“…backscatter, DoS, exploits, malware, port scans, shellcode) LBNL [61] port scans NDSec-1 [62] botnet (Citadel), brute force (against FTP, HTTP and SSH), DDoS (HTTP floods, SYN flooding and UDP floods), exploits, probe, spoofing, SSL proxy, XSS/SQL injection NGIDS-DS [19] backdoors, DoS, exploits, generic, reconnaissance, shellcode, worms NSL-KDD [63] DoS, privilege escalation (remote-to-local and user-to-root), probing PU-IDS [64] DoS, privilege escalation (remote-to-local and user-to-root), probing PUF [65] DNS attacks SANTA [35] (D)DoS (ICMP flood, RUDY, SYN flood), DNS amplification, heartbleed, port scans SSENET-2011 [47] DoS (executed through LOIC), port scans (executed through Angry IP Scanner, Nessus, Nmap), various attack tools (e.g. metasploit) SSENET-2014 [66] botnet, flooding, privilege escalation, port scans SSHCure [67] SSH attacks TRAbID [68] DoS (HTTP flood, ICMP flood, SMTP flood, SYN flood, TCP keepalive), port scans (ACK-Scan, FIN-Scan, NULL-Scan, OS Fingerprinting, Service Fingerprinting, UDP-Scan, XMAS-Scan) TUIDS [69], [70] botnet (IRC), DDoS (Fraggle flood, Ping flood, RST flood, smurf ICMP flood, SYN flood, UDP flood), port scans (e.g. FIN-Scan, NULL-Scan, UDP-Scan, XMAS-Scan), coordinated port scan, SSH brute force Twente [71] Attacks against a honeypot with three open services (FTP, HTTP, SSH) UGR'16 [29] botnet (Neris), DoS, port scans, SSH brute force, spam UNIBS [72] none Unified Host and Network [73] not specified UNSW-NB15 [20] backdoors, DoS, exploits, fuzzers, generic, port scans, reconnaissance, shellcode, spam, worms traffic, and comes along with a detailed technical report with additional information.…”