IoT-Environment-Dataset

1.1 CONFIGURATION OF IoT ENVIRONMENT

192.168.10.1) Router

192.168.10.2) NUGU

192.168.10.3) EZVIZ home camera

192.168.10.4) Philips Hue

192.168.10.5) Google Home MINI

192.168.10.6) TP-Link home camera

192.168.10.7) Attacker's PC (HTTP Flooding Attack)

192.168.10.10) A cell phone

192.168.10.11) A cell phone

192.168.10.12) A cell phone

192.168.10.13) A cell phone

192.168.10.30) : Attacker's PC (OS & Service Detection Attack, Port Scan Attack)

121.53.216.31) : Daum Kakao Corp.

211.188.147.64) : SK Telecom Corp.

1.2 OVERVIEW OF DATASETS

1. Normal (All IoT)

- Duration : about 34min

- Number of attacks : None

- Number of packets : 125,182 packets

- Description : The traffic consists of various activities of all IoT devices (NUGU, EZVIZ, Hue, Google Home Mini, TP-Link). It mainly smart speakers (NUGU, Google Home Mini) answer to questions of play music, and home cameras (EZVIZ, TP-Link) stream images to a cell phone, and smart bulb (Hue) turn on/off or control the light color of bulbs.

2. Normal (Google Home Mini)

- Duration : about 30min

- Number of attacks : None

- Number of packets : 14,400 packets

- Description : The traffic consists of various activities of Google Home Mini. We asked various questions and request Google Home Mini and tried to manipulate the music function through cellphone.

3. Port Scan Attack

- Attacker : PC (192.168.10.30)

- Target : Google Home Mini (192.168.10.5)

- Duration : about 21sec

- Number of attacks : 2 times

- Number of packets : 8,866 packets

- Description : The attacker did port scanning by sending TCP packets with SYN flag on.

4. OS & Service Detection

- Attacker : PC (192.168.10.30)

- Target : Google Home Mini (192.168.10.5)

- Duration : about 28min

- Number of attacks : 4 times

- Number of packets : 96,097 packets

- Description : The attacker did OS & service detection by sending TCP packets with SYN flag on. Attack intensity could be varied.

5. HTTP Flooding Attack

- Attacker : PC (192.168.10.7)

- Target : Google Home Mini (192.168.10.5 : 8008)

- Duration : about 6min

- Number of attacks : Consistent

- Number of packets : 1,126,070 packets

- Description : The traffic consists of HTTP flooding packets using Flooding attack tool(LOIC) configured as 800 threads and highest speed, so the device (Google Home Mini) stuttered or disconnected from the phone application.

1.3 COMPARISON WITH IoT NETWORK INTRUSION DATASET

This dataset has similarities with our other IoT dataset (IoT Network Intrusion Dataset), so we summarized the difference of two datasets as below.

• This dataset contains traffic of more various IoT devices: two security cameras, two AI speakers and a smart light hub as described in 1.1. Configuration of IoT Environment.

  • IoT Network Intrusion Dataset only contains traffic of two IoT devices: SKT NUGU (NU 100) and EZVIZ Wi-Fi Camera (C2C Mini O Plus 1080P).

• There are less attack scenarios in this dataset; IoT Network Intrusion Dataset includes MITM, flooding attacks besides HTTP flooding, and telnet bruteforce, which are not in this dataset.

• Also, HTTP flooding attacks are in both datasets, but have different attackers and targets.

  • In the case of this dataset, the attacker is the laptop and the target is the IoT device (Google Home Mini).

  • In the case of IoT Network Intrusion Dataset, the attacker is the IoT device (assumed it is compromised by Mirai Botnet) and the target is a victim server.