{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,10]],"date-time":"2026-04-10T22:38:23Z","timestamp":1775860703599,"version":"3.50.1"},"reference-count":29,"publisher":"MDPI AG","issue":"1","license":[{"start":{"date-parts":[[2023,1,11]],"date-time":"2023-01-11T00:00:00Z","timestamp":1673395200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/100009226","name":"2021 NCAE-C-002: Cyber Research Innovation Grant Program","doi-asserted-by":"publisher","award":["H98230-21-1-0170"],"award-info":[{"award-number":["H98230-21-1-0170"]}],"id":[{"id":"10.13039\/100009226","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Data"],"abstract":"With the rapid rate at which networking technologies are changing, there is a need to regularly update network activity datasets to accurately reflect the current state of network infrastructure\/traffic. The uniqueness of this work was that this was the first network dataset collected using Zeek and labelled using the MITRE ATT&CK framework. In addition to identifying attack traffic, the MITRE ATT&CK framework allows for the detection of adversary behavior leading to an attack. It can also be used to develop user profiles of groups intending to perform attacks. This paper also outlined how both the cyber range and hadoop\u2019s big data platform were used for creating this network traffic data repository. The data was collected using Security Onion in two formats: Zeek and PCAPs. Mission logs, which contained the MITRE ATT&CK data, were used to label the network attack data. The data was transferred daily from the Security Onion virtual machine running on a cyber range to the big-data platform, Hadoop\u2019s distributed file system. This dataset, UWF-ZeekData22, is publicly available at datasets.uwf.edu.<\/jats:p>","DOI":"10.3390\/data8010018","type":"journal-article","created":{"date-parts":[[2023,1,12]],"date-time":"2023-01-12T02:28:44Z","timestamp":1673490524000},"page":"18","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":33,"title":["Introducing UWF-ZeekData22: A Comprehensive Network Traffic Dataset Based on the MITRE ATT&CK Framework"],"prefix":"10.3390","volume":"8","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-1886-4582","authenticated-orcid":false,"given":"Sikha S.","family":"Bagui","sequence":"first","affiliation":[{"name":"Department of Computer Science, University of West Florida, Pensacola, FL 32514, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0106-3890","authenticated-orcid":false,"given":"Dustin","family":"Mink","sequence":"additional","affiliation":[{"name":"Department of Computer Science, University of West Florida, Pensacola, FL 32514, USA"}]},{"given":"Subhash C.","family":"Bagui","sequence":"additional","affiliation":[{"name":"Department of Mathematics and Statistics, University of West Florida, Pensacola, FL 32514, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1914-711X","authenticated-orcid":false,"given":"Tirthankar","family":"Ghosh","sequence":"additional","affiliation":[{"name":"Department of Computer Science, University of West Florida, Pensacola, FL 32514, USA"}]},{"given":"Russel","family":"Plenkers","sequence":"additional","affiliation":[{"name":"Department of Computer Science, University of West Florida, Pensacola, FL 32514, USA"}]},{"given":"Tom","family":"McElroy","sequence":"additional","affiliation":[{"name":"Department of Computer Science, University of West Florida, Pensacola, FL 32514, USA"}]},{"given":"Stephan","family":"Dulaney","sequence":"additional","affiliation":[{"name":"Department of Computer Science, University of West Florida, Pensacola, FL 32514, USA"}]},{"given":"Sajida","family":"Shabanali","sequence":"additional","affiliation":[{"name":"Department of Computer Science, University of West Florida, Pensacola, FL 32514, USA"}]}],"member":"1968","published-online":{"date-parts":[[2023,1,11]]},"reference":[{"key":"ref_1","unstructured":"(2022, November 15). Available online: https:\/\/datasets.uwf.edu\/."},{"key":"ref_2","unstructured":"(2022, September 16). About Zeek\u2014Book of Zeek. Available online: https:\/\/docs.zeek.org\/en\/master\/about.html."},{"key":"ref_3","unstructured":"(2022, September 19). MITRE ATT&CK. Available online: https:\/\/attack.mitre.org\/."},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"1012","DOI":"10.3103\/S0146411619080121","article-title":"Preparing datasets for training in a neural network system of intrusion detection in industrial systems. Autom","volume":"53","author":"Krundyshev","year":"2019","journal-title":"Control Comput. Sci."},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Almomani, I., Al-Kasasbeh, B., and AL-Akhras, M. (2016). WSN-DS: A Dataset for Intrusion Detection Systems in Wireless Sensor Networks. J. Sens., 2016.","DOI":"10.1155\/2016\/4731953"},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Zago, M., Gil P\u00e9rez, M., and Mart\u00ednez P\u00e9rez, G. (2020). UMUDGA: A dataset for profiling algorithmically generated domain names in botnet detection. Data Brief, 30.","DOI":"10.1016\/j.dib.2020.105400"},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"19","DOI":"10.1016\/j.jnca.2015.11.016","article-title":"A survey of network anomaly detection techniques","volume":"60","author":"Ahmed","year":"2016","journal-title":"J. Netw. Comput. Appl."},{"key":"ref_8","unstructured":"(2022, September 03). DARPA Intrusion Detection Evaluation Dataset. MIT Lincoln Lab. Available online: https:\/\/www.ll.mit.edu\/r-d\/datasets\/1998-darpa-intrusion-detection-evaluation-dataset."},{"key":"ref_9","unstructured":"(2022, September 03). KDD Cup 1999. Available online: http:\/\/kdd.ics.uci.edu\/databases\/kddcup99\/kddcup99.html."},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Tavallaee, M., Bagheri, E., Lu, W., and Ghorbani, A. (2009, January 8\u201310). A detailed analysis of the KDD CUP 99 data set. Proceedings of the Second IEEE Symposium on Computational Intelligence for Security and Defence Applications, Ottawa, ON, Canada.","DOI":"10.1109\/CISDA.2009.5356528"},{"key":"ref_11","first-page":"436","article-title":"Detecting Distributed Denial of Service Attacks Using Data Mining Techniques","volume":"7","author":"Alkasassbeh","year":"2016","journal-title":"Int. J. Adv. Comput. Sci. Appl."},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"Moustafa, N., and Slay, J. (2015). UNSW-NB15: A Comprehensive Data Set for Network Intrusion Detection Systems. Military Communications and Information Systems Conference (MilCIS), IEEE.","DOI":"10.1109\/MilCIS.2015.7348942"},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"411","DOI":"10.1016\/j.cose.2017.11.004","article-title":"UGR\u201916: A New Dataset for the Evaluation of Cyclostationarity-Based Network IDSs","volume":"73","author":"Camacho","year":"2018","journal-title":"Comput. Secur."},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Sharafaldin, I., Habibi Lashkari, A., and Ghorbani, A.A. (2018). A Detailed Analysis of the CICIDS2017 Data Set. ICISSP, Springer. Revised Selected Papers.","DOI":"10.1007\/978-3-030-25109-3_9"},{"key":"ref_15","unstructured":"(2022, September 03). UNB CSE-CIC-IDS2018 on AWS. Available online: https:\/\/www.unb.ca\/cic\/datasets\/ids-2018.html."},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"485","DOI":"10.1109\/JIOT.2021.3085194","article-title":"ToN_IoT: The Role of Heterogeneity and the Need for Standardization of Features and Attack Types in IoT Network Intrusion Data Sets","volume":"9","author":"Booij","year":"2022","journal-title":"IEEE Internet Things J."},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Vasudevan, A., Harshini, E., and Selvakumar, S. (2011, January 4\u20136). SSENet-2011: A network intrusion detection system dataset and its comparison with KDD CUP 99 dataset. Proceedings of the 2011 Second Asian Himalayas International Conference on Internet (AH-ICI), Kathmundu, Nepal.","DOI":"10.1109\/AHICI.2011.6113948"},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"Damasevicius, R., Venckauskas, A., Grigaliunas, S., Toldinas, J., Morkevicius, N., Aleliunas, T., and Smuikys, P. (2020). LITNET-2020: An Annotated Real-World Network Flow Dataset for Network Intrusion Detection. Electronics, 9.","DOI":"10.3390\/electronics9050800"},{"key":"ref_19","unstructured":"(2022, August 03). VMware vSphere Documentation. Available online: https:\/\/docs.vmware.com\/en\/VMware-vSphere\/index.html."},{"key":"ref_20","unstructured":"(2022, August 03). Red Hat Enterprise Linux Operating System. Available online: https:\/\/www.redhat.com\/en\/technologies\/linux-platforms\/enterprise-linux."},{"key":"ref_21","unstructured":"(2022, August 03). Podman. Available online: https:\/\/podman.io\/."},{"key":"ref_22","unstructured":"(2022, August 03). Apache Hadoop. Available online: https:\/\/hadoop.apache.org\/."},{"key":"ref_23","unstructured":"(2022, August 03). Apache Spark\u2014Unified engine for large-scale data analytics. Available online: https:\/\/spark.apache.org\/."},{"key":"ref_24","unstructured":"(2022, August 03). Project Jupyter | Home. Available online: https:\/\/jupyter.org\/."},{"key":"ref_25","first-page":"80","article-title":"Amin. Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains","volume":"1","author":"Hutchins","year":"2011","journal-title":"Lead. Issues Inf. Warf. Secur. Res."},{"key":"ref_26","unstructured":"(2022, August 03). Kali Linux | Penetration Testing and Ethical Hacking Linux Distribution. Available online: https:\/\/www.kali.org\/."},{"key":"ref_27","unstructured":"(2022, August 03). Security Onion Solutions. Available online: https:\/\/securityonionsolutions.com\/."},{"key":"ref_28","unstructured":"Strom, B.E., Applebaum, A., Miller, D.P., Nickels, K.C., Pennington, A.G., and Thomas, C.B. (2022, September 16). Mitre att&ck: Design and Philosophy. Technical Report. Available online: https:\/\/www.mitre.org\/news-insights\/publication\/mitre-attck-design-and-philosophy."},{"key":"ref_29","unstructured":"(2022, September 19). MITRE ATT&CK: Design and Philosophy\u2014Mitre Corporation. Available online: https:\/\/pdf4pro.com\/view\/mitre-att-amp-ck-design-and-philosophy-mitre-corporation-7083ef.html."}],"container-title":["Data"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2306-5729\/8\/1\/18\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T18:03:20Z","timestamp":1760119400000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2306-5729\/8\/1\/18"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,1,11]]},"references-count":29,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2023,1]]}},"alternative-id":["data8010018"],"URL":"https:\/\/doi.org\/10.3390\/data8010018","relation":{},"ISSN":["2306-5729"],"issn-type":[{"value":"2306-5729","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,1,11]]}}}