Recently, the technology of the fourth revolution has given the characteristics of things constantly expanding, and everything, including people, things, people, and the environment, is connected based on the Internet. In particular, the network structure is connected to various IoT devices and is changing from wired to wireless. Unlike users who operated each device, other devices can now be operated through gateways inside and outside the smart home. However, these changes have created an environment vulnerable to external attacks, and when an attacker accesses a gateway, he can attempt various attacks, including Port scans, OS&Service detection, and DoS attacks on IoT devices. Therefore, we disclose the dataset below to promote security research on IoT.


We provide IoT environment datasets which include Port Scan, OS & Service Detection, and HTTP Flooding Attack. After setting up the environment of IoT devices, we captured packets using Wireshark.

1.1 CONFIGURATION OF IoT ENVIRONMENT Router NUGU EZVIZ home camera Philips Hue Google Home MINI TP-Link home camera Attacker's PC (HTTP Flooding Attack) A cell phone A cell phone A cell phone A cell phone : Attacker's PC (OS & Service Detection Attack, Port Scan Attack) : Daum Kakao Corp. : SK Telecom Corp.


1. Normal (All IoT)

- Duration : about 34min

- Number of attacks : None

- Number of packets : 125,182 packets

- Description : The traffic consists of various activities of all IoT devices (NUGU, EZVIZ, Hue, Google Home Mini, TP-Link). It mainly smart speakers (NUGU, Google Home Mini) answer to questions of play music, and home cameras (EZVIZ, TP-Link) stream images to a cell phone, and smart bulb (Hue) turn on/off or control the light color of bulbs.

2. Normal (Google Home Mini)

- Duration : about 30min

- Number of attacks : None

- Number of packets : 14,400 packets

- Description : The traffic consists of various activities of Google Home Mini. We asked various questions and request Google Home Mini and tried to manipulate the music function through cellphone.

3. Port Scan Attack

- Attacker : PC (

- Target : Google Home Mini (

- Duration : about 21sec

- Number of attacks : 2 times

- Number of packets : 8,866 packets

- Description : The attacker did port scanning by sending TCP packets with SYN flag on.

4. OS & Service Detection

- Attacker : PC (

- Target : Google Home Mini (

- Duration : about 28min

- Number of attacks : 4 times

- Number of packets : 96,097 packets

- Description : The attacker did OS & service detection by sending TCP packets with SYN flag on. Attack intensity could be varied.

5. HTTP Flooding Attack

- Attacker : PC (

- Target : Google Home Mini ( : 8008)

- Duration : about 6min

- Number of attacks : Consistent

- Number of packets : 1,126,070 packets

- Description : The traffic consists of HTTP flooding packets using Flooding attack tool(LOIC) configured as 800 threads and highest speed, so the device (Google Home Mini) stuttered or disconnected from the phone application.


This dataset has similarities with our other IoT dataset (IoT Network Intrusion Dataset), so we summarized the difference of two datasets as below.

  • This dataset contains traffic of more various IoT devices: two security cameras, two AI speakers and a smart light hub as described in 1.1. Configuration of IoT Environment.

    • IoT Network Intrusion Dataset only contains traffic of two IoT devices: SKT NUGU (NU 100) and EZVIZ Wi-Fi Camera (C2C Mini O Plus 1080P).

  • There are less attack scenarios in this dataset; IoT Network Intrusion Dataset includes MITM, flooding attacks besides HTTP flooding, and telnet bruteforce, which are not in this dataset.

  • Also, HTTP flooding attacks are in both datasets, but have different attackers and targets.

    • In the case of this dataset, the attacker is the laptop and the target is the IoT device (Google Home Mini).

    • In the case of IoT Network Intrusion Dataset, the attacker is the IoT device (assumed it is compromised by Mirai Botnet) and the target is a victim server.


For academic purposes, we are happy to release our datasets. If you want to use our dataset for your experiment, please cite our dataset’s page.

1. Normal (All IoT)

2. Normal (Google Home Mini)

3. Port Scan Attack

4. OS & Service Detection Attack

5. HTTP Flooding Attack

If you want to download dataset, please fill out the questionnaire at the following URL.

Dataset Download Link: Download


Huy Kang Kim (cenda at

4. see also

See also our another dataset containign IoT traffic: IoT Network Intrusion Dataset