Publicly available datasets used in DDoS and DDoS-SDN research
| Dataset | Year | # Features | Attacks | DDoS focus | SDN support | Limitations |
|---|---|---|---|---|---|---|
| UNSW-NB15 [6] | 2015 | 49 | DoS, Exploits, Fuzzers, Reconnaissance | Partial | No | Not SDN-aware; class imbalance |
| CIC-IDS2017 [7] | 2017 | 80 | DoS, DDoS, Brute Force, Web attacks | Partial | No | Large size; no SDN context |
| CIC-IDS2018 [8] | 2018 | 80 | Botnet, DoS, DDoS, Web assaults | Partial | No | High imbalance; resource-intensive |
| CIC-DDoS2019 [9] | 2019 | 88 | Multiple DDoS variants (UDP, SYN, HTTP) | Yes | Limited | Large volume; SDN adaptation required |
| SDNFlow [14] | 2018 | 40–50 | DDoS, benign traffic | Yes | Yes | Limited documentation; imbalance |
| InSDN [10] | 2020 | 83 | DDoS, Probe, Botnet, Brute Force | Yes | Yes | High computational cost |
| BoT-IoT (SDN-used) [11] | 2018 | 46 | DDoS, DoS, scanning | Partial | No | Not natively SDN |
| TON-IoT (SDN-used) [12] | 2020 | 44 | DDoS, malware, DoS | Partial | No | Limited SDN awareness |
| CICEV 2023 [13] | 2023 | ∼70 | Authentication-based DDoS | Yes (domain-specific) | No | Highly specialized |
| Dataset | Year | # Features | Attacks | DDoS focus | SDN support | Limitations |
|---|---|---|---|---|---|---|
| UNSW-NB15 [ | 2015 | 49 | DoS, Exploits, Fuzzers, Reconnaissance | Partial | No | Not SDN-aware; class imbalance |
| CIC-IDS2017 [ | 2017 | 80 | DoS, DDoS, Brute Force, Web attacks | Partial | No | Large size; no SDN context |
| CIC-IDS2018 [ | 2018 | 80 | Botnet, DoS, DDoS, Web assaults | Partial | No | High imbalance; resource-intensive |
| CIC-DDoS2019 [ | 2019 | 88 | Multiple DDoS variants (UDP, SYN, HTTP) | Yes | Limited | Large volume; SDN adaptation required |
| SDNFlow [ | 2018 | 40–50 | DDoS, benign traffic | Yes | Yes | Limited documentation; imbalance |
| InSDN [ | 2020 | 83 | DDoS, Probe, Botnet, Brute Force | Yes | Yes | High computational cost |
| BoT-IoT (SDN-used) [ | 2018 | 46 | DDoS, DoS, scanning | Partial | No | Not natively SDN |
| TON-IoT (SDN-used) [ | 2020 | 44 | DDoS, malware, DoS | Partial | No | Limited SDN awareness |
| CICEV 2023 [ | 2023 | ∼70 | Authentication-based DDoS | Yes (domain-specific) | No | Highly specialized |
Sharing content requires targeting cookies to be enabled. Please update your cookie preferences to use this feature.