Overview
The CESNET-MINER22-TS dataset [1] contains Flow Time Series derived from IP flows in the CESNET-MINER22 dataset [2]. The data was collected by monitoring the national research and educational network CESNET2 and transformed into time-series representations suitable for temporal pattern analysis.
Dataset Metadata
| Property | Value |
|---|---|
| Type | Recreated dataset |
| Category | Time Series |
| Primary Task | Cryptomining Detection |
| Source Dataset | CESNET-MINER22 |
| Source Network | CESNET2 (national research and educational network) |
Flow Time Series
Definition
Flow Time Series are sequences of observations based on Network Dependencies. A Network Dependency is defined as:
Long-term communication between device pairs in which a service is provided by one node to another.
Construction Process
- IP Flow Collection: Raw flows captured from CESNET2 network
- Dependency Identification: Group flows by communicating device pairs
- Time-Series Creation: Generate sequential observations from flow patterns
- Feature Extraction: Compute temporal and statistical features
Advantages for Cryptomining Detection
Flow Time Series enable detection of:
- Periodic Behaviors: Regular communication patterns characteristic of mining
- Long-term Patterns: Sustained connections typical of mining pools
- Service Relationships: Client-server mining pool interactions
- Temporal Anomalies: Deviations from normal communication patterns
Relationship to CESNET-MINER22
| Aspect | CESNET-MINER22 | CESNET-MINER22-TS |
|---|---|---|
| Format | IP Flows | Flow Time Series |
| Granularity | Individual flows | Aggregated flow sequences |
| Analysis Type | Flow-level classification | Temporal pattern detection |
| Features | Per-flow attributes | Periodic behavior features |
Research Applications
The CESNET-MINER22-TS dataset supports research in:
- Periodic Pattern Detection: Identifying rhythmic communication patterns
- Temporal Analysis: Understanding time-dependent cryptomining behaviors
- Behavioral Classification: Distinguishing mining from legitimate services
- Feature Engineering: Developing temporal features for improved detection
How to Cite
@inproceedings{plny2022decrypto,
title={DeCrypto: Finding Cryptocurrency Miners on ISP Networks},
author={Pln{\`y}, Richard and Hynek, Karel and {\v{C}}ejka, Tom{\'a}{\v{s}}},
booktitle={Nordic Conference on Secure IT Systems},
pages={139--158},
year={2022},
organization={Springer}
}
Download
[1] Josef Koumar, Richard Plný, & Tomáš Čejka. (2023). CESNET-MINER22-TS: Periodic Behavior Features of Cryptomining Communication [Data set]. Zenodo.
DOI: 10.5281/zenodo.8033351
References
[2] Richard Plný, Karel Hynek, & Tomáš Čejka. (2022). CESNET-MINER22 (1.0) [Data set]. Zenodo.
DOI: 10.5281/zenodo.7189293