COMISET: Dataset for the analysis of malicious events in Windows systemsZenodo
The evaluation of threat detection and prevention systems requires the use of datasets that are up-to-date and correctly designed according to the most common threats. Currently, the availability of event datasets containing sufficient information to perform these analyses on Microsoft Windows syste...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Elsevier
2025-08-01
|
| Series: | Data in Brief |
| Subjects: | |
| Online Access: | http://www.sciencedirect.com/science/article/pii/S2352340925004512 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1850026866280235008 |
|---|---|
| author | Antonio Pérez-Sánchez Rafael Palacios Gregorio López López |
| author_facet | Antonio Pérez-Sánchez Rafael Palacios Gregorio López López |
| author_sort | Antonio Pérez-Sánchez |
| collection | DOAJ |
| description | The evaluation of threat detection and prevention systems requires the use of datasets that are up-to-date and correctly designed according to the most common threats. Currently, the availability of event datasets containing sufficient information to perform these analyses on Microsoft Windows systems is practically non-existent. In the background section we summarize the existing datasets, highlighting their main limitations to conduct studies of threat detection. Following we present COMISET, the dataset we have generated through the collection of events in real time and updated according to the current threats and malware obfuscation techniques. The main advantage of using this dataset with respect to those already available is that it was developed specifically for the evaluation of threat detection and prevention systems, and the events were labelled according to techniques and tactics of the MITRE ATT&CK matrix. COMISET is freely available for research purposes and contains about 250 million events of both malicious and non-malicious types. To create the dataset the experiments have been performed in two different scenarios: a laboratory emulating the infrastructure of a small company, and a computer network commonly used by students at Comillas University. In the laboratory environment, real attacks were executed involving a variety of techniques and tactics commonly used by the adversaries. The monitoring system was able to capture the events and label them according to the MITRE ATT&CK matrix. Some of these events are shown in this paper as an example of the worthy information contained in the dataset. |
| format | Article |
| id | doaj-art-39eeb2cc510d4d55a99c37da54041d0c |
| institution | DOAJ |
| issn | 2352-3409 |
| language | English |
| publishDate | 2025-08-01 |
| publisher | Elsevier |
| record_format | Article |
| series | Data in Brief |
| spelling | doaj-art-39eeb2cc510d4d55a99c37da54041d0c2025-08-20T03:00:24ZengElsevierData in Brief2352-34092025-08-016111172310.1016/j.dib.2025.111723COMISET: Dataset for the analysis of malicious events in Windows systemsZenodoAntonio Pérez-Sánchez0Rafael Palacios1Gregorio López López2Institute for Research in Technology (IIT), ICAI School of Engineering, Comillas Pontifical University, 28015 Madrid, Spain; Corresponding author.Institute for Research in Technology (IIT), ICAI School of Engineering, Comillas Pontifical University, 28015 Madrid, Spain; Cybersecurity at MIT Sloan (CAMS), Massachusetts Institute of Technology, Cambridge, MA 02139, USAInstitute for Research in Technology (IIT), ICAI School of Engineering, Comillas Pontifical University, 28015 Madrid, SpainThe evaluation of threat detection and prevention systems requires the use of datasets that are up-to-date and correctly designed according to the most common threats. Currently, the availability of event datasets containing sufficient information to perform these analyses on Microsoft Windows systems is practically non-existent. In the background section we summarize the existing datasets, highlighting their main limitations to conduct studies of threat detection. Following we present COMISET, the dataset we have generated through the collection of events in real time and updated according to the current threats and malware obfuscation techniques. The main advantage of using this dataset with respect to those already available is that it was developed specifically for the evaluation of threat detection and prevention systems, and the events were labelled according to techniques and tactics of the MITRE ATT&CK matrix. COMISET is freely available for research purposes and contains about 250 million events of both malicious and non-malicious types. To create the dataset the experiments have been performed in two different scenarios: a laboratory emulating the infrastructure of a small company, and a computer network commonly used by students at Comillas University. In the laboratory environment, real attacks were executed involving a variety of techniques and tactics commonly used by the adversaries. The monitoring system was able to capture the events and label them according to the MITRE ATT&CK matrix. Some of these events are shown in this paper as an example of the worthy information contained in the dataset.http://www.sciencedirect.com/science/article/pii/S2352340925004512Event-based threat detectionMITRE ATT&CKCyber kill chainAdvanced persistent threats |
| spellingShingle | Antonio Pérez-Sánchez Rafael Palacios Gregorio López López COMISET: Dataset for the analysis of malicious events in Windows systemsZenodo Data in Brief Event-based threat detection MITRE ATT&CK Cyber kill chain Advanced persistent threats |
| title | COMISET: Dataset for the analysis of malicious events in Windows systemsZenodo |
| title_full | COMISET: Dataset for the analysis of malicious events in Windows systemsZenodo |
| title_fullStr | COMISET: Dataset for the analysis of malicious events in Windows systemsZenodo |
| title_full_unstemmed | COMISET: Dataset for the analysis of malicious events in Windows systemsZenodo |
| title_short | COMISET: Dataset for the analysis of malicious events in Windows systemsZenodo |
| title_sort | comiset dataset for the analysis of malicious events in windows systemszenodo |
| topic | Event-based threat detection MITRE ATT&CK Cyber kill chain Advanced persistent threats |
| url | http://www.sciencedirect.com/science/article/pii/S2352340925004512 |
| work_keys_str_mv | AT antonioperezsanchez comisetdatasetfortheanalysisofmaliciouseventsinwindowssystemszenodo AT rafaelpalacios comisetdatasetfortheanalysisofmaliciouseventsinwindowssystemszenodo AT gregoriolopezlopez comisetdatasetfortheanalysisofmaliciouseventsinwindowssystemszenodo |