Dataset of Advanced Persistent Threat (APT) alerts GhafirIbrahim 2019 <div>Due to the lack of publicly available data of Advanced Persistent Threat (APT) traffic, we built a synthetic dataset which contains APT alerts. This dataset contains 3676 APT alerts that belong to 1000 APT campaigns. The APT alerts were generated to simulate APT scenarios targeting a university campus network. Each APT scenario takes into consideration the following steps of APT life cycle:</div><div>1- Intelligence gathering</div><div>2- Point of entry</div><div>3- Command and control communication</div><div>4- Lateral movement</div><div>5- Asset discovery</div><div>6- Data exfiltration</div><div><br></div><div>The dataset contains the following columns:</div><div>[1] Alert type</div><div>[2] Timestamp</div><div>[3] Source IP address</div><div>[4] Source port</div><div>[5] Destination IP address</div><div>[6] Destination port</div><div>[7] Infected machine</div><div><br></div><div>The database can be opened in software such as SQLite.</div><div><br></div><div>For more details about generating the dataset, please refer to our work in: https://www.sciencedirect.com/science/article/pii/S0167739X18307532.</div>