CasinoLimit: An Offensive Dataset Labeled with MITRE ATT&CK Techniques

Cybersecurity exercises are a common way to train and evaluate the skills of cybersecurity professionals. These exercises also provide a unique opportunity to generate datasets with realistic attack traces on non-sensitive systems. Nevertheless, the collected logs are unlabeled, and deciding which logs are related to pentesters is a difficult problem. In this paper, we present a novel methodology to label efficiently both system and network logs using MITRE ATT&CK techniques. To demonstrate the effectiveness of our approach, we introduce CasinoLimit, a dataset generated from a pentest exercise that has been played by 114 participants where we collected 540 GB of attack data. We apply our methodology to accurately label these logs with a semiautomatic approach: labels are inferred from the shell sessions and propagated to the network sessions, and eventually corrected by a junior analyst. An expert analyst has manually reviewed all the labels that have been computed to ensure the quality of the labeling process. The results of the pentest exercise are deeply discussed. We show the variability of players’ behaviors and that players can be distinguished by their command line habits. In addition, the high level of granularity of labels coupled with the number of participants enables multiple other applications. With this paper, we release the full dataset and the associated labeling tool, Manatee, which can be used to browse the logs and labels. To support the generalization of our approach, we made it possible to load other datasets with this tool.

• Publication year

  2025

• Venue

  International Symposium on Recent Advances in Intrusion Detection

• Publication date

  2025-10-19

• Fields of study

  Computer Science, Engineering

• Identifiers
  DOI 10.1109/RAID67961.2025.00039
• External record

  Open on Semantic Scholar

• Source metadata

  Semantic Scholar

• No claims are published for this paper.

• No concepts are published for this paper.

• Network Intrusion Datasets: A Survey, Limitations, and Recommendations

  2025cited by this paper
• Leveraging Deep Reinforcement Learning for Cyber-Attack Paths Prediction: Formulation, Generalization, and Evaluation

  2024cited by this paper
• Trusted Yet Disguised: Analysing the Subversive Role of LOLBins in Contemporary Cyber Threats

  2024cited by this paper
• A process mining-based method for attacker profiling using the MITRE ATT&CK taxonomy

  2024cited by this paper
• Network Detection of Interactive SSH Impostors Using Deep Learning

  2023cited by this paper
• URSID: Automatically Refining a Single Attack Scenario into Multiple Cyber Range Architectures

  2023cited by this paper
• MITRE ATT&CK: State of the Art and Way Forward

  2023cited by this paper
• Unraveled - A semi-synthetic dataset for Advanced Persistent Threats

  2023cited by this paper
• PWNJUTSU: A Dataset and a Semantics-Driven Approach to Retrace Attack Campaigns

  2022cited by this paper
• CUPID: A labeled dataset with Pentesting for evaluation of network intrusion detection

  2022cited by this paper
• Towards the Development of a Realistic Multidimensional IoT Profiling Dataset

  2022cited by this paper
• Error Prevalence in NIDS datasets: A Case Study on CIC-IDS-2017 and CSE-CIC-IDS-2018

  2022cited by this paper
• LADEMU: a modular & continuous approach for generating labelled APT datasets from emulations

  2022cited by this paper
• Errors in the CICIDS2017 Dataset and the Significant Differences in Detection Performances It Makes

  2022cited by this paper
• Reproducible and Adaptable Log Data Generation for Sound Cybersecurity Experiments

  2021cited by this paper
• Have it Your Way: Generating Customized Log Datasets With a Model-Driven Simulation Testbed

  2021cited by this paper
• Survivalism: Systematic Analysis of Windows Malware Living-Off-The-Land

  2021cited by this paper
• Datasets are not Enough: Challenges in Labeling Network Traffic

  2021cited by this paper
• MITRE ATT&CK ® : Design and Philosophy

  2020cited by this paper
• DAPT 2020 - Constructing a Benchmark Dataset for Advanced Persistent Threats

  2020cited by this paper
• Modeling the Operational Phases of APT Campaigns

  2019cited by this paper
• Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization

  2018cited by this paper
• Profiling cybersecurity competition participants: Self-efficacy, decision-making and interests predict effectiveness of competitions as a recruitment tool

  2017cited by this paper
• Flow-based benchmark data sets for intrusion detection

  2017cited by this paper
• CTF: State-of-the-Art and Building the Next Generation

  2017cited by this paper
• The Outcomes of Cybersecurity Competitions and Implications for Underrepresented Populations

  2016cited by this paper
• How Unique Is Your Web Browser?

  2010cited by this paper
• Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains

  2010cited by this paper
• A detailed analysis of the KDD CUP 99 data set

  2009cited by this paper
• Comparing anomaly-detection algorithms for keystroke dynamics

  2009cited by this paper

• No citing papers are available for this paper.