![[ICO]](/icons/blank.gif){kind=icon}
![[PARENTDIR]](/icons/back.gif){kind=icon}
![[TXT]](/icons/text.gif){kind=icon}
![[ ]](/icons/compressed.gif){kind=icon}
| Name | Last modified | Size | Description |
|---|---|---|---|---|
| Parent Directory | - | ||
| README.html | 2023-03-16 08:28 | 1.3K | |
| README.md | 2023-03-16 08:28 | 1.2K | |
| test_combined_multiclass.csv.gz | 2022-04-30 20:17 | 6.0M | |
| train_combined_multiclass.csv.gz | 2022-04-30 20:18 | 22M | |
The dataset contains Normal, DGA and Tunneling domain names: i. the total number of normal domains are conformed by the Alexa top one million domains, 3,161 normal domains provided by the Bambenek Consulting feed, and another 177,017 normal domains; ii. the DGA domains were obtained from the repositories of DGA domains of Andrey Abakumov and John Bambenek, corresponding to 51 different malware families; iii. the DNS Tunneling consist of 8000 tunnel domains generated using a set of well known DNS tunneling tools under laboratory conditions: iodine, dnscat2 and dnsExfiltrator.
Labels are assigned in the last column of the CSV files, called “class”, as:
- 0: Bening
- 1: DGA
- 2: TunnelingThe dataset is described in the paper: Palau, F., Catania, C., Guerra, J., García, S. J., & Rigaki, M. (2019). Detecting DNS threats: A deep learning model to rule them all. In XX Simposio Argentino de Inteligencia Artificial (ASAI 2019)-JAIIO 48 (Salta).
The dataset is publicly online at: Palau, Franco, Catania, Guerra, Garcia, & Rigaki. (2022). DNS Threats Dataset (Version 1) [Data set]. Simposio Argentino de Inteligencia Artificial (ASAI), Salta, Argentina. Zenodo. https://doi.org/10.5281/zenodo.6508640