【Dataset】Maple-IDS - Network Security Malicious Traffic Detection Dataset

Introduction to the Dataset

The Maple-IDS dataset is a network intrusion detection evaluation dataset designed to enhance the performance and reliability of anomaly-based Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS). As cyber attacks become increasingly sophisticated, having a reliable and up-to-date dataset is crucial for testing and validating IDS and IPS solutions.

The dataset is released by the Network Security Laboratory of Northeast Forestry University and is available for free use and citation.

Laboratory website: Northeast Forestry University Network Security Laboratory

Background of the Dataset Release

Traditional evaluation datasets often suffer from outdated attack traffic and exploitation methods, insufficient traffic diversity, limited attack types, and a lack of features. Additionally, with the widespread adoption of HTTPS/TLS encryption, traditional datasets may not suffice. The Maple-IDS dataset addresses these challenges by providing a comprehensive, modern dataset for intrusion detection research.

Compatibility with CIC-IDS Dataset Code

If your code is designed for training or implementation with the CIC-IDS dataset, you can seamlessly switch to the Maple-IDS dataset. The Maple-IDS dataset is compatible with your previous work and can be used directly to generate CSV files using CICFlowMeter without the need for code rewrites or additional modifications.

Overview of Maple-IDS Dataset Categories (Included Content)

• Content: The dataset includes the latest common attacks, resembling real-world network traffic (PCAP/PCAPNG format).
• Traffic Analysis: Network traffic analysis results generated using CICFlowMeter, labeled based on timestamps, source and destination IP addresses, ports, protocols, and attack types, stored in CSV files.
• DDoS Attacks: The dataset includes DDoS attacks, which are common in real-world network traffic. The dataset’s diversity is enhanced by random content. GET, POST, HEAD, and OPTIONS are the most common HTTP methods.
• Service-specific Traffic Packets and Datasets: We provide datasets for each service (HTTP, HTTPS, SMTP, IMAP, POP3, FTP, SSH, RESTful API, gRPC, WASM).
• Diverse Traffic: The dataset covers various forms of DDoS, including ping, HTTP, TCP, UDP, SYN attacks, and ICMP smuggling.
• N-day Vulnerabilities: The dataset includes n-day vulnerabilities, such as the famous HeartBleed vulnerability in OpenSSL, with plans to include more CVE vulnerabilities in the future.

Upcoming Features

• DPDK, PF_RING Support
• If you have any questions or suggestions, please provide feedback.

Maple-IDS Dataset Generation

We configure traffic by simulating patterns observed in real-world network traffic. Based on HTTP, HTTPS with SM3/4, GOST, and more, we construct abstract user behaviors. Modern protocols and their various implementations, such as SSH, RESTful API, gRPC, WASM, contribute to the dataset’s content.

Tools Provided

During the dataset creation process, we utilized many self-developed tools. These tools are open source and available for free download. Generally, the repositories include tutorials. See: https://github.com/maple-nefu/pcap2para

More tools will be released soon. We are dedicated to improving our work and contributing to the field of malicious traffic detection research.

Dataset Download

Please log in to our laboratory’s official website to download the dataset:

Northeast Forestry University Network Security Laboratory Maple Dataset site

Contact Us

If you have any questions or need assistance, please feel free to contact us:

• Email: maple@nefu.edu.cn
• GitHub: github.com/maple-nefu
• QQ Group: 631300176

Citation and Usage

Please cite our official publication when using our dataset. Thank you!