Generating datasets for anomaly-based intrusion detection systems in iot and industrial iot networks

Ismael Essop, José C. Ribeiro*, Maria Papaioannou, Jonathan Rodriguez, Georgios Zachos, Georgios Mantas

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

12 Downloads (Pure)


Over the past few years, we have witnessed the emergence of Internet of Things (IoT) and Industrial IoT networks that bring significant benefits to citizens, society, and industry. However, their heterogeneous and resource-constrained nature makes them vulnerable to a wide range of threats. Therefore, there is an urgent need for novel security mechanisms such as accurate and efficient anomaly-based intrusion detection systems (AIDSs) to be developed before these networks reach their full potential. Nevertheless, there is a lack of up-to-date, representative, and well-structured IoT/IIoT-specific datasets which are publicly available and constitute benchmark datasets for training and evaluating machine learning models used in AIDSs for IoT/IIoT networks. Contribution to filling this research gap is the main target of our recent research work and thus, we focus on the generation of new labelled IoT/IIoT-specific datasets by utilising the Cooja simulator. To the best of our knowledge, this is the first time that the Cooja simulator is used, in a systematic way, to generate comprehensive IoT/IIoT datasets. In this paper, we present the approach that we followed to generate an initial set of benign and malicious IoT/IIoT datasets. The generated IIoT-specific information was captured from the Contiki plugin “powertrace” and the Cooja tool “Radio messages”.

Original languageEnglish
Article number1528
Pages (from-to)1-31
Number of pages31
Issue number4
Publication statusPublished - 23 Feb 2021


  • Anomaly-based intrusion detection
  • Benign datasets generation
  • Contiki OS
  • Cooja simulator
  • Industrial IoT
  • IoT
  • Malicious datasets generation


Dive into the research topics of 'Generating datasets for anomaly-based intrusion detection systems in iot and industrial iot networks'. Together they form a unique fingerprint.

Cite this