DEDALE: Dataset for Evaluating Detection of APT among Logs and Events

DOI

DEDALE is a dataset focused on the detection of APT attacks. It contains both network and host data from the different computers in the emulated IT system. The dataset lasts 4 weeks to reproduce the long lasting characteristics of such attack type. The first two weeks contain only benign activity. From the beginning of the third week, an APT-like attack starts and lasts 8 days. The attack scenario is rather stealthier and there are no brute force or noisy attack types.

The dataset is reproducible. All the scripts and configuration files are available here: https://gitlab.inria.fr/mlanvin/rescousse

More details on the dataset are given here: https://dedale.inria.fr

Rescousse (https://gitlab.inria.fr/mlanvin/rescousse), commit : ba47b61e

pyCapCutter (https://gitlab.inria.fr/mlanvin/pycapcutter), commit : 69a1e1a6

Aura (https://gitlab.inria.fr/mlanvin/aura), commit : ff48c1d6

Scripts de labélisation des données (https://gitlab.inria.fr/mlanvin/dedale_labeling), commit : f148722e

Identifier
DOI https://doi.org/10.57745/Y5JLDG
Metadata Access https://entrepot.recherche.data.gouv.fr/oai?verb=GetRecord&metadataPrefix=oai_datacite&identifier=doi:10.57745/Y5JLDG
Provenance
Creator LANVIN, Maxime ORCID logo; MAJORCZYK, Frederic (ORCID: 0009-0008-9558-397X)
Publisher Recherche Data Gouv
Contributor MAJORCZYK, Frederic; Institut National de Recherche en Informatique et Automatique; Direction générale de l'armement; Entrepôt Recherche Data Gouv
Publication Year 2026
Rights info:eu-repo/semantics/openAccess
OpenAccess true
Contact MAJORCZYK, Frederic (DGA - INRIA - Institut National de Recherche en Informatique et Automatique)
Representation
Resource Type Dataset
Format application/zip; text/markdown
Size 3006480661; 279861801; 1823763749; 5220783533; 174545609657; 151670118577; 160153199017; 165270137529; 117681593724; 114759465338; 150231536232; 91870779657; 55753200627; 61571853593; 66548929642; 64068248698; 4772; 17708649877; 88004443284; 160725518258; 2743195325; 117388783804; 114558528714; 150455868873; 92161625951; 261395024491; 235660215700; 275085120150; 227530293789; 24596811; 10896385060; 2669407; 28204451959; 125537856; 27123250952; 22196076; 3538305367; 415796741; 3405887752; 4396439880
Version 2.0
Discipline Computer Science; ['Intrusion Detection Dataset']; ['Host Computer Logs']; ['Network Capture']; ['Advanced Persistent Threat Detection']; ['Cybersecurity']