logo

UWF Network Traffic Flow Datasets

UWF Network Traffic Flow Datasets

The complete set of files are in PCAP and parquet formats and available at: https://datasets.uwf.edu/data/. This dataset consists of Zeek data files labelled using the MITRE ATT&CK Framework. The files in csv format are a subset of the files in parquet format, mainly made available for people who do not have access to "Big Data" technologies.

Data Card

Details about the CSV files:

Due to the fact that Excel's display limit is 1 million rows, the CSV file has only 1 million rows of data. Other details:

This document contains:

  1. Zeek Files and File Descriptions
  2. Attributes in Zeek Files
  3. Number of Records in Each File
  4. Distribution of Malicious Traffic in UWF-Zeekdata22
  5. MITRE ATT&CK Techniques in UWF-ZeekData22
  6. MITRE ATT&CK Tactics in UWF-ZeekData22 Dataset
  7. Un-flattened Tactics Count
  8. Individual File Descriptions

Authors

Members of this Cyber Analytics Research Group (CAR) (past and present):

  1. Faculty Researchers: Dr. Sikha Bagui at bagui@uwf.edu, Dr. Dustin Mink at dmink@uwf.edu, and Dr. Subhash Bagui at sbagui@uwf.edu
  2. Student Doctoral Researchers: Marshall Elam, Mohamed Elbatouty, and Emily Miller
  3. Student Graduate Researchers: Mohammed Alquraishi, Rianna Armour, Sadaf Charkhabi, Asfaw Debelie, Colin Eller, Raymond Freeman, Jadarius Hill, Jiya Huang, Pale Khan, Nitisha Khanavis, Trevor Knie, Pooja Madhalya, Farooq Mahmud, Tom McElroy, Fariha Moomtaheen, Andrew Palmer, Esteban Paredes, Beri Peric, Michael Plain, Russell Plenkers, Ricky Salinas, Peyman Samimi, Sajida Shabanali, Anthony Simpson, Shivani Singh, Sakthi Subramania, Emily Summers, Dae Hyun Sung, Thomas Thibaut, Neha Uppal, Chedlyne Valmyr, and Daniel Wallace
  4. Student Undergraduate Researchers: Andrew Benyacko, Sarah Cameron Germano Correa Silva de Carvalho, Kaio De Silva, Stephan Dulaney Stephanie Eager, Molly Ferguson, Max Fina, Brittany Lane, Joao De Carvalho Linhares, Asmi Mishra, and Peyton Spellings

Cite and Share

If you use any of our data, please cite one or more of the papers below.

  1. T. J. Knie, D. Mink, S. Bagui and S. C. Bagui, "A Graph-Based Infrastructure for Characterizing Structural Risk and Lateral Movement Patterns in APT Campaigns," in IEEE Access, vol. 14, pp. 73812-73841, 2026, https://doi.org/10.1109/ACCESS.2026.3691599

  2. Debelie, A.; Bagui, S.S.; Mink, D.; Bagui, S.C. Class-Specific GAN Augmentation for Imbalanced Intrusion Detection: A Comparative Study Using the UWF-ZeekData22 Dataset. Future Internet 2026, 18, 200. https://doi.org/10.3390/fi18040200

  3. Debelie, A.; Bagui, S.S.; Bagui, S.C.; Mink, D. A Systematic Ablation Study of GAN-Based Minority Augmentation for Intrusion Detection on UWF-ZeekData22. Electronics 2026, 15, 1291. https://doi.org/10.3390/electronics15061291

  4. Freeman, R.; Bagui, S.S.; Bagui, S.C.; Mink, D.; Cameron, S.; Carvalho, G.C.S.D. A Hybrid Time Series Forecasting Model Combining ARIMA and Decision Trees to Detect Attacks in MITRE ATT&CK Labeled Zeek Log Data. Electronics 2026, 15, 871. https://doi.org/10.3390/electronics15040871 (Editor's Choice)

  5. Debelie, A.; Bagui, S.S.; Mink, D.; Bagui, S.C. Class-Specific GAN-Based Minority Data Augmentation for Cyberattack Detection Using the UWF-ZeekData22 Dataset. Technologies 2026, 14, 117. https://doi.org/10.3390/technologies14020117 (Feature Paper)

  6. Freeman, R., Bagui, S.S., Bagui, S.C., Mink, D., Cameron, S., Carvalho, G. C. S. D. (2026). A Hybrid Time Series Forecasting Model Combining ARIMA and Decision Trees to Detect Attacks in MITRE ATT&CK Labeled Zeek Log Data, Electronics, 15(4), 871. https://doi.org/10.3390/electronics15040871

  7. Debelie, A., Bagui, S.S., A., Mink, D., Bagui, S.C. (2026). Class-Specific GAN-Based Minority Data Augmentation for Cyberattack Detection Using the UWF-ZeekData22 Dataset, Technologies, 14(2), 117. https://doi.org/10.3390/technologies14020117

  8. Bagui, S.S., Benyacko, A., Mink, D., Bagui, S.C., Bagchi, A. (2025). Selecting Feature Subsets in Continuous Flow Network Attack Traffic Big Data Using Incremental Frequent Pattern Mining. Algorithms, 18, 795. https://doi.org/10.3390/a18120795

  9. Miller, E.; Mink, D.; Spellings, P.; Bagui, S.S.; Bagui, S.C. Classifying Cyber Ranges: A Case-Based Analysis Using the UWF Cyber Range. Encyclopedia 2025, 5, 162. https://doi.org/10.3390/encyclopedia5040162

  10. Bagui, S.S.; Eller, C.; Armour, R.; Singh, S.; Bagui, S.C.; Mink, D. Analyzing Performance of Data Preprocessing Techniques on CPUs vs. GPUs with and Without the MapReduce Environment. Electronics 2025, 14, 3597. https://doi.org/10.3390/electronics14183597 (Feature Paper)

  11. Bagui, S.S.; Khan, M.P.; Valmyr, C.; Bagui, S.C.; Mink, D. Model Retraining upon Concept Drift Detection in Network Traffic Big Data. Future Internet 2025, 17, 328. https://doi.org/10.3390/fi17080328

  12. Bagui, S.S.; Carvalho, G.C.S.D.; Mishra, A.; Mink, D.; Bagui, S.C.; Eager, S. Detecting Cyber Threats in UWF-ZeekDataFall22 Using K-Means Clustering in the Big Data Environment. Future Internet 2025, 17, 267. https://doi.org/10.3390/fi17060267

  13. Elam, M.; Mink, D.; Bagui, S.S.; Plenkers, R.; Bagui, S.C. Introducing UWF-ZeekData24: An Enterprise MITRE ATT&CK Labeled Network Attack Traffic Dataset for Machine Learning/AI. Data 2025, 10, 59. https://doi.org/10.3390/data10050059

  14. Krebs, R.; Bagui, S.S.; Mink, D.; Bagui, S.C. Applying Multi-CLASS Support Vector Machines: One-vs.-One vs. One-vs.-All on the UWF-ZeekDataFall22 Dataset. Electronics 2024, 13, 3916. https://doi.org/10.3390/electronics13193916 (Feature Paper)

  15. Charkhabi, S.; Samimi, P.; Bagui, S.S.; Mink, D.; Bagui, S.C. Node Classification of Network Threats Leveraging Graph-Based Characterizations Using Memgraph. Computers 2024, 13, 171. https://doi.org/10.3390/computers13070171

  16. Moomtaheen, F.; Bagui, S.S.; Bagui, S.C.; Mink, D. Extended Isolation Forest for Intrusion Detection in Zeek Data. Information 2024, 15, 404. https://doi.org/10.3390/info15070404

  17. Bagui, S.S.; Mink, D.; Bagui, S.C.; Subramaniam, S. Resampling to Classify Rare Attack Tactics in UWF-ZeekData22. Knowledge 2024, 4, 96-119. https://doi.org/10.3390/knowledge4010006

  18. Bagui, S.S.; Mink, D.; Bagui, S.C.; Sung, D.H.; Mahmud, F. Graphical Representation of UWF-ZeekData22 Using Memgraph. Electronics 2024, 13, 1015. https://doi.org/10.3390/electronics13061015

  19. Bagui, S.S.; Mink, D.; Bagui, S.C.; Madhyala, P.; Uppal, N.; McElroy, T.; Plenkers, R.; Elam, M.; Prayaga, S. Introducing the UWF-ZeekDataFall22 Dataset to Classify Attack Tactics from Zeek Conn Logs Using Spark's Machine Learning in a Big Data Framework. Electronics 2023, 12, 5039. https://doi.org/10.3390/electronics12245039

  20. Bagui, S.S.; Mink, D.; Bagui, S.C.; Subramaniam, S. Determining Resampling Ratios Using BSMOTE and SVM-SMOTE for Identifying Rare Attacks in Imbalanced Cybersecurity Data. Computers 2023, 12, 204. https://doi.org/10.3390/computers12100204 (Editor's Choice)

  21. Bagui, S.S.; Mink, D.; Bagui, S.C.; Plain, M.; Hill, J.; Elam, M. Using a Graph Engine to Visualize the Reconnaissance Tactic of the MITRE ATT&CK Framework from UWF-ZeekData22. Future Internet 2023, 15, 236. https://doi.org/10.3390/fi15070236

  22. Bagui, S.; Mink, D.; Bagui, S.; Subramaniam, S.; Wallace, D. Resampling Imbalanced Network Intrusion Datasets to Identify Rare Attacks. Future Internet 2023, 15, 130. https://doi.org/10.3390/fi15040130

  23. Bagui, S.S.; Mink, D.; Bagui, S.C.; Ghosh, T.; Plenkers, R.; McElroy, T.; Dulaney, S.; Shabanali, S. Introducing UWF-ZeekData22: A Comprehensive Network Traffic Dataset Based on the MITRE ATT&CK Framework. Data 2023, 8, 18. https://doi.org/10.3390/data8010018 (Editor's Choice)

  24. Bagui, S.; Mink, D.; Bagui, S.; Ghosh, T.; McElroy, T.; Paredes, E.; Khasnavis, N.; Plenkers, R. Detecting Reconnaissance and Discovery Tactics from the MITRE ATT&CK Framework in Zeek Conn Logs Using Spark's Machine Learning in the Big Data Framework. Sensors 2022, 22, 7999. https://doi.org/10.3390/s22207999

Grants

This research was funded by the National Centers of Academic Excellence in Cybersecurity, 2021 NCAE-C-002: Cyber Research Innovation Grant Program, Grant Number: H98230-21-1-0170.

Licensing Information

These articles and datasets are open access article and datasets distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).