This is a non-IMPACT record, meaning that access to the data is not controlled by IMPACT. For access, see the directions below.

This Resource is offered and provided outside of the IMPACT mediation framework. IMPACT and the IMPACT Coordination Council/Blackfire Technology, Inc. expressly disclaim all conditions, representations and warranties including but not limited to Resource availability, quality, accuracy, non-infringement, and non-interference. All Resource information and access is controlled by entities and under terms that are external to the IMPACT legal framework.


Intrusion Detection Evaluation Dataset (ISCXIDS2012)
External Dataset
External Data Source
University of New Brunswick
56 (lowest rank is 56)

Category & Restrictions

malicious traffic, traffic flow data, simulated attacks, intrusion detection, human behavior


The UNB ISCX IDS 2012 dataset consists of labeled network traces, including full packet payloads in pcap format.

To simulate user behaviour, the behaviours of our Center's users were abstracted into profiles. Agents were then programmed to execute them, effectively mimicking user activity. Attack scenarios were then designed and executed to express real-world cases of malicious behaviour. They were applied in real-time from physical devices via human assistance; therefore, avoiding any unintended characteristics of post-merging network attacks with real-time background traffic. The resulting arrangement has the obvious benefit of allowing the network traces to be labeled. This is believed to simplify the evaluation of intrusion detection systems and provide more realistic and comprehensive benchmarks.

The UNB ISCX 2012 intrusion detection evaluation dataset consists of the following 7 days of network activity (normal and malicious):

Day, Date, Description, Size (GB)

Friday, 11/6/2010, Normal Activity. No malicious activity, 16.1
Saturday, 12/6/2010, Normal Activity. No malicious activity, 4.22
Sunday, 13/6/2010, Infiltrating the network from inside + Normal Activity, 3.95
Monday, 14/6/2010, HTTP Denial of Service + Normal Activity, 6.85
Tuesday, 15/6/2010, Distributed Denial of Service using an IRC Botnet, 23.4
Wednesday, 16/6/2010, Normal Activity. No malicious activity, 17.6
Thursday, 17/6/2010, Brute Force SSH + Normal Activity, 12.3 ;

Additional Details

dataset, detection, intrusion, evaluation, iscxids2012, 916, intrusion detection evaluation dataset (iscxids2012), 2010, inferlink, inferlink corporation, source, external, external data source, corporation, network, unb, consists, activity, labeled, traces, 2012, iscx, payloads, pcap, packet, including, format, ids, normal, malicious, real, user, behaviour, time, denial, service, comprehensive, gb, friday, distributed, execute, abstracted, benefit, brute, assistance, sunday, description, unintended, applied, provide, physical, designed, human, scenarios, botnet, simplify, infiltrating, mimicking, simulate, tuesday, allowing, merging, center, effectively, characteristics, devices, cic, http, executed, arrangement, systems, express, behaviours, attack, wednesday, days, obvious, believed, agents, thursday, irc, post, attacks, benchmarks, size, background, programmed, users, realistic, profiles, force, ssh, saturday, other, traffic, day, avoiding, monday