Cyber-Security-Dataset-collections

Awesome Cyber-Security Data-sets Collection 😛

Please contribute to this list with new datasets by sending me a pull request or by contacting me at @hackinfinity.

Happy learning!

Datasets

• Unified Host and Network Dataset - The Unified Host and Network Dataset is a subset of network and computer (host) events collected from the Los Alamos National Laboratory enterprise network over the course of approximately 90 days. The host event logs originated from most enterprise computers running the Microsoft Windows operating system on Los Alamos National Laboratory's (LANL) enterprise network. The network event data originated from many of the internal enterprise routers within the LANL enterprise network.
• Comprehensive, Multi-Source Cyber-Security Events - This data set represents 58 consecutive days of de-identified event data collected from five sources within Los Alamos National Laboratory's corporate, internal computer network.
• User-Computer Authentication Associations in Time - This anonymized data set encompasses 9 continuous months and represents 708,304,516 successful authentication events from users to computers collected from the Los Alamos National Laboratory (LANL) enterprise network.
• SHERLOCK - The dataset is essentially a massive time-series dataset spanning nearly every single kind of software and hardware sensor that can be sampled from a Samsung Galaxy S5 smartphone, without root privileges. The dataset contains over 600 billion data points in over 10 billion data records.
• Canadian Institute for Cybersecurity datasets - Canadian Institute for Cybersecurity datasets are used around the world by universities, private industry and independent researchers.
• AZSecure-data - The AZSecure-data PORTAL currently provides access to Web forums, Internet phishing websites, Twitter data, and other data.
• Credit Card Fraud - The datasets contains transactions made by credit cards in September 2013 by european cardholders. This dataset presents transactions that occurred in two days, where we have 492 frauds out of 284,807 transactions. The dataset is highly unbalanced, the positive class (frauds) account for 0.172% of all transactions.
• KDD Cup 1999 Data - This database contains a standard set of data to be audited, which includes a wide variety of intrusions simulated in a military network environment.
• DDS Dataset Collection - A tar/gzip CSV file from a collection of AWS honeypots. A zip CSV file of domains and a high level classification of dga or legit along with a subclass of either legit, cryptolocker, gox or newgoz.
• UNSW-NB15 data set - This data set has nine families of attacks, namely, Fuzzers, Analysis, Backdoors, DoS, Exploits, Generic, Reconnaissance, Shellcode and Worms. The Argus, Bro-IDS tools are utilised and twelve algorithms are developed to generate totally 49 features with the class label.
• 2017-SUEE-data-set - The data sets contain traffic in and out of the web server of the Student Union for Electrical Engineering (Fachbereichsvertretung Elektrotechnik) at Ulm University. Internal hosts are hosts from within the university network, some of them are cable bound, others connect through one of two wifi services on campus (eduroam and welcome). The data was mixed with attack traffic.
• 2007 TREC Public Spam Corpus - The corpus trec07p contains 75,419 messages: 25220 ham and 50199 spam.
• West Point NSA Data Sets - Snort Intrusion Detection Log. Domain Name Service Logs. Web Server Logs. Log Server Aggregate Log.
• The ember dataset - The ember dataset is a collection of 1.1 million sha256 hashes from PE files that were scanned sometime in 2017. This repository makes it easy to reproducibly train the benchmark model, extend the provided feature set, or classify new PE files with the benchmark model.
• Malware Training Sets - Today (please refers to blog post date) the collected classified datasets is composed by the following samples: APT1 292 Samples, Crypto 2024 Samples, Locker 434 Samples, Zeus 2014 Samples
• Malicious URLs Dataset - The data set consists of about 2.4 million URLs (examples) and 3.2 million features.
• CTU-13 Dataset - A Labeled Dataset with Botnet, Normal and Background traffic.
• The ADFA Intrusion Detection Datasets - This dataset provides a contemporary Linux dataset for evaluation by traditional HIDS. This dataset provides a contemporary Windows dataset for evaluation by HIDS.
• Web Attack Payloads - A collection of web attack payloads.
• Machine-Learning-driven-Web-Application-Firewall - Set of good and bad queries to a web application firewall.
• PCAP files - Malware Traffic, Network Forensics, SCADA/ICS Network Captures, Packet Injection Attacks / Man-on-the-Side Attacks...
• The Drebin Dataset - The dataset contains 5,560 applications from 179 different malware families. The samples have been collected in the period of August 2010 to October 2012 and were made available to us by the MobileSandbox project.
• Phishing Websites Data Set - In this dataset, we shed light on the important features that have proved to be sound and effective in predicting phishing websites. In addition, we propose some new features.
• cybercrime-tracker - List of labeled malicious URLs.
• Malware Domain List - Malware Domain List.
• Internet-Wide Scan Data Repository - The Censys Projects publishes daily snapshots of what we know about each IPv4 host, Alexa Top Million website, and known X.509 certificate. These datasets contain structured, non-ephemeral JSON records that identify a host's configuration.
• 500K HTTP Headers - Recently we crawled the Top 500K sites (as ranked by Alexa). Following requests from readers we are making available the HTTP Headers for research purposes.
• HTTP DATASET CSIC 2010 - The HTTP dataset CSIC 2010 contains thousands of web requests automatically generated. It can be used for the testing of web attack protection systems. It was developed at the Information Security Institute of CSIC (Spanish Research National Council).
• ISOT datasets - The ISOT Lab has collected through different projects various datasets some of which are available for public sharing. ISOT Web Interactions Dataset (Mouse/Keystroke/Site Actions), ISOT Botnet Dataset...
• ZeuS Tracker - ZeuS Tracker tracks ZeuS Command&Control servers (hosts) around the world and provides you a domain- and a IP-blocklist.
• Feodo Tracker - List of Feodo botnet C&C servers
• Ransomware Tracker - Ransomware Tracker offers various types of blocklists that allows you to block Ransomware botnet C&C traffic.
• URLhaus - URLhaus is a project from abuse.ch with the goal of sharing malicious URLs that are being used for malware distribution.
• Yahoo Password Frequency Corpus - This dataset includes sanitized password frequency lists collected from Yahoo in May 2011.
• SPAM list - List of SPAM messages.
• Web Logs Secrepo - Web logs generated by secrepo community and secrepo web application
• SecRepo - Samples of Security Related Data.
• pcapt - Big repository of PCAP files.
• Threat_Research - Centralized repository to dump threat research data gathered from my network of honeypots.
• Alexa Top 1 Million - CSV dataset with the most popular sites by Alexa.
• Public Security Log Sharing Site - This site contains various free shareable log samples from various systems, security and network devices, applications, etc. The logs are collected from real systems, some contain evidence of compromise and other malicious activity. Wherever possible, the logs are NOT sanitized, anonymized or modified in any way (just as they came from the logging system).
• OpenDNS Top Domains List - The OpenDNS Top Domains List is the top 10,000 domain names our resolvers all over the globe are receiving queries for, sorted by popularity.
• Project Sonar - Project Sonar produces multiple UDP datasets every month. This data is gathered by sending protocol-specific UDP probes across the entire IPv4 address space. The types of probes sent each week continues to expand as the project matures.
• PANDA SHARE - This site stores recordings of executions produced by the PANDA dynamic analysis platform. The goal is to make dyanamic analysis repeatable. Any analysis dynamic analysis, run on the same replay, will produce the same results.
• Stratosphere IPS - Malware captures, Normal captures, mixed captures...
• The Majestic Million - The million domains we find with the most referring subnets.
• Common Crawl - The Common Crawl corpus contains petabytes of data collected over the last 7 years. It contains raw web page data, extracted metadata and text extractions.
• IoT devices captures - This dataset represents the traffic emitted during the setup of 31 smart home IoT devices of 27 different types (4 types are represented by 2 devices each). Each setup was repeated at least 20 times per device-type.
• Website Classification Dataset - The entire selective archive is manually curated, including classification of sites into a two-tiered subject hierarchy. We have made this manually-generated classification information available as an open dataset, in tab-separated column format.
• Aktaion2 Data - The project is meant to be a learning/teaching tool on how to blend multiple security signals and behaviors into an expressive framework for intrusion detection.
• Website Phishing Data Set - We have identified different features related to legitimate and phishy websites and collected 1353 different websites from difference sources.
• Microsoft Malware Classification Challenge - You are provided with a set of known malware files representing a mix of 9 different families. Each malware file has an Id, a 20 character hash value uniquely identifying the file, and a Class, an integer representing one of 9 family names.
• StopForumSpam - The data provided here represents what we believe will only ever ben used to abuse. IP Addresses, domains and usernames listed here will be returned in API results as "blacklisted".