IoT Emulated ICMP/Ping Dataset — Normal and Malicious Traffic [3.2 GB PCAP]

Overview

This Zenodo dataset provides normal and malicious ICMP/Ping traffic generated from an embedded IoT device. It is explicitly related to intrusion detection systems, computer network traffic, and IoT security.

The data generation sequence starts with raw PCAP network traffic generated by an ESP-01s device. The PCAP files are then transformed into Zeek log files, and the logs are extracted into labelled CSV files prepared for machine-learning analysis.

The dataset is useful for studying ICMP flood and Ping flood behaviour in lightweight IoT environments and for evaluating ML-based detection of malicious ICMP/Ping activity.

Column Schema

Key Statistics

• Total Records: Labelled CSV files extracted from Zeek logs; row count not specified on the Zenodo page
• Features: Zeek-derived flow information for ICMP/Ping traffic
• File Format: PCAP, Zeek logs, CSV
• File Size: Raw PCAP archive 3.2 GB; Zeek logs 1.4 MB; extracted CSV dataset 8.8 kB
• Time Period: Published March 26, 2023; modified July 4, 2023
• Device: ESP-01s embedded IoT device

Use Cases

• ICMP/Ping flood intrusion detection
• Embedded IoT traffic classification
• Zeek-to-CSV feature extraction workflows
• Machine-learning evaluation for lightweight IoT network attacks

Source & Attribution

Created by Omar Almorabea, Tariq Khanzada, Muhammad Aslam, Fatheah Hendi, and Ahmad Almorabea. Published on Zenodo with DOI 10.5281/zenodo.7772015 and licensed under CC BY 4.0.