.7 petabytes of data. The CESNET-TimeSeries24 dataset is a complex real-world dataset that will finally bring insights into the evaluation of forecasting models in real-world environments.

Please cite the usage of our dataset as:

Koumar, J., Hynek, K., Čejka, T. et al. CESNET-TimeSeries24: Time Series Dataset for Network Traffic Anomaly Detection and Forecasting. Sci Data 12, 338 (2025). https://doi.org/10.1038/s41597-025-04603-x@Article{cesnettimeseries24, author={Koumar, Josef and Hynek, Karel and {\v{C}}ejka, Tom{\'a}{\v{s}} and {\v{S}}i{\v{s}}ka, Pavel}, title={CESNET-TimeSeries24: Time Series Dataset for Network Traffic Anomaly Detection and Forecasting}, journal={Scientific Data}, year={2025}, month={Feb}, day={26}, volume={12}, number={1}, pages={338}, issn={2052-4463}, doi={10.1038/s41597-025-04603-x}, url={https://doi.org/10.1038/s41597-025-04603-x}}

Time series

We create evenly spaced time series for each IP address by aggregating IP flow records into time series datapoints. The created datapoints represent the behavior of IP addresses within a defined time window of 10 minutes. The vector of time-series metrics v_{ip, i} describes the IP address ip in the i-th time window. Thus, IP flows for vector v_{ip, i} are captured in time windows starting at t_i and ending at t_{i+1}. The time series are built from these datapoints.

Datapoints created by the aggregation of IP flows contain the following time-series metrics:

Simple volumetric metrics: the number of IP flows, the number of packets, and the transmitted data size (i.e. number of bytes)

Unique volumetric metrics: the number of unique destination IP addresses, the number of unique destination Autonomous System Numbers (ASNs), and the number of unique destination transport layer ports. The aggregation of \textit{Unique volumetric metrics} is memory intensive since all unique values must be stored in an array. We used a server with 41 GB of RAM, which was enough for 10-minute aggregation on the ISP network.

Ratios metrics: the ratio of UDP/TCP packets, the ratio of UDP/TCP transmitted data size, the direction ratio of packets, and the direction ratio of transmitted data size

Average metrics: the average flow duration, and the average Time To Live (TTL)

Multiple time aggregation: The original datapoints in the dataset are aggregated by 10 minutes of network traffic. The size of the aggregation interval influences anomaly detection procedures, mainly the training speed of the detection model. However, the 10-minute intervals can be too short for longitudinal anomaly detection methods. Therefore, we added two more aggregation intervals to the datasets--1 hour and 1 day.

Time series of institutions: We identify 283 institutions inside the CESNET3 network. These time series aggregated per each institution ID provide a view of the institution's data.

Time series of institutional subnets: We identify 548 institution subnets inside the CESNET3 network. These time series aggregated per each institution ID provide a view of the institution subnet's data.

Data Records

The file hierarchy is described below:

cesnet-timeseries24/

 |- institution_subnets/

 |   |- agg_10_minutes/.csv

 |   |- agg_1_hour/.csv

 |   |- agg_1_day/.csv

 |   |- identifiers.csv

 |- institutions/

 |   |- agg_10_minutes/.csv

 |   |- agg_1_hour/.csv

 |   |- agg_1_day/.csv

 |   |- identifiers.csv

 |- ip_addresses_full/

 |   |- agg_10_minutes//.csv

 |   |- agg_1_hour//.csv

 |   |- agg_1_day//.csv

 |   |- identifiers.csv

 |- ip_addresses_sample/

 |   |- agg_10_minutes/.csv

 |   |- agg_1_hour/.csv

 |   |- agg_1_day/.csv

 |   |- identifiers.csv

 |- times/

 |   |- times_10_minutes.csv

 |   |- times_1_hour.csv

 |   |- times_1_day.csv

 |- ids_relationship.csv   |- weekends_and_holidays.csv

The following list describes time series data fields in CSV files:

id_time: Unique identifier for each aggregation interval within the time series, used to segment the dataset into specific time periods for analysis.

n_flows: Total number of flows observed in the aggregation interval, indicating the volume of distinct sessions or connections for the IP address.

n_packets: Total number of packets transmitted during the aggregation interval, reflecting the packet-level traffic volume for the IP address.

n_bytes: Total number of bytes transmitted during the aggregation interval, representing the data volume for the IP address.

n_dest_ip: Number of unique destination IP addresses contacted by the IP address during the aggregation interval, showing the diversity of endpoints reached.

n_dest_asn: Number of unique destination Autonomous System Numbers (ASNs) contacted by the IP address during the aggregation interval, indicating the diversity of networks reached.

n_dest_port: Number of unique destination transport layer ports contacted by the IP address during the aggregation interval, representing the variety of services accessed.

tcp_udp_ratio_packets: Ratio of packets sent using TCP versus UDP by the IP address during the aggregation interval, providing insight into the transport protocol usage pattern. This metric belongs to the interval <0, 1> where 1 is when all packets are sent over TCP, and 0 is when all packets are sent over UDP.

tcp_udp_ratio_bytes: Ratio of bytes sent using TCP versus UDP by the IP address during the aggregation interval, highlighting the data volume distribution between protocols. This metric belongs to the interval <0, 1> with same rule as tcp_udp_ratio_packets.

dir_ratio_packets: Ratio of packet directions (inbound versus outbound) for the IP address during the aggregation interval, indicating the balance of traffic flow directions. This metric belongs to the interval <0, 1>, where 1 is when all packets are sent in the outgoing direction from the monitored IP address, and 0 is when all packets are sent in the incoming direction to the monitored IP address.

dir_ratio_bytes: Ratio of byte directions (inbound versus outbound) for the IP address during the aggregation interval, showing the data volume distribution in traffic flows. This metric belongs to the interval <0, 1> with the same rule as dir_ratio_packets.

avg_duration: Average duration of IP flows for the IP address during the aggregation interval, measuring the typical session length.

avg_ttl: Average Time To Live (TTL) of IP flows for the IP address during the aggregation interval, providing insight into the lifespan of packets.

Moreover, the time series created by re-aggregation contains following time series metrics instead of n_dest_ip, n_dest_asn, and n_dest_port:

sum_n_dest_ip: Sum of numbers of unique destination IP addresses.

avg_n_dest_ip: The average number of unique destination IP addresses.

std_n_dest_ip: Standard deviation of numbers of unique destination IP addresses.

sum_n_dest_asn: Sum of numbers of unique destination ASNs.

avg_n_dest_asn: The average number of unique destination ASNs.

std_n_dest_asn: Standard deviation of numbers of unique destination ASNs)

sum_n_dest_port: Sum of numbers of unique destination transport layer ports.

avg_n_dest_port: The average number of unique destination transport layer ports.

std_n_dest_port: Standard deviation of numbers of unique destination transport layer ports.

Moreover, files identifiers.csv in each dataset type contain IDs of time series that are present in the dataset. Furthermore, the ids_relationship.csv file contains a relationship between IP addresses, Institutions, and institution subnets. The weekends_and_holidays.csv contains information about the non-working days in the Czech Republic.

Explore the growing global rack console drawers market, projected to exceed USD 3,800 million by 2033, driven by data center expansion, IT infrastructure demand, and advanced KVM solutions.

The IP Address Lookup market plays a crucial role in the digital landscape by providing invaluable insights into Internet Protocol addresses worldwide. This technology enables businesses and individuals to discern the geographical location, service provider information, and even demographic data associated with IP a

Content: This dataset contains an integrated snapshot of the Internet Topology (year 2012) with corresponding graph models at the IP, Router, PoP, AS and ISP layers.

Purpose: Despite intensive research during the last two decades, the detailed structural composition of the Internet is still opaque to researchers. Nevertheless, due to the importance of Internet maps for the development of more effective routing algorithms, security mechanisms, and resilience management, more detailed insights are required. This article advances the understanding of the Internet structure by integrating data from different large-scale measurement campaigns into a set of comprehensive Internet graphs at different abstraction levels, and analyzes them in terms of important statistics and graph measures.

Design/methodology/approach: This study follows the topology measurement framework suggested by Gunes and Sarac (2009), involving three phases: topology collection, topology construction, and topology analysis.

Findings: An integrated data set of Internet graphs at different abstraction layers is provided that can serve as a baseline for future research on Internet analytics. Furthermore, results of important graph metrics are presented and power-law relationships for the degree distributions on every level of the current Internet are substantiated.

Research limitations/implications: By necessity, the integrated graphs provide a snapshot of the Internet topology. In future work, repeated measurements and automated data integration could lead to a better understanding of Internet dynamics.

Practical implications: Due to increasing dependency on the Internet as a critical global infrastructure, studying Internet connectivity is more important than ever for both companies and Internet service providers. The data set will be made publically available for network research.

Social implications: Understanding the structure of Internet serves as a fundamental step in improving the robustness, security, and privacy of any online service.

Originality/value: By carefully integrating six different traceroute datasets such as iPlane, CAIDA, Carna, DIMES, RIPE Atlas, and RIPE IPv6L, this paper presents the Internet graphs of a substantially larger and thus solid scale than previously known, at well-established abstraction levels such as the IP interface, router, Point of Presence (PoP), Autonomous System (AS), and Internet Service Provider (ISP). Furthermore, by employing a broad diversity of graph measures, this study creates a more exhaustive snapshot of the global Internet topology than earlier works.

Discover the booming core router market forecast to 2033! This in-depth analysis reveals key drivers, trends, and restraints shaping this $15 billion (2025) industry, including the impact of 5G, cloud, and edge computing. Learn about leading players like Cisco and Juniper and explore regional market share insights.

IPRoyal offers all types of proxy products, starting from high-speed residential proxies to a datacenter or ISP proxies. IPRoyal sources its IP pool from its own made proxy infrastructure. The most popular use cases used with proxies are data gathering and web scraping. Proxies allow to avoid blocks and geo-restricted targets.