Advanced Persistent Threat (APT) and intrusion detection evaluation dataset for linux systems 2024

Abstract

The novel dataset called Linux-APT Dataset 2024 captures Advanced Persistent Threat (APT) attacks along with other latest and sophisticated payloads. Existing datasets lacks latest attacker's techniques and procedures, APTs tactics and configuration to capture maximum Linux log sources to observe the working and behaviour of an APT in a detailed manner. The environment which supported us in capturing the logs is composed of Linux machines and a centralized logging system configured appropriately to captures and detect all possible events and logs for an APT and other complex intrusion. Unlike Microsoft Windows, Linux logging system are investigated enough and usually systems relies on limited log sources but for an APT, all possible log sources should be evaluated and added to completely analyse the behaviour, trajectory, and operation of an APT. To keep the dataset up to date and realistic, recent payloads and APTs are emulated in the environment. A well-known cyber-security framework ‘MITRE ATT&CK’ is utilised to map the behaviour and operation in a generalized manner after capturing the events and logs. This dataset can be used for training and conducting a variety of experiments to build as well as design the solutions for detecting most recent intrusions and APT attacks for Linux System.