CoAP_UAD: CoAP under attack dataset — A comprehensive dataset for CoAP-based IoT security research

Aveleira Mata, Jose AntonioMichelena, ÁlvaroGarcía, IsaíasCalvo-Rolle, José LuisBenavides, CarmenJove, Esteban2025-10-282025-10-282025-12J. Aveleira-Mata, Á. Michelena, I. García-Rodríguez, J.L. Calvo-Rolle, C. Benavides, E. Jove, CoAP_UAD: CoAP under attack dataset — A comprehensive dataset for CoAP-based IoT security research, Data in Brief 63 (2025) 112210. https://doi.org/10.1016/j.dib.2025.112210.2352-3409https://hdl.handle.net/2183/46136[Abstract] Internet of Things (IoT) systems increasingly rely on lightweight protocols such as the Constrained Application Protocol (CoAP), which are designed for resource-constrained devices but open new avenues for protocol-level attacks. The heterogeneity of deployments and the prevalence of UDP-based communication make CoAP networks susceptible to threats that exploit protocol semantics rather than implementation bugs. In this context, studying effective detection methods helps preserve the reliability and safety of constrained IoT deployments. In this work we introduce CoAP_UAD (CoAP Under Attack Dataset), a publicly documented dataset created to study and benchmark intrusion detection for CoAP-based IoT networks. The attacks in CoAP_UAD deliberately target CoAP protocol behaviors rather than implementation- or device-specific vulnerabilities, abstracting away system particulars. The dataset was produced in a realistic testbed that emulates constrained devices and typical CoAP deployments while executing a diverse suite of protocol-oriented attacks, including three protocol-oriented attack families such as cross-protocol interaction over UDP (e.g., DNS traffic injected into CoAP exchanges), message-format and negotiation manipulation, Denegation of Service (Block size amplification attack). Network traffic was captured at the router, and each frame/flow was labeled and exported to a consistent, CSV format to enable reproducible experimentation.engAttribution 4.0 Internationalhttp://creativecommons.org/licenses/by/4.0/IoT securityConstrained application protocol (CoAP)Protocol-level attacksIntrusion detection systems (IDS)Anomaly detectionCyberattack datasetIoT traffic analysisCoAP_UAD: CoAP under attack dataset — A comprehensive dataset for CoAP-based IoT security researchjournal articleopen accesshttps://doi.org/10.1016/j.dib.2025.112210