This is a non-IMPACT record, meaning that access to the data is not controlled by IMPACT. For access, see the directions below.

This Resource is offered and provided outside of the IMPACT mediation framework. IMPACT and the IMPACT Coordination Council/Blackfire Technology, Inc. expressly disclaim all conditions, representations and warranties including but not limited to Resource availability, quality, accuracy, non-infringement, and non-interference. All Resource information and access is controlled by entities and under terms that are external to the IMPACT legal framework.


CIC DoS dataset
External Dataset
External Data Source
University of New Brunswick
52 (lowest rank is 52)

Category & Restrictions

simulated attacks, denial of service


DoS attacks dataset

In this study the focus was on the universal type of application DoS slow-rate attacks that are often seen in two variations: slow send and slow read.

The lack of data with application layer DoS attacks prompted us to create an evaluation dataset. We have set up a testbed environment with a victim webserver running Apache Linux v.2.2.22, PHP5 and Drupal v.7 as a content management system. The attacks were selected to represent the most common types of application layer DoS. We assume that an attacker is non-oblivious, i.e., he understands the attack, knows exactly when and how much traffic to send to maximize the attack damage.

Since the main premise of low-volume DoS attacks is their ability to impact a service without significant resources on an attacker side, the attacks were generated with just enough traffic to impact the targeted service, i.e, the attacks were stopped once a server became unresponsive. As a result we noticed that to be successful it was sufficient for these attacks to produce small amounts of traffic during short periods of time. ;

Additional Details

dos, dataset, cic, 926, cic dos dataset, 2017, external, inferlink corporation, inferlink, corporation, external data source, source, attacks, application, slow, traffic, send, layer, attacker, service, impact, attack, rate, webserver, ability, victim, periods, other, targeted, linux, variations, universal, successful, types, stopped, noticed, unb, resources, produce, environment, management, oblivious, short, time, represent, prompted, php5, main, type, evaluation, maximize, apache, amounts, premise, generated, sufficient, testbed, create, selected, read, common, lack, volume, system, drupal, unresponsive, assume, damage, server, study, focus, content, understands, running, result