Unzip the file to access the raw .pcap files. Note that these files can be several gigabytes in size.

While the data inside bd_116.zip is generally benign, these datasets often contain traces of malware communication or exploit attempts (if you are looking at the attack-day subsets). It is best practice to handle these files in a if you are performing deep packet inspection or executing any embedded payloads for forensic research.

It typically contains a subset of "Benign" (normal) network traffic data, which serves as the baseline for identifying anomalies.

Primarily HTTP, HTTPS, FTP, SSH, and standard TCP/UDP background noise.

In its raw form, the data is unlabeled. You must correlate the timestamps in the bd_116 capture with the official attack schedule provided by the CIC to label flows as "Benign." Security Note

The file is part of a large-scale collection of network traffic captures designed to help researchers train machine learning models to distinguish between benign activity and cyber-attacks.

Researchers use this file to extract flow features (like flow duration, packet length, and inter-arrival time) to create a "normal" profile for a network. How to Use the File

Developed by the Canadian Institute for Cybersecurity (CIC) at the University of New Brunswick.

OPEN FREE* DEMAT ACCOUNT