This is a research project to capture, monitor, analyze and publish long-lived real malware network traffic. The malware is executed with only two restrictions on the output traffic: a limit on the bandwith and the interception of spam. The most important characteristic of this project is the execution of malware during long periods of time, that can go up to several months. The traffic is stored in pcap files, pre-process, analyzed, labeled and made public for the research comunity. The preprocessing includes RRD files with the history of traffic shape, bidirectional Argus flows (both the binary file and the text file), web logs for all the web traffic and a dns report among others. The labels are manually generated by a group of security experts and added to both Argus files and to the weblogs.


The datasets created in this facility are used in the research projects of botnet behavior analysis and anomaly detection. 

If you use these dataset for your own research please reference it accordingly. Also consider a colaboration with the project to make the dataset better.


The researcher in charge of this project is PhD student Sebastian Garcia.

sebastian.garcia at