Table 1

Publicly available datasets used in DDoS and DDoS-SDN research

DatasetYear# FeaturesAttacksDDoS focusSDN supportLimitations
UNSW-NB15 [6]201549DoS, Exploits, Fuzzers, ReconnaissancePartialNoNot SDN-aware; class imbalance
CIC-IDS2017 [7]201780DoS, DDoS, Brute Force, Web attacksPartialNoLarge size; no SDN context
CIC-IDS2018 [8]201880Botnet, DoS, DDoS, Web assaultsPartialNoHigh imbalance; resource-intensive
CIC-DDoS2019 [9]201988Multiple DDoS variants (UDP, SYN, HTTP)YesLimitedLarge volume; SDN adaptation required
SDNFlow [14]201840–50DDoS, benign trafficYesYesLimited documentation; imbalance
InSDN [10]202083DDoS, Probe, Botnet, Brute ForceYesYesHigh computational cost
BoT-IoT (SDN-used) [11]201846DDoS, DoS, scanningPartialNoNot natively SDN
TON-IoT (SDN-used) [12]202044DDoS, malware, DoSPartialNoLimited SDN awareness
CICEV 2023 [13]2023∼70Authentication-based DDoSYes (domain-specific)NoHighly specialized

or Create an Account

Close Modal
Close Modal