Skip to main content
Zenodo / ArXiv

Gotham Dataset 2025: A Reproducible Large-Scale IoT Network Dataset for Intrusion Detection

IoT Network Security
Jan 30, 2026
90 views
License

Abstract

"Large-scale reproducible IoT network dataset with traffic from 100+ diverse IoT devices including smart home, wearable, and industrial sensors, featuring multiple attack scenarios and benign behavior for intrusion detection research."

Description

Overview

The Gotham Dataset 2025 is a comprehensive, reproducible IoT network security dataset designed to advance intrusion detection and security research in large-scale heterogeneous IoT environments.

Data Collection

  • Network traffic captured from a testbed containing over 100 diverse IoT devices spanning smart home (cameras, thermostats, lights), wearables (fitness trackers), industrial sensors, and smart appliances.
  • Collected in a distributed manner with traffic captured separately for each device at the IoT gateway interface, enabling device-level analysis.
  • The dataset includes both normal operational behavior across multiple days and various attack scenarios injected into the network.

Attack Scenarios

  • Botnet attacks: Mirai and other IoT botnets performing DDoS, scanning, and propagation.
  • Reconnaissance: Network scanning and device fingerprinting attacks.
  • Man-in-the-Middle: Traffic interception and manipulation between IoT devices and cloud services.
  • Data exfiltration: Unauthorized data transmission from compromised devices.

Dataset Structure

  • Over 23.8 GB of network traffic data in PCAP and processed CSV formats.
  • Per-device traffic captures enabling fine-grained analysis of individual IoT device behavior.
  • Rich flow-based features including packet sizes, inter-arrival times, protocol distributions, and behavioral statistics.
  • Labeled data with attack types, timestamps, and device identifiers.

Use Cases

  • Developing and benchmarking IoT-specific intrusion detection systems at scale.
  • Research on device fingerprinting, behavioral profiling, and anomaly detection in heterogeneous IoT networks.
  • Evaluating machine learning models for IoT security in realistic multi-device environments.

📊 View Data Structure

To explore column names, data types, and sample rows, visit the official dataset page on Zenodo / ArXiv.

Preview on Zenodo / ArXiv

Cite This Dataset

Belarbi, Othmane, & others (2025). Gotham Dataset 2025: A Reproducible Large-Scale IoT Network Dataset for Intrusion Detection. [Dataset]. Zenodo. https://doi.org/10.5281/zenodo.14502760

Select your preferred citation style above. The citation will automatically update and you can copy it to your clipboard.

Original source: Zenodo (2025). Visit official page for more details.

Indexed by IoTDataset.com on Jan 30, 2026

Ready to Start Your Research?

Download this dataset directly from the official repository and start building your next breakthrough project.

Download Dataset

Related Topics & Keywords

Share This Research

More in IoT Network Security

View All
Industrial IoT Kaggle

Post-Quantum Cryptography Impact in Industrial IoT

Released in October 2025, this dataset captures performance metrics and network traffic associated with implementing Post-Quantum Cryptography (PQC) in Industrial IoT (IIoT) scenarios. It supports research into the feasibility and overhead of quantum-resistant security protocols on resource-constrained industrial hardware.

Feb 06, 2026
Cybersecurity CIC Repository

CICIoT2023: Large-Scale IoT Attack Traffic Dataset

CICIoT2023 is a large-scale, flow-based network traffic dataset capturing real-time benign and malicious communications in an IoT environment composed of 105 physical devices. The dataset captures traffic traces for 33 attack scenarios grouped into seven categories: DDoS, DoS, Reconnaissance, web-based attacks, brute-force attempts, spoofing, and Mirai malware.

Feb 05, 2026
Smart Home Kaggle

MQTT_UAD: MQTT Under Attack Dataset for Detection of Attacks in IoT Networks Using MQTT Protocol

MQTT_UAD is a public MQTT traffic dataset published in Data in Brief 2025, containing labeled benign and attack scenarios in IoT networks that use the MQTT protocol, designed for training and evaluating intrusion detection systems.

Feb 03, 2026
IoT Security / MQTT DoS and DDoS Mendeley Data

MQTT DoS DDoS IoT Attack Dataset

An MQTT DoS and DDoS IoT attack dataset collected on a Raspberry Pi 3B+ Mosquitto broker over 12 sessions, including three days of normal traffic and several minutes of attack traffic, totaling 424,716 labeled entries for machine learning-based IDS and IPS research.

Feb 03, 2026