Skip to main content

Table 1 Evolving Attacks in the CICIDS2017 Dataset

From: Conceptualisation of Cyberattack prediction with deep learning

Attack ClassDescriptionNumber of Instances
TrainTest
BenignNormal network traffic40031000
Brute forceThis attack is used for password cracking as well as the discovery of hidden pages and content in a web application50001708
HeartbleedThe heartbleed attack emanates from a bug in the OpenSSL cryptography library, which is an implementation of the Transport Layer Security (TLS) protocol65
BotnetThis attack uses a number of devices connected over the Internet to circumvent and exploit vulnerable machines1500466
DoSThe Denial of Service (DoS) attack temporarily or indefinitely disrupts services on a host machine connected to the Internet. These services then become unavailable to the intended users for the period of the attack80003936
DDoSUsually results from a botnet of compromised machines flooding the bandwidth or resources of a victim machine95,00032,538
WebIncludes SQL injection, Cross-Site Scripting (XSS) and Brute force over HTTP:1600580
SQL injection is a code injection technique that is used to attack data-driven applications. An attacker can create a string of SQL commands in order to force the database to divulge its contents.
XSS attack allows attackers to inject client-side scripts into web pages, which are viewed by other users.
Brute force over HTTP enables an attacker to try a list of passwords to find the administrator’s password.
InfiltrationThis is an attack that exploits the vulnerability of a software in order to execute a backdoor on the victim’s machine. This can lead to attacks such as IP Sweep, port scan and service enumerations.700281