Published October 12, 2022 | Version 1.0
Dataset Open

CESNET-MINER22

  • 1. FIT CTU
  • 2. FIT CTU & CESNET z.s.p.o.
  • 3. CESNET z.s.p.o.

Description

CESNET-MINER22 : Datasets of Cryptomining Communication

This dataset was created to design a detector of cryptominers communication, soon to be published in NordSec 2022 - IT security conference: Plný, R.; Hynek, K.; Čejka; T.: DeCrypto: Finding Cryptocurrency Miners on ISP networks, in Proceedings of the 27th Nordic Conference on Secure IT Systems, 2022.

File named decrypto_dataset_design.csv contains 2,024,903 anonymized flows collected on the national CESNET2 network from December 2021 to February 2022.

File named decrypto_dataset_evaluation.csv contains of 1,075,576 anonymized flows collected on the national CESNET2 network during March 2022.

Both datasets are provided in CSV format and were created by ipfixprobe. See field description provided below.

 

BYTES

Number of transferred bytes (from client to server).

BYTES_REV

Number of transferred bytes in the opposite direction (from server to client).

DST_PORT

Destination port.

LABEL

Flow label. Possible values are:

  • Miner

  • Other

PACKETS

Number of transferred packets (from client to server).

PACKETS_REV

Number of transferred packets in the opposite direction (from server to client).

PPI_PKT_DIRECTIONS

Array of directions of the first 30 packets.

Values:

  • 1 represents direction client->server

  • -1 represents direction server->client.

PPI_PKT_FLAGS

Array of TCP flags of the first 30 packets.

PPI_PKT_LENGTHS

Array of packet sizes of the first 30 packets.

PPI_PKT_TIMES

Array of timestamps of intercept of the first 30 packets.

PROTOCOL

Used protocol on the Transport layer of the ISO/OSI.

TCP is represented by the value 6.

SRC_PORT

Source port.

TCP_FLAGS

TCP flags of the first packet (sent by client).

TCP_FLAGS_REV

TCP flags of the first packer from the opposite direction (sent by server).

TIME_FIRST

Time of interception of the first packet in the flow.

TIME_LAST

Time of interception of the last packet in the flow.

Notes

Acknowledgements This research was funded by the Ministry of Interior of the Czech Republic, grant No. VJ02010024: Flow-Based Encrypted Traffic Analysis and also by the Grant Agency of the CTU in Prague, grant No. SGS20/210/OHK3/3T/18 funded by the MEYS of the Czech Republic.

Files

Files (350.4 MB)

Name Size Download all
md5:723a88b5b930b3af5ae1b6e120fb5ab2
350.4 MB Download