malicious network dataset

The dataset was collected using honeypots deployed with the Honeytrap agent. The honeypots captured both benign and malicious network traffic, providing valuable insights into different attack behaviors. The dataset consists of 9 features that represent various aspects of network traffic, including both structural and payload data. These features are as follows:

1. Protocol: The communication protocol used in the network traffic, such as HTTP, FTP, or SSH.
2. remote_ip: The IP address of the remote (attacker) system that initiated the connection.
3. remote_port: The port number on the remote system that the connection was made to.
4. local_ip: The IP address of the local (honeypot) system that received the connection.
5. local_port: The port number on the local system that accepted the connection.
6. md5_hash: The MD5 hash of the data payload (if applicable), used for identifying and comparing files or data.
7. sha512_hash: The SHA-512 hash of the data payload (if applicable), providing a more secure representation for identifying files or data.
8. Length: The length of the data payload (in bytes), representing the size of the network traffic.
9. data_hex: The hexadecimal representation of the raw data payload, which can include commands or other information related to the communication.

This dataset was used to train machine learning models to classify the network traffic as either benign or malicious. The features provide valuable information to differentiate between normal communication and suspicious activities, such as potential cyber-attacks.