Dataset of Advanced Persistent Threat (APT) alerts

2019-01-17T16:05:50Z (GMT) by Ibrahim Ghafir
Due to the lack of publicly available data of Advanced Persistent Threat (APT) traffic, we built a synthetic dataset which contains APT alerts. This dataset contains 3676 APT alerts that belong to 1000 APT campaigns. The APT alerts were generated to simulate APT scenarios targeting a university campus network. Each APT scenario takes into consideration the following steps of APT life cycle:
1- Intelligence gathering
2- Point of entry
3- Command and control communication
4- Lateral movement
5- Asset discovery
6- Data exfiltration

The dataset contains the following columns:
[1] Alert type
[2] Timestamp
[3] Source IP address
[4] Source port
[5] Destination IP address
[6] Destination port
[7] Infected machine

The database can be opened in software such as SQLite.

For more details about generating the dataset, please refer to our work in: