DataSense: CIC IIoT Dataset 2025 - Industrial IoT Security with DDoS, Ransomware, and Advanced Attacks

Overview

The DataSense: CIC IIoT Dataset 2025 is the latest industrial IoT cybersecurity dataset from the Canadian Institute for Cybersecurity (CIC) at the University of New Brunswick, designed to support intrusion detection and anomaly detection research in industrial environments.

Data Collection

• Captured from a realistic testbed simulating industrial control systems with multiple IIoT devices and protocols (Modbus, MQTT, CoAP, OPC UA).
• The dataset includes both benign operational traffic and 34 distinct types of cyberattacks targeting IIoT infrastructure.
• Network traffic was collected at multiple vantage points to capture both device-level and network-level behavior.

Attack Categories

• DDoS Attacks: Multiple distributed denial-of-service variants targeting IIoT services and gateways.
• Ransomware: Simulated ransomware infections spreading through IIoT networks and encrypting operational data.
• Data Exfiltration: Scenarios where sensitive industrial data is stolen through covert channels.
• Man-in-the-Middle (MitM): Interception and manipulation of IIoT protocol communications.
• Advanced Persistent Threats (APT): Multi-stage attacks simulating nation-state level intrusions.
• Protocol-specific attacks: Exploits targeting Modbus, MQTT, and other IIoT protocols.

Features and Format

• Flow-based features extracted using CICFlowMeter, including packet statistics, byte distributions, flag counts, and timing information.
• Labeled dataset with attack type and timestamp for supervised learning.
• Both CSV format (processed features) and PCAP files (raw network captures) available.

Use Cases

• Training and benchmarking Intrusion Detection Systems (IDS) for industrial IoT environments.
• Developing machine learning models for real-time threat detection in critical infrastructure.
• Research on protocol-aware security mechanisms and anomaly detection in IIoT networks.