The DoH-DGA-Malware-Traffic-HKD dataset

The dataset contains "pcap_files.zip" of DoH traffic generated by PadCrypt [1], Sisron [2], Tinba [3], and Zloader [4].
The dataset includes "csv_files.zip" of statistical traffic features extracted from PCAP files by DoHlyzer [5].
The "l3-malware.csv" is an aggregated CSV file and encloses traffic flows of PadCrypt 840, Sisron 744, Tinba 1808, and Zloader 820.


License

If you use the dataset, please be sure to cite the following paper.

Rikima Mitsuhashi, Yong Jin, Katsuyoshi Iida, Takahiro Shinagawa, and Yoshiaki Takai, 
"Detection of DGA-based Malware Communications from DoH Traffic Using Machine Learning Analysis," 
2023 IEEE 20th Consumer Communications & Networking Conference (CCNC), 2023. 
https://ieeexplore.ieee.org/document/10059835


References

[1] PadCrypt (https://bin.re/blog/the-dga-of-padcrypt/)
[2] Sisron (https://bin.re/blog/the-dga-of-sisron/)
[3] Tinba (https://bin.re/blog/new-top-level-domains-for-tinbas-dga/)
[4] Zloader (https://bin.re/blog/the-dga-of-zloader/)
[5] DoHlyzer (https://github.com/ahlashkari/DoHlyzer)


If you have any questions, contact mitsuhashi@os.ecc.u-tokyo.ac.jp.
March 2023.