This is a non-IMPACT record, meaning that access to the data is not controlled by IMPACT. For access, see the directions below.

This Resource is offered and provided outside of the IMPACT mediation framework. IMPACT and the IMPACT Coordination Council/Blackfire Technology, Inc. expressly disclaim all conditions, representations and warranties including but not limited to Resource availability, quality, accuracy, non-infringement, and non-interference. All Resource information and access is controlled by entities and under terms that are external to the IMPACT legal framework.


Malware Capture Facility Project
External Dataset
External Data Source
Stratosphere Lab
Data collection is ongoing
56 (lowest rank is 56)

Category & Restrictions

malicious traffic, network data, malware


The Stratosphere IPS feeds itself with models created from real malware traffic captures. The Malware Capture Facility Project is in charge of continuously monitoring for new emerging threats, retrieving malicious samples and running them in our facilities to capture the traffic.

Machine learning algorithms need to be verified to find out their precise performance in real data. Specially in network computer security it is really important to have good datasets, because the data in the networks is infinite, changing, varied and with a high concept drift. These issues force us to obtain good datasets to train, verify and test the algorithms.

To make a good verification we need three types of traffic: Malware, Normal and Background. The Malware traffic will include all the things we want to detect, specially C&C (Command and Control) connections. The Normal traffic is very important to find out the real performance of our algorithms by computing the False Positives and True Negatives. The Background traffic is necessary to saturate the algorithms, verify its memory/speed performance and to test if the algorithm gets confused with the data. ; STRATOSPHEREIPS@AGENTS.FEL.CVUT.CZ
This dataset is the subject of ongoing measurement and data collection. As such the data is continuously growing. Researchers who are granted access will be able to download updates for a period of one year after their request.

Additional Details

Size is growing as more data is collected
malware, capture, facility, project, malware capture facility project, 946, source, inferlink corporation, inferlink, corporation, external, external data source, traffic, real, captures, charge, threats, emerging, retrieving, running, malicious, stratosphere, feeds, samples, ips, monitoring, created, models, continuously, facilities, algorithms, performance, specially, verify, normal, datasets, background, test, types, control, positives, precise, cvut, include, false, cz, machine, verified, command, agents, saturate, varied, stratosphereips, negatives, algorithm, train, drift, connections, verification, confused, issues, fel, true, force, other, computing, security, computer, network, speed, networks, learning, detect, concept, infinite, memory, changing