Due to the lack of publicly available data of Advanced Persistent Threat (APT) traffic, we built a synthetic dataset which contains APT alerts. This dataset contains 3676 APT alerts that belong to 1000 APT campaigns. The APT alerts were generated to simulate APT scenarios targeting a university campus network. Each APT scenario takes into consideration the following steps of APT life cycle:1- Intelligence gathering2- Point of entry3- Command and control communication4- Lateral movement5- Asset discovery6- Data exfiltrationThe dataset contains the following columns:[1] Alert type[2] Timestamp[3] Source IP address[4] Source port[5] Destination IP address[6] Destination port[7] Infected machineThe database can be opened in software such as SQLite.For more details about generating the dataset, please refer to our work in: https://www.sciencedirect.com/science/article/pii/S0167739X18307532.</div
