CloudAPT: a benchmark dataset to evaluate APT countermeasures in cloud environments

Download

View downloads (42)

File	Format	Size
Report APT attack steps, revision 2	PDF	1.5 MiB
Report Ground truth, revision 1.0	PDF	563 KiB
Readme	MD	4 KiB
Cluster log	GZ	742.2 MiB
Create all tables	SQL	2 KiB
Necessary files	ZIP	153.7 MiB
Day 1 pg	ZIP	2.8 GiB
Day 2 pg	ZIP	4.9 GiB
Day 3 pg	ZIP	4.5 GiB
Day 4 pg	ZIP	6.4 GiB
Day 5 pg	ZIP	2.8 GiB
Day 6 pg	ZIP	4.6 GiB
Day 7 pg	ZIP	4.6 GiB
Day 8 pg	ZIP	2.4 GiB
Provenance graph.tar.gz.part.aa	BIN	1.0 GiB
Provenance graph.tar.gz.part.ab	BIN	1.0 GiB
Provenance graph.tar.gz.part.ac	BIN	1.0 GiB
Provenance graph.tar.gz.part.ad	BIN	1.0 GiB
Provenance graph.tar.gz.part.ae	BIN	1.0 GiB
Provenance graph.tar.gz.part.af	BIN	1.0 GiB
Provenance graph.tar.gz.part.ag	BIN	1.0 GiB
Provenance graph.tar.gz.part.ah	BIN	1.0 GiB
Provenance graph.tar.gz.part.ai	BIN	1.0 GiB
Provenance graph.tar.gz.part.aj	BIN	1.0 GiB
Provenance graph.tar.gz.part.ak	BIN	1.0 GiB
Provenance graph.tar.gz.part.al	BIN	1.0 GiB
Provenance graph.tar.gz.part.am	BIN	1.0 GiB
Provenance graph.tar.gz.part.an	BIN	1.0 GiB
Provenance graph.tar.gz.part.ao	BIN	1.0 GiB
Provenance graph.tar.gz.part.ap	BIN	1.0 GiB
Provenance graph.tar.gz.part.aq	BIN	1.0 GiB
Provenance graph.tar.gz.part.ar	BIN	1.0 GiB
Provenance graph.tar.gz.part.as	BIN	1.0 GiB
Provenance graph.tar.gz.part.at	BIN	1.0 GiB
Provenance graph.tar.gz.part.au	BIN	1.0 GiB
Provenance graph.tar.gz.part.av	BIN	1.0 GiB
Provenance graph.tar.gz.part.aw	BIN	1.0 GiB
Provenance graph.tar.gz.part.ax	BIN	1.0 GiB
Provenance graph.tar.gz.part.ay	BIN	1.0 GiB
Provenance graph.tar.gz.part.az	BIN	1.0 GiB
Provenance graph.tar.gz.part.ba	BIN	1.0 GiB
Provenance graph.tar.gz.part.bb	BIN	502.9 MiB

DOI

Resolve DOI: https://doi.org/10.4224/40003534

Author

Search for: Haque, Md Ariful¹; Search for: Pinto Neto, Euclides Carlos¹ORCID identifier: https://orcid.org/0000-0002-1241-6391; Search for: Pasquier, Thosmas; Search for: Iqbal, Shahrear¹ORCID identifier: https://orcid.org/0000-0001-7819-5715

Affiliation

National Research Council Canada. Digital Technologies

Format

Text, Dataset

Subject

advanced persistent threats (APT); cloud computing; Kubernetes; cybersecurity; provenance graph; deep learning; attack lifecycle; benchmark dataset; APT detection; cloud security

Abstract

In the evolving cybersecurity landscape, Advanced Persistent Threats (APTs) targeting cloud environments pose significant risks to organizations and governments that rely on cloud services. Recent research contributions address critical issues and advance the state-of-the-art, leveraging datasets generated from non-cloud environments. As a result, existing datasets are often inadequate for developing and evaluating robust APT detection mechanisms in cloud contexts. We present a novel benchmark dataset designed to reproduce APT activities in a cloud environment, leveraging a Kubernetes cluster that mirrors the infrastructure used by small to mid-sized organizations. The dataset is generated over eight days covering the entire cloud APT attack lifecycle, including reconnaissance, initial compromise, privilege escalation, lateral movement, and data exfiltration. This dataset provides valuable resources for researching and developing advanced APT countermeasures, featuring interactions from multiple real users while a human attacker conducts malicious activities. The CloudAPT dataset aims to empower researchers to improve cloud security through advanced analytical solutions (e.g., using machine learning).

Publication date

2024-02-20

Publisher

National Research Council Canada

Licence

Open Government Licence - Canada
https://open.canada.ca/en/open-government-licence-canada

Language

English

Export citation

Export as RIS

Collection

NRC Research Data

Record identifier

35799c14-ae14-430b-b79f-44ae22fbd49e

Record created

2025-07-10

Record modified

2025-11-21

Date modified:: 2026-01-20