Powered by OpenAIRE graph
Found an issue? Give us feedback
image/svg+xml art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos Open Access logo, converted into svg, designed by PLoS. This version with transparent background. http://commons.wikimedia.org/wiki/File:Open_Access_logo_PLoS_white.svg art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos http://www.plos.org/ ZENODOarrow_drop_down
image/svg+xml art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos Open Access logo, converted into svg, designed by PLoS. This version with transparent background. http://commons.wikimedia.org/wiki/File:Open_Access_logo_PLoS_white.svg art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos http://www.plos.org/
ZENODO
Dataset
Data sources: ZENODO
Zenodo
Claim

IoT-Zoo Network Traffic 8 hour capture

Research datakeyboard_double_arrow_right Dataset Under curationPublisher:Zenodo
Authors: Bitzki, Leonardo de Jesus; Kreutz, Diego; Nogueira, Angelo;

doi: 10.5281/zenodo.19489364

IoT-Zoo Network Traffic 8 hour capture

Abstract

This dataset consists of 34269178 network packet samples extracted from the IoT-Zoo testbed. It represents a 28800-second execution of a heterogeneous IoT environment, featuring 43 distinct device profiles spanning Urban Observatory, Industrial, e-Health, and Smart Farming domains. Technical Specifications The dataset is the result of a synchronized fusion between two network analysis engines (Scapy and Tshark), providing a high-dimensional view of each packet. Unlike flow-based datasets, this is a packet-level collection, where each row represents an individual network frame. Dataset Characteristics Total Samples: 34269178 packets. Total Features: 17 columns. Trace Duration: 28800 seconds. Device Heterogeneity: Covers telemetry from multiple domains with preserved temporal dynamics. Application Semantics: Includes structured payloads (JSON/XML) replayed from real-world datasets. Column Definitions (Schema) pkt_index: Unique sequential identifier for each packet. ip_ttl: time to live value for the ip header, decreases by 1 at each router. tcp_seq: TCP sequence number, used to identify the sequence of tcp segments. tcp_flags_str: Human-readable TCP flag mnemonics (e.g., PA, S, A) extracted via Scapy. frame.time_epoch: High-precision Unix timestamp of arrival. frame.len: The total length of the Ethernet frame in bytes. ip_src / ip_dst: Source and Destination IPv4 addresses. ip_proto: Layer 3 protocol identifier (e.g., 6 for TCP). tcp.src_port / dst_port: Layer 4 source and destination ports (e.g., 1883 for MQTT). tcp_flags_hex: Raw TCP flags in hexadecimal format (0x00000000), optimized for numerical Machine Learning input. _ws.col.protocol: Application layer protocol identified via Tshark's deep packet inspection (e.g., MQTT, NTP, DNS, RTSP). mqtt.topic: Represents the publish/subscribe channel for MQTT messages, representing the origin topic and device. Only populated for MQTT packets; empty otherwise mqtt.msgtype: MQTT message type. mqtt.qos: MQTT Quality of Service level goes from 0 to 2. mqtt.len: Length of MQTT payload in bytes. Intended Use This CSV is ready for downstream Machine Learning tasks such as: Anomaly Detection: Using frame_len and time_epoch (IAT) to identify volumetric or timing-based attacks. Protocol Classification: Leveraging app_protocol and tcp_flags_hex for identifying IoT-specific behaviors. Security Research: Serving as a baseline for legitimate IoT traffic patterns in heterogeneous environments.

Powered by OpenAIRE graph
Found an issue? Give us feedback