This dataset contains benign Audio Video Transport Protocol (AVTP) packet captures from our physical automotive Ethernet testbed. Also, we demonstrate a replay attack on the automotive Ethernet to achieve the intrusion dataset.

We suppose that an attacker injects arbitrary stream AVTP data units (AVTPDUs) into the IVN. The goal of the attacker is to output a single video frame, at a terminal application connected to the AVB listener, by injecting previously generated AVTPDUs during a certain period. To demonstrate the attack, we extract 36 continuous stream AVTPDUs (single-MPEG-frame.pcap) from one of our AVB datasets; the extracted AVTPDUs constitute one video frame. Then, the attacker performs a replay attack by sending the 36 stream AVTPDUs repeatedly. Check *_injected.pcap files for the result of the replay attack.


The following devices are connected to our automotive Ethernet testbed:


The dataset contains four benign (attack-free) packet captures. 

Labeling the dataset

If you are willing to do some research for intrusion detection, you need to label packets in *_injected.pcap files. You can make packet-by-packet labels through the examination whether entire frame of each packet in *_injected.pcap is in single-MPEG-frame.pcap. Otherwise, you may want to refer to our example code in Jupyter Notebook (link). Thank you for your consideration. 


To analyze the packet captures, we recommend researchers use Wireshark and the following plug-ins:

Download the dataset

You can access the dataset via IEEE DataPort


Seonghoon Jeong, Boosun Jeon, Boheung Chung, and Huy Kang Kim, "Convolutional neural network-based intrusion detection system for AVTP streams in automotive Ethernet-based networks," Vehicular Communications, DOI: 10.1016/j.vehcom.2021.100338.