This is a non-IMPACT record, meaning that access to the data is not controlled by IMPACT. For access, see the directions below.

This Resource is offered and provided outside of the IMPACT mediation framework. IMPACT and the IMPACT Coordination Council/Blackfire Technology, Inc. expressly disclaim all conditions, representations and warranties including but not limited to Resource availability, quality, accuracy, non-infringement, and non-interference. All Resource information and access is controlled by entities and under terms that are external to the IMPACT legal framework.


ISOT Botnet Dataset
External Dataset
External Data Source
University of Victoria
51 (lowest rank is 51)

Category & Restrictions

malicious traffic, network data, cyber attack, honeypots, cyber defense


The ISOT Botnet dataset is the combination of several existing publicly available malicious and non-malicious datasets.

Two separate datasets containing malicious traffic from the French chapter of the honeynet project [1] involving the Storm and Waledac botnets were used. Waledac is currently one of the most prevalent P2P botnets and is widely considered as the successor of the Storm botnet with a more decentralized communication protocol. Unlike Storm using overnet as a communication channel, Waledac utilizes HTTP communication and a fast-flux based DNS network exclusively. To represent non-malicious, everyday usage traffic, two different were incorporated datasets, one from the Traffic Lab at Ericsson Research in Hungary [2] and the other from the Lawrence Berkeley National Lab (LBNL) [3]. The Ericsson Lab dataset contains a large number of general traffic from a variety of applications, including HTTP web browsing behavior, World of Warcraft gaming packets, and packets from popular bittorrent clients such as Azureus. We also incorporated all the datasets from the LBNL trace data to provide additional non-malicious background traffic.

Additional Details

university of california berkeley, macos file sharing software, spamming, web navigation, bittorrent, web design, packets, transport layer security, external data source, nuclear research institutes, internet protocol, network packet, vuze, windows file sharing software, uniform resource identifier, waledac botnet, federally funded research and development centers, hypertext transfer protocol, honeynet project, cyberwarfare, university of california berkeley buildings, history of computing, comparison of bittorrent clients, overnet, telecommunication theory, cybercrime, isot botnet dataset, bot, communication channel, cryptographic protocol, communication protocol, fast flux, application layer protocols, background traffic, 1281, united states department of energy national laboratories, university and college laboratories in the united states, research institutes in california, laboratories in california, domain name system, telecom, internet governance, malware, lawrence berkeley national laboratory, inferlink corporation, research institutes in the san francisco bay area, network architecture, secure communication, internet services shut down by a legal challenge, storm botnet, botnet