This dataset contains approximately one hour of anonymized traffic traces from a DDoS attack on August 4, 2007 (20:50:08 UTC to 21:56:16 UTC). This type of denial-of-service attack attempts to block access to the targeted server by consuming computing resources on the server and by consuming all of the bandwidth of the network connecting the server to the Internet.

The one-hour trace is split up in 5-minute pcap files. The total size of the dataset is 5.3 GB (compressed; 21 GB uncompressed). Only attack traffic to the victim and responses to the attack from the victim are included in the traces. Non-attack traffic has as much as possible been removed. Traces in this dataset are anonymized using CryptoPAn prefix-preserving anonymization using a single key. The payload has been removed from all packets.

These traces can be read with any software that reads the pcap (tcpdump) format, including the CoralReef Software Suite, tcpdump, Wireshark, and many others.

Acceptable Use Agreement

Access to these data is subject to the terms of the following CAIDA Acceptable Use Agreement

When referencing this data (as required by the AUA), please use:

The CAIDA UCSD "DDoS Attack 2007" Dataset
https://www.caida.org/catalog/datasets/ddos-20070804_dataset

You are required to report your publications using this dataset to CAIDA.

Request Data Access

Request Access to the CAIDA "DDoS Attack 2007" Dataset

DDoS-Related Information at CAIDA

• The 2003 SCO Denial-of-Service Attack
• Inferring Internet Denial-of-Service Activity